chore(deps-dev): bump the npm_and_yarn group with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates: rollup, @rollup/plugin-buble and json5.

Updates rollup from 2.57.0 to 4.22.4

Release notes

Sourced from rollup's releases.

v4.22.4

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

v4.22.3

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

v4.22.2

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

v4.22.1

4.22.1

2024-09-20

Bug Fixes

• Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

4.22.1

2024-09-20

Bug Fixes

• Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

• #5663: chore(deps): update dependency inquirer to v11 (@​renovate[bot], @​lukastaegert)
• #5664: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5665: fix: type in CI file (@​YuHyeonWook)

... (truncated)

Commits

• 79c0aba 4.22.4
• e2552c9 Fix DOM Clobbering CVE (#5671)
• 10ab90e refactor: Use object.prototype to check for reserved properties (#5670)
• e1cba8e 4.22.3
• 59cec3e Ensure impure dependencies of pure modules are added (#5669)
• b86ffd7 4.22.2
• d5ff63d Partially revert #5658 and re-apply #5644 (#5667)
• 0a821d9 Create SECURITY.md
• 76e962d 4.22.1
• 68c23da Partially revert #5644
• Additional commits viewable in compare view

Updates @rollup/plugin-buble from 0.21.3 to 1.0.3

Changelog

Sourced from @​rollup/plugin-buble's changelog.

v1.0.3

2023-10-05

Bugfixes

• fix: ensure rollup 4 compatibility #1595

v1.0.2

2023-01-20

Bugfixes

• fix: types should come first in exports #1403

v1.0.1

2022-10-21

Updates

• chore: update rollup dependencies (3038271)

v1.0.0

2022-10-08

Breaking Changes

• fix: prepare for Rollup 3 #1305

Updates

• chore: upgrade TypeScript #710
• chore: update dependencies (92d6c82)

Commits

• cdf9113 chore(repo): manually update changelog and package versions after bad release...
• 841a039 fix(alias,auto-install,babel,beep,buble,commonjs,data-uri,dsv,dynamic-import-...
• 701b642 chore(release): buble v1.0.2
• be71165 fix(alias,auto-install,buble,commonjs,data-uri,dsv,dynamic-import-vars,eslint...
• a2e582a chore(repo): enable consistent-type-imports for typescript files (#1325)
• 0f8f9f7 chore(release): buble v1.0.1
• 3038271 chore(commonjs,yaml,wasm,virtual,url,typescript,sucrase,strip,run,replace,plu...
• 552aa96 chore(release): buble v1.0.0
• 196263a fix(buble): prepare for Rollup 3 (#1305)
• 69146cd chore(repo): central changes for Rollup 3 updates (#1277)
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.