Bump the minor-patch group with 10 updates

[dependabot]

Bumps the minor-patch group with 10 updates:

Package	From	To
lint-staged	15.2.5	15.2.7
prettier	3.3.1	3.3.2
sass	1.77.4	1.77.5
webpack	5.91.0	5.92.0
acorn	8.11.3	8.12.0
caniuse-lite	1.0.30001632	1.0.30001636
electron-to-chromium	1.4.796	1.4.803
launch-editor	2.6.1	2.7.0
rfdc	1.3.1	1.4.1
ws	8.17.0	8.17.1

Updates lint-staged from 15.2.5 to 15.2.7

Release notes

Sourced from lint-staged's releases.

v15.2.7

Patch Changes

• #1440 a51be80 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version drops the --path-format=absolute option to support earlier git versions since it's also the default behavior. If you are still having trouble, please try upgrading git to the latest version.

v15.2.6

Patch Changes

• #1433 119adb2 Thanks @​iiroj! - Use native "git rev-parse" commands to determine git repo root directory and the .git config directory, instead of using custom logic. This hopefully makes path resolution more robust on non-POSIX systems.

Changelog

Sourced from lint-staged's changelog.

15.2.7

Patch Changes

• #1440 a51be80 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version drops the --path-format=absolute option to support earlier git versions since it's also the default behavior. If you are still having trouble, please try upgrading git to the latest version.

15.2.6

Patch Changes

• #1433 119adb2 Thanks @​iiroj! - Use native "git rev-parse" commands to determine git repo root directory and the .git config directory, instead of using custom logic. This hopefully makes path resolution more robust on non-POSIX systems.

Commits

• 87e4b30 chore(changeset): release (#1441)
• a39e829 docs: adjust changeset
• a51be80 fix: drop option to support earlier Git versions
• a91d942 chore(changeset): release
• 119adb2 fix: use native git command to get .git directory
• e0386dc fix: use native git command to get top-level directory for repo
• 6593870 ci: test Node.js versions against current instead of latest dependency
• 6c226c5 ci: add workflow for testing required Node.js semver range
• See full diff in compare view

Updates prettier from 3.3.1 to 3.3.2

Release notes

Sourced from prettier's releases.

3.3.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.3.2

diff

Fix handlebars path expressions starts with @ (#16358 by @​Princeyadav05)

{{! Input }}
<div>{{@x.y.z}}</div>
{{! Prettier 3.3.1 }}
<div>{{@​x}}</div>
{{! Prettier 3.3.2 }}
<div>{{@​x.y.z}}</div>

Commits

• 1596a60 Release 3.3.2
• aebcee5 chore(deps): update dependency esbuild to v0.21.5 (#16379)
• 57aa928 chore(deps): update dependency c8 to v10 (#16380)
• c3d0b7f chore(deps): update typescript-eslint to v7.13.0 (#16376)
• 27c35db chore(deps): update dependency codemirror-graphql to v2.0.12 (#16369)
• 6de3258 chore(deps): update dependency jest to v30.0.0-alpha.5 (#16371)
• b5f983d Upgrade yarn to v4.3.0 (#16377)
• d6f37c4 chore(deps): update dependency browserslist to v4.23.1 (#16368)
• 5055b7d chore(deps): update dependency execa to v9.2.0 (#16372)
• f4608cc chore(deps): update dependency cspell to v8.8.4 (#16370)
• Additional commits viewable in compare view

Updates sass from 1.77.4 to 1.77.5

Release notes

Sourced from sass's releases.

Dart Sass 1.77.5

To install Sass 1.77.5, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fully trim redundant selectors generated by @extend.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.77.5

• Fully trim redundant selectors generated by @extend.

Commits

• a1b372e Enable AOT build for linux-riscv64 (#2260)
• ecff05d Remove the heuristic where long selector lists wouldn't be trimmed (#2255)
• 5ddd7fc Enable AOT build for linux-riscv64-musl (#2258)
• 53b9ead Regenerate protobuf as part of default task (#2257)
• See full diff in compare view

Updates webpack from 5.91.0 to 5.92.0

Release notes

Sourced from webpack's releases.

v5.92.0

Bug Fixes

• Correct tidle range's comutation for module federation
• Consider runtime for pure expression dependency update hash
• Return value in the subtractRuntime function for runtime logic
• Fixed failed to resolve promise when eager import a dynamic cjs
• Avoid generation extra code for external modules when remapping is not required
• The css/global type now handles the exports name
• Avoid hashing for @keyframe and @property at-rules in css/global type
• Fixed mangle with destructuring for JSON modules
• The stats.hasWarnings() method now respects the ignoreWarnings option
• Fixed ArrayQueue iterator
• Correct behavior of __webpack_exports_info__.a.b.canMangle
• Changed to the correct plugin name for the CommonJsChunkFormatPlugin plugin
• Set the chunkLoading option to the import when environment is unknown and output is module
• Fixed when runtimeChunk has no exports when module chunkFormat used
• [CSS] Fixed parsing minimized CSS import
• [CSS] URLs in CSS files now have correct public path
• [CSS] The css module type should not allow parser to switch mode
• [Types] Improved context module types

New Features

• Added platform target properties to compiler
• Improved multi compiler cache location and validating it
• Support import attributes spec (with keyword)
• Support node: prefix for Node.js core modules in runtime code
• Support prefetch/preload for module chunk format
• Support "..." in the importsFields option for resolver
• Root module is less prone to be wrapped in IIFE
• Export InitFragment class for plugins
• Export compileBooleanMatcher util for plugins
• Export InputFileSystem and OutputFileSystem types
• [CSS] Support the esModule generator option for CSS modules
• [CSS] Support CSS when chunk format is module

Commits

• 34e2561 chore(release): 5.92.0
• 796bb6b chore(deps): update
• 65b3684 ci: fix
• 5da27ad ci: fix
• 09afe04 ci: fix
• 9d899d4 chore: small fixes
• de6d4b2 style: fix
• 1954237 chore: fix lint and types
• 7acd348 revert: changes in examples
• ab3e93b style: fix
• Additional commits viewable in compare view

Updates acorn from 8.11.3 to 8.12.0

Commits

• 5445810 Mark version 8.12.0
• 9046cc0 Specify a direct dependency on acorn in acorn-walk
• 88234f5 Add VariableDeclarator to AnyNode type
• 757da7b Actually initialize branchID in RegExpValidationState constuctor
• 33f414f refactor to remove unnecessary code
• 1e4161f Add 2025 to ecmaVersion type
• 9d041c4 Allow duplicate regexp capture group names in different branches
• ed4a7a1 Fix parsing of an "async of" edge case in for loop (#1286)
• 9a5ecbc Properly handle line breaks when looking for directives (#1283)
• bd0aa5c Mark Parser constructor as protected so plugins can extend it
• Additional commits viewable in compare view

Updates caniuse-lite from 1.0.30001632 to 1.0.30001636

Commits

• 82d7003 Update caniuse-db 1.0.30001636
• 46f586b Update ESLint
• f8d039e Update pnpm, CI actions and CI Node.js
• f51086a Update caniuse-db 1.0.30001635
• d56cfb4 Merge pull request #127 from browserslist/dependabot/npm_and_yarn/braces-3.0.3
• 9e0939e Update caniuse-db 1.0.30001634
• 54d3f71 Bump braces from 3.0.2 to 3.0.3
• cb6b876 Update caniuse-db 1.0.30001633
• See full diff in compare view

Updates electron-to-chromium from 1.4.796 to 1.4.803

Commits

• fa10299 1.4.803
• 13c4e19 generate new version
• 283839e 1.4.802
• 5aea1d2 generate new version
• bfc414e 1.4.801
• abb5542 generate new version
• 97bc426 1.4.800
• abf5843 generate new version
• 766c973 1.4.799
• 1324653 generate new version
• Additional commits viewable in compare view

Updates launch-editor from 2.6.1 to 2.7.0

Commits

• 08e542b v2.7.0
• 383e806 docs: format markdown and add rider to the list of supported editors
• 40c9454 feat: add Cusor to macOS editor info
• 34d7cce feat: add support for Cursor editor cursor shell command in get-args.js (#70)
• 47e172e fix: strict exact match of macOS process (#66)
• 633b2b0 feat: update IntelliJ IDEA executable name for macOS (#65)
• See full diff in compare view

Updates rfdc from 1.3.1 to 1.4.1

Release notes

Sourced from rfdc's releases.

1.4.1

What's Changed

• 🏷️ Add type definitions for constructorHandlers option by @​alecgibson in davidmarkclements/rfdc#43

Full Changelog: davidmarkclements/rfdc@v1.4.0...1.4.1

v1.4.0

What's Changed

• fix typo in benchmark by @​rluvaton in davidmarkclements/rfdc#38
• Run CI on Linux only, fix linting by @​mcollina in davidmarkclements/rfdc#42
• ✨ Add constructorHandlers option by @​alecgibson in davidmarkclements/rfdc#40

New Contributors

• @​rluvaton made their first contribution in davidmarkclements/rfdc#38
• @​mcollina made their first contribution in davidmarkclements/rfdc#42
• @​alecgibson made their first contribution in davidmarkclements/rfdc#40

Full Changelog: davidmarkclements/rfdc@v1.3.1...v1.4.0

Commits

• 29ea53f Bumped v1.4.1.
• 6330dc0 🏷️ Add type definitions for constructorHandlers option (#43)
• 228fc35 Bumped v1.4.0
• 8c6bfec ✨ Add constructorHandlers option (#40)
• 578c71e Run CI on Linux only, fix linting (#42)
• eb9cfdc updated benchmarks
• 60d59a2 fix type in benchmark (#38)
• 60507bf added structuredclone
• See full diff in compare view

Updates ws from 8.17.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const server = http.createServer();
const wss = new WebSocket.Server({ server });
server.listen(function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: server.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions