Bump the npm_and_yarn group across 1 directory with 15 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
axios	0.21.1	0.28.0
element-plus	1.0.2-beta.71	2.1.0
vite	2.6.10	2.9.18
@babel/traverse	7.15.4	7.24.5
decode-uri-component	0.2.0	0.2.2
ejs	3.1.6	3.1.10
json5	1.0.1	1.0.2
loader-utils	1.4.0	1.4.2
minimatch	3.0.4	3.1.2
minimist	1.2.5	1.2.8
protobufjs	7.2.2	7.2.6
semver	6.3.0	6.3.1
terser	4.8.0	4.8.1

Updates axios from 0.21.1 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates element-plus from 1.0.2-beta.71 to 2.1.0

Release notes

Sourced from element-plus's releases.

2.1.0

2022-03-12

Features

• Components [message] support re-render vnode (#6527 by @​sxzz)

Bug fixes

• Ci remove clean script (#6550 by @​JeremyWuuuuu)

• Ci clean up several warning (#6551 by @​HerringtonDarkholme)

• Ci fix cascader ns querySelector class (#6552 by @​HerringtonDarkholme)

• Build move eslint config to internal (#6553 by @​sxzz)

• Ci suppress warning by mark icon as raw (#6555 by @​HerringtonDarkholme)

• Components [upload] photo-wall wrap (#6546 by @​YunYouJun)

Refactors

• Components [link] dynamic css vars & fix inner align (#6557 by @​YunYouJun)

• Components [link] refactor (#6543 by @​sxzz)

2.0.6

2022-03-11

Features

• [el-table] support always show scrollbar & get selection rows (#6469 by @​msidolphin)

• Extract eslint config to separate package (#6495 by @​sxzz)

• Export dayjs instance, closes #6498 (#6517 by @​sxzz)

• Components [select]add collapse-tags-tooltip (#6245 by @​Alanscut)

• Components [select-v2]add collapse-tags-tooltip (#6532 by @​Alanscut)

• Components [cascader]add collapse-tags-tooltip (#6331 by @​Alanscut)

Bug fixes

• Deps update all non-major dependencies (#6448 by @​renovate[bot])

• Components [el-select] optimize prefix size & selected style (#6267 by @​msidolphin)

• Components [el-table] defaultSort not working (#6322 by @​msidolphin)

• [el-table] fixed columns display when horizontal cannot scroll (#6320 by @​msidolphin)

• Components [el-checkbox] modelValue (#6168 by @​gjfei) (#6169)

• Components[select] (#6446 by @​gjfei) (#6474)

• Components [el-collapse] collapse item key pressing jumping (#6462 by @​JeremyWuuuuu)

• Components [message] offset error (#6497 by @​Alanscut)

• Components[select] namespace (#6486 by @​gjfei)

• Components el-select-allow-dynamically-update-options (#6473 by @​gjfei)

• Components [el-tooltip] close the dropdown after set disabled (#6467 by @​Alanscut)

... (truncated)

Changelog

Sourced from element-plus's changelog.

2.1.0

2022-03-12

Features

• Components [message] support re-render vnode (#6527 by @​sxzz)

Bug fixes

• Ci remove clean script (#6550 by @​JeremyWuuuuu)
• Ci clean up several warning (#6551 by @​HerringtonDarkholme)
• Ci fix cascader ns querySelector class (#6552 by @​HerringtonDarkholme)
• Build move eslint config to internal (#6553 by @​sxzz)
• Ci suppress warning by mark icon as raw (#6555 by @​HerringtonDarkholme)
• Components [upload] photo-wall wrap (#6546 by @​YunYouJun)

Refactors

• Components [link] dynamic css vars & fix inner align (#6557 by @​YunYouJun)
• Components [link] refactor (#6543 by @​sxzz)

2.0.6

2022-03-11

Features

• [el-table] support always show scrollbar & get selection rows (#6469 by @​msidolphin)
• Extract eslint config to separate package (#6495 by @​sxzz)
• Export dayjs instance, closes #6498 (#6517 by @​sxzz)
• Components [select]add collapse-tags-tooltip (#6245 by @​Alanscut)
• Components [select-v2]add collapse-tags-tooltip (#6532 by @​Alanscut)
• Components [cascader]add collapse-tags-tooltip (#6331 by @​Alanscut)

Bug fixes

• Deps update all non-major dependencies (#6448 by @​renovate[bot])
• Components [el-select] optimize prefix size & selected style (#6267 by @​msidolphin)
• Components [el-table] defaultSort not working (#6322 by @​msidolphin)
• [el-table] fixed columns display when horizontal cannot scroll (#6320 by @​msidolphin)
• Components [el-checkbox] modelValue (#6168 by @​gjfei) (#6169)
• Components[select] (#6446 by @​gjfei) (#6474)
• Components [el-collapse] collapse item key pressing jumping (#6462 by @​JeremyWuuuuu)
• Components [message] offset error (#6497 by @​Alanscut)
• Components[select] namespace (#6486 by @​gjfei)
• Components el-select-allow-dynamically-update-options (#6473 by @​gjfei)
• Components [el-tooltip] close the dropdown after set disabled (#6467 by @​Alanscut)
• Docs improve component typings (#6524 by @​sxzz)

... (truncated)

Commits

• d6690f8 Merge pull request #6560 from element-plus/dev
• 45d915f chore: Update changelog 2.1.0 (#6561)
• 58897ec ci(build): add threshold to build product workflow (#6564)
• e98d129 refactor(components): [link] refactor (#6543)
• 9172120 test(ci): add build product checking for prs (#6558)
• 2db400c refactor(components): [link] dynamic css vars & fix inner align (#6557)
• 93ee392 fix(components): [upload] photo-wall wrap (#6546)
• 14353db fix(ci): suppress warning by mark icon as raw (#6555)
• 88b574e fix(build): move eslint config to internal (#6553)
• e10a1e4 fix(ci): fix cascader ns querySelector class (#6552)
• Additional commits viewable in compare view

Updates vite from 2.6.10 to 2.9.18

Changelog

Sourced from vite's changelog.

2.9.18 (2024-03-24)

• fix: port #15653 to v2 (#15657) (1f855dc), closes #15653 #15657
• fix: port #16250 to v2 (#16254) (011bbca), closes #16250 #16254
• release: v2.9.17 (bfc5649)

2.9.17 (2024-01-19)

• fix: port #15653 to v2 (#15657) (1f855dc), closes #15653 #15657

2.9.16 (2023-05-26)

• fix: port #13348 to v2, fs.deny with leading double slash (#13350) (7d8100a), closes #13348 #13350

2.9.15 (2022-08-12)

• fix: backport make resolveConfig() concurrent safe (#9224) (#9229) (7f01a00), closes #9224 #9229
• fix: fs serve only edit pathname (fixes #9148) (#9654) (521bb39), closes #9148 #9654
• fix(ssr-manifest): check name before saving to ssrManifest (#9595) (e361a80), closes #9595
• chore: narrow down rollup version (#9651) (ed8d6a7), closes #9651

2.9.14 (2022-07-08)

• fix: backport #8979, re-encode url to prevent fs.allow bypass (fixes #8498) (#8990) (adb61c5), closes #8498 #8990
• fix: reverts #8471 (da77dee), closes #8471
• fix(css): backport #7746 (d4d89b9), closes #7746
• fix(css): backport #8936 (#8977) (84ec02a), closes #8936 #8977

2.9.13 (2022-06-27)

• fix: backport #8804, /@fs/ dir traversal with escaped chars (fixes #8498) (#8805) (e109d64), closes #8498 #8805
• fix(wasm): support decoding data URL in Node < v16 (#8668) (1afc1c2), closes #8668

2.9.12 (2022-06-10)

• fix: backport outdated optimized dep removed from module graph (#8534) (c0d6c60), closes #8534

... (truncated)

Commits

• 5936352 release: v2.9.18
• 011bbca fix: port #16250 to v2 (#16254)
• bfc5649 release: v2.9.17
• 1f855dc fix: port #15653 to v2 (#15657)
• ea814d7 release: v2.9.16
• 7d8100a fix: port #13348 to v2, fs.deny with leading double slash (#13350)
• 3a5543d release: v2.9.15
• 521bb39 fix: fs serve only edit pathname (fixes #9148) (#9654)
• ed8d6a7 chore: narrow down rollup version (#9651)
• e361a80 fix(ssr-manifest): check name before saving to ssrManifest (#9595)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vitebot, a new releaser for vite since your current version.

Updates @babel/traverse from 7.15.4 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Rom Grk (@​romgrk)
• @​liuxingbaoyu
• ynnsuis (@​sossost)

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

v7.24.4 (2024-04-03)

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

🐛 Bug Fix

• babel-generator
  • #16402 fix: Correctly prints { [key in Bar]? } (@​liuxingbaoyu)
  • #16394 fix: Correctly generate TSMappedType (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • #16390 Create bugfix plugin for classes in computed keys in Firefox (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16387 fix: support mutated outer decorated class binding (@​JLHwung)
  • #16385 fix: Decorators when super() exists and protoInit is not needed (@​liuxingbaoyu)
• babel-plugin-transform-block-scoping
  • #16384 fix: Transform scoping for for X in loop (@​liuxingbaoyu)
  • #16368 fix: Capture let when the for body is not a block (@​liuxingbaoyu)
• babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits

• ddbea7d v7.24.5
• e779cad fix: TypeScript annotation affects output (#16377)
• ee48754 Use multiple TypeScript projects (#16430)
• 4d8b2d0 Make NodePath\<T | U> distributive (#16439)
• a84ec28 Enable eqeqeq rule (#16404)
• 822b025 v7.24.1
• fc0d5ad Update typescript and lint tools (#16351)
• 69e7928 Consider well-known and registered symbols as literals (#16342)
• 40110e9 Update source map deps (#16327)
• ce59160 v7.24.0
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates ejs from 3.1.6 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates follow-redirects from 1.14.0 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, Description has been truncated

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml