build(deps): bump the npm_and_yarn group across 1 directories with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /. directory:

Package	From	To
vite	4.5.2	5.0.12
ip	2.0.0	2.0.1
pac-resolver	7.0.0	7.0.1
sharp	0.31.3	0.33.2
vite-imagetools	4.0.19	6.2.9
undici	5.28.2	5.28.3

Updates vite from 4.5.2 to 5.0.12

Release notes

Sourced from vite's releases.

create-vite@5.0.0

Please refer to CHANGELOG.md for details.

create-vite@5.0.0-beta.1

Please refer to CHANGELOG.md for details.

create-vite@5.0.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.0.12 (2024-01-19)

• fix: await configResolved hooks of worker plugins (#15597) (#15605) (ef89f80), closes #15597 #15605
• fix: fs deny for case insensitive systems (#15653) (91641c4), closes #15653

5.0.11 (2024-01-05)

• fix: don't pretransform classic script links (#15361) (19e3c9a), closes #15361
• fix: inject __vite__mapDeps code before sourcemap file comment (#15483) (d2aa096), closes #15483
• fix(assets): avoid splitting , inside base64 value of srcset attribute (#15422) (8de7bd2), closes #15422
• fix(html): handle offset magic-string slice error (#15435) (5ea9edb), closes #15435
• chore(deps): update dependency strip-literal to v2 (#15475) (49d21fe), closes #15475
• chore(deps): update tj-actions/changed-files action to v41 (#15476) (2a540ee), closes #15476

5.0.10 (2023-12-15)

• fix: omit protocol does not require pre-transform (#15355) (d9ae1b2), closes #15355
• fix(build): use base64 for inline SVG if it contains both single and double quotes (#15271) (1bbff16), closes #15271

5.0.9 (2023-12-14)

• fix: htmlFallbackMiddleware for favicon (#15301) (c902545), closes #15301
• fix: more stable hash calculation for depsOptimize (#15337) (2b39fe6), closes #15337
• fix(scanner): catch all external files for glob imports (#15286) (129d0d0), closes #15286
• fix(server): avoid chokidar throttling on startup (#15347) (56a5740), closes #15347
• fix(worker): replace import.meta correctly for IIFE worker (#15321) (08d093c), closes #15321
• feat: log re-optimization reasons (#15339) (b1a6c84), closes #15339
• chore: temporary typo (#15329) (7b71854), closes #15329
• perf: avoid computing paths on each request (#15318) (0506812), closes #15318
• perf: temporary hack to avoid fs checks for /@​react-refresh (#15299) (b1d6211), closes #15299

5.0.8 (2023-12-12)

• perf: cached fs utils (#15279) (c9b61c4), closes #15279
• fix: missing warmupRequest in transformIndexHtml (#15303) (103820f), closes #15303
• fix: public files map will be updated on add/unlink in windows (#15317) (921ca41), closes #15317
• fix(build): decode urls in CSS files (fix #15109) (#15246) (ea6a7a6), closes #15109 #15246
• fix(deps): update all non-major dependencies (#15304) (bb07f60), closes #15304
• fix(ssr): check esm file with normal file path (#15307) (1597170), closes #15307

... (truncated)

Commits

• ee81e19 release: v5.0.12
• 91641c4 fix: fs deny for case insensitive systems (#15653)
• ef89f80 fix: await configResolved hooks of worker plugins (#15597) (#15605)
• b44c493 release: v5.0.11
• d2aa096 fix: inject __vite__mapDeps code before sourcemap file comment (#15483)
• 2a540ee chore(deps): update tj-actions/changed-files action to v41 (#15476)
• 5ea9edb fix(html): handle offset magic-string slice error (#15435)
• 49d21fe chore(deps): update dependency strip-literal to v2 (#15475)
• 8de7bd2 fix(assets): avoid splitting , inside base64 value of srcset attribute (#...
• 19e3c9a fix: don't pretransform classic script links (#15361)
• Additional commits viewable in compare view

Updates ip from 2.0.0 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates pac-resolver from 7.0.0 to 7.0.1

Release notes

Sourced from pac-resolver's releases.

pac-resolver@7.0.1

Patch Changes

• a954da3: fix GHSA-78xj-cgh5-2h22 vulnerability

Changelog

Sourced from pac-resolver's changelog.

7.0.1

Patch Changes

• a954da3: fix GHSA-78xj-cgh5-2h22 vulnerability

Commits

• d4d3cd0 Version Packages (#271)
• a954da3 [pac-resolver] Remove ip dependency (#281)
• aaebfa4 Prettier
• 5923589 Moved licenses to separate files (#251)
• See full diff in compare view

Updates sharp from 0.31.3 to 0.33.2

Changelog

Sourced from sharp's changelog.

v0.33.2 - 12th January 2024

• Upgrade to libvips v8.15.1 for upstream bug fixes.

• TypeScript: add definition for keepMetadata. #3914 @​abhi0498

• Ensure extend operation stays sequential when copying (regression in 0.32.0). #3928

• Improve error handling for unsupported multi-page rotation. #3940

v0.33.1 - 17th December 2023

• Add support for Yarn Plug'n'Play filesystem layout. #3888

• Emit warning when attempting to use invalid ICC profiles. #3895

• Ensure VIPS_NOVECTOR environment variable is respected. #3897 @​icetee

v0.33.0 - 29th November 2023

• Drop support for Node.js 14 and 16, now requires Node.js ^18.17.0 or >= 20.3.0

• Prebuilt binaries distributed via npm registry and installed via package manager.

• Building from source requires dependency on node-addon-api.

• Remove sharp.vendor.

• Partially deprecate withMetadata(), use withExif() and withIccProfile().

• Add experimental support for WebAssembly-based runtimes. @​RReverser

• Options for trim operation must be an Object, add new lineArt option. #2363

• Improve luminance of tint operation with weighting function. #3338 @​jcupitt

• Ensure all Error objects contain a stack property. #3653

... (truncated)

Commits

• bcb22af Release v0.33.2
• d04dc62 Prerelease v0.33.2-rc.1
• c30d355 CI: Fix npm smoke test expectation
• 49cb148 Prerelease v0.33.2-rc.0
• 3bc31a8 CI: Verify emscripten versions match
• c28523e CI: Update Emscripten Docker image to 3.1.51 (#3907)
• 278f393 Upgrade to libvips v8.15.1
• cbf68c1 Improve error for unsupported multi-page rotation #3940
• 45e8071 Add runtime check for outdated Node.js version
• b96389d Docs: refresh index
• Additional commits viewable in compare view

Updates vite-imagetools from 4.0.19 to 6.2.9

Commits

• See full diff in compare view

Updates undici from 5.28.2 to 5.28.3

Release notes

Sourced from undici's releases.

v5.28.3

⚠️ Security Release ⚠️

Fixes:

• CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

Commits

• e71cb4c Bumped v5.28.3
• 20c65b8 Fix tests for Node.js v20.11.0 (#2618)
• 8ec52cd Fix tests for Node.js v21 (#2609)
• d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.