chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
svelte	3.59.2	4.2.19
@adobe/css-tools	4.2.0	4.4.2
@babel/traverse	7.22.4	7.27.0
decode-uri-component	0.2.0	0.2.2
ejs	3.1.8	3.1.10
express	4.18.1	4.21.2
follow-redirects	1.15.0	1.15.9
pug	3.0.2	3.0.3
rollup	2.74.1	2.79.2
webpack-dev-middleware	5.3.3	5.3.4
webpack	5.85.0	5.99.5
ws	8.13.0	8.18.1

Updates svelte from 3.59.2 to 4.2.19

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#12902)

• fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

• chore: speed up regex (#11922)

4.2.17

Patch Changes

• fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

• fix: check if svelte component exists on custom element destroy (#11489)

4.2.15

Patch Changes

• support attribute selector inside :global() (#11135)

4.2.14

Patch Changes

• fix parsing camelcase container query name (#11131)

4.2.13

Patch Changes

• fix: applying :global for +,~ sibling combinator when slots are present (#9282)

4.2.12

Patch Changes

• fix: properly update svelte:component props when there are spread props (#10604)

... (truncated)

Commits

• d8b3133 Version Packages (#12990)
• 83e96e0 fix: escape < in attribute strings (#12989)
• 5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
• 230916f Version Packages (#11925)
• dbe6057 chore: speed up regex (#11922)
• a8deae9 Version Packages (#11594)
• 8592914 fix: correctly handle falsy values of style directives in SSR mode (#11584)
• 8e4c778 Version Packages (#11491)
• 1bab571 fix: additional check for component on destroy (svelte4) (#11489)
• 9f2341f Version Packages (#11202)
• Additional commits viewable in compare view

Updates @adobe/css-tools from 4.2.0 to 4.4.2

Changelog

Sourced from @​adobe/css-tools's changelog.

4.4.2 / 2025-02-12

• Fix regular expression for quoted values in parentheses

4.4.0 / 2024-06-05

• add support for @​starting-style #319

4.3.3 / 2024-01-24

• Update export property #271

4.3.2 / 2023-11-28

• Fix redos vulnerability with specific crafted css string - CVE-2023-48631
• Fix Problem parsing with :is() and nested :nth-child() #211

4.3.1 / 2023-03-14

• Fix redos vulnerability with specific crafted css string - CVE-2023-26364

4.3.0 / 2023-03-07

• Update build tools
• Update exports path and files

Commits

• See full diff in compare view

Updates @babel/traverse from 7.22.4 to 7.27.0

Release notes

Sourced from @​babel/traverse's releases.

v7.27.0 (2025-03-24)

Thanks @​ishchhabra and @​vovkasm for your first PRs!

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Ish Chhabra (@​ishchhabra)
• Vladimir Timofeev (@​vovkasm)
• @​liuxingbaoyu

v7.26.10 (2025-03-11)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.0 (2025-03-24)

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

v7.26.10 (2025-03-11)

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)

... (truncated)

Commits

• 5c350ea v7.27.0
• 582538c Allow traverseFast to exit early (#17169)
• 4ad63a4 [Babel 8] Remove BLOCK_SCOPED_SYMBOL and NOT_LOCAL_BINDING (#17148)
• 0d0d577 fix: Reset child scopes when scope.crawl() (#17170)
• c51cffd feat: Add upToScope parameter to hasBinding (#17102)
• f902742 chore: Update TS 5.8 (#17185)
• b1bca3d fix: Uninitialized var declarator in loop marked as constantViolation (#17168)
• e1ce99d v7.26.10
• 51ec746 fix: Should not evaluate vars in child scope (#17151)
• 64bca7b v7.26.9
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates express from 4.18.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates follow-redirects from 1.15.0 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates pug from 3.0.2 to 3.0.3

Release notes

Sourced from pug's releases.

pug-code-gen@3.0.3

Bug Fixes

• Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options (#3438)

pug@3.0.3

Bug Fixes

• Update pug-code-gen with the following fix: (#3438)

  Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options

Commits

• 32acfe8 fix: ensure template names are valid identifiers (#3438)
• 4767caf refactor: convert pug-error to TypeScript (#3355)
• a724446 chore: update character-parser (#3354)
• 6cca8f7 docs: fix GitHub format in README (#3335)
• See full diff in compare view

Updates rollup from 2.74.1 to 2.79.2

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

2.79.2

2024-09-26

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

... (truncated)

Commits

• c9bd03d 2.79.2
• 48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
• 69ff418 2.79.1
• 04dce1b Update changelog
• 159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
• e1392b3 Update type definition of resolveId (#4641)
• 7836357 Improve performance of chunk naming collision check (#4643)
• 71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
• 8193ea5 Adapt workflow to use Node 14 sub-version to work with branch protection
• 8477f8f 2.79.0
• Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

v1.16.2

What's Changed

• encodeurl@~2.0.0 by @​wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

• bump send to 0.19 by @​tommasini in expressjs/serve-static#176

New Contributors

• @​tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

Commits

• 86071ea chore(release): 5.3.4
• 189c4ac fix(security): do not allow to read files above (#1779)
• See full diff in compare view

Updates webpack from 5.85.0 to 5.99.5

Release notes

Sourced from webpack's releases.

v5.99.5

Fixes

• Control dead flow for labeled and blockless statements

v5.99.4

Fixes

• Fixed terminated state for if/else

v5.99.3

Fixes

• Fixed dead control flow with deep nested if/else

v5.99.2

Fixes

• Dead control flow for exotic cases

v5.99.1

Fixes

• Dead control flow for many cases

v5.99.0

Fixes

• Fixed a lot of types
• Fixed runtime error when using asset module as entrypoint and runtimeChunk
• JSON generator now preserves __proto__ property
• Fixed when entry module isn't executed when targeting webworker with a runtime chunk
• Do not duplicate modules with import attributes and reexport
• The module and module ESM libraries have been union and code generation has been improved
• Use a valid output path for errored asset modules
• Remove BOM from JavaScript and CSS files when loader was not used
• Create export for externals for module/modern-module library
• Export unprovided variables for commonjs-static library
• Forward semicolons from meta.webpackAST
• Use xxhash64 for cache.hashAlgorithm when experiments.futureDefaults enabled
• [CSS] Fixed profiling plugin for CSS
• [CSS] Avoid extra module.export output for CSS module

Features

• Add dead control flow check
• Handle new Worker(import.meta.url) and new Worker(new URL(import.meta.url)) syntax
• Added ability to generate custom error content for generators

Performance Improvements

... (truncated)

Commits

• 70e3d9d chore(release): 5.99.5
• 6a853ef fix: control dead flow for labeled and blockless statements
• 04e0073 chore(release): 5.99.4
• b92cb0c fix: terminated state for if/else (#19404)
• 2470d8e chore(release): 5.99.3
• 278fcb6 fix: dead control flow with deep nested if (#19403)
• 44da94f chore(release): 5.99.2
• de8a04f fix: dead control flow more cases (#19402)
• 2b2b705 chore(release): 5.99.1
• 6545dd4 fix: dead control flow
• Additional commits viewable in compare view

Updates ws from 8.13.0 to 8.18.1

Release notes

Sourced from ws's releases.

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
</tr></table>

... (truncated)

Commits

• b92745a [dist] 8.18.1
• b3d9747 [doc] Fix nit
• 021f7b8 [test] Shorten the path lengths
• b9ca55b [pkg] Update eslint-config-prettier to version 10.0.1
• c798dd4 [doc] Fix typo (#2271)
• 6861472 [ci] Test on node 23
• 019f28f [minor] Improve JSDoc-inferred types (#2242)
• bfe1b2a [doc] Remove unnecessary period (#2240)
• f7dc469 [doc] Fix the type of the data argument
• 976c53c [dist] 8.18.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 3def95e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​jridgewell/​trace-mapping@​0.3.18 ⏵ 0.3.25			+1
	@​babel/​traverse@​7.22.4 ⏵ 7.27.0	+1	+75	+1	-1
	@​ampproject/​remapping@​2.2.1 ⏵ 2.3.0	+1		+1
	@​jridgewell/​gen-mapping@​0.3.3 ⏵ 0.3.8			+1
	acorn@​8.7.1 ⏵ 8.14.1

View full report