Bump cross-spawn, webpack, lint-staged and webpack-dev-server

[dependabot]

Bumps cross-spawn to 7.0.6 and updates ancestor dependencies cross-spawn, webpack, lint-staged and webpack-dev-server. These dependencies need to be updated together.

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates webpack from 3.12.0 to 5.97.1

Release notes

Sourced from webpack's releases.

v5.97.1

Bug Fixes

• Performance regression
• Sub define key should't be renamed when it's a defined variable

v5.97.0

Bug Fixes

• Don't crash with filesystem cache and unknown scheme
• Generate a valid code when output.iife is true and output.library.type is umd
• Fixed conflict variable name with concatenate modules and runtime code
• Merge duplicate chunks before
• Collisions in ESM library
• Use recursive search for versions of shared dependencies
• [WASM] Don't crash WebAssembly with Reference Types (sync and async)
• [WASM] Fixed wasm loading for sync and async webassembly
• [CSS] Don't add [uniqueName] to localIdentName when it is empty
• [CSS] Parsing strings on Windows
• [CSS] Fixed CSS local escaping

New Features

• Added support for injecting debug IDs
• Export the MergeDuplicateChunks plugin
• Added universal loading for JS chunks and JS worker chunks (only ES modules)
• [WASM] Added universal loading for WebAssembly chunks (only for async WebAssembly)
• [CSS] Allow initial CSS chunks to be placed anywhere - the output.cssHeadDataCompression option was deleted
• [CSS] Added universal loading for CSS chunks
• [CSS] Parse ICSS @value at-rules in CSS modules
• [CSS] Parse ICSS :import rules in CSS modules
• [CSS] Added the url and import options for CSS
• [CSS] Allow to import custom properties in CSS modules

Performance

• Faster Queue implementation, also fixed queue iterator state in dequeue method to ensure correct behavior after item removal

v5.96.1

Bug Fixes

• [Types] Add @types/eslint-scope to dependencieS
• [Types] Fixed regression in validate

v5.96.0

Bug Fixes

• Fixed Module Federation should track all referenced chunks
• Handle Data URI without base64 word
• HotUpdateChunk have correct runtime when modified with new runtime

... (truncated)

Commits

• 3612d36 chore(release): 5.97.1
• eb7ac6f fix: perf regression
• 554be24 fix: sub define key should't be renamed when it's a defined variable
• 5e0e780 refactor: issue #19030
• 58fb035 fix: sub define key should't be renamed when it's a defined variable
• af1fd12 perf: regression
• 34f19cb fix: package.json
• 0ec7f5d refactor: issue #19030
• 5e7b8a2 fix: package.json
• 644f1d1 refactor: no extra work for CSS unescaping
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates lint-staged from 4.3.0 to 15.3.0

Release notes

Sourced from lint-staged's releases.

v15.3.0

Minor Changes

• #1495 e69da9e Thanks @​iiroj! - Added more info to the debug logs so that "environment" info doesn't need to be added separately to GitHub issues.

• #1493 fa0fe98 Thanks @​iiroj! - Added more help messages around the automatic git stash that lint-staged creates as a backup (by default). The console output also displays the short git hash of the stash so that it's easier to recover lost files in case some fatal errors are encountered, or the process is killed before completing.

  For example:

  % npx lint-staged
  ✔ Backed up original state in git stash (20addf8)
  ✔ Running tasks for staged files...
  ✔ Applying modifications from tasks...
  ✔ Cleaning up temporary files...
  

  where the backup can be seen with git show 20addf8, or git stash list:

  % git stash list
  stash@{0}: lint-staged automatic backup (20addf8)
  

v15.2.11

Patch Changes

• #1484 bcfe309 Thanks @​wormsik! - Escape paths containing spaces when using the "shell" option.

• #1487 7dd8caa Thanks @​iiroj! - Do not treat submodule root paths as "staged files". This caused lint-staged to fail to a Git error when only updating the revision of a submodule.

v15.2.10

Patch Changes

• #1471 e3f283b Thanks @​iiroj! - Update minor dependencies, including micromatch@~4.0.8.

v15.2.9

Patch Changes

• #1463 b69ce2d Thanks @​iiroj! - Set the maximum number of event listeners to the number of tasks. This should silence the console warning MaxListenersExceededWarning: Possible EventEmitter memory leak detected.

v15.2.8

Patch Changes

• f0480f0 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version switched the --show-toplevel flag with --show-cdup, because on Git installed via MSYS2 the former was returning absolute paths that do not work with Node.js child_process. The new flag returns a path relative to the working directory, avoiding the issue.

  The GitHub Actions workflow has been updated to install Git via MSYS2, to ensure better future compatibility; using the default Git binary in the GitHub Actions runner was working correctly even with MSYS2.

v15.2.7

Patch Changes

• #1440 a51be80 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version drops the --path-format=absolute option to support earlier git versions since it's also the default behavior. If you are still having trouble, please try upgrading git to the latest version.

v15.2.6

... (truncated)

Changelog

Sourced from lint-staged's changelog.

15.3.0

Minor Changes

• #1495 e69da9e Thanks @​iiroj! - Added more info to the debug logs so that "environment" info doesn't need to be added separately to GitHub issues.

• #1493 fa0fe98 Thanks @​iiroj! - Added more help messages around the automatic git stash that lint-staged creates as a backup (by default). The console output also displays the short git hash of the stash so that it's easier to recover lost files in case some fatal errors are encountered, or the process is killed before completing.

  For example:

  % npx lint-staged
  ✔ Backed up original state in git stash (20addf8)
  ✔ Running tasks for staged files...
  ✔ Applying modifications from tasks...
  ✔ Cleaning up temporary files...
  

  where the backup can be seen with git show 20addf8, or git stash list:

  % git stash list
  stash@{0}: lint-staged automatic backup (20addf8)
  

15.2.11

Patch Changes

• #1484 bcfe309 Thanks @​wormsik! - Escape paths containing spaces when using the "shell" option.

• #1487 7dd8caa Thanks @​iiroj! - Do not treat submodule root paths as "staged files". This caused lint-staged to fail to a Git error when only updating the revision of a submodule.

15.2.10

Patch Changes

• #1471 e3f283b Thanks @​iiroj! - Update minor dependencies, including micromatch@~4.0.8.

15.2.9

Patch Changes

• #1463 b69ce2d Thanks @​iiroj! - Set the maximum number of event listeners to the number of tasks. This should silence the console warning MaxListenersExceededWarning: Possible EventEmitter memory leak detected.

15.2.8

Patch Changes

• f0480f0 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version switched the --show-toplevel flag with --show-cdup, because on Git installed via MSYS2 the former was returning absolute paths that do not work with Node.js child_process. The new flag returns a path relative to the working directory, avoiding the issue.

... (truncated)

Commits

• 703002a chore(changeset): release
• 4cee7d8 build(dependencies): update dependencies
• ef9b02d Merge pull request #1495 from lint-staged/debug-info
• e69da9e feat: add more info to debug logs, remove "environment" requirement from issu...
• 1b36f55 docs: combine changesets
• 6c9ab40 Merge pull request #1493 from lint-staged/help-messages
• 22fe89d feat: add unique hash to backup stash message
• c52cc92 docs: add a caution message about git stash
• fa0fe98 feat: update first task message based on backup status
• 7bd0447 feat: display "git stash list" message when restoring original state is skipped
• Additional commits viewable in compare view

Updates webpack-dev-server from 3.0.0 to 3.11.3

Release notes

Sourced from webpack-dev-server's releases.

v3.11.3

3.11.3 (2021-11-08)

Bug Fixes

• replace ansi-html with ansi-html-community (#4011) (4fef67b)

v3.11.2

3.11.2 (2021-01-13)

Bug Fixes

• cli arguments for serve command (a5fe337)

v3.11.1

3.11.1 (2020-12-29)

Bug Fixes

• the open option works using webpack serve without value (#2948) (4837dc9)
• vulnerable deps (#2949) (78dde50)

v3.11.0

3.11.0 (2020-05-08)

Features

• add icons for directory viewer (#2441) (e953d01)
• allow multiple contentBasePublicPath paths (#2489) (c6bdfe4)
• emit progress-update (#2498) (4808abd), closes #1666
• add invalidate endpoint (#2493) (89ffb86)
• allow open option to accept an object (#2492) (adeb92e)

Bug Fixes

• do not swallow errors from server (#2512) (06583f2)
• security vulnerability in yargs-parser (#2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#2507) (0d5c681)
• support entry descriptor (closes #2453) (#2465) (8bbef6a)
• update jquery (#2516) (99ccfd8)

v3.10.3

3.10.3 (2020-02-05)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

3.11.3 (2021-11-08)

Bug Fixes

• replace ansi-html with ansi-html-community (#4011) (4fef67b)

3.11.2 (2021-01-13)

Bug Fixes

• cli arguments for serve command (a5fe337)

3.11.1 (2020-12-29)

Bug Fixes

• the open option works using webpack serve without value (#2948) (4837dc9)
• vulnerable deps (#2949) (78dde50)

3.11.0 (2020-05-08)

Features

• add icons for directory viewer (#2441) (e953d01)
• allow multiple contentBasePublicPath paths (#2489) (c6bdfe4)
• emit progress-update (#2498) (4808abd), closes #1666
• add invalidate endpoint (#2493) (89ffb86)
• allow open option to accept an object (#2492) (adeb92e)

Bug Fixes

• do not swallow errors from server (#2512) (06583f2)
• security vulnerability in yargs-parser (#2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#2507) (0d5c681)
• support entry descriptor (closes #2453) (#2465) (8bbef6a)
• update jquery (#2516) (99ccfd8)

3.10.3 (2020-02-05)

Bug Fixes

• forward error requests to the proxy (#2425) (e291cd4)

3.10.2 (2020-01-31)

... (truncated)

Commits

• aa3cddc chore(release): 3.11.3
• 4fef67b fix: replace ansi-html with ansi-html-community (#4011)
• 5cb545f chore(release): 3.11.2
• a5fe337 fix: cli arguments for serve command
• 7e70eee chore(release): 3.11.1
• 78dde50 fix: vulnerable deps (#2949)
• 4837dc9 fix: the open option works using webpack serve without value (#2948)
• 4ab1f21 chore(release): 3.11.0
• 0e51fb1 fix: invalidate route (#2584)
• f857c40 chore: deps and tests
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[alexprudhomme]

👎

[fbeaudoincoveo]

👎

that's quite daring

[dependabot]

Superseded by #1999.