build(deps): bump the npm_and_yarn group across 2 directories with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the /net/webrtc/examples/webrtcsink-stats directory: moment, svelte, vite and braces.
Bumps the npm_and_yarn group with 1 update in the /net/webrtc/gstwebrtc-api directory: webpack.

Updates moment from 2.29.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 57c9062 Build 2.29.3
• aaf50b6 Fixup release complaints
• 26f4aef Bump version to 2.29.3
• Additional commits viewable in compare view

Updates svelte from 3.44.2 to 4.2.19

Release notes

Sourced from svelte's releases.

svelte@4.2.19

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#12902)

• fix: escape < in attribute strings (#12989)

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#12902)

• fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

• chore: speed up regex (#11922)

4.2.17

Patch Changes

• fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

• fix: check if svelte component exists on custom element destroy (#11489)

4.2.15

Patch Changes

• support attribute selector inside :global() (#11135)

4.2.14

Patch Changes

• fix parsing camelcase container query name (#11131)

4.2.13

Patch Changes

• fix: applying :global for +,~ sibling combinator when slots are present (#9282)

4.2.12

Patch Changes

• fix: properly update svelte:component props when there are spread props (#10604)

... (truncated)

Commits

• d8b3133 Version Packages (#12990)
• 83e96e0 fix: escape < in attribute strings (#12989)
• 5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
• 230916f Version Packages (#11925)
• dbe6057 chore: speed up regex (#11922)
• a8deae9 Version Packages (#11594)
• 8592914 fix: correctly handle falsy values of style directives in SSR mode (#11584)
• 8e4c778 Version Packages (#11491)
• 1bab571 fix: additional check for component on destroy (svelte4) (#11489)
• 9f2341f Version Packages (#11202)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by svelte-admin, a new releaser for svelte since your current version.

Updates vite from 2.6.14 to 3.2.11

Release notes

Sourced from vite's releases.

v3.2.11

Please refer to CHANGELOG.md for details.

v3.2.10

Please refer to CHANGELOG.md for details.

v3.2.9

This version failed to publish to npm. Please use 3.2.10 or 3.2.8 instead.

Please refer to CHANGELOG.md for details.

v2.9.18

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

3.2.11 (2024-09-17)

• fix: backport #18112, fs raw query (a6da450), closes #18112
• fix: backport #18115, DOM Clobbering in (2ddd854), closes #18115
• fix(importAnalysis): backport #13712, strip url base before passing as safeModulePaths (5d1d81e), closes #13712

3.2.10 (2024-03-24)

3.2.9 (2024-03-24)

• fix: port #15653 to v3 (#15655) (99080ca), closes #15653 #15655
• fix: port #16250 to v3 (#16253) (89c7c64), closes #16250 #16253
• release: v3.2.8 (8352b75)

3.2.8 (2024-01-19)

• fix: port #15653 to v3 (#15655) (99080ca), closes #15653 #15655

3.2.7 (2023-05-26)

• fix: port #13348 to v3, fs.deny with leading double slash (#13349) (0574f80), closes #13348 #13349

3.2.6 (2023-04-18)

• fix: escape msg in render restricted error html, backport (#12889) (#12892) (b48ac2a), closes #12889 #12892

3.2.5 (2022-12-05)

• chore: cherry pick more v4 bug fixes to v3 (#11189) (eba9b42), closes #11189 #10949 #11056 #8663 #10958 #11120 #11122 #11123 #11132
• chore: cherry pick v4 bug fix to v3 (#11110) (c93a526), closes #11110 #10941 #10987 #10985 #11067
• fix: relocated logger to respect config. (#10787) (#10967) (bc3b5a9), closes #10787 #10967

3.2.4 (2022-11-15)

• fix: prevent cache on optional package resolve (v3) (#10812) (#10845) (3ba45b9), closes #10812 #10845

... (truncated)

Commits

• 45b8644 release: v3.2.11
• 5d1d81e fix(importAnalysis): backport #13712, strip url base before passing as safeMo...
• 2ddd854 fix: backport #18115, DOM Clobbering in
• a6da450 fix: backport #18112, fs raw query
• 1a8728f release: v3.2.10
• 5910f13 release: v3.2.9
• 89c7c64 fix: port #16250 to v3 (#16253)
• 8352b75 release: v3.2.8
• 99080ca fix: port #15653 to v3 (#15655)
• 494f36b release: v3.2.7
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vitebot, a new releaser for vite since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates nanoid from 3.1.30 to 3.3.7

Changelog

Sourced from nanoid's changelog.

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

• Fixed package.

3.3.5

• Backport funding information.

3.3.4

• Fixed --help in CLI (by @​Lete114).

3.3.3

• Reduced size (by Anton Khlynovskiy).

3.3.2

• Fixed enhanced-resolve support.

3.3.1

• Reduced package size.

3.3

• Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

• Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

• Reduced async exports size (by Artyom Arutyunyan).
• Moved from Jest to uvu (by Vitaly Baev).

3.1.31

• Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

Commits

• 89d82d2 Release 3.3.7 version
• 5022c35 Update dual-publish
• 3e7a8e5 Remove benchmark from CI for v3
• d356144 Fix CI for v3
• 37b25df Move to pnpm 8
• d96f392 Release 3.3.6 version
• 8210dfb Release 3.3.5 version
• f083d01 Backport funding option
• 9a967ea Update dependencies
• 21728dc Update IE polyfill to fix last improve with reduce (#362)
• Additional commits viewable in compare view

Updates postcss from 8.4.4 to 8.4.47

Release notes

Sourced from postcss's releases.

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by @​romainmenke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

... (truncated)

Changelog

Sourced from postcss's changelog.

Commits

• 5e6fd13 Release 8.4.47 version
• 714bc10 Typo
• 439d20e Release 8.4.46 version
• b93582f Update dependencies
• c51e467 Fix error on inserting node without raws in some cases
• 829ae47 Update dependencies
• 5aaaec2 Update remaining workflow jobs to use latest version of actions (#1968)
• 448c4f3 Release 8.4.45 version
• 1c77d2e Update unnecessary check
• f38b329 Try to fix CI
• Additional commits viewable in compare view

Updates rollup from 2.60.1 to 2.79.2

Changelog

Sourced from rollup's changelog.

rollup changelog

4.24.0

2024-10-02

Features

• Support preserving and transpiling JSX syntax (#5668)

Pull Requests

• #5668: Introduce JSX support (@​lukastaegert, @​Martin-Idel, @​felixhuttmann, @​AlexDroll, @​tiptr)

4.23.0

2024-10-01

Features

• Collect all emitted names and originalFileNames for assets (#5686)

Pull Requests

• #5686: Add names and originalFileNames to assets (@​lukastaegert)

4.22.5

2024-09-27

Bug Fixes

• Allow parsing of certain unicode characters again (#5674)

Pull Requests

• #5674: Fix panic with unicode characters (@​sapphi-red, @​lukastaegert)
• #5675: chore(deps): update dependency rollup to v4.22.4 [security] (@​renovate[bot])
• #5680: chore(deps): update dependency @​rollup/plugin-commonjs to v28 (@​renovate[bot], @​lukastaegert)
• #5681: chore(deps): update dependency @​rollup/plugin-replace to v6 (@​renovate[bot])
• #5682: chore(deps): update dependency @​rollup/plugin-typescript to v12 (@​renovate[bot])
• #5684: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

... (truncated)

Commits

• c9bd03d 2.79.2
• 48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
• 69ff418 2.79.1
• 04dce1b Update changelog
• 159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
• e1392b3 Update type definition of resolveId (#4641)
• 7836357 Improve performance of chunk naming collision check (#4643)
• 71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
• 8193ea5 Adapt workflow to use Node 14 sub-version to work with branch protection
• 8477f8f 2.79.0
• Additional commits viewable in compare view

Updates webpack from 5.88.2 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

• Added runtime condition for harmony reexport checked
• Handle properly data/http/https protocols in source maps
• Make bigint optimistic when browserslist not found
• Move @​types/eslint-scope to dev deps
• Related in asset stats is now always an array when no related found
• Handle ASI for export declarations
• Mangle destruction incorrect with export named default properly
• Fixed unexpected asi generation with sequence expression
• Fixed a lot of types

New Features

• Added new external type "module-import"
• Support webpackIgnore for new URL() construction
• [CSS] @import pathinfo support

Security

• Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

• Generate correct relative path to runtime chunks
• Makes DefinePlugin quieter under default log level
• Fixed mangle destructuring default in namespace import
• Fixed consumption of eager shared modules for module federation
• Strip slash for pretty regexp
• Calculate correct contenthash for CSS generator options

New Features

• Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
• Added the modern-module library value for tree shakable output
• Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

• Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

• Correct tidle range's comutation for module federation
• Consider runtime for pure expression dependency update hash
• Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.