build(deps): bump the npm_and_yarn group across 4 directories with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
requirejs	2.3.6	2.3.7
rollup	2.58.0	2.79.2
vite	5.4.10	6.0.3
@babel/traverse	7.18.8	7.26.4
braces	3.0.2	3.0.3
browserify-sign	4.2.1	4.2.3
cross-spawn	7.0.3	7.0.6
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.14.4	1.15.9
json5	2.2.1	2.2.3
nanoid	3.3.7	3.3.8
tough-cookie	4.0.0	4.1.4

Bumps the npm_and_yarn group with 4 updates in the /pw_ide/ts/pigweed-vscode directory: @babel/traverse, cross-spawn, elliptic and webpack.
Bumps the npm_and_yarn group with 11 updates in the /pw_web/log-viewer directory:

Package	From	To
vite	5.2.8	5.4.11
ws	7.5.9	7.5.10
@web/test-runner	0.18.0	0.18.3
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
nanoid	3.3.7	3.3.8
@75lb/deep-merge	1.1.1	1.1.2
ip	1.1.9	removed
@open-wc/testing	3.0.0-next.5	3.2.2
@web/dev-server	0.4.0	0.4.6
@web/test-runner-core	0.13.0	0.13.4

Bumps the npm_and_yarn group with 4 updates in the /pw_web/webconsole directory: braces, cross-spawn, nanoid and next.

Updates requirejs from 2.3.6 to 2.3.7

Commits

• 1874a29 Rev to 2.3.7
• 152f450 Merge pull request #1016 from requirejs/jr/1854-pollution
• ecc356a Fixes requirejs/requirejs#1854, pollution
• acec536 SECURITY.md
• See full diff in compare view

Updates rollup from 2.58.0 to 2.79.2

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

... (truncated)

Commits

• c9bd03d 2.79.2
• 48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
• 69ff418 2.79.1
• 04dce1b Update changelog
• 159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
• e1392b3 Update type definition of resolveId (#4641)
• 7836357 Improve performance of chunk naming collision check (#4643)
• 71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
• 8193ea5 Adapt workflow to use Node 14 sub-version to work with branch protection
• 8477f8f 2.79.0
• Additional commits viewable in compare view

Updates vite from 5.4.10 to 6.0.3

Release notes

Sourced from vite's releases.

v6.0.3

Please refer to CHANGELOG.md for details.

v6.0.2

Please refer to CHANGELOG.md for details.

create-vite@6.0.1

Please refer to CHANGELOG.md for details.

v6.0.1

Please refer to CHANGELOG.md for details.

create-vite@6.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0-beta.10

Please refer to CHANGELOG.md for details.

v6.0.0-beta.9

Please refer to CHANGELOG.md for details.

v6.0.0-beta.8

Please refer to CHANGELOG.md for details.

v6.0.0-beta.7

Please refer to CHANGELOG.md for details.

v6.0.0-beta.6

Please refer to CHANGELOG.md for details.

v6.0.0-beta.5

Please refer to CHANGELOG.md for details.

v6.0.0-beta.4

Please refer to CHANGELOG.md for details.

v6.0.0-beta.3

Please refer to CHANGELOG.md for details.

v6.0.0-beta.2

Please refer to CHANGELOG.md for details.

v6.0.0-beta.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.3 (2024-12-05)

• fix: handle postcss load unhandled rejections (#18886) (d5fb653), closes #18886
• fix: make handleInvoke interface compatible with invoke (#18876) (a1dd396), closes #18876
• fix: make result interfaces for ModuleRunnerTransport#invoke more explicit (#18851) (a75fc31), closes #18851
• fix: merge environments.ssr.resolve with root ssr config (#18857) (3104331), closes #18857
• fix: no permission to create vite config file (#18844) (ff47778), closes #18844
• fix: remove CSS import in CJS correctly in some cases (#18885) (690a36f), closes #18885
• fix(config): bundle files referenced with imports field (#18887) (2b5926a), closes #18887
• fix(config): make stacktrace path correct when sourcemap is enabled (#18833) (20fdf21), closes #18833
• fix(css): rewrite url when image-set and url exist at the same time (#18868) (d59efd8), closes #18868
• fix(deps): update all non-major dependencies (#18853) (5c02236), closes #18853
• fix(html): allow unexpected question mark in tag name (#18852) (1b54e50), closes #18852
• fix(module-runner): decode uri for file url passed to import (#18837) (88e49aa), closes #18837
• refactor: fix logic errors found by no-unnecessary-condition rule (#18891) (ea802f8), closes #18891
• chore: fix duplicate attributes issue number in comment (#18860) (ffee618), closes #18860

6.0.2 (2024-12-02)

• chore: run typecheck in unit tests (#18858) (49f20bb), closes #18858
• chore: update broken links in changelog (#18802) (cb754f8), closes #18802
• chore: update broken links in changelog (#18804) (47ec49f), closes #18804
• fix: don't store temporary vite config file in node_modules if deno (#18823) (a20267b), closes #18823
• fix(css): referencing aliased svg asset with lightningcss enabled errored (#18819) (ae68958), closes #18819
• fix(manifest): use style.css as a key for the style file for cssCodesplit: false (#18820) (ec51115), closes #18820
• fix(optimizer): resolve all promises when cancelled (#18826) (d6e6194), closes #18826
• fix(resolve): don't set builtinModules to external by default (#18821) (2250ffa), closes #18821
• fix(ssr): set ssr.target: 'webworker' defaults as fallback (#18827) (b39e696), closes #18827
• feat(css): format lightningcss error (#18818) (dac7992), closes #18818
• refactor: make properties of ResolvedServerOptions and ResolvedPreviewOptions required (#18796) (51a5569), closes #18796

6.0.1 (2024-11-27)

• fix: default empty server proxy prevents starting http2 server (#18788) (bbaf514), closes #18788
• fix(manifest): do not override existing js manifest entry (#18776) (3b0837e), closes #18776
• fix(server): close _ssrCompatModuleRunner on server close (#18784) (9b4c410), closes #18784
• fix(server): skip hot channel client normalization for wsServer (#18782) (cc7670a), closes #18782
• fix(worker): fix applyToEnvironment hooks on worker build (#18793) (0c6cdb0), closes #18793
• chore: flat v6 config file (#18777) (c7b3308), closes #18777
• chore: split changelog (#18787) (8542632), closes #18787
• chore: update changelog for v6 (#18773) (b254fac), closes #18773
• revert: update moduleResolution value casing (#18409) (#18774) (b0fc6e3), closes #18409 #18774

6.0.0 (2024-11-26)

... (truncated)

Commits

• 7a0758c release: v6.0.3
• a1dd396 fix: make handleInvoke interface compatible with invoke (#18876)
• ea802f8 refactor: fix logic errors found by no-unnecessary-condition rule (#18891)
• 690a36f fix: remove CSS import in CJS correctly in some cases (#18885)
• d5fb653 fix: handle postcss load unhandled rejections (#18886)
• 2b5926a fix(config): bundle files referenced with imports field (#18887)
• 1b54e50 fix(html): allow unexpected question mark in tag name (#18852)
• d59efd8 fix(css): rewrite url when image-set and url exist at the same time (#18868)
• 20fdf21 fix(config): make stacktrace path correct when sourcemap is enabled (#18833)
• 88e49aa fix(module-runner): decode uri for file url passed to import (#18837)
• Additional commits viewable in compare view

Updates postcss from 8.4.47 to 8.4.49

Release notes

Sourced from postcss's releases.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

Changelog

Sourced from postcss's changelog.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

Commits

• aed8b89 Release 8.4.49 version
• 3450630 Fix position calculations when offset is missing (#1983)
• 77420d6 Release 8.4.48 version
• 341529f Update dependencies
• 66fa667 Add Node.js 23 to CI
• 1a8b261 fix inconsistent position calculations (#1980)
• 1cc6ac3 Clarify usage in docs
• See full diff in compare view

Updates @babel/traverse from 7.18.8 to 7.26.4

Release notes

Sourced from @​babel/traverse's releases.

v7.26.4 (2024-12-05)

↩️ Revert

• babel-traverse
  • #17005 Revert "perf: Improve scope information collection performance" (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.26.3 (2024-12-04)

🐛 Bug Fix

• babel-generator
  • #16958 [preserveFormat] force semicolons when invalidating ASI (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-builder-binary-assignment-operator-visitor, babel-plugin-transform-exponentiation-operator
  • #16895 Remove helper-builder-binary-assignment-operator-visitor (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-generator
  • #16959 perf: Reduce the use of temporary objects (@​liuxingbaoyu)
• babel-traverse
  • #16923 perf: Improve scope information collection performance (@​liuxingbaoyu)
  • #16964 perf: Avoid repeated traversal when creating scope (@​liuxingbaoyu)
• babel-plugin-transform-modules-commonjs
  • #16954 perf: Remove use of simplifyAccess (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.26.2 (2024-10-30)

🐛 Bug Fix

• babel-parser
  • #16903 fix: Parse placeholder for TS namespace (@​liuxingbaoyu)
  • #16937 fix: Account for offsets when creating new Position instances (@​DylanPiercey)
• babel-generator
  • #16948 Fix mapping of tokens with generated nodes in between (@​nicolo-ribaudo)

Committers: 6

• Babel Bot (@​babel-bot)
• Dylan Piercey (@​DylanPiercey)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.26.4 (2024-12-05)

↩️ Revert

• babel-traverse
  • #17005 Revert "perf: Improve scope information collection performance" (@​JLHwung)

v7.26.3 (2024-12-04)

🐛 Bug Fix

• babel-generator
  • #16958 [preserveFormat] force semicolons when invalidating ASI (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-builder-binary-assignment-operator-visitor, babel-plugin-transform-exponentiation-operator
  • #16895 Remove helper-builder-binary-assignment-operator-visitor (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-generator
  • #16959 perf: Reduce the use of temporary objects (@​liuxingbaoyu)
• babel-traverse
  • #16923 perf: Improve scope information collection performance (@​liuxingbaoyu)
  • #16964 perf: Avoid repeated traversal when creating scope (@​liuxingbaoyu)
• babel-plugin-transform-modules-commonjs
  • #16954 perf: Remove use of simplifyAccess (@​liuxingbaoyu)

v7.26.2 (2024-10-30)

🐛 Bug Fix

• babel-parser
  • #16903 fix: Parse placeholder for TS namespace (@​liuxingbaoyu)
  • #16937 fix: Account for offsets when creating new Position instances (@​DylanPiercey)
• babel-generator
  • #16948 Fix mapping of tokens with generated nodes in between (@​nicolo-ribaudo)

v7.26.1 (2024-10-25)

🐛 Bug Fix

• babel-parser
  • #16936 fix(parser): offset internal index locations by startIndex (@​DylanPiercey)

v7.26.0 (2024-10-25)

🚀 New Feature

• babel-core, babel-generator, babel-parser, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-preset-env, babel-standalone, babel-types
  • #16850 Enable import attributes parsing by default (@​nicolo-ribaudo)
• babel-core
  • #16862 feat: support async plugin's pre/post (@​timofei-iatsenko)
• babel-compat-data, babel-plugin-proposal-regexp-modifiers, babel-plugin-transform-regexp-modifiers, babel-preset-env, babel-standalone
  • #16692 Add transform-regexp-modifiers to preset-env (@​JLHwung)
• babel-parser
  • #16849 feat: add startIndex parser option (@​DylanPiercey)
• babel-generator, babel-parser, babel-plugin-syntax-flow
  • #16841 Always enable parsing of Flow enums (@​nicolo-ribaudo)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs3

... (truncated)

Commits

• cf7b9cd v7.26.4
• f33704a Revert "perf: Improve scope information collection performance" (#17005)
• 36ca8fa v7.26.3
• ded1571 perf: Improve scope information collection performance (#16923)
• 943bdfe perf: Avoid repeated traversal when creating scope (#16964)
• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• 2533cfb v7.25.7
• 611d958 [babel 8] Create TSClassImplements|TSInterfaceHeritage nodes (#16731)
• 506bf91 Remove BABEL_TYPES_8_BREAKING flag and enable it by default (#16817)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• See full diff in compare view

Updates follow-redirects from 1.14.4 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates json5 from 2.2.1 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

...

Description has been truncated