Bump the npm_and_yarn group with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates: vue, postcss, path-to-regexp and express.

Updates vue from 3.4.32 to 3.4.33

Release notes

Sourced from vue's releases.

v3.4.33

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.13 (2024-11-15)

Bug Fixes

• compiler-core: handle v-memo + v-for with functional key (#12014) (99009ee), closes #12013
• compiler-dom: properly stringify template string style (#12392) (2d78539), closes #12391
• custom-element: avoid triggering mutationObserver when relecting props (352bc88), closes #12214 #12215
• deps: update dependency postcss to ^8.4.48 (#12356) (b5ff930)
• hydration: the component vnode's el should be updated when a mismatch occurs. (#12255) (a20a4cb), closes #12253
• reactiivty: avoid unnecessary watcher effect removal from inactive scope (2193284), closes #5783 #5806
• reactivity: release nested effects/scopes on effect scope stop (#12373) (bee2f5e), closes #12370
• runtime-dom: set css vars before user onMounted hooks (2d5c5e2), closes #11533
• runtime-dom: set css vars on update to handle child forcing reflow in onMount (#11561) (c4312f9)
• ssr: avoid updating subtree of async component if it is resolved (#12363) (da7ad5e), closes #12362
• ssr: ensure v-text updates correctly with custom directives in SSR output (#12311) (1f75d4e), closes #12309
• ssr: handle initial selected state for select with v-model + v-for option (#12399) (4f8d807), closes #12395
• teleport: handle deferred teleport update before mounted (#12168) (8bff142), closes #12161
• templateRef: set ref on cached async component which wrapped in KeepAlive (#12290) (983eb50), closes #4999 #5004
• test: update snapshot (#12169) (828d4a4)
• Transition: fix transition memory leak edge case (#12182) (660132d), closes #12181
• transition: reflow before leave-active class after leave-from (#12288) (4b479db), closes #2593
• types: defineEmits w/ interface declaration (#12343) (1022eab), closes #8457
• v-once: setting hasOnce to current block only when in v-once (#12374) (37300fc), closes #12371

Performance Improvements

• reactivity: do not track inner key `__v_skip`` (#11690) (d637bd6)
• runtime-core: use feature flag for call to resolveMergedOptions (#12163) (1755ac0)

3.5.12 (2024-10-11)

Bug Fixes

• compiler-dom: avoid stringify option with null value (#12096) (f6d9926), closes #12093
• compiler-sfc: do not skip TSInstantiationExpression when transforming props destructure (#12064) (d3ecde8)
• compiler-sfc: use sass modern api if available and avoid deprecation warning (#11992) (4474c11)
• compiler: clone loc to ifNode (#12131) (cde2c06), closes vuejs/language-tools#4911
• custom-element: properly remove hyphenated attribute (#12143) (e16e9a7), closes #12139
• defineModel: handle kebab-case model correctly (#12063) (c0418a3), closes #12060
• deps: update dependency monaco-editor to ^0.52.0 (#12119) (f7cbea2)
• hydration: provide compat fallback for idle callback hydration strategy (#11935) (1ae545a)
• reactivity: trigger reactivity for Map key undefined (#12055) (7ad289e), closes #12054
• runtime-core: allow symbol values for slot prop key (#12069) (d9d4d4e), closes #12068
• runtime-core: fix required prop check false positive for kebab-case edge cases (#12034) (9da1ac1), closes #12011
• runtime-dom: prevent unnecessary updates in v-model checkbox when value is unchanged (#12146) (ea943af), closes #12144

... (truncated)

Commits

• 422ef34 release: v3.4.33
• 1b81d14 refactor(runtime-core): remove attrsProxy and slotsProxy from instance (#11390)
• 5df67e3 fix(runtime-dom): handle undefined values in v-html (#11403)
• c7f5c70 chore(build): fix build error on Windows (#11389)
• See full diff in compare view

Updates postcss from 8.4.45 to 8.4.46

Release notes

Sourced from postcss's releases.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

Changelog

Sourced from postcss's changelog.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

Commits

• 439d20e Release 8.4.46 version
• b93582f Update dependencies
• c51e467 Fix error on inserting node without raws in some cases
• 829ae47 Update dependencies
• 5aaaec2 Update remaining workflow jobs to use latest version of actions (#1968)
• See full diff in compare view

Updates path-to-regexp from 0.1.10 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

• Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

• Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Commits

• 640e694 0.1.12
• f01c26a Merge commit from fork
• 0c71192 0.1.11
• 8f09549 Add error on bad input values
• See full diff in compare view

Updates express from 4.21.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
facechess	❌ Failed (Inspect)			Dec 8, 2024 8:09pm