chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: rollup and vite.

Updates rollup from 4.9.4 to 4.34.6

Release notes

Sourced from rollup's releases.

v4.34.6

4.34.6

2025-02-07

Bug Fixes

• Retain "void 0" in the output for smaller output and fewer surprises (#5838)

Pull Requests

• #5835: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5838: replace undefined with void 0 for operator void (@​TrickyPi)

v4.34.5

4.34.5

2025-02-07

Bug Fixes

• Ensure namespace reexports always include all properties of all exports (#5837)

Pull Requests

• #5836: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5837: Include all paths of reexports if namespace is used (@​lukastaegert)

v4.34.4

4.34.4

2025-02-05

Bug Fixes

• Do not tree-shake properties if a rest element is used in destructuring (#5833)

Pull Requests

• #5833: include all properties if a rest element is destructed (@​TrickyPi)

v4.34.3

4.34.3

2025-02-05

Bug Fixes

• Ensure properties of "this" are included in getters (#5831)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.34.6

2025-02-07

Bug Fixes

• Retain "void 0" in the output for smaller output and fewer surprises (#5838)

Pull Requests

• #5835: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5838: replace undefined with void 0 for operator void (@​TrickyPi)

4.34.5

2025-02-07

Bug Fixes

• Ensure namespace reexports always include all properties of all exports (#5837)

Pull Requests

• #5836: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5837: Include all paths of reexports if namespace is used (@​lukastaegert)

4.34.4

2025-02-05

Bug Fixes

• Do not tree-shake properties if a rest element is used in destructuring (#5833)

Pull Requests

• #5833: include all properties if a rest element is destructed (@​TrickyPi)

4.34.3

2025-02-05

Bug Fixes

• Ensure properties of "this" are included in getters (#5831)

Pull Requests

• #5831: include the properties that accessed by this (@​TrickyPi)

... (truncated)

Commits

• 4b87459 4.34.6
• fe89821 replace undefined with void 0 for operator void (#5838)
• 18cc314 fix(deps): update swc monorepo (major) (#5835)
• 3426b02 4.34.5
• f3aa1f0 Include all paths of reexports if namespace is used (#5837)
• 9fc10c1 fix(deps): lock file maintenance minor/patch updates (#5836)
• 19312a7 4.34.4
• cf54603 include all properties if a rest element is destructed (#5833)
• ac8b06a 4.34.3
• 7d553db include the properties that accessed by this (#5831)
• Additional commits viewable in compare view

Updates rollup from 4.21.3 to 4.34.6

Release notes

Sourced from rollup's releases.

v4.34.6

4.34.6

2025-02-07

Bug Fixes

• Retain "void 0" in the output for smaller output and fewer surprises (#5838)

Pull Requests

• #5835: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5838: replace undefined with void 0 for operator void (@​TrickyPi)

v4.34.5

4.34.5

2025-02-07

Bug Fixes

• Ensure namespace reexports always include all properties of all exports (#5837)

Pull Requests

• #5836: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5837: Include all paths of reexports if namespace is used (@​lukastaegert)

v4.34.4

4.34.4

2025-02-05

Bug Fixes

• Do not tree-shake properties if a rest element is used in destructuring (#5833)

Pull Requests

• #5833: include all properties if a rest element is destructed (@​TrickyPi)

v4.34.3

4.34.3

2025-02-05

Bug Fixes

• Ensure properties of "this" are included in getters (#5831)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.34.6

2025-02-07

Bug Fixes

• Retain "void 0" in the output for smaller output and fewer surprises (#5838)

Pull Requests

• #5835: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5838: replace undefined with void 0 for operator void (@​TrickyPi)

4.34.5

2025-02-07

Bug Fixes

• Ensure namespace reexports always include all properties of all exports (#5837)

Pull Requests

• #5836: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5837: Include all paths of reexports if namespace is used (@​lukastaegert)

4.34.4

2025-02-05

Bug Fixes

• Do not tree-shake properties if a rest element is used in destructuring (#5833)

Pull Requests

• #5833: include all properties if a rest element is destructed (@​TrickyPi)

4.34.3

2025-02-05

Bug Fixes

• Ensure properties of "this" are included in getters (#5831)

Pull Requests

• #5831: include the properties that accessed by this (@​TrickyPi)

... (truncated)

Commits

• 4b87459 4.34.6
• fe89821 replace undefined with void 0 for operator void (#5838)
• 18cc314 fix(deps): update swc monorepo (major) (#5835)
• 3426b02 4.34.5
• f3aa1f0 Include all paths of reexports if namespace is used (#5837)
• 9fc10c1 fix(deps): lock file maintenance minor/patch updates (#5836)
• 19312a7 4.34.4
• cf54603 include all properties if a rest element is destructed (#5833)
• ac8b06a 4.34.3
• 7d553db include the properties that accessed by this (#5831)
• Additional commits viewable in compare view

Updates vite from 5.4.14 to 6.1.0

Release notes

Sourced from vite's releases.

create-vite@6.1.0

Please refer to CHANGELOG.md for details.

v6.1.0

Please refer to CHANGELOG.md for details.

v6.1.0-beta.2

Please refer to CHANGELOG.md for details.

v6.1.0-beta.1

Please refer to CHANGELOG.md for details.

v6.1.0-beta.0

Please refer to CHANGELOG.md for details.

v6.0.11

Please refer to CHANGELOG.md for details.

v6.0.10

Please refer to CHANGELOG.md for details.

v6.0.9

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v6.0.8

Please refer to CHANGELOG.md for details.

v6.0.7

Please refer to CHANGELOG.md for details.

v6.0.6

Please refer to CHANGELOG.md for details.

v6.0.5

Please refer to CHANGELOG.md for details.

v6.0.4

Please refer to CHANGELOG.md for details.

v6.0.3

Please refer to CHANGELOG.md for details.

v6.0.2

Please refer to CHANGELOG.md for details.

create-vite@6.0.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.1.0 (2025-02-05)

Features

• feat: show hosts in cert in CLI (#19317) (a5e306f), closes #19317
• feat: support for env var for defining allowed hosts (#19325) (4d88f6c), closes #19325
• feat: use native runtime to import the config (#19178) (7c2a794), closes #19178
• feat: print port in the logged error message after failed WS connection with EADDRINUSE (#19212) (14027b0), closes #19212
• perf(css): only run postcss when needed (#19061) (30194fa), closes #19061
• feat: add support for .jxl (#18855) (57b397c), closes #18855
• feat: add the builtins environment resolve (#18584) (2c2d521), closes #18584
• feat: call Logger for plugin logs in build (#13757) (bf3e410), closes #13757
• feat: export defaultAllowedOrigins for user-land config and 3rd party plugins (#19259) (dc8946b), closes #19259
• feat: expose createServerModuleRunnerTransport (#18730) (8c24ee4), closes #18730
• feat: support async for proxy.bypass (#18940) (a6b9587), closes #18940
• feat: support log related functions in dev (#18922) (3766004), closes #18922
• feat: use module runner to import the config (#18637) (b7e0e42), closes #18637
• feat(css): add friendly errors for IE hacks that are not supported by lightningcss (#19072) (caad985), closes #19072
• feat(optimizer): support bun text lockfile (#18403) (05b005f), closes #18403
• feat(reporter): add wasm to the compressible assets regex (#19085) (ce84142), closes #19085
• feat(worker): support dynamic worker option fields (#19010) (d0c3523), closes #19010

Fixes

• fix: avoid builtStart during vite optimize (#19356) (fdb36e0), closes #19356
• fix(build): fix stale build manifest on watch rebuild (#19361) (fcd5785), closes #19361
• fix: allow expanding env vars in reverse order (#19352) (3f5f2bd), closes #19352
• fix: avoid packageJson without name in resolveLibCssFilename (#19324) (f183bdf), closes #19324
• fix(html): fix css disorder when building multiple entry html (#19143) (e7b4ba3), closes #19143
• fix: don't call buildStart hooks for vite optimize (#19347) (19ffad0), closes #19347
• fix: don't call next middleware if user sent response in proxy.bypass (#19318) (7e6364d), closes #19318
• fix: respect top-level server.preTransformRequests (#19272) (12aaa58), closes #19272
• fix: use nodeLikeBuiltins for ssr.target: 'webworker' without noExternal: true (#19313) (9fc31b6), closes #19313
• fix(css): less @plugin imports of JS files treated as CSS and rebased (fix #19268) (#19269) (602b373), closes #19268 #19269
• fix(deps): update all non-major dependencies (#19296) (2bea7ce), closes #19296
• fix(resolve): preserve hash/search of file url (#19300) (d1e1b24), closes #19300
• fix(resolve): warn if node-like builtin was imported when resolve.builtin is empty (#19312) (b7aba0b), closes #19312
• fix(ssr): fix transform error due to export all id scope (#19331) (e28bce2), closes #19331
• fix(ssr): pretty print plugin error in ssrLoadModule (#19290) (353c467), closes #19290
• fix: change ResolvedConfig type to interface to allow extending it (#19210) (bc851e3), closes #19210
• fix: correctly resolve hmr dep ids and fallback to url (#18840) (b84498b), closes #18840
• fix: make --force work for all environments (#18901) (51a42c6), closes #18901
• fix: use loc.file from rollup errors if available (#19222) (ce3fe23), closes #19222
• fix(deps): update all non-major dependencies (#19190) (f2c07db), closes #19190
• fix(hmr): register inlined assets as a dependency of CSS file (#18979) (eb22a74), closes #18979
• fix(resolve): support resolving TS files by JS extension specifiers in JS files (#18889) (612332b), closes #18889
• fix(ssr): combine empty source mappings (#19226) (ba03da2), closes #19226
• fix(utils): clone RegExp values with new RegExp instead of structuredClone (fix #19245, fix #1 (56ad2be), closes #19245 #18875 #19247

... (truncated)

Commits

• 3734f80 fix(css): escape double quotes in url() when lightningcss is used (#18997)
• 2b4f115 fix(deps): update all non-major dependencies (#18996)
• 12b612d fix: fallback terser to main thread when function options are used (#18987)
• d88d000 fix(deps): update all non-major dependencies (#18967)
• 21680bd fix(css): skip non css in custom sass importer (#18970)
• 62fad6d chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (#18968)
• 8a6bb4e fix(optimizer): keep NODE_ENV as-is when keepProcessEnv is true (#18899)
• 7d6dd5d fix(ssr): recreate ssrCompatModuleRunner on restart (#18973)
• c4b532c fix(css): root relative import in sass modern API on Windows (#18945)
• 27f691b refactor: make internal invoke event to use the same interface with `handleIn...
• Additional commits viewable in compare view

Updates esbuild from 0.20.2 to 0.21.5

Release notes

Sourced from esbuild's releases.

v0.21.5

• Fix Symbol.metadata on classes without a class decorator (#3781)

  This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

• Allow unknown import attributes to be used with the copy loader (#3792)

  Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

  // This is an error with "--bundle" without also using "--external:./bagel.js"
  import tasty from "./bagel.js" with { type: "bagel" }

  Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

  However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

  // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
  import tasty from "./tasty.bagel" with { type: "bagel" }

• Support import attributes with glob-style imports (#3797)

  This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

  async function loadLocale(locale: string): Locale {
    const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
    return unpackLocale(locale, data)
  }

  Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

  ✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data
  example.ts:2:28:
    2 │   const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
      ╵                             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  

  In addition, this change means plugins can now access the contents of with for glob-style imports.

• Support ${configDir} in tsconfig.json files (#3782)

  This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.21.5

• Fix Symbol.metadata on classes without a class decorator (#3781)

  This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

• Allow unknown import attributes to be used with the copy loader (#3792)

  Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

  // This is an error with "--bundle" without also using "--external:./bagel.js"
  import tasty from "./bagel.js" with { type: "bagel" }

  Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

  However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

  // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
  import tasty from "./tasty.bagel" with { type: "bagel" }

• Support import attributes with glob-style imports (#3797)

  This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

  async function loadLocale(locale: string): Locale {
    const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
    return unpackLocale(locale, data)
  }

  Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

  ✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data
  example.ts:2:28:
    2 │   const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
      ╵                             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  

  In addition, this change means plugins can now access the contents of with for glob-style imports.

• Support ${configDir} in tsconfig.json files (#3782)

  This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

... (truncated)

Commits

• fc37c2f publish 0.21.5 to npm
• cb11924 fix Symbol.metadata errors in decorator tests
• b93a2a9 fix #3781: add metadata to all decorated classes
• 953dae9 fix #3797: import attributes and glob-style import
• 98cb2ed fix #3782: support ${configDir} in tsconfig.json
• 8e6603b run make update-compat-table
• db1b8ca fix #3792: import attributes and the copy loader
• de572d0 fix non-deterministic import attribute plugin test
• ae8d1b4 fix #3794: --supported:object-accessors=false
• 67cbf87 publish 0.21.4 to npm
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[mergify]

Automatically approving dependabot

[gavmck]

🎉 This PR is included in version 2.0.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀