chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: next.
Bumps the npm_and_yarn group with 7 updates in the /apps/web directory:

Package	From	To
next	14.2.5	14.2.21
zod	3.23.8	3.24.2
postcss	8.4.38	8.5.3
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
jose	5.3.0	5.10.0
micromatch	4.0.5	4.0.8

Updates next from 13.5.0 to 14.2.21

Commits

• 2655f6e v14.2.21
• 8803d2b Backport (v14): Upgrade React from 14898b6a9 to 178c267a4e (#74115)
• 6e35243 chore(docs): add missing search: '' on remotePatterns (#73925) (#73927)
• 54919d2 chore(docs): update version history of next/image (#73926)
• 049a690 Backport: Fix unstable_allowDynamic when used with pnpm (#73765)
• 663fa9c Fix SWC and React versions for 14-2-1 branch (#73791)
• ed78a4a v14.2.20
• 530421d [backport] Fix/dedupe fetch clone (#73532)
• cbc62ad v14.2.19
• 92280dc [backport] Update max tag items limit in docs (#73445)
• Additional commits viewable in compare view

Updates zod from 3.22.3 to 3.24.2

Release notes

Sourced from zod's releases.

v3.24.2

Notes

Support asynchronous checks in z.custom() .

const customSchema = z.custom<number>(async (x) => {
  return typeof x === "number";
});

Commits:

• cdcf9d4263cc544c7cb49855b31612d4305da72c Bump rollup from 2.79.1 to 2.79.2 (#3895)
• a2ad37099e8f7117d231cc2c72d0e471893643b2 Bump find-my-way from 8.2.0 to 8.2.2 (#3897)
• 0e02d66d1bcaad9c0f92609431e1726e088a8112 Bump nanoid from 3.3.7 to 3.3.8 (#3896)
• 96be65f0d71b0bf8e8f330dc0541cc895edd6459 Bump cross-spawn from 7.0.3 to 7.0.6 (#3882)
• f7ad26147ba291cb3fb257545972a8e00e767470 Bump micromatch from 4.0.7 to 4.0.8 (#3748)
• d724620c341e1801db9513f681f731afb3df452a Add zod-struct to utilities for Zod (#3921)
• 6b96cfd4307649df6a451d74e06c47ac88c01dfe Update README.md (#3949)
• e376cda8e14d3caa09bc2148ffc668748118db6b Add Courier to README (#3961)
• 8a099deaef71b3d8bd65986a745b88f08cb28ba5 Add CodeRabbit to sponsors (#3975)
• 587d160badbe96d1adec1e8ff9d93bbcb3f91c4f WIP (#3976)
• 9d3af2ee5263971bc0dd7e4927cd07ee854fe4db Add CodeRabbit at Platinum (#3981)
• eedeb4b69f9f4bb58401d9cb27c8038a042f2c7f docs(X to Zod): Update url for runtyping (#3971)
• 706f49f9fb852cdde667b65ccb9b765444a86de7 fix: redirect url to correct url (#3939)
• 7365b7d5564793c42ee02815880463b8bee30028 docs: translate README to Korean (#3934)
• b7e173de06e223a7a6510903a4110634e2fb5d92 Format
• 1dd44a0d6f8073f7c417e09ec96580b9ae9bda23 Support async z.custom
• e30870369d5b8f31ff4d0130d4439fd997deb523 v3.24.2

v3.24.1

Commits:

• 0c6cbbdd1315683dd3d589fbdc5765c26431dcc9 Undeprecate .nonempty()
• 4e219d6ad9d5e56e20afd7423092f506400a29e4 Bump min TS version to 5.0
• 65adeeacef0274abbda5438470a3d2bfd376256d v3.24.1

v3.24.0

Implement @standard-schema/spec

This is the first version of Zod to implement the Standard Schema spec. This is a new community effort among several validation library authors to implement a common interface, with the goal of simplifying the process of integrating schema validators with the rest of the ecosystem. Read more about the project and goals here.

z.string().jwt()

Thanks to @​Mokshit06 and @​Cognition-Labs for this contribution!

To verify that a string is a valid 3-part JWT.

... (truncated)

Commits

• e308703 v3.24.2
• 1dd44a0 Support async z.custom
• b7e173d Format
• 7365b7d docs: translate README to Korean (#3934)
• 706f49f fix: redirect url to correct url (#3939)
• eedeb4b docs(X to Zod): Update url for runtyping (#3971)
• 9d3af2e Add CodeRabbit at Platinum (#3981)
• 587d160 WIP (#3976)
• 8a099de Add CodeRabbit to sponsors (#3975)
• e376cda Add Courier to README (#3961)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by colinhacks, a new releaser for zod since your current version.

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

Commits

• 22c309d Release 8.5.3 version
• a2b594f Update ESLint config
• 8232ba0 Fix tests
• 5082831 Fix text
• 4fdb54b update: parser.js to clarify error message
• 06006ec AtRule can be empty
• 755f08f fix typo: them -> then (#2016)
• 692fcde Release 8.5.2 version
• b70e98f Update dependencies
• ba587e3 Fix end position of rules with ownSemicon (#2012)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates cookie from 0.5.0 to 0.6.0

Release notes

Sourced from cookie's releases.

0.6.0

• Add partitioned option

Changelog

Sourced from cookie's changelog.

0.6.0 / 2023-11-06

• Add partitioned option

Commits

• 38323ba 0.6.0
• 7560154 build: top-sites@1.1.194
• c45b52d docs: switch badges to badgen
• 84a1567 Add partitioned option
• c67a478 docs: fix typos in HISTORY
• 52a76c1 docs: fix typo in HISTORY
• 5f22857 Fix typo in JSDoc
• da7e44e build: mocha@10.2.0
• 936036a build: eslint-plugin-markdown@3.0.1
• 197f670 build: eslint@8.53.0
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates jose from 4.14.4 to 5.10.0

Release notes

Sourced from jose's releases.

v5.10.0

Features

• support fully specified Ed25519 algorithm identifier (c39f57d)

v5.9.6

Reverts

• Revert "refactor(build): simplify package exports" (2ef3a52)

v5.9.4

Refactor

• types: update error definitions (510c5ca)

v5.9.3

Refactor

• use as Type for type assertions instead of <Type> (c4dc24d)

v5.9.2

Refactor

• types: remove index signatures from JWK interfaces (ccf0cda)

v5.9.1

Fixes

• types: add missing index signature on the convenience JWK types (90a93dc)

v5.9.0

Features

• allow JWK objects as "key" input to sign and verify (c6302ea)

This method of passing private or public keys does not yield the same performance as passing a CryptoKey or KeyObject instances, its main purpose is for convenience or for when you're not going to be re-using the same set of keys for the operation, in which case you should use one of the import key methods to obtain a CryptoKey or KeyObject.

Example Signing

const alg = "RS256";
const jwk = {
  kty: "RSA",
  n: "whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6fpCTu6ZalGI82s7XK3tan4dJt90ptUPKD2zvxqTzFNfx4HHHsrYCf2-FMLn1VTJfQazA2BvJqAwcpW1bqRUEty8tS_Yv4hRvWfQPcc2Gc3-_fQOOW57zVy-rNoJc744kb30NjQxdGp03J2S3GLQu7oKtSDDPooQHD38PEMNnITf0pj-KgDPjymkMGoJlO3aKppsjfbt_AH6GGdRghYRLOUwQU-h-ofWHR3lbYiKtXPn5dN24kiHy61e3VAQ9_YAZlwXC_99GGtw_NpghFAuM4P1JDn0DppJldy3PGFC0GfBCZASw",
  e: "AQAB",
  d: "VuVE_KEP6323WjpbBdAIv7HGahGrgGANvbxZsIhm34lsVOPK0XDegZkhAybMZHjRhp-gwVxX5ChC-J3cUpOBH5FNxElgW6HizD2Jcq6t6LoLYgPSrfEHm71iHg8JsgrqfUnGYFzMJmv88C6WdCtpgG_qJV1K00_Ly1G1QKoBffEs-v4fAMJrCbUdCz1qWto-PU-HLMEo-krfEpGgcmtZeRlDADh8cETMQlgQfQX2VWq_aAP4a1SXmo-j0cvRU4W5Fj0RVwNesIpetX2ZFz4p_JmB5sWFEj_fC7h5z2lq-6Bme2T3BHtXkIxoBW0_pYVnASC8P2puO5FnVxDmWuHDYQ",
  p: "07rgXd_tLUhVRF_g1OaqRZh5uZ8hiLWUSU0vu9coOaQcatSqjQlIwLW8UdKv_38GrmpIfgcEVQjzq6rFBowUm9zWBO9Eq6enpasYJBOeD8EMeDK-nsST57HjPVOCvoVC5ZX-cozPXna3iRNZ1TVYBY3smn0IaxysIK-zxESf4pM",
  q: "6qrE9TPhCS5iNR7QrKThunLu6t4H_8CkYRPLbvOIt2MgZyPLiZCsvdkTVSOX76QQEXt7Y0nTNua69q3K3Jhf-YOkPSJsWTxgrfOnjoDvRKzbW3OExIMm7D99fVBODuNWinjYgUwGSqGAsb_3TKhtI-Gr5ls3fn6B6oEjVL0dpmk",
  dp: "mHqjrFdgelT2OyiFRS3dAAPf3cLxJoAGC4gP0UoQyPocEP-Y17sQ7t-ygIanguubBy65iDFLeGXa_g0cmSt2iAzRAHrDzI8P1-pQl2KdWSEg9ssspjBRh_F_AiJLLSPRWn_b3-jySkhawtfxwO8Kte1QsK1My765Y0zFvJnjPws",
  dq: "KmjaV4YcsVAUp4z-IXVa5htHWmLuByaFjpXJOjABEUN0467wZdgjn9vPRp-8Ia8AyGgMkJES_uUL_PDDrMJM9gb4c6P4-NeUkVtreLGMjFjA-_IQmIMrUZ7XywHsWXx0c2oLlrJqoKo3W-hZhR0bPFTYgDUT_mRWjk7wV6wl46E",
</tr></table> 

... (truncated)

Changelog

Sourced from jose's changelog.

5.10.0 (2025-02-17)

Features

• support fully specified Ed25519 algorithm identifier (c39f57d)

5.9.6 (2024-10-20)

Reverts

• Revert "refactor(build): simplify package exports" (2ef3a52)

5.9.5 (2024-10-20)

Refactor

• build: simplify package exports (4783f7f)

5.9.4 (2024-10-11)

Refactor

• types: update error definitions (510c5ca)

5.9.3 (2024-09-22)

Refactor

• use as Type for type assertions instead of (c4dc24d)

5.9.2 (2024-09-14)

Refactor

• types: remove index signatures from JWK interfaces (ccf0cda)

5.9.1 (2024-09-13)

Fixes

• types: add missing index signature on the convenience JWK types (90a93dc)

5.9.0 (2024-09-13)

... (truncated)

Commits

• 839b6da chore(release): 5.10.0
• c39f57d feat: support fully specified Ed25519 algorithm identifier
• ff8ea69 test: update test expectations
• 25d2267 test: update test expectations
• 08be034 chore: upgrade dev dependencies, typescript, and docs
• 0d9f5f1 build(deps-dev): bump edge-runtime from 3.0.5 to 4.0.0 (#734)
• 1e8b430 ci: add retry
• a05fa54 chore: bump packages
• 626d965 build(deps-dev): bump edge-runtime from 3.0.3 to 3.0.5 (#733)
• af55645 chore: bump packages
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates nanoid from 3.3.6 to 3.3.9

Release notes

Sourced from nanoid's releases.

3.3.9

• Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.9

• Reduced npm package size.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

Commits

• adf9b0c Release 3.3.9 version
• 1c6f088 Remove dev file from npm package
• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• 89d82d2 Release 3.3.7 version
• 5022c35 Update dual-publish
• 3e7a8e5 Remove benchmark from CI for v3
• d356144 Fix CI for v3
• 37b25df Move to pnpm 8
• See full diff in compare view

Updates next from 14.2.5 to 14.2.21

Commits

• 2655f6e v14.2.21
• 8803d2b Backport (v14): Upgrade React from 14898b6a9 to 178c267a4e (#74115)
• 6e35243 chore(docs): add missing search: '' on remotePatterns (#73925) (#73927)
• 54919d2 chore(docs): update version history of next/image (#73926)
• 049a690 Backport: Fix unstable_allowDynamic when used with pnpm (#73765)
• 663fa9c Fix SWC and React versions for 14-2-1 branch (#73791)
• ed78a4a v14.2.20
• 530421d [backport] Fix/dedupe fetch clone (#73532)
• cbc62ad v14.2.19
• 92280dc [backport] Update max tag items limit in docs (#73445)
• Additional commits viewable in compare view

Updates zod from 3.23.8 to 3.24.2

Release notes

Sourced from zod's releases.

v3.24.2

Notes

Support asynchronous checks in z.custom() .

const customSchema = z.custom<number>(async (x) => {
  return typeof x === "number";
});

Commits:

• cdcf9d4263cc544c7cb49855b31612d4305da72c Bump rollup from 2.79.1 to 2.79.2 (#3895)
• a2ad37099e8f7117d231cc2c72d0e471893643b2 Bump find-my-way from 8.2.0 to 8.2.2 (#3897)
• 0e02d66d1bcaad9c0f92609431e1726e088a8112 Bump nanoid from 3.3.7 to 3.3.8 (#3896)
• 96be65f0d71b0bf8e8f330dc0541cc895edd6459 Bump cross-spawn from 7.0.3 to 7.0.6 (#3882)
• f7ad26147ba291cb3fb257545972a8e00e767470 Bump micromatch from 4.0.7 to 4.0.8 (#3748)
• d724620c341e1801db9513f681f731afb3df452a Add zod-struct to utilities for Zod (#3921)
• 6b96cfd4307649df6a451d74e06c47ac88c01dfe Update README.md (#3949)
• e376cda8e14d3caa09bc2148ffc668748118db6b Add Courier to README (#3961)
• 8a099deaef71b3d8bd65986a745b88f08cb28ba5 Add CodeRabbit to sponsors (#3975)
• 587d160badbe96d1adec1e8ff9d93bbcb3f91c4f WIP (#3976)
• 9d3af2ee5263971bc0dd7e4927cd07ee854fe4db Add CodeRabbit at Platinum (#3981)
• eedeb4b69f9f4bb58401d9cb27c8038a042f2c7f docs(X to Zod): Update url for runtyping (#3971)
• 706f49f9fb852cdde667b65ccb9b765444a86de7 fix: redirect url to correct url (#3939)
• 7365b7d5564793c42ee02815880463b8bee30028 docs: translate README to Korean (#3934)
• b7e173de06e223a7a6510903a4110634e2fb5d92 Format
• 1dd44a0d6f8073f7c417e09ec96580b9ae9bda23 Support async z.custom
• e30870369d5b8f31ff4d0130d4439fd997deb523 v3.24.2

v3.24.1

Commits:

• 0c6cbbdd1315683dd3d589fbdc5765c26431dcc9 Undeprecate .nonempty()
• 4e219d6ad9d5e56e20afd7423092f506400a29e4 Bump min TS version to 5.0
• 65adeeacef0274abbda5438470a3d2bfd376256d v3.24.1

v3.24.0

Implement @standard-schema/spec

This is the first version of Zod to implement the Standard Schema spec. This is a new community effort among several validation library authors to implement a common interface, with the goal of simplifying the process of integrating schema validators with the rest of the ecosystem. Read more about the project and goals here.

z.string().jwt()

Thanks to @​Mokshit06 and @​Cognition-Labs for this contribution!

To verify that a string is a valid 3-part JWT.

... (truncated)

Commits

• e308703 v3.24.2
• 1dd44a0 Support async z.custom
• b7e173d Format
• 7365b7d docs: translate README to Korean (#3934)
• 706f49f fix: redirect url to correct url (#3939)
• eedeb4b docs(X to Zod): Update url for runtyping (#3971)
• 9d3af2e Add CodeRabbit at Platinum (#3981)
• 587d160 WIP (#3976)
• 8a099de Add CodeRabbit to sponsors (#3975)
• e376cda Add Courier to README (#3961)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by colinhacks, a new releaser for zod since your current version.

Updates postcss from 8.4.38 to 8.5.3

Release notes

Sourced from postcss's releases.

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

Commits

• 22c309d Release 8.5.3 version
• a2b594f Update ESLint config
• 8232ba0 Fix tests
• 5082831 Fix text
• 4fdb54b update: parser.js to clarify error message
• 06006ec AtRule can be empty
• 755f08f fix typo: them -> then (#2016)
• 692fcde Release 8.5.2 version
• b70e98f Update dependencies
• ba587e3 Fix end position of rules with ownSemicon (#2012)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates jose from 5.3.0 to 5.10.0

Release notes

Sourced from jose's releases.

v5.10.0

Features

• support fully specified Ed25519 algorithm identifier (c39f57d)

v5.9.6

Reverts

• Revert "refactor(build): simplify package exports" (2ef3a52)

v5.9.4

Refactor

• types: update error definitions (510c5ca)

v5.9.3

Refactor

• use as Type for type assertions instead of <Type> (c4dc24d)

v5.9.2

Refactor

• types: remove index signatures from JWK interfaces (ccf0cda)

v5.9.1

Fixes

• types: add missing index signature on the convenience JWK types (90a93dc)

v5.9.0

Features

• allow JWK objects as "key" input to sign and verify (c6302ea)

This method of passing private or public keys does not yield the same performance as passing a CryptoKey or KeyObject instances, its main purpose is for convenience or for when you're not going to be re-using the same set of keys for the operation, in which case you should use one of the import key methods to obtain a CryptoKey or KeyObject.

Example Signing

const alg = "RS256";
const jwk = {
  kty: "RSA",
  n: "whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6fpCTu6ZalGI82s7XK3tan4dJt90ptUPKD2zvxqTzFNfx4HHHsrYCf2-FMLn1VTJfQazA2BvJqAwcpW1bqRUEty8tS_Yv4hRvWfQPcc2Gc3-_fQOOW57zVy-rNoJc744kb30NjQxdGp03J2S3GLQu7oKtSDDPooQHD38PEMNnITf0pj-KgDPjymkMGoJlO3aKppsjfbt_AH6GGdRghYRLOUwQU-h-ofWHR3lbYiKtXPn5dN24kiHy61e3VAQ9_YAZlwXC_99GGtw_NpghFAuM4P1JDn0DppJldy3PGFC0GfBCZASw",
  e: "AQAB",
  d: "VuVE_KEP6323WjpbBdAIv7HGahGrgGANvbxZsIhm34lsVOPK0XDegZkhAybMZHjRhp-gwVxX5ChC-J3cUpOBH5FNxElgW6HizD2Jcq6t6LoLYgPSrfEHm71iHg8JsgrqfUnGYFzMJmv88C6WdCtpgG_qJV1K00_Ly1G1QKoBffEs-v4fAMJrCbUdCz1qWto-PU-HLMEo-krfEpGgcmtZeRlDADh8cETMQlgQfQX2VWq_aAP4a1SXmo-j0cvRU4W5Fj0RVwNesIpetX2ZFz4p_JmB5sWFEj_fC7h5z2lq-6Bme2T3BHtXkIxoBW0_pYVnASC8P2puO5FnVxDmWuHDYQ",
  p: "07rgXd_tLUhVRF_g1OaqRZh5uZ8hiLWUSU0vu9coOaQcatSqjQlIwLW8UdKv_38GrmpIfgcEVQjzq6rFBowUm9zWBO9Eq6enpasYJBOeD8EMeDK-nsST57HjPVOCvoVC5ZX-cozPXna3iRNZ1TVYBY3smn0IaxysIK-zxESf4pM",
  q: "6qrE9TPhCS5iNR7QrKThunLu6t4H_8CkYRPLbvOIt2MgZyPLiZCsvdkTVSOX76QQEXt7Y0nTNua69q3K3Jhf-YOkPSJsWTxgrfOnjoDvRKzbW3OExIMm7D99fVBODuNWinjYgUwGSqGAsb_3TKhtI-Gr5ls3fn6B6oEjVL0dpmk",
  dp: "mHqjrFdgelT2OyiFRS3dAAPf3cLxJoAGC4gP0UoQyPocEP-Y17sQ7t-ygIanguubBy65iDFLeGXa_g0cmSt2iAzRAHrDzI8P1-pQl2KdWSEg9ssspjBRh_F_AiJLLSPRWn_b3-jySkhawtfxwO8Kte1QsK1My765Y0zFvJnjPws",
  dq: "KmjaV4YcsVAUp4z-IXVa5htHWmLuByaFjpXJOjABEUN0467wZdgjn9vPRp-8Ia8AyGgMkJES_uUL_PDDrMJM9gb4c6P4-NeUkVtreLGMjFjA-_IQmIMrUZ7XywHsWXx0c2oLlrJqoKo3W-hZhR0bPFTYgDUT_mRWjk7wV6wl46E",
</tr></table> 

... (truncated)

Changelog

Sourced from jose's changelog.

5.10.0 (2025-02-17)

Features

• support fully specified Ed25519 algorithm identifier (c39f57d)

5.9.6 (2024-10-20)

Reverts

• Revert "refactor(build): simplify package exports" (2ef3a52)

5.9.5 (2024-10-20)

Refactor

• build: simplify package exports (4783f7f<...

  Description has been truncated

  Note
  Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml