build(deps): bump the npm_and_yarn group across 1 directory with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the / directory: astro, cross-spawn and prismjs.

Updates astro from 4.5.10 to 4.16.18

Changelog

Sourced from astro's changelog.

4.16.18

Patch Changes

• #12757 d0aaac3 Thanks @​matthewp! - Remove all assets created from the server build

• #12757 d0aaac3 Thanks @​matthewp! - Clean server sourcemaps from static output

4.16.17

Patch Changes

• #12632 e7d14c3 Thanks @​ematipico! - Fixes an issue where the checkOrigin feature wasn't correctly checking the content-type header

4.16.16

Patch Changes

• #12542 65e50eb Thanks @​kadykov! - Fix JPEG image size determination

• #12525 cf0d8b0 Thanks @​ematipico! - Fixes an issue where with i18n enabled, Astro couldn't render the 404.astro component for non-existent routes.

4.16.15

Patch Changes

• #12498 b140a3f Thanks @​ematipico! - Fixes a regression where Astro was trying to access Request.headers

4.16.14

Patch Changes

• #12480 c3b7e7c Thanks @​matthewp! - Removes the default throw behavior in astro:env

• #12444 28dd3ce Thanks @​ematipico! - Fixes an issue where a server island hydration script might fail case the island ID misses from the DOM.

• #12476 80a9a52 Thanks @​florian-lefebvre! - Fixes a case where the Content Layer glob() loader would not update when renaming or deleting an entry

• #12418 25baa4e Thanks @​oliverlynch! - Fix cached image redownloading if it is the first asset

• #12477 46f6b38 Thanks @​ematipico! - Fixes an issue where the SSR build was emitting the dist/server/entry.mjs file with an incorrect import at the top of the file/

• #12365 a23985b Thanks @​apatel369! - Fixes an issue where Astro.currentLocale was not correctly returning the locale for 404 and 500 pages.

4.16.13

Patch Changes

• #12436 453ec6b Thanks @​martrapp! - Fixes a potential null access in the clientside router

... (truncated)

Commits

• 84190aa [ci] release (#12774)
• d0aaac3 Prevent server sourcemaps from being part of client output (#12757)
• ba4aac1 [ci] release (#12648)
• e7d14c3 fix: checkOrigin headers check (#12632)
• 6eac6ba [ci] release (#12536)
• 65e50eb Fix JPEG image size determination (#12542)
• 6fc29e3 fix(deps): update all non-major dependencies (#12410)
• cf0d8b0 fix(i18n): render 404.astro when i18n is enabled (#12525)
• 36d8d92 [ci] release (#12501)
• b140a3f fix(routing): don't access Request headers (#12498)
• Additional commits viewable in compare view

Updates cookie from 0.6.0 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

• Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

• d19eaa1 0.7.2
• bc38ffd Fix object assignment of hasOwnProperty (#177)
• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates dset from 3.1.3 to 3.1.4

Commits

• 05b1ec0 3.1.4
• 16d6154 fix: prevent proto assignment via implicit string
• See full diff in compare view

Updates esbuild from 0.19.9 to 0.21.5

Release notes

Sourced from esbuild's releases.

v0.21.5

• Fix Symbol.metadata on classes without a class decorator (#3781)

  This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

• Allow unknown import attributes to be used with the copy loader (#3792)

  Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

  // This is an error with "--bundle" without also using "--external:./bagel.js"
  import tasty from "./bagel.js" with { type: "bagel" }

  Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

  However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

  // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
  import tasty from "./tasty.bagel" with { type: "bagel" }

• Support import attributes with glob-style imports (#3797)

  This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

  async function loadLocale(locale: string): Locale {
    const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
    return unpackLocale(locale, data)
  }

  Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

  ✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data
  example.ts:2:28:
    2 │   const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
      ╵                             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  

  In addition, this change means plugins can now access the contents of with for glob-style imports.

• Support ${configDir} in tsconfig.json files (#3782)

  This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• fc37c2f publish 0.21.5 to npm
• cb11924 fix Symbol.metadata errors in decorator tests
• b93a2a9 fix #3781: add metadata to all decorated classes
• 953dae9 fix #3797: import attributes and glob-style import
• 98cb2ed fix #3782: support ${configDir} in tsconfig.json
• 8e6603b run make update-compat-table
• db1b8ca fix #3792: import attributes and the copy loader
• de572d0 fix non-deterministic import attribute plugin test
• ae8d1b4 fix #3794: --supported:object-accessors=false
• 67cbf87 publish 0.21.4 to npm
• Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.9

Release notes

Sourced from nanoid's releases.

3.3.9

• Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.9

• Reduced npm package size.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• adf9b0c Release 3.3.9 version
• 1c6f088 Remove dev file from npm package
• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• See full diff in compare view

Updates prismjs from 1.29.0 to 1.30.0

Release notes

Sourced from prismjs's releases.

v1.30.0

What's Changed

• check that currentScript is set by a script tag by @​lkuechler in PrismJS/prism#3863

New Contributors

• @​lkuechler made their first contribution in PrismJS/prism#3863

Full Changelog: PrismJS/prism@v1.29.0...v1.30.0

Changelog

Sourced from prismjs's changelog.

Prism Changelog

Commits

• 76dde18 Release 1.30.0
• 93cca40 npm pkg fix
• 99c5ca9 Add release script
• 8e8b935 check that currentScript is set by a script tag (#3863)
• f894dc2 Fix logo in the footer
• ac38dce Delete CNAME
• 9b5b09a Enable CORS
• See full diff in compare view

Maintainer changes

This version was pushed to npm by dmitrysharabin, a new releaser for prismjs since your current version.

Updates rollup from 4.14.0 to 4.35.0

Release notes

Sourced from rollup's releases.

v4.35.0

4.35.0

2025-03-08

Features

• Pass build errors to the closeBundle hook (#5867)

Pull Requests

• #5852: chore(deps): update dependency eslint-plugin-unicorn to v57 (@​renovate[bot], @​lukastaegert)
• #5862: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5867: feat(5858): make closeBundle hook receive the last error (@​GauBen)
• #5872: chore(deps): update dependency builtin-modules to v5 (@​renovate[bot])
• #5873: chore(deps): update uraimo/run-on-arch-action action to v3 (@​renovate[bot])
• #5874: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.34.9

4.34.9

2025-03-01

Bug Fixes

• Support JSX modes in WASM (#5866)
• Allow the CustomPluginOptions to be extended (#5850)

Pull Requests

• #5850: Revert CustomPluginOptions to be an interface (@​sapphi-red, @​lukastaegert)
• #5851: Javascript to JavaScript (@​dasa, @​lukastaegert)
• #5853: chore(deps): update dependency pinia to v3 (@​renovate[bot])
• #5854: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5855: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #5860: chore(deps): update dependency @​shikijs/vitepress-twoslash to v3 (@​renovate[bot])
• #5861: chore(deps): update dependency globals to v16 (@​renovate[bot])
• #5863: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5864: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5866: Add jsx parameter to parseAsync in native.wasm.js (@​TrickyPi)

v4.34.8

4.34.8

2025-02-17

Bug Fixes

• Do not make assumptions about the value of nested paths in logical expressions if the expression cannot be simplified (#5846)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.35.0

2025-03-08

Features

• Pass build errors to the closeBundle hook (#5867)

Pull Requests

• #5852: chore(deps): update dependency eslint-plugin-unicorn to v57 (@​renovate[bot], @​lukastaegert)
• #5862: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5867: feat(5858): make closeBundle hook receive the last error (@​GauBen)
• #5872: chore(deps): update dependency builtin-modules to v5 (@​renovate[bot])
• #5873: chore(deps): update uraimo/run-on-arch-action action to v3 (@​renovate[bot])
• #5874: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.34.9

2025-03-01

Bug Fixes

• Support JSX modes in WASM (#5866)
• Allow the CustomPluginOptions to be extended (#5850)

Pull Requests

• #5850: Revert CustomPluginOptions to be an interface (@​sapphi-red, @​lukastaegert)
• #5851: Javascript to JavaScript (@​dasa, @​lukastaegert)
• #5853: chore(deps): update dependency pinia to v3 (@​renovate[bot])
• #5854: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5855: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #5860: chore(deps): update dependency @​shikijs/vitepress-twoslash to v3 (@​renovate[bot])
• #5861: chore(deps): update dependency globals to v16 (@​renovate[bot])
• #5863: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5864: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5866: Add jsx parameter to parseAsync in native.wasm.js (@​TrickyPi)

4.34.8

2025-02-17

Bug Fixes

• Do not make assumptions about the value of nested paths in logical expressions if the expression cannot be simplified (#5846)

Pull Requests

• #5846: return UnknownValue if the usedbranch is unkown and the path is not empty (@​TrickyPi)

... (truncated)

Commits

• 70ef1cc 4.35.0
• d29a457 feat(5858): make closeBundle hook receive the last error (#5867)
• b346ce9 chore(deps): update dependency builtin-modules to v5 (#5872)
• f491680 chore(deps): update uraimo/run-on-arch-action action to v3 (#5873)
• 865d8d5 fix(deps): lock file maintenance minor/patch updates (#5874)
• caa406e chore(deps): update dependency eslint-plugin-unicorn to v57 (#5852)
• 30c16e8 fix(deps): update swc monorepo (major) (#5862)
• 0ab9b97 4.34.9
• be66eb9 Add jsx parameter to parseAsync in native.wasm.js (#5866)
• bf573b2 chore(deps): update dependency globals to v16 (#5861)
• Additional commits viewable in compare view

Updates vite from 5.2.8 to 5.4.14

Release notes

Sourced from vite's releases.

v5.4.14

Please refer to CHANGELOG.md for details.

v5.4.13

Please refer to CHANGELOG.md for details.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

5.4.14 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

5.4.13 (2025-01-20)

• fix: try parse server.origin URL (#19241) (5946215), closes #19241

5.4.12 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)
• fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)
• fix: verify token for HMR WebSocket connection (b71a5c8)
• chore: add deps update changelog (ecd2375)

5.4.11 (2024-11-11)

• fix(deps): update dependencies of postcss-modules (ceb15db), closes #18617

5.4.10 (2024-10-23)

• fix: backport #18367,augment hash for CSS files to prevent chromium erroring by loading previous fil (7d1a3bc), closes #18367 #18412

5.4.9 (2024-10-14)

• fix: bump launch-editor-middleware to v2.9.1 (#18348) (508d9ab), closes #18348
• fix(css): fix lightningcss dep url resolution with custom root (#18125) (eae00b5), closes #18125
• fix(data-uri): only match ids starting with data: (#18241) (96084d6), closes #18241
• fix(deps): bump tsconfck (#18322) (dc5434c), closes #18322
• fix(hmr): don't try to rewrite imports for direct CSS soft invalidation (#18252) (851b258), closes #18252
• fix(ssr): (backport #18150) fix source map remapping with multiple sources (#18204) (262a879), closes #18204
• chore: update all url references of vitejs.dev to vite.dev (#18276) (c23558a), closes #18276
• chore: update license copyright (#18278) (1864eb1), closes #18278
• docs: update homepage (#18274) (ae44163), closes #18274

5.4.8 (2024-09-25)

... (truncated)

Commits

• e7eb3c5 release: v5.4.14
• 7d1699c fix: allow CORS from loopback addresses by default (#19249)
• 9df6e6b fix: preview.allowedHosts with specific values was not respected (#19246)
• a1824c5 release: v5.4.13
• 5946215 fix: try parse server.origin URL (#19241)
• f428aa9 release: v5.4.12
• 9da4abc fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• b71a5c8 fix: verify token for HMR WebSocket connection
• dfea38f fix!: default server.cors: false to disallow fetching from untrusted origins
• ecd2375 chore: add deps update changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying ictsc-tech-blog with    Cloudflare Pages

Latest commit:	ea40a49
Status:	✅  Deploy successful!
Preview URL:	https://cdc39c98.ictsc-tech-blog.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-npm-79kl.ictsc-tech-blog.pages.dev

View logs