Bump the npm_and_yarn group across 2 directories with 6 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 2 updates in the / directory: vite and zod. Bumps the npm_and_yarn group with 4 updates in the /templates/vite directory: vite, tar, semver and word-wrap.

Updates vite from 5.2.9 to 5.2.11

Changelog

Sourced from vite's changelog.

5.2.11 (2024-05-02)

• feat: improve dynamic import variable failure error message (#16519) (f8feeea), closes #16519
• fix: dynamic-import-vars plugin normalize path issue (#16518) (f71ba5b), closes #16518
• fix: scripts and styles were missing from built HTML on Windows (#16421) (0e93f58), closes #16421
• fix(deps): update all non-major dependencies (#16488) (2d50be2), closes #16488
• fix(deps): update all non-major dependencies (#16549) (2d6a13b), closes #16549
• fix(dev): watch publicDir explicitly to include it outside the root (#16502) (4d83eb5), closes #16502
• fix(preload): skip preload for non-static urls (#16556) (bb79c9b), closes #16556
• fix(ssr): handle class declaration and expression name scoping (#16569) (c071eb3), closes #16569
• fix(ssr): handle function expression name scoping (#16563) (02db947), closes #16563

5.2.10 (2024-04-20)

• revert: perf: use workspace root for fs cache (#15712) (#16476) (77e7359), closes #15712 #16476
• fix: add base to virtual html (#16442) (721f94d), closes #16442
• fix: adjust esm syntax judgment logic (#16436) (af72eab), closes #16436
• fix: don't add outDirs to watch.ignored if emptyOutDir is false (#16453) (6a127d6), closes #16453
• fix(cspNonce): don't overwrite existing nonce values (#16415) (b872635), closes #16415
• feat: show warning if root is in build.outDir (#16454) (11444dc), closes #16454
• feat: write cspNonce to style tags (#16419) (8e54bbd), closes #16419
• chore(deps): update dependency eslint-plugin-n to v17 (#16381) (6cccef7), closes #16381

Commits

• 2bc5d3d release: v5.2.11
• f8feeea feat: improve dynamic import variable failure error message (#16519)
• c071eb3 fix(ssr): handle class declaration and expression name scoping (#16569)
• 02db947 fix(ssr): handle function expression name scoping (#16563)
• 2d6a13b fix(deps): update all non-major dependencies (#16549)
• 0e93f58 fix: scripts and styles were missing from built HTML on Windows (#16421)
• bb79c9b fix(preload): skip preload for non-static urls (#16556)
• f71ba5b fix: dynamic-import-vars plugin normalize path issue (#16518)
• 2d50be2 fix(deps): update all non-major dependencies (#16488)
• 4d83eb5 fix(dev): watch publicDir explicitly to include it outside the root (#16502)
• Additional commits viewable in compare view

Updates zod from 3.22.4 to 3.23.6

Release notes

Sourced from zod's releases.

v3.23.6

Commits:

• bc0095aab9e7254deb18701adc63de128ca2c742 Test on latest node
• 6e5699a30373cc22879f2bcb6902fc138518c980 Lint on latest node
• 1f466d9d00f446d7bed1962990e7a1ce813ab0d4 describe how one can protect from cyclical objects starting an infini… (#3447)
• 3fed6f21e0ea7adc91aa0cc44f75bcf4e526d98e Add zod playground link (#3454)
• 04e1f379f6989d23dd45660fcabc78f76d7834f8 Fixed freezing async ZodReadonly results (#3457)
• b87e59d0e4bbb4403bf27243afdcda9fcdeec258 Update sponsor tiers (#3453)
• 143886151bba3930bdcc10d34a1cff4bf9103ba8 Add copper tier (#3460)
• ce3711e1384952d255769b9495f9bfadfb327291 add VSCode dev container support and documenation
• 93b480b12ec3466cbd3b4182f7ce292e5c61528c v3.23.6

v3.23.5

Commits:

• 110b8211f991b3e060ab2da4fec7b63d600439ad Update README_ZH.md (#3433)
• c1910bdfc98709b8f14231e2cefc5a3be401e3ee Made ZodEnum take readonly string array (#3444)
• 541a862e978f96eb391849a6bf16be84231aa1b3 3.23.5

v3.23.4

Commits:

• 157b18d742c86d85b26a8421af46ad6d6d6b6ea7 Add 3.23 announcement
• aedf93f1435a29463d915c3be45b4dcbeefa8cc1 Revert change to default Input
• 45107f7a7230fe48ee24dc37e621422c9dc64ec4 v3.23.4

v3.23.3

Commits:

• 103d2436f85872ca0e0e6247652989cc93d46a39 3.23.3

v3.23.2

Commits:

• c340558d14f5222a2ca177e0591463c06cc5edc3 Update protocol
• ef588d036f3e98b832796e9a681dbaf097631ea0 Fix t3env
• 9df70dd71195df951c43f180fbe5e64ea1f835df 3.23.2

v3.23.1

This changes the default generics back to any to prevent breakages with common packager like @hookform/resolvers:

- class ZodType<Output = unknown, Def extends ZodTypeDef = ZodTypeDef, Input = unknown> {}
+ class ZodType<Output = any, Def extends ZodTypeDef = ZodTypeDef, Input = any> {}

Commits:

• 59f48723d36c423d9e10b3bd52325a7998314230 Change unknown -> any for ZodType defaults

... (truncated)

Commits

• 93b480b v3.23.6
• ce3711e add VSCode dev container support and documenation
• 1438861 Add copper tier (#3460)
• b87e59d Update sponsor tiers (#3453)
• 04e1f37 Fixed freezing async ZodReadonly results (#3457)
• 3fed6f2 Add zod playground link (#3454)
• 1f466d9 describe how one can protect from cyclical objects starting an infini… (#3447)
• 6e5699a Lint on latest node
• bc0095a Test on latest node
• 541a862 3.23.5
• Additional commits viewable in compare view

Updates vite from 4.3.9 to 4.5.3

Changelog

Sourced from vite's changelog.

5.2.11 (2024-05-02)

• feat: improve dynamic import variable failure error message (#16519) (f8feeea), closes #16519
• fix: dynamic-import-vars plugin normalize path issue (#16518) (f71ba5b), closes #16518
• fix: scripts and styles were missing from built HTML on Windows (#16421) (0e93f58), closes #16421
• fix(deps): update all non-major dependencies (#16488) (2d50be2), closes #16488
• fix(deps): update all non-major dependencies (#16549) (2d6a13b), closes #16549
• fix(dev): watch publicDir explicitly to include it outside the root (#16502) (4d83eb5), closes #16502
• fix(preload): skip preload for non-static urls (#16556) (bb79c9b), closes #16556
• fix(ssr): handle class declaration and expression name scoping (#16569) (c071eb3), closes #16569
• fix(ssr): handle function expression name scoping (#16563) (02db947), closes #16563

5.2.10 (2024-04-20)

• revert: perf: use workspace root for fs cache (#15712) (#16476) (77e7359), closes #15712 #16476
• fix: add base to virtual html (#16442) (721f94d), closes #16442
• fix: adjust esm syntax judgment logic (#16436) (af72eab), closes #16436
• fix: don't add outDirs to watch.ignored if emptyOutDir is false (#16453) (6a127d6), closes #16453
• fix(cspNonce): don't overwrite existing nonce values (#16415) (b872635), closes #16415
• feat: show warning if root is in build.outDir (#16454) (11444dc), closes #16454
• feat: write cspNonce to style tags (#16419) (8e54bbd), closes #16419
• chore(deps): update dependency eslint-plugin-n to v17 (#16381) (6cccef7), closes #16381

Commits

• 2bc5d3d release: v5.2.11
• f8feeea feat: improve dynamic import variable failure error message (#16519)
• c071eb3 fix(ssr): handle class declaration and expression name scoping (#16569)
• 02db947 fix(ssr): handle function expression name scoping (#16563)
• 2d6a13b fix(deps): update all non-major dependencies (#16549)
• 0e93f58 fix: scripts and styles were missing from built HTML on Windows (#16421)
• bb79c9b fix(preload): skip preload for non-static urls (#16556)
• f71ba5b fix: dynamic-import-vars plugin normalize path issue (#16518)
• 2d50be2 fix(deps): update all non-major dependencies (#16488)
• 4d83eb5 fix(dev): watch publicDir explicitly to include it outside the root (#16502)
• Additional commits viewable in compare view

Updates tar from 6.2.0 to 6.2.1

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• See full diff in compare view

Updates semver from 7.5.2 to 7.6.0

Release notes

Sourced from semver's releases.

v7.6.0

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodaniel)
• 6240d75 #656 add missing quotes in README.md (#656) (@​zyxkad)
• 14d263f #625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])
• cce6180 #598 postinstall for dependabot template-oss PR (@​lukekarrys)
• b914a3d #598 bump @​npmcli/template-oss from 4.17.0 to 4.18.0 (@​dependabot[bot])

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

Changelog

Sourced from semver's changelog.

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodaniel)
• 6240d75 #656 add missing quotes in README.md (#656) (@​zyxkad)
• 14d263f #625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])
• cce6180 #598 postinstall for dependabot template-oss PR (@​lukekarrys)
• b914a3d #598 bump @​npmcli/template-oss from 4.17.0 to 4.18.0 (@​dependabot[bot])

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

Commits

• 377f709 chore: release 7.6.0 (#661)
• a7ab13a feat: preserve pre-release and build parts of a version on coerce (#671)
• 816c7b2 chore: postinstall for dependabot template-oss PR
• 0bd24d9 chore: bump @​npmcli/template-oss from 4.21.1 to 4.21.3
• e521932 chore: postinstall for dependabot template-oss PR
• 8873991 chore: chore: chore: postinstall for dependabot template-oss PR
• f317dc8 chore: bump @​npmcli/template-oss from 4.19.0 to 4.21.0
• 7303db1 chore: add clean() test for build metadata (#658)
• 6240d75 chore: add missing quotes in README.md (#656)
• 14d263f chore: postinstall for dependabot template-oss PR
• Additional commits viewable in compare view

Updates postcss from 8.4.24 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by @​romainmenke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

Changelog

Sourced from postcss's changelog.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

Commits

• a69d45e Release 8.4.38 version
• 64e35d9 Update dependencies
• c1ad8fb Merge pull request #1932 from romainmenke/fix-warning-end-index--inventive-nu...
• b45e7e9 fix endIndex
• 1bea246 failing test: for endIndex 0 in rangeBy
• 0fd1d86 Add changelog auto release on Github
• 49c906e Release 8.4.37 version
• b5bd92c Fix another broken prev source map issue
• 2882039 Update dependencies
• e5ad939 Release 8.4.36 version
• Additional commits viewable in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.4...1.2.5

1.2.4

What's Changed

• Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24
• 🔒fix: CVE 2023 26115 (2) by @​OlafConijn in jonschlinkert/word-wrap#41
• :lock: fix: CVE-2023-26115 by @​aashutoshrathi in jonschlinkert/word-wrap#33
• chore: publish workflow by @​OlafConijn in jonschlinkert/word-wrap#42

New Contributors

• @​mohd-akram made their first contribution in jonschlinkert/word-wrap#24
• @​OlafConijn made their first contribution in jonschlinkert/word-wrap#41
• @​aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4

Commits

• 207044e 1.2.5
• 9894315 revert default indent
• f64b188 run verb to generate README
• 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
• 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
• bfa694e Update .github/workflows/publish.yml
• ace0b3c chore: bump version to 1.2.4
• 6fd7275 chore: add publish workflow
• 30d6daf chore: fix test
• 655929c chore: remove package-lock
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
examples	✅ Ready (Inspect)	Visit Preview	May 3, 2024 10:19am

1 Ignored Deployment

| Name | Status | Preview | Updated (UTC) | | :--- | :----- | :------ | :------ | | **tldraw-docs** | ⬜️ Ignored ([Inspect](https://vercel.com/tldraw/tldraw-docs/BnnyqJ1eqcKdkg9W469xFrDYK7Y7)) | [Visit Preview](https://tldraw-docs-git-dependabot-npmandyarnnpmandyarn-9-1063ee-tldraw.vercel.app) | May 3, 2024 10:19am |

[dependabot[bot]]

Superseded by #3712.