Bump the npm_and_yarn group across 1 directory with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
axios	1.6.4	1.7.7
braces	3.0.2	3.0.3
next	14.1.0	14.2.9
undici	5.28.2	5.28.4
vite	5.1.4	5.4.3

Updates axios from 1.6.4 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

1.7.5 (2024-08-23)

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

... (truncated)

Commits

• 5b8a826 chore(release): v1.7.7 (#6585)
• 364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
• d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
• d584fcf chore(release): v1.7.6 (#6583)
• bc03c6c chore(examples): fix module import (#6575)
• df9889b fix(fetch): optimize signals composing logic; (#6582)
• ee208cf chore(sponsor): update sponsor block (#6576)
• 085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
• 59cd6b0 chore(release): v1.7.5 (#6574)
• 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.4 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates next from 14.1.0 to 14.2.9

Release notes

Sourced from next's releases.

v14.2.9

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Revert "Fix esm property def in flight loader (#66990)" (#69749)
• Disable experimental.optimizeServer by default to fix failed server action (#69788)
• Fix middleware fallback: false case (#69799)
• Fix status code for /_not-found route (#64058) (#69808)
• Fix metadata prop merging (#69807)
• create-next-app: fix font file corruption when using import alias (#69806)

Credits

Huge thanks to @​huozhi, @​ztanner, @​ijjk, and @​lubieowoce for helping!

v14.2.8

What's Changed

[!NOTE]
This release is backporting bug fixes and minor improvements. It does not include all pending features/changes on canary.

Support esmExternals in app directory

• Support esm externals in app router (#65041)
• Turbopack: Allow client components from foreign code in app routes (#64751)
• Turbopack: add support for esm externals in app dir (#64918)
• other related PRs: #66990 #66727 #66286 #65519

Reading cookies set in middleware in components and actions

• initialize ALS with cookies in middleware (#65008)
• fix middleware cookie initialization (#65820)
• ensure cookies set in middleware can be read in a server action (#67924)
• fix: merged middleware cookies should preserve options (#67956)

Metadata and icons

• support facebook-specific metadata (fb:app_id, fb:admins) in generateMetaData (#65713)
• Always collect static icons for all segments (#68712)
• Fix favicon merging with customized icons (#67982)
• Warn metadataBase missing in standalone mode or non vercel deployment (#66296)

Parallel routes fixes

• fix missing stylesheets when parallel routes are present (#69507)

... (truncated)

Commits

• 6fa8982 v14.2.9
• 7998745 test: lock ts type check (#69889)
• 4bd3849 create-next-app: fix font file corruption when using import alias (#69806)
• 3756801 test: check most possible combination of CNA flags
• 9a72ad6 unpin CNA tests from 14.2.3
• 747d365 Fix metadata prop merging (#69807)
• 196dab6 Fix status code for /_not-found route (#64058) (#69808)
• e50ad14 Fix middleware fallback: false case (#69799)
• bf48448 Disable experimental.optimizeServer by default (#69788)
• 86547db test: both wrapped and unwrapped dynamic() (#69780)
• Additional commits viewable in compare view

Updates undici from 5.28.2 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

• Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
• Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

• CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

Commits

• fb98306 Bumped v5.28.4
• 2b39440 Merge pull request from GHSA-9qxr-qj54-h672
• 64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
• 723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
• 0e9d54b skip failing test due to Node.js changes
• e71cb4c Bumped v5.28.3
• 20c65b8 Fix tests for Node.js v20.11.0 (#2618)
• 8ec52cd Fix tests for Node.js v21 (#2609)
• d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
• See full diff in compare view

Updates vite from 5.1.4 to 5.4.3

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.3 (2024-09-03)

• fix: allow getting URL of JS files in publicDir (#17915) (943ece1), closes #17915
• fix: cjs warning respect the logLevel flag (#17993) (dc3c14f), closes #17993
• fix: improve CJS warning trace information (#17926) (5c5f82c), closes #17926
• fix: only remove entry assets handled by Vite core (#17916) (ebfaa7e), closes #17916
• fix: waitForRequestIdle locked (#17982) (ad13760), closes #17982
• fix(css): fix directory index import in sass modern api (#17960) (9b001ba), closes #17960
• fix(css): fix sass file:// reference (#17909) (561b940), closes #17909
• fix(css): fix sass modern source map (#17938) (d428e7e), closes #17938
• fix(deps): bump tsconfck (#17990) (8c661b2), closes #17990
• fix(html): rewrite assets url in <template> (#17988) (413c86a), closes #17988
• fix(preload): add crossorigin attribute in CSS link tags (#17930) (15871c7), closes #17930
• chore: reduce diffs with v6 branch (#17942) (bf9065a), closes #17942
• chore(deps): update all non-major dependencies (#17945) (cfb621e), closes #17945
• chore(deps): update all non-major dependencies (#17991) (0ca53cf), closes #17991

5.4.2 (2024-08-20)

• chore: remove stale TODOs (#17866) (e012f29), closes #17866
• refactor: remove redundant prepend/strip base (#17887) (3b8f03d), closes #17887
• fix: resolve relative URL generated by renderBuiltUrl passed to module preload (#16084) (fac3a8e), closes #16084
• feat: support originalFilename (#17867) (7d8c0e2), closes #17867

5.4.1 (2024-08-15)

• fix: build.modulePreload.resolveDependencies is optimizable (#16083) (e961b31), closes #16083
• fix: align CorsOptions.origin type with @​types/cors (#17836) (1bda847), closes #17836
• fix: typings for vite:preloadError (#17868) (6700594), closes #17868
• fix(build): avoid re-define __vite_import_meta_env__ (#17876) (e686d74), closes #17876
• fix(deps): update all non-major dependencies (#17869) (d11711c), closes #17869
• fix(lightningcss): search for assets with correct base path (#17856) (4e5ce3c), closes #17856
• fix(worker): handle self reference url worker in dependency for build (#17846) (391bb49), closes #17846
• chore: fix picocolors import for local dev (#17884) (9018255), closes #17884
• refactor: remove handleHotUpdate from watch-package-data plugin (#17865) (e16bf1f), closes #17865

5.4.0 (2024-08-07)

• fix(build): windows platform build output path error (#17818) (6ae0615), closes #17818
• fix(deps): update launch-editor to consume fix for windows paths (#17828) (cf2f90d), closes #17828
• fix(ssr): fix global variable name conflict (#17809) (6aa2206), closes #17809
• fix(worker): fix importScripts injection breaking iife code (#17827) (bb4ba9f), closes #17827
• chore: bump typescript-eslint to v8 (#17624) (d1891fd), closes #17624
• chore(deps): update all non-major dependencies (#17820) (bb2f8bb), closes #17820

... (truncated)

Commits

• ccbfc1a release: v5.4.3
• 9b001ba fix(css): fix directory index import in sass modern api (#17960)
• 5c5f82c fix: improve CJS warning trace information (#17926)
• 15871c7 fix(preload): add crossorigin attribute in CSS link tags (#17930)
• 413c86a fix(html): rewrite assets url in <template> (#17988)
• dc3c14f fix: cjs warning respect the logLevel flag (#17993)
• 0ca53cf chore(deps): update all non-major dependencies (#17991)
• ebfaa7e fix: only remove entry assets handled by Vite core (#17916)
• d428e7e fix(css): fix sass modern source map (#17938)
• ad13760 fix: waitForRequestIdle locked (#17982)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4510bc4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR