Build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: vite, ip, jose and qs.

Updates vite from 4.5.2 to 5.0.12

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.0.12 (2024-01-19)

• fix: await configResolved hooks of worker plugins (#15597) (#15605) (ef89f80), closes #15597 #15605
• fix: fs deny for case insensitive systems (#15653) (91641c4), closes #15653

5.0.11 (2024-01-05)

• fix: don't pretransform classic script links (#15361) (19e3c9a), closes #15361
• fix: inject __vite__mapDeps code before sourcemap file comment (#15483) (d2aa096), closes #15483
• fix(assets): avoid splitting , inside base64 value of srcset attribute (#15422) (8de7bd2), closes #15422
• fix(html): handle offset magic-string slice error (#15435) (5ea9edb), closes #15435
• chore(deps): update dependency strip-literal to v2 (#15475) (49d21fe), closes #15475
• chore(deps): update tj-actions/changed-files action to v41 (#15476) (2a540ee), closes #15476

5.0.10 (2023-12-15)

• fix: omit protocol does not require pre-transform (#15355) (d9ae1b2), closes #15355
• fix(build): use base64 for inline SVG if it contains both single and double quotes (#15271) (1bbff16), closes #15271

5.0.9 (2023-12-14)

• fix: htmlFallbackMiddleware for favicon (#15301) (c902545), closes #15301
• fix: more stable hash calculation for depsOptimize (#15337) (2b39fe6), closes #15337
• fix(scanner): catch all external files for glob imports (#15286) (129d0d0), closes #15286
• fix(server): avoid chokidar throttling on startup (#15347) (56a5740), closes #15347
• fix(worker): replace import.meta correctly for IIFE worker (#15321) (08d093c), closes #15321
• feat: log re-optimization reasons (#15339) (b1a6c84), closes #15339
• chore: temporary typo (#15329) (7b71854), closes #15329
• perf: avoid computing paths on each request (#15318) (0506812), closes #15318
• perf: temporary hack to avoid fs checks for /@​react-refresh (#15299) (b1d6211), closes #15299

5.0.8 (2023-12-12)

• perf: cached fs utils (#15279) (c9b61c4), closes #15279
• fix: missing warmupRequest in transformIndexHtml (#15303) (103820f), closes #15303
• fix: public files map will be updated on add/unlink in windows (#15317) (921ca41), closes #15317
• fix(build): decode urls in CSS files (fix #15109) (#15246) (ea6a7a6), closes #15109 #15246
• fix(deps): update all non-major dependencies (#15304) (bb07f60), closes #15304
• fix(ssr): check esm file with normal file path (#15307) (1597170), closes #15307

... (truncated)

Commits

• ee81e19 release: v5.0.12
• 91641c4 fix: fs deny for case insensitive systems (#15653)
• ef89f80 fix: await configResolved hooks of worker plugins (#15597) (#15605)
• b44c493 release: v5.0.11
• d2aa096 fix: inject __vite__mapDeps code before sourcemap file comment (#15483)
• 2a540ee chore(deps): update tj-actions/changed-files action to v41 (#15476)
• 5ea9edb fix(html): handle offset magic-string slice error (#15435)
• 49d21fe chore(deps): update dependency strip-literal to v2 (#15475)
• 8de7bd2 fix(assets): avoid splitting , inside base64 value of srcset attribute (#...
• 19e3c9a fix: don't pretransform classic script links (#15361)
• Additional commits viewable in compare view

Updates ip from 2.0.0 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates jose from 4.14.4 to 4.15.5

Release notes

Sourced from jose's releases.

v4.15.5

Fixes

• add a maxOutputLength option to zlib inflate (1b91d88), fixes CVE-2024-28176

v4.15.4

Fixes

• types: export GetKeyFunction (#592) (936c9df), closes #591

v4.15.3

This release contains only Node.js CITGM related test updates.

Fixes nodejs/citgm#1011

v4.15.2

Fixes

• build: add a node target for jose-browser-runtime releases (abb63d0)

v4.15.1

Fixes

• resolve missing types for the cryptoRuntime const (1627965)

v4.15.0

Features

• export the used crypto runtime as a constant (0681dda)

v4.14.6

Fixes

• build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

v4.14.5

Refactor

• catch type error when decoding base64url signature (#569) (935e920)
• catch type errors when decoding various base64url strings (9024e87)

Changelog

Sourced from jose's changelog.

4.15.5 (2024-03-07)

Fixes

• add a maxOutputLength option to zlib inflate (1b91d88)

4.15.4 (2023-10-14)

Fixes

• types: export GetKeyFunction (#592) (936c9df), closes #591

4.15.3 (2023-10-11)

4.15.2 (2023-10-04)

Fixes

• build: add a node target for jose-browser-runtime releases (abb63d0)

4.15.1 (2023-10-02)

Fixes

• resolve missing types for the cryptoRuntime const (1627965)

4.15.0 (2023-10-02)

Features

• export the used crypto runtime as a constant (0681dda)

4.14.6 (2023-09-04)

Fixes

• build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

4.14.5 (2023-09-02)

Refactor

• catch type error when decoding base64url signature (#569) (935e920)

... (truncated)

Commits

• 765aafd chore(release): 4.15.5
• b36e45e test: add export check to x509 pem import tests
• e839ecb test: stop testing JWE RSA1_5 Algorithm
• 1b91d88 fix: add a maxOutputLength option to zlib inflate
• 9ca2b24 build: remove release action
• f3035d8 chore: cleanup after release
• f0bb220 chore(release): 4.15.4
• 6f38554 chore: bump dev deps
• 936c9df fix(types): export GetKeyFunction (#592)
• 5ac6619 chore: bump dev deps
• Additional commits viewable in compare view

Updates qs from 6.10.1 to 6.10.5

Changelog

Sourced from qs's changelog.

6.10.5

• [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

• [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
• [meta] use npmignore to autogenerate an npmignore file
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

• [Fix] stringify: actually fix cyclic references (#426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

Commits

• 95bc018 v6.10.5
• 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
• ba9703c v6.10.4
• 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
• 113b990 [Dev Deps] update object-inspect
• c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
• 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
• 542a5c7 Merge changelogs from v6.10.3, v6.9.7, v6.8.3, v6.7.3, v6.6.1, v6.5.3, v6.4.1...
• f92ddb5 v6.10.3
• 90d9f2b v6.2.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #1009.