build(deps): bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: happy-dom, vite, cross-spawn and rollup.

Updates happy-dom from 15.7.0 to 15.10.2

Release notes

Sourced from happy-dom's releases.

v15.10.2

👷‍♂️ Patch fixes

• Fixes a security vulnerability that allowed for server side code to be executed by a <script> tag - By @​capricorn86 in task #1585
  • There was a case that was missed with the first patch

v15.10.1

👷‍♂️ Patch fixes

• Fixes a security vulnerability that allowed for server side code to be executed by a <script> tag - By @​capricorn86 in task #1585

v15.10.0

🎨 Features

• Adds a new setting called disableSameOriginPolicy that makes it possible to bypass the same-origin policy in fetch requests - By @​OlaviSau in task #1553

v15.9.0

🎨 Features

• Adds support for "aspect-ratio" to CSSStyleDeclaration - By @​yinm in task #1147

v15.8.5

👷‍♂️ Patch fixes

• Fixes bug where Node.getRootNode() returned null when it was within a ShadowRoot that previously been disconnected from the Document - By @​capricorn86 in task #1581

v15.8.4

👷‍♂️ Patch fixes

• Fixes bug where child nodes of HTMLSelectElement and HTMLFormElement had the wrong reference to the parent - By @​capricorn86 in task #1578

v15.8.3

👷‍♂️ Patch fixes

• Toggle "open" attribute on HTMLDetailsElement when dispatching a click event on a summary element which is a child of the details element - By @​mikedidomizio in task #1534

v15.8.2

👷‍♂️ Patch fixes

• Use globalThis instead of global to make Happy DOM work in other runtimes such as Cloudflare workers - By @​mattallty in task #1546

v15.8.1

👷‍♂️ Patch fixes

• Always return Promise<Blob> from ClipboardItem.getType() - By @​ezzatron in task #1538

v15.8.0

👷‍♂️ Patch fixes

• Adds support for using non-ASCII characters in custom elements when parsing HTML - By @​capricorn86 in task #1079
• Fixes an issue where getHTML() and getInnerHTML() would return the slotted content of a shadow root before the template, but the template should be the first child - By @​capricorn86 in task #1079
• Fixes a bug where SVG elements would not be found by getElementsByTagName() - By @​capricorn86 in task #1079
• Improves performance when creating elements (e.g. during parsing of HTML) - By @​capricorn86 in task #1550
  • Binding all methods to the target scope in Proxies caused a performance hit, so this is now done when calling a method the first time

🎨 Features

• Adds support for all remaining SVG elements: SVGAnimateElement, SVGAnimateMotionElement, SVGAnimateTransformElement, SVGCircleElement, SVGClipPathElement, SVGDefsElement, SVGDescElement, SVGEllipseElement, SVGFEBlendElement, SVGFEColorMatrixElement, SVGFEComponentTransferElement, SVGFECompositeElement, SVGFEConvolveMatrixElement, SVGFEDiffuseLightingElement, SVGFEDisplacementMapElement, SVGFEDistantLightElement, SVGFEDropShadowElement, SVGFEFloodElement, SVGFEFuncAElement, SVGFEFuncBElement, SVGFEFuncGElement, SVGFEFuncRElement, SVGFEGaussianBlurElement, SVGFEImageElement, SVGFEMergeElement, SVGFEMergeNodeElement, SVGFEMorphologyElement, SVGFEOffsetElement, SVGFEPointLightElement, SVGFESpecularLightingElement, SVGFESpotLightElement, SVGFETileElement, SVGFETurbulenceElement, SVGFilterElement, SVGForeignObjectElement, SVGGElement, SVGImageElement, SVGLineElement, SVGLinearGradientElement, SVGMarkerElement, SVGMaskElement, SVGMetadataElement, SVGMPathElement, SVGPathElement, SVGPatternElement, SVGPolygonElement, SVGPolylineElement, SVGRadialGradientElement, SVGRectElement, SVGScriptElement, SVGSetElement, SVGStopElement, SVGStyleElement, SVGSwitchElement, SVGSymbolElement, SVGTextElement, SVGTextPathElement, SVGTitleElement, SVGTSpanElement, SVGUseElement and SVGViewElement - By @​capricorn86 in task #1079
• Adds support for DOMMatrix, DOMMatrixReadOnly, DOMPoint and DOMPointReadOnly - By @​capricorn86 in task #1079

... (truncated)

Commits

• d23834c fix: #1585 Fixes a security vulnerability that allowed for server side code...
• 5ee0b16 fix: #1585 Fixes security vulnerability that allowed for server side code t...
• a20dba9 chore: #1542 Adds SECURITY.md file (#1584)
• 1625d40 feat: #1553 Adds setting disableSameOriginPolicy, to make it possible to by...
• a78cd8f feat: #1147 Adds support for aspect-ratio to CSSStyleDeclaration (#1537)
• e6f8b13 fix: #1581 Fixes bug where Node.getRootNode() returned null when it was wi...
• 38ab960 fix: #1578 Fixes bug where child nodes of HTMLSelectElement and HTMLFormEle...
• 8f74989 fix: #1534 Toggle open attribute on HTMLDetailsElement when dispatching a c...
• 7f57469 fix: #1546 Use globalThis instead of global to make Happy DOM work in o...
• 759b4fb fix: #1538 Always return Promise<Blob> from ClipboardItem.getType() (#1539)
• Additional commits viewable in compare view

Updates vite from 5.4.2 to 5.4.6

Release notes

Sourced from vite's releases.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.6 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (179b177), closes #18115
• fix: fs raw query (#18112) (6820bb3), closes #18112

5.4.5 (2024-09-13)

• fix(preload): backport #18098, throw error preloading module as well (#18099) (faa2405), closes #18098 #18099

5.4.4 (2024-09-11)

• fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorrect 304 (#18078) (74a79c5), closes #17997 #18078
• fix: backport #18063, allow scanning exports from script module in svelte (#18077) (d90ba40), closes #18063 #18077
• fix(preload): backport #18046, allow ignoring dep errors (#18076) (8760293), closes #18046 #18076

5.4.3 (2024-09-03)

• fix: allow getting URL of JS files in publicDir (#17915) (943ece1), closes #17915
• fix: cjs warning respect the logLevel flag (#17993) (dc3c14f), closes #17993
• fix: improve CJS warning trace information (#17926) (5c5f82c), closes #17926
• fix: only remove entry assets handled by Vite core (#17916) (ebfaa7e), closes #17916
• fix: waitForRequestIdle locked (#17982) (ad13760), closes #17982
• fix(css): fix directory index import in sass modern api (#17960) (9b001ba), closes #17960
• fix(css): fix sass file:// reference (#17909) (561b940), closes #17909
• fix(css): fix sass modern source map (#17938) (d428e7e), closes #17938
• fix(deps): bump tsconfck (#17990) (8c661b2), closes #17990
• fix(html): rewrite assets url in <template> (#17988) (413c86a), closes #17988
• fix(preload): add crossorigin attribute in CSS link tags (#17930) (15871c7), closes #17930
• chore: reduce diffs with v6 branch (#17942) (bf9065a), closes #17942
• chore(deps): update all non-major dependencies (#17945) (cfb621e), closes #17945
• chore(deps): update all non-major dependencies (#17991) (0ca53cf), closes #17991

Commits

• f969176 release: v5.4.6
• 179b177 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 6820bb3 fix: fs raw query (#18112)
• 37881e7 release: v5.4.5
• faa2405 fix(preload): backport #18098, throw error preloading module as well (#18099)
• 54c55db release: v5.4.4
• 74a79c5 fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorr...
• d90ba40 fix: backport #18063, allow scanning exports from script module in svelte (...
• 8760293 fix(preload): backport #18046, allow ignoring dep errors (#18076)
• ccbfc1a release: v5.4.3
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• See full diff in compare view

Updates rollup from 4.21.2 to 4.30.1

Release notes

Sourced from rollup's releases.

v4.30.1

4.30.1

2025-01-07

Bug Fixes

• Prevent invalid code when simplifying unary expressions in switch cases (#5786)

Pull Requests

• #5786: fix: consider that literals cannot following switch case. (@​TrickyPi)

v4.30.0

4.30.0

2025-01-06

Features

• Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

• #5775: feat: enhance the treehshaking for unary expression (@​TrickyPi)
• #5783: Improve CI caching for node_modules (@​lukastaegert)

v4.29.2

4.29.2

2025-01-05

Bug Fixes

• Keep import attributes when using dynamic ESM import() expressions from CommonJS (#5781)

Pull Requests

• #5772: Improve caching on CI (@​lukastaegert)
• #5773: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5780: feat: use picocolors instead of colorette (@​re-taro)
• #5781: fix: keep import attributes for cjs format (@​TrickyPi)

v4.29.1

4.29.1

2024-12-21

Bug Fixes

... (truncated)

Changelog

Sourced from rollup's changelog.

4.30.1

2025-01-07

Bug Fixes

• Prevent invalid code when simplifying unary expressions in switch cases (#5786)

Pull Requests

• #5786: fix: consider that literals cannot following switch case. (@​TrickyPi)

4.30.0

2025-01-06

Features

• Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

• #5775: feat: enhance the treehshaking for unary expression (@​TrickyPi)
• #5783: Improve CI caching for node_modules (@​lukastaegert)

4.29.2

2025-01-05

Bug Fixes

• Keep import attributes when using dynamic ESM import() expressions from CommonJS (#5781)

Pull Requests

• #5772: Improve caching on CI (@​lukastaegert)
• #5773: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5780: feat: use picocolors instead of colorette (@​re-taro)
• #5781: fix: keep import attributes for cjs format (@​TrickyPi)

4.29.1

2024-12-21

Bug Fixes

• Fix crash from deoptimized logical expressions (#5771)

Pull Requests

... (truncated)

Commits

• 9491708 4.30.1
• 39b6a17 fix: consider that literals cannot following switch case. (#5786)
• 958d5eb 4.30.0
• d3e2bf7 feat: enhance the treehshaking for unary expression (#5775)
• 27216d8 Improve CI caching for node_modules (#5783)
• f5c349e 4.29.2
• 37c5166 feat: use picocolors instead of colorette (#5780)
• 0c70b6b fix: keep import attributes for cjs format (#5781)
• 15f72a8 Align CI Node versions
• 6b2c841 fix(deps): lock file maintenance minor/patch updates (#5773)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

None of your dependencies match this group anymore, you may need to update your configuration file to remove it or change its rules.