Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the /besim/gui directory:

Package	From	To
rollup	4.12.0	4.35.0
braces	3.0.2	3.0.3
ws	8.16.0	8.18.1
ws	7.5.9	8.18.1
prismjs	1.29.0	1.30.0
undici	5.28.3	5.28.5

Updates rollup from 4.12.0 to 4.35.0

Release notes

Sourced from rollup's releases.

v4.35.0

4.35.0

2025-03-08

Features

• Pass build errors to the closeBundle hook (#5867)

Pull Requests

• #5852: chore(deps): update dependency eslint-plugin-unicorn to v57 (@​renovate[bot], @​lukastaegert)
• #5862: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5867: feat(5858): make closeBundle hook receive the last error (@​GauBen)
• #5872: chore(deps): update dependency builtin-modules to v5 (@​renovate[bot])
• #5873: chore(deps): update uraimo/run-on-arch-action action to v3 (@​renovate[bot])
• #5874: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.34.9

4.34.9

2025-03-01

Bug Fixes

• Support JSX modes in WASM (#5866)
• Allow the CustomPluginOptions to be extended (#5850)

Pull Requests

• #5850: Revert CustomPluginOptions to be an interface (@​sapphi-red, @​lukastaegert)
• #5851: Javascript to JavaScript (@​dasa, @​lukastaegert)
• #5853: chore(deps): update dependency pinia to v3 (@​renovate[bot])
• #5854: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5855: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #5860: chore(deps): update dependency @​shikijs/vitepress-twoslash to v3 (@​renovate[bot])
• #5861: chore(deps): update dependency globals to v16 (@​renovate[bot])
• #5863: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5864: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5866: Add jsx parameter to parseAsync in native.wasm.js (@​TrickyPi)

v4.34.8

4.34.8

2025-02-17

Bug Fixes

• Do not make assumptions about the value of nested paths in logical expressions if the expression cannot be simplified (#5846)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.35.0

2025-03-08

Features

• Pass build errors to the closeBundle hook (#5867)

Pull Requests

• #5852: chore(deps): update dependency eslint-plugin-unicorn to v57 (@​renovate[bot], @​lukastaegert)
• #5862: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #5867: feat(5858): make closeBundle hook receive the last error (@​GauBen)
• #5872: chore(deps): update dependency builtin-modules to v5 (@​renovate[bot])
• #5873: chore(deps): update uraimo/run-on-arch-action action to v3 (@​renovate[bot])
• #5874: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.34.9

2025-03-01

Bug Fixes

• Support JSX modes in WASM (#5866)
• Allow the CustomPluginOptions to be extended (#5850)

Pull Requests

• #5850: Revert CustomPluginOptions to be an interface (@​sapphi-red, @​lukastaegert)
• #5851: Javascript to JavaScript (@​dasa, @​lukastaegert)
• #5853: chore(deps): update dependency pinia to v3 (@​renovate[bot])
• #5854: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5855: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #5860: chore(deps): update dependency @​shikijs/vitepress-twoslash to v3 (@​renovate[bot])
• #5861: chore(deps): update dependency globals to v16 (@​renovate[bot])
• #5863: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5864: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5866: Add jsx parameter to parseAsync in native.wasm.js (@​TrickyPi)

4.34.8

2025-02-17

Bug Fixes

• Do not make assumptions about the value of nested paths in logical expressions if the expression cannot be simplified (#5846)

Pull Requests

• #5846: return UnknownValue if the usedbranch is unkown and the path is not empty (@​TrickyPi)

... (truncated)

Commits

• 70ef1cc 4.35.0
• d29a457 feat(5858): make closeBundle hook receive the last error (#5867)
• b346ce9 chore(deps): update dependency builtin-modules to v5 (#5872)
• f491680 chore(deps): update uraimo/run-on-arch-action action to v3 (#5873)
• 865d8d5 fix(deps): lock file maintenance minor/patch updates (#5874)
• caa406e chore(deps): update dependency eslint-plugin-unicorn to v57 (#5852)
• 30c16e8 fix(deps): update swc monorepo (major) (#5862)
• 0ab9b97 4.34.9
• be66eb9 Add jsx parameter to parseAsync in native.wasm.js (#5866)
• bf573b2 chore(deps): update dependency globals to v16 (#5861)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates ws from 8.16.0 to 8.18.1

Release notes

Sourced from ws's releases.

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
</tr></table>

... (truncated)

Commits

• b92745a [dist] 8.18.1
• b3d9747 [doc] Fix nit
• 021f7b8 [test] Shorten the path lengths
• b9ca55b [pkg] Update eslint-config-prettier to version 10.0.1
• c798dd4 [doc] Fix typo (#2271)
• 6861472 [ci] Test on node 23
• 019f28f [minor] Improve JSDoc-inferred types (#2242)
• bfe1b2a [doc] Remove unnecessary period (#2240)
• f7dc469 [doc] Fix the type of the data argument
• 976c53c [dist] 8.18.0
• Additional commits viewable in compare view

Updates ws from 7.5.9 to 8.18.1

Release notes

Sourced from ws's releases.

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
</tr></table>

... (truncated)

Commits

• b92745a [dist] 8.18.1
• b3d9747 [doc] Fix nit
• 021f7b8 [test] Shorten the path lengths
• b9ca55b [pkg] Update eslint-config-prettier to version 10.0.1
• c798dd4 [doc] Fix typo (#2271)
• 6861472 [ci] Test on node 23
• 019f28f [minor] Improve JSDoc-inferred types (#2242)
• bfe1b2a [doc] Remove unnecessary period (#2240)
• f7dc469 [doc] Fix the type of the data argument
• 976c53c [dist] 8.18.0
• Additional commits viewable in compare view

Updates prismjs from 1.29.0 to 1.30.0

Release notes

Sourced from prismjs's releases.

v1.30.0

What's Changed

• check that currentScript is set by a script tag by @​lkuechler in PrismJS/prism#3863

New Contributors

• @​lkuechler made their first contribution in PrismJS/prism#3863

Full Changelog: PrismJS/prism@v1.29.0...v1.30.0

Changelog

Sourced from prismjs's changelog.

Prism Changelog

Commits

• 76dde18 Release 1.30.0
• 93cca40 npm pkg fix
• 99c5ca9 Add release script
• 8e8b935 check that currentScript is set by a script tag (#3863)
• f894dc2 Fix logo in the footer
• ac38dce Delete CNAME
• 9b5b09a Enable CORS
• See full diff in compare view

Maintainer changes

This version was pushed to npm by dmitrysharabin, a new releaser for prismjs since your current version.

Updates undici from 5.28.3 to 5.28.5

Release notes

Sourced from undici's releases.

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

v5.28.4

⚠️ Security Release ⚠️

• Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
• Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

Commits

• 6139ed2 Bumped v5.28.5
• 711e207 Backport of c2d78cd
• fb98306 Bumped v5.28.4
• 2b39440 Merge pull request from GHSA-9qxr-qj54-h672
• 64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
• 723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
• 0e9d54b skip failing test due to Node.js changes
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.