Bump the npm_and_yarn group with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates:

Package	From	To
braces	2.3.2	3.0.3
webpack	4.47.0	5.96.1
path-to-regexp	0.1.10	1.9.0
express	4.21.1	4.21.2
nanoid	3.3.7	3.3.8

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed

Non-breaking changes

• Caching was removed

Commits

• See full diff in compare view

Updates webpack from 4.47.0 to 5.96.1

Release notes

Sourced from webpack's releases.

v5.96.1

Bug Fixes

• [Types] Add @types/eslint-scope to dependencieS
• [Types] Fixed regression in validate

v5.96.0

Bug Fixes

• Fixed Module Federation should track all referenced chunks
• Handle Data URI without base64 word
• HotUpdateChunk have correct runtime when modified with new runtime
• Order of chunks ids in generated chunk code
• No extra Javascript chunks when using asset module as an entrypoint
• Use optimistically logic for output.environment.dynamicImport to determine chunk format when no browserslist or target
• Collision with global variables for optimization.avoidEntryIife
• Avoid through variables in inlined module
• Allow chunk template strings in output.devtoolNamespace
• No extra runtime for get javascript/css chunk filename
• No extra runtime for prefetch and preload in JS runtime when it was unsed in CSS
• Avoid cache invalidation using ProgressPlugin
• Increase parallelism when using importModule on the execution stage
• Correctly parsing string in export and import
• Typescript types
• [CSS] css/auto considers a module depending on its filename as css (pure CSS) or css/local, before it was css/global and css/local
• [CSS] Always interpolate classes even if they are not involved in export
• [CSS] No extra runtime in Javascript runtime chunks for asset modules used in CSS
• [CSS] No extra runtime in Javascript runtime chunks for external asset modules used in CSS
• [CSS] No extra runtime for the node target
• [CSS] Fixed url()s and @import parsing
• [CSS] Fixed - emit a warning on broken :local and :global

New Features

• Export CSS and ESM runtime modules
• Single Runtime Chunk and Federation eager module hoisting
• [CSS] Support /* webpackIgnore: true */ for CSS files
• [CSS] Support src() support
• [CSS] CSS nesting in CSS modules

v5.95.0

Bug Fixes

• Fixed hanging when attempting to read a symlink-like file that it can't read
• Handle default for import context element dependency
• Merge duplicate chunks call after split chunks
• Generate correctly code for dynamically importing the same file twice and destructuring
• Use content hash as [base] and [name] for extracted DataURI's
• Distinguish module and import in module-import for externals import's

... (truncated)

Commits

• d4ced73 chore(release): 5.96.1
• 7d6dbea fix: types regression in validate
• 5c556e3 fix: types regression in validate
• 2420eae fix: add @types/eslint-scope to dependencies due types regression
• ec45d2d fix: add @types/eslint-scope to dependencies
• aff0c3e chore(release): 5.96.0
• 6f11ec1 refactor: module source types code
• b07142f refactor: module source types code
• 7d98b3c fix: Module Federation should track all referenced chunks
• 6d09769 chore: linting
• Additional commits viewable in compare view

Updates path-to-regexp from 0.1.10 to 1.9.0

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking in 1.x

Fixed

• Add backtrack protection to 1.x release (#320) 925ac8e
• Fix re.exec(&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);/test/route&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);) result (#267) 32a14b0

pillarjs/path-to-regexp@v1.8.0...v1.9.0

Backport token to function options

Added

• Backport TokensToFunctionOptions

Fix backtracking (again)

Fixed

• Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

• Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Changelog

Sourced from path-to-regexp's changelog.

Moved to GitHub Releases

3.0.0 / 2019-01-13

• Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g. /:att1-:att2-:att3-:att4-:att5)
• Remove partial support, prefer escaping the prefix delimiter explicitly (e.g. \\/(apple-)?icon-:res(\\d+).png)

2.4.0 / 2018-08-26

• Support start option to disable anchoring from beginning of the string

2.3.0 / 2018-08-20

• Use delimiter when processing repeated matching groups (e.g. foo/bar has no prefix, but has a delimiter)

2.2.1 / 2018-04-24

• Allow empty string with end: false to match both relative and absolute paths

2.2.0 / 2018-03-06

• Pass token as second argument to encode option (e.g. encode(value, token))

2.1.0 / 2017-10-20

• Handle non-ending paths where the final character is a delimiter
  • E.g. /foo/ before required either /foo/ or /foo// to match in non-ending mode

2.0.0 / 2017-08-23

• New option! Ability to set endsWith to match paths like /test?query=string up to the query string
• New option! Set delimiters for specific characters to be treated as parameter prefixes (e.g. /:test)
• Remove isarray dependency
• Explicitly handle trailing delimiters instead of trimming them (e.g. /test/ is now treated as /test/ instead of /test when matching)
• Remove overloaded keys argument that accepted options
• Remove keys list attached to the RegExp output
• Remove asterisk functionality (it's a real pain to properly encode)
• Change tokensToFunction (e.g. compile) to accept an encode function for pretty encoding (e.g. pass your own implementation)

1.7.0 / 2016-11-08

• Allow a delimiter option to be passed in with tokensToRegExp which will be used for "non-ending" token match situations

1.6.0 / 2016-10-03

• Populate RegExp.keys when using the tokensToRegExp method (making it consistent with the main export)
• Allow a delimiter option to be passed in with parse
• Updated TypeScript definition with Keys and Options updated

1.5.3 / 2016-06-15

... (truncated)

Commits

• c75eb10 1.9.0
• 925ac8e Add backtrack protection to 1.x release (#320)
• 32a14b0 Fix re.exec('/test/route') result (#267)
• 79a5dcf 1.8.0
• 1a47442 feat: backport TokensToFunctionOptions to v1.x
• 9c0550c Update history for 1.7.0
• a99ec3c v1.7.0
• 69fb61b Allow delimiter to be set for tokensToRegExp
• 1c2e8e4 Update history for 1.6.0
• bdf17de v1.6.0
• Additional commits viewable in compare view

Updates express from 4.21.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

The following labels could not be found: pr: dependencies.

[github-actions]

Great job, @dependabot[bot]! 🎉 Thank you for submitting your pull request to CodeHarborHub. We appreciate your contribution and enthusiasm! Our team will review it soon. If you have any questions or need further assistance, feel free to reach out. Thanks for contributing!

[deepsource-io]

Here's the code health analysis summary for commits 77e04a7..5f71d26. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[github-actions]

⚡️ Lighthouse Report for the Deploy Preview of this PR 🚀

🔗 Site: CodeHarborHub | Live Site

URL 🌐	Performance	Accessibility	Best Practices	SEO	📊
/	🔴 36	🟡 82	🟡 75	🟢 100	📄
/docs	🟡 56	🟢 90	🟢 96	🟢 100	📄
/docs/category/javascript	🟡 67	🟢 90	🟢 96	🟢 100	📄
/courses	🟡 50	🟢 90	🟢 96	🟢 100	📄
/courses/category/reactjs	🟡 68	🟢 90	🟢 96	🟢 100	📄
/blog	🟡 54	🟢 90	🟢 96	🟡 86	📄
/showcase	🟡 54	🟢 91	🟡 75	🟡 86	📄
/community	🟡 55	🟢 90	🟢 96	🟢 100	📄
/docs/tags	🟡 56	🟢 90	🟢 96	🟡 86	📄

[github-actions]

This PR has been automatically closed due to inactivity from the owner for 15 days.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml