chore(deps): Bump the npm_and_yarn group across 2 directories with 15 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
webpack-dev-server	4.15.2	5.0.4
js-yaml	3.7.0	3.14.1
css-loader	0.28.11	7.1.2
@grpc/grpc-js	1.6.12	1.11.1
@google-cloud/translate	6.3.1	8.3.0
braces	3.0.2	3.0.3
ws	8.17.0	8.18.0
engine.io	6.5.4	6.5.5
socket.io-adapter	2.5.4	2.5.5
puppeteer	10.4.0	22.13.1
lodash	2.4.2	4.17.21
grunt-cli	0.1.13	1.4.3
grunt-env	0.4.4	1.0.1

Bumps the npm_and_yarn group with 1 update in the /examples/bundling/webpack directory: webpack-dev-server.

Updates webpack-dev-server from 4.15.2 to 5.0.4

Release notes

Sourced from webpack-dev-server's releases.

v5.0.4

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#5112) (aab576a)

v5.0.3

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#5101) (6e1aed3)

v5.0.2

5.0.2 (2024-02-16)

Bug Fixes

• types (#5057) (da2c24d)

v5.0.1

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#5045) (7681477)
• overlay and require-trusted-types-for (#5046) (e115436)

v5.0.0

5.0.0 (2024-02-12)

Migration Guide and Changes.

Changelog

Sourced from webpack-dev-server's changelog.

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#5045) (7681477)
• overlay and require-trusted-types-for (#5046) (e115436)

5.0.0 (2024-02-12)

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

• replace :: with localhost before openBrowser() (#4856) (874c44b)
• types: compatibility with @types/ws (#4899) (34bcec2)

4.15.0 (2023-05-07)

Features

• overlay displays unhandled promise rejection (#4849) (d1dd430)

4.14.0 (2023-05-06)

... (truncated)

Commits

• 64a1860 chore(release): 5.0.4
• aab576a fix(security): bump webpack-dev-middleware (#5112)
• fb6f22a chore(deps-dev): bump @​commitlint/config-conventional (#5104)
• ba9dfb6 chore(deps-dev): bump @​commitlint/cli from 19.0.3 to 19.1.0 (#5103)
• 08cab58 chore(release): 5.0.3
• 37f4760 chore(deps-dev): bump @​types/node from 20.11.25 to 20.11.26 (#5102)
• 6e1aed3 fix(types): proxy (#5101)
• 8ea7cb8 chore(deps): bump open from 10.0.4 to 10.1.0 (#5100)
• c6a3586 chore(deps-dev): bump puppeteer from 22.4.0 to 22.4.1 (#5099)
• 2201442 chore(deps): update (#5096)
• Additional commits viewable in compare view

Updates js-yaml from 3.7.0 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

• Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

• Support safe/loadAll(input, options) variant of call.
• CI: drop outdated nodejs versions.
• Dev deps bump.

Fixed

• Quote = in plain scalars #519.
• Check the node type for !<?> tag in case user manually specifies it.
• Verify that there are no null-bytes in input.
• Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

• Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

• Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

• Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits

• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• 10be97e fix(loader): Add support for safe/loadAll(input, options)
• d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
• 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
• Additional commits viewable in compare view

Updates css-loader from 0.28.11 to 7.1.2

Release notes

Sourced from css-loader's releases.

v7.1.2

7.1.2 (2024-05-22)

Bug Fixes

• keep order of @imports with the webpackIgnore comment (#1600) (76757ef)

v7.1.1

7.1.1 (2024-04-10)

Bug Fixes

• automatically rename class default to _default when named export is enabled (#1590) (d6c31a1)

v7.1.0

7.1.0 (2024-04-08)

Features

• added the getJSON option to output CSS modules mapping (#1577) (af834b4)

v7.0.0

7.0.0 (2024-04-04)

⚠ BREAKING CHANGES

• The modules.namedExport option is true by default if you enable the esModule option

Migration guide:

Before:

import style from "./style.css";
console.log(style.myClass);

After:

import * as style from "./style.css";
console.log(style.myClass);

... (truncated)

Changelog

Sourced from css-loader's changelog.

7.1.2 (2024-05-22)

Bug Fixes

• keep order of @imports with the webpackIgnore comment (#1600) (76757ef)

7.1.1 (2024-04-10)

Bug Fixes

• automatically rename class default to _default when named export is enabled (#1590) (d6c31a1)

7.1.0 (2024-04-08)

Features

• added the getJSON option to output CSS modules mapping (#1577) (af834b4)

7.0.0 (2024-04-04)

⚠ BREAKING CHANGES

• The modules.namedExport option is true by default if you enable the esModule option

Migration guide:

Before:

import style from "./style.css";
console.log(style.myClass);

After:

import * as style from "./style.css";
console.log(style.myClass);

To restore 6.x behavior, please use:

module.exports = {
</tr></table> 

... (truncated)

Commits

• d5ba44a chore(release): 7.1.2
• 76757ef fix: keep order of @imports with the webpackIgnore comment (#1600)
• 4b41689 ci: use node v22 (#1596)
• 2068222 chore: update dependencies to latest version (#1595)
• e006f66 refactor: use environment to get templateLiteral value (#1591)
• 5c717c9 chore(release): 7.1.1
• d6c31a1 fix: automatically rename class default to _default when named export is ...
• b162e25 chore(release): 7.1.0
• 15f793d docs: update logic (#1587)
• 9c165a4 docs: update migration guide (#1586)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for css-loader since your current version.

Updates @grpc/grpc-js from 1.6.12 to 1.11.1

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.11.1

• Revert a change that used APIs that were not available in early minor versions of Node 14 (#2799 contributed by @​xqin)

@​grpc/grpc-js-xds 1.11.0

• Add xDS Servers (#2783)
  • Note: this is primarily a foundation for future features. It doesn't actually do much right now.
• Add support for dualstack socket support in xDS clients (#2665)

@​grpc/grpc-js 1.11.0

Changelog

• Add Server connection injection API as described in gRFC L114 (#2675)
• Implement support for an alternate DNS resolver that supports custom authorities (#2776 contributed by @​gkampitakis)
• Add a channel option to configure retry attempt limits (#2795)
• Add a getHost method to server call objects (#2783, #2793)
• Fix typos and omissions in service config validation errors (#2782 contributed by @​matthewbinshtok)

Experimental API changes

Added:

• splitHostPort
• HostPort
• createServerCredentialsWithInterceptors

@​grpc/grpc-js 1.10.11

• Fix a bug that caused clients to reconnect unnecessarily while no requests are pending. (#2784)
• Fix a bug that caused clients to fail to re-establish existing connections while waiting for DNS results (#2784)
• Fix a bug that caused servers to sometimes not close idle connections depending on timing (#2790)
• Fix a bug that caused calls to be pending indefinitely while unable to start after a channel is closed (#2791)

@​grpc/grpc-js 1.10.10

• Various improvements to handling of keepalive timers (#2760 by @​davidfiala)
• Fix a bug causing unary response client requests to hang when unexpectedly receiving multiple messages (#2772)
• Fix a bug causing some requests to fail when making requests through a local proxy (#2746 contributed by @​mjameswh, backported in #2777)
• Fix handling of URL-encoded user credentials in proxy configuration (#2761 contributed by @​brendan-myers, backported in #2777)
• Fix missing client-side handling of the grpc.max_send_message_length channel option (#2779)

@​grpc/grpc-js 1.10.9

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

• Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

• Improve reporting of HTTP error codes (#2723)
• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

• Fix a bug that could cause a server to sometimes send the status early (#2708)

... (truncated)

Commits

• 43032b1 Merge pull request #2800 from murgatroid99/grpc-js_1.11.1
• 2ecd53d grpc-js: Bump to 1.11.1
• 4da4fdc Merge pull request #2799 from xqin/master
• 996a637 support node v14 again
• 87ea7ce Merge pull request #2797 from murgatroid99/grpc-js_1.11.0_real
• 2ee8911 grpc-js: Bump packages to 1.11.0, and update documentation
• 7e4c8f0 Merge pull request #2796 from murgatroid99/grpc-js_1.11.0
• bf8e071 grpc-js: Bump packages to 1.11.0, and update documentation
• e13d5e7 Merge pull request #2793 from murgatroid99/grpc-js_server_call_get_host
• d60f516 Merge pull request #2795 from murgatroid99/grpc-js_retry_limit_option
• Additional commits viewable in compare view

Updates @google-cloud/translate from 6.3.1 to 8.3.0

Release notes

Sourced from @​google-cloud/translate's releases.

translate: v8.3.0

8.3.0 (2024-05-21)

Features

• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5351) (01f48fc)
• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5354) (a9784ed)

speech: v6.6.1

6.6.1 (2024-06-21)

Bug Fixes

• Avoid unhandled exception on streamingRecognize (#5465) (30aef59)

speech: v6.6.0

6.6.0 (2024-05-21)

Features

• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5351) (01f48fc)
• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5354) (a9784ed)
• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5355) (19f9d6d)

recommender: v6.4.0

6.4.0 (2024-05-21)

Features

• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5351) (01f48fc)
• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5354) (a9784ed)

Changelog

Sourced from @​google-cloud/translate's changelog.

8.3.0 (2024-05-21)

Features

• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5351) (01f48fc)
• [Many APIs] update Nodejs generator to send API versions in headers for GAPICs (#5354) (a9784ed)

8.2.0 (2024-03-29)

Features

• [Many APIs] add several fields to manage state of database encryption update (#5191) (57567db)

8.1.0 (2024-02-09)

Features

• Trusted Private Cloud support, use the universeDomain parameter (#5028) (852f3eb)

8.0.3 (2024-01-05)

Bug Fixes

• [translate] correct long audio synthesis HTTP binding (#4889) (f7ea397)

8.0.2 (2023-09-06)

Bug Fixes

• [Many APIs] simplify logic for HTTP/1.1 REST fallback option (#4588) (e5ad564)
• deps: Update dependency @​google-cloud/automl to v4 (#4545) (ccf817a)
• deps: Update dependency @​google-cloud/promisify to v4 (#4533) (58950c9)
• deps: Update dependency @​google-cloud/vision to v4 (#4534) (df60e7a)

8.0.1 (2023-08-09)

Bug Fixes

• deps: Update dependency @​google-cloud/promisify to v4 (#4520) (e0e9343)
• deps: Update dependency @​google-cloud/text-to-speech to v5 (#4513) (8bef5cf)
• deps: Update dependency @​google-cloud/vision to v4 (#4521) (30bae66)

8.0.0 (2023-08-06)

... (truncated)

Commits

• 8bef5cf fix(deps): update dependency @​google-cloud/text-to-speech to v5 (#4513)
• 3634589 test: [translate] disable retry-request for streaming tests (#4498)
• See full diff in compare view

Updates protobufjs from 6.11.3 to 7.3.2

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.3.2

7.3.2 (2024-06-12)

Bug Fixes

• docs: Update readme to correct command for creating types (#1939) (0f9d477)
• Also fixes an issue with 7.3.1, where the dist/ folder containing the build artifacts was missing on npm.

protobufjs: v7.3.1

7.3.1 (2024-06-05)

Bug Fixes

• types: reserved field in IType can contain reserved names (#2001) (d1d2c0c)

protobufjs: v7.3.0

7.3.0 (2024-05-10)

Features

• add handling for extension range options (#1990) (2d58011)

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

protobufjs: v7.2.4

7.2.4 (2023-06-23)

Bug Fixes

• do not let setProperty change the prototype (#1899) (e66379f)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.3.2 (2024-06-12)

Bug Fixes

• docs: Update readme to correct command for creating types (#1939) (0f9d477)

7.3.1 (2024-06-05)

Bug Fixes

• types: reserved field in IType can contain reserved names (#2001) (d1d2c0c)

7.3.0 (2024-05-10)

Features

• add handling for extension range options (#1990) (2d58011)

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

7.2.4 (2023-06-23)

Bug Fixes

• do not let setProperty change the prototype (#1899) (e66379f)

7.2.3 (2023-03-27)

Bug Fixes

• type names can be split into multiple tokens (#1877) (8817ee6)

... (truncated)

Commits

• 0a0cdb6 chore: release master (#2005)
• 0f9d477 fix(docs): Update readme to correct command for creating types (#1939)
• a71ef76 chore: release master (#2002)
• d1d2c0c fix(types): reserved field in IType can contain reserved names (#2001)
• 11393ea chore: Renovate README.md (#1995)
• 722b635 chore: release master (#1991)
• 2d58011 feat: add handling for extension range options (#1990)
• 2f846fe chore: release master (#1962)
• af3ff83 fix: report missing import properly in loadSync (#1960)
• 4436cc7 chore: release master (#1925)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates ws from 8.17.0 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• See full diff in compare view

Updates engine.io from 6.5.4 to 6.5.5

Release notes

Sourced from engine.io's releases.

6.5.5

This release contains a bump of the ws dependency, which includes an important security fix.

Advisory: GHSA-3h5v-q93c-6h6q

Bug Fixes

• types: make socket.request writable (#697) (0efa04b)

Links

• Diff: socketio/engine.io@6.5.4...6.5.5
• Client release: -
• ws@~8.17.1 (diff)

Changelog

Sourced from engine.io's changelog.

6.5.5 (2024-06-18)

This release contains a bump of the ws dependency, which includes an important security fix.

Advisory: GHSA-3h5v-q93c-6h6q

Bug Fixes

• types: make socket.request writable (#697) (0efa04b)

Dependencies

• ws@~8.17.1 (diff)

Commits

• 0cb977a chore(release): 6.5.5
• adaa207 chore(deps): bump ws from 8.11.0 to 8.17.1 (#702)
• 0efa04b fix(types): make socket.request writable (#697)
• See full diff in compare view

Updates socket.io-adapter from 2.5.4 to 2.5.5

Changelog

Sourced from socket.io-adapter's changelog.

2.5.5 (2024-06-18)

This release contains a bump of the ws dependency, which includes an important security fix.

Advisory: GHSA-3h5v-q93c-6h6q

Commits

• 05a190a chore(release): 6.5.5
• 93fe190 chore(deps): bump ws from 8.11.0 to 8.17.1 (#93)
• See full diff in compare view

Updates puppeteer from 10.4.0 to 22.13.1

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v22.13.1

22.13.1 (2024-07-17)

Bug Fixes

• include Puppeteer version into utility world name (#12754) (2e86012)
• roll to Chrome 126.0.6478.182 (r1300313) (#12764) (a98ac2e)
• webdriver: add postData,hasPostData,resourceType from cdp-over-bidi (#12739) (dc5379e)
• webdriver: support securityDetails with cdp-over-bidi (#12736) (4308104)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.2.3 to 2.2.4

puppeteer: v22.13.1

22.13.1 (2024-07-17)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 22.13.0 to 22.13.1
    • @​puppeteer/browsers bumped from 2.2.3 to 2.2.4

puppeteer-core: v22.13.0

22.13.0 (2024-07-11)

Features

• webdriver: implement page.setCacheEnabled (#12691) (e44d900)

Bug Fixes

• add an option to not wait for fonts when pdf printing (#12675) (a573dbd)
• add browser entrypoint to package.json of puppeteer-core (#12729) (669c86b)
• cli: puppeteer CLI should read the project configuration (#12730) (bca750a)
• correct validation of the quality parameter in page.screenshot (#12725) (2f8abd7)
• do not allow switching tabs while the screenshot operation is in progress (#12724) (a3345f6)

... (truncated)

Commits

• 551cb3d chore: release main (#12738)
• 1ead703 chore: Update bug.yml (#12763)
• 4e3e437 chore: update TODOs (#12765)
• a98ac2e fix: roll to Chrome 126.0.6478.182 (r1300313) (#12764)
• f8e5297 test: remove test that just spawn the browser (#12761)
• fabdcb3 chore: add iphone 14 and 15 to the known devices (#12760)
• 5fd7cd8 chore: Update test expectation for tests utilizing the unhandledPromptBehavio...
• 9ce6a85 fix: use spawn instead of exec in fileUtil (#12758)
• 2e86012 fix: include Puppeteer version into utility world name (