chore(deps): bump the npm_and_yarn group across 4 directories with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
vite	4.5.9	5.4.12
nanoid	3.3.8	3.3.9
esbuild	0.18.20	0.25.0
@babel/helpers	7.23.2	7.26.10
@babel/runtime	7.22.5	7.26.10
axios	1.7.7	1.8.3

Bumps the npm_and_yarn group with 3 updates in the /packages/snaps-controllers directory: vite, nanoid and esbuild.
Bumps the npm_and_yarn group with 3 updates in the /packages/snaps-execution-environments directory: vite, nanoid and esbuild.
Bumps the npm_and_yarn group with 2 updates in the /packages/snaps-utils directory: vite and esbuild.

Updates vite from 4.5.9 to 5.4.12

Release notes

Sourced from vite's releases.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.3

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.2

Please refer to CHANGELOG.md for details.

v5.4.2

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.1

Please refer to CHANGELOG.md for details.

v5.4.1

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

5.4.12 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
• fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
• fix: verify token for HMR WebSocket connection (b71a5c8)
• chore: add deps update changelog (ecd2375)

5.4.11 (2024-11-11)

• fix(deps): update dependencies of postcss-modules (ceb15db), closes #18617

5.4.10 (2024-10-23)

• fix: backport #18367,augment hash for CSS files to prevent chromium erroring by loading previous fil (7d1a3bc), closes #18367 #18412

5.4.9 (2024-10-14)

• fix: bump launch-editor-middleware to v2.9.1 (#18348) (508d9ab), closes #18348
• fix(css): fix lightningcss dep url resolution with custom root (#18125) (eae00b5), closes #18125
• fix(data-uri): only match ids starting with data: (#18241) (96084d6), closes #18241
• fix(deps): bump tsconfck (#18322) (dc5434c), closes #18322
• fix(hmr): don't try to rewrite imports for direct CSS soft invalidation (#18252) (851b258), closes #18252
• fix(ssr): (backport #18150) fix source map remapping with multiple sources (#18204) (262a879), closes #18204
• chore: update all url references of vitejs.dev to vite.dev (#18276) (c23558a), closes #18276
• chore: update license copyright (#18278) (1864eb1), closes #18278
• docs: update homepage (#18274) (ae44163), closes #18274

5.4.8 (2024-09-25)

• fix(css): backport #18113, fix missing source file warning with sass modern api custom importer (#18 (7d47fc1), closes #18183
• fix(css): backport #18128, ensure sass compiler initialized only once (#18184) (8464d97), closes #18128 #18184

5.4.7 (2024-09-20)

• fix: treat config file as ESM in Deno (#18158) (b5908a2), closes #18158

5.4.6 (2024-09-16)

... (truncated)

Commits

• f428aa9 release: v5.4.12
• 9da4abc fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• b71a5c8 fix: verify token for HMR WebSocket connection
• dfea38f fix!: default server.cors: false to disallow fetching from untrusted origins
• ecd2375 chore: add deps update changelog
• c54c860 release: v5.4.11
• 5f52bc8 release: v5.4.10
• 7d1a3bc fix: backport #18367,augment hash for CSS files to prevent chromium erroring ...
• 898d61f release: v5.4.9
• 508d9ab fix: bump launch-editor-middleware to v2.9.1 (#18348)
• Additional commits viewable in compare view

Updates nanoid from 3.3.8 to 3.3.9

Release notes

Sourced from nanoid's releases.

3.3.9

• Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.9

• Reduced npm package size.

Commits

• adf9b0c Release 3.3.9 version
• 1c6f088 Remove dev file from npm package
• See full diff in compare view

Updates esbuild from 0.18.20 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
    color: red;
    }
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
    color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:

    /* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• e9174d6 publish 0.25.0 to npm
• c27dbeb fix hosts in plugin-tests.js
• 6794f60 fix hosts in node-unref-tests.js
• de85afd Merge commit from fork
• da1de1b fix #4065: bitwise operators can return bigints
• f4e9d19 switch case liveness: default is always last
• 7aa47c3 fix #4028: minify live/dead switch cases better
• 22ecd30 minify: more constant folding for strict equality
• 4cdf03c fix #4053: reordering of .tsx in node_modules
• dc71977 fix #3692: 0 now picks a random ephemeral port
• Additional commits viewable in compare view

Updates @babel/helpers from 7.23.2 to 7.26.10

Release notes

Sourced from @​babel/helpers's releases.

v7.26.10 (2025-03-11)

Thanks @​jordan-choi and @​mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #17173 Fix processing of replacement pattern with named capture groups (@​mmmsssttt404)

💅 Polish

• babel-standalone
  • #17158 Avoid warnings when re-bundling @​babel/standalone with webpack (@​liuxingbaoyu)

🏠 Internal

• babel-parser
  • #17160 Left-value parsing cleanup (@​JLHwung)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Yunyoung Jordan Choi (@​jordan-choi)
• @​liuxingbaoyu
• @​mmmsssttt404

v7.26.9 (2025-02-14)

🐛 Bug Fix

• babel-types
  • #17103 fix: Definition for TSPropertySignature.kind (@​liuxingbaoyu)
• babel-generator, babel-types
  • #17062 Print TypeScript optional/definite in ClassPrivateProperty (@​jamiebuilds-signal)

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.26.10 (2025-03-11)

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #17173 Fix processing of replacement pattern with named capture groups (@​mmmsssttt404)

💅 Polish

• babel-standalone
  • #17158 Avoid warnings when re-bundling @​babel/standalone with webpack (@​liuxingbaoyu)

🏠 Internal

• babel-parser
  • #17160 Left-value parsing cleanup (@​JLHwung)

v7.26.9 (2025-02-14)

🐛 Bug Fix

• babel-types
  • #17103 fix: Definition for TSPropertySignature.kind (@​liuxingbaoyu)
• babel-generator, babel-types
  • #17062 Print TypeScript optional/definite in ClassPrivateProperty (@​jamiebuilds-signal)

🏠 Internal

• babel-types
  • #17130 Use .ts files with explicit reexports to solve name conflicts (@​nicolo-ribaudo)
• babel-core
  • #17127 Do not depend on @types/gensync in Babel 7 (@​nicolo-ribaudo)

v7.26.7 (2025-01-24)

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)

... (truncated)

Commits

• e1ce99d v7.26.10
• d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
• 64bca7b v7.26.9
• 4cf5c9e [babel 8] Use @babel/types for parser's return type (#17117)
• 2d95140 v7.26.7
• 0e6199b Make "object without properties" helpers ES6-compatible (#17086)
• cd24cc0 chore: Update TS 5.7 (#17053)
• 63d3038 v7.26.0
• bfa56c4 Support import() in rewriteImportExtensions (#16794)
• b07957e v7.25.9
• Additional commits viewable in compare view

Updates @babel/runtime from 7.22.5 to 7.26.10

Release notes

Sourced from @​babel/runtime's releases.

v7.26.10 (2025-03-11)

Thanks @​jordan-choi and @​mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #17173 Fix processing of replacement pattern with named capture groups (@​mmmsssttt404)

💅 Polish

• babel-standalone
  • #17158 Avoid warnings when re-bundling @​babel/standalone with webpack (@​liuxingbaoyu)

🏠 Internal

• babel-parser
  • #17160 Left-value parsing cleanup (@​JLHwung)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Yunyoung Jordan Choi (@​jordan-choi)
• @​liuxingbaoyu
• @​mmmsssttt404

v7.26.9 (2025-02-14)

🐛 Bug Fix

• babel-types
  • #17103 fix: Definition for TSPropertySignature.kind (@​liuxingbaoyu)
• babel-generator, babel-types
  • #17062 Print TypeScript optional/definite in ClassPrivateProperty (@​jamiebuilds-signal)

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.26.10 (2025-03-11)

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #17173 Fix processing of replacement pattern with named capture groups (@​mmmsssttt404)

💅 Polish

• babel-standalone
  • #17158 Avoid warnings when re-bundling @​babel/standalone with webpack (@​liuxingbaoyu)

🏠 Internal

• babel-parser
  • #17160 Left-value parsing cleanup (@​JLHwung)

v7.26.9 (2025-02-14)

🐛 Bug Fix

• babel-types
  • #17103 fix: Definition for TSPropertySignature.kind (@​liuxingbaoyu)
• babel-generator, babel-types
  • #17062 Print TypeScript optional/definite in ClassPrivateProperty (@​jamiebuilds-signal)

🏠 Internal

• babel-types
  • #17130 Use .ts files with explicit reexports to solve name conflicts (@​nicolo-ribaudo)
• babel-core
  • #17127 Do not depend on @types/gensync in Babel 7 (@​nicolo-ribaudo)

v7.26.7 (2025-01-24)

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)

... (truncated)

Commits

• e1ce99d v7.26.10
• d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
• 64bca7b v7.26.9
• 2d95140 v7.26.7
• 63d3038 v7.26.0
• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• 2533cfb v7.25.7
• 69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
• 2f72b97 v7.25.6
• Additional commits viewable in compare view

Updates axios from 1.7.7 to 1.8.3

Release notes

Sourced from axios's releases.

Release v1.8.3

Release notes:

Bug Fixes

• add missing type for allowAbsoluteUrls (#6818) (10fa70e)
• xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

• Ashcon Partovi
• StefanBRas
• Marc Hassan

Release v1.8.2

Release notes:

Bug Fixes

• http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

• Fasoro-Joseph Alexander

Release v1.8.1

Release notes:

Bug Fixes

• utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.8.0

Release notes:

Bug Fixes

• examples: application crashed when navigating examples in browser (#5938) (1260ded)
• missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
• utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

• Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

• Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

... (truncated)

Changelog

Sourced from axios's changelog.

1.8.3 (2025-03-10)

Bug Fixes

• add missing type for allowAbsoluteUrls (#6818) (10fa70e)
• xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

• Ashcon Partovi
• StefanBRas
• Marc Hassan

1.8.2 (2025-03-07)

Bug Fixes

• http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

• Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

• utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

• Dmitriy Mozgovoy

1.8.0 (2025-02-25)

Bug Fixes

• examples: application crashed when navigating examples in browser (#5938) (1260ded)
• missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
• utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

• Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

... (truncated)

Commits

• 39ec206 chore(release): v1.8.3 (#6819)
• 10fa70e fix: add missing type for allowAbsoluteUrls (#6818)
• 7821ef9 docs: update readme to include bun install (#6811)
• ec159e5 fix(xhr/fetch): pass allowAbsoluteUrls to buildFullPath in xhr and `fet...
• a9f7689 chore(release): v1.8.2 (#6812)
• fb8eec2 fix(http-adapter): add allowAbsoluteUrls to path building (#6810)
• 9812045 chore(sponsor): update sponsor block (#6804)
• 72acf75 chore(sponsor): update sponsor block (#6794)
• 2e64afd chore(release): v1.8.1 (#6800)
• 36a5a62 fix(utils): move generateString to platform utils to avoid importing crypto...
• Additional commits viewable in compare view

Updates vite from 4.5.9 to 6.2.1

Release notes

Sourced from vite's releases.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.3

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.2

Please refer to CHANGELOG.md for details.

v5.4.2

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.1

Please refer to CHANGELOG.md for details.

v5.4.1

Please refer to CHANGELOG.md for details.

plugin-legacy@5.4.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

5.4.12 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
• fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
• fix: verify token for HMR WebSocket connection (b71a5c8)
• chore: add deps update changelog (ecd2375)

5.4.11 (2024-11-11)

• fix(deps): update dependencies of postcss-modules (ceb15db), closes #18617

5.4.10 (2024-10-23)

• fix: backport #18367,augment hash for CSS files to prevent chromium erroring by loading previous fil (7d1a3bc), closes #18367 #18412

5.4.9 (2024-10-14)

• fix: bump launch-editor-middleware to v2.9.1 (#18348) (508d9ab), closes #18348
• fix(css): fix lightningcss dep url resolution with custom root (#18125) (eae00b5), closes #18125
• fix(data-uri): only match ids starting with data: (#18241) (96084d6), closes #18241
• fix(deps): bump tsconfck (#18322) (dc5434c), closes #18322
• fix(hmr): don't try to rewrite imports for direct CSS soft invalidation (#18252) (851b258), closes...

  Description has been truncated

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@esbuild/netbsd-arm64@0.25.1	None	0	9.5 MB	evanw
npm/@rollup/rollup-android-arm-eabi@4.35.0	None	0	1.69 MB	lukastaegert
npm/@rollup/rollup-android-arm64@4.35.0	None	0	2.36 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-darwin-arm64@4.35.0	None	0	2.34 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-darwin-x64@4.35.0	None	0	2.54 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-freebsd-arm64@4.35.0	None	0	2.18 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-freebsd-x64@4.35.0	None	0	2.56 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-arm-gnueabihf@4.35.0	None	0	2.34 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-arm-musleabihf@4.35.0	None	0	2.34 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-arm64-gnu@4.35.0	None	0	2.27 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-arm64-musl@4.35.0	None	0	2.17 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-loongarch64-gnu@4.35.0	None	0	2.66 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-powerpc64le-gnu@4.35.0	None	0	2.96 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-riscv64-gnu@4.35.0	None	0	2.44 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-s390x-gnu@4.35.0	None	0	4.05 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-x64-gnu@4.35.0	None	0	2.57 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-linux-x64-musl@4.35.0	None	0	2.55 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-win32-arm64-msvc@4.35.0	None	0	2.9 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/@rollup/rollup-win32-ia32-msvc@4.35.0	None	0	2.69 MB	lukastaegert
npm/@rollup/rollup-win32-x64-msvc@4.35.0	None	0	3.58 MB	guybedford, lukastaegert, rich_harris, ...1 more
npm/axios@1.7.7 ➜ 1.8.3	None	0	2.14 MB	jasonsaayman
npm/nanoid@3.3.8 ➜ 3.3.9	None	0	56.6 kB	ai
npm/rollup@4.35.0	None	0	2.7 MB	eventualbuddha, lukastaegert, rich_harris, ...2 more
npm/vite@6.2.2	Transitive: environment, filesystem, network, shell	+1	2.99 MB	antfu, patak, soda, ...2 more

🚮 Removed packages: npm/@babel/helper-string-parser@7.23.4, npm/@babel/highlight@7.24.7, npm/@babel/parser@7.23.9, npm/@babel/template@7.22.15, npm/postcss@8.4.31, npm/source-map-js@1.0.2

View full report↗︎

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 94.93%. Comparing base (adecea5) to head (af6171a).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3228   +/-   ##
=======================================
  Coverage   94.93%   94.93%           
=======================================
  Files         508      508           
  Lines       11219    11219           
  Branches     1730     1730           
=======================================
  Hits        10651    10651           
  Misses        568      568           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.