🤖 [Main App](deps): Bump the production-dependencies group with 3 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the production-dependencies group with 3 updates: express, next and sass.

Updates express from 4.21.0 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• See full diff in compare view

Updates next from 14.2.13 to 15.0.1

Release notes

Sourced from next's releases.

v15.0.1

Core Changes

• Reland "[dynamicIO] warn for disallowed dynamic in dev": #71567
• next-upgrade: prompt (un)install only when there's a change: #71308
• chore(next-codemod): remove @next/font from optional Next.js packages to install: #71563
• [dynamicIO] Avoid triggering memory leak false positive with makeHangingPromise: #71576
• Avoid triggering memory leak false positive with makeHangingPromise: #71579
• Upgrade React from 65a56d0e-20241020 to 69d4b800-20241021: #71568
• avoid logging stacks for internal errors: #71575
• Avoid server action endpoint function indirection: #71572
• fix: handle terminal color in chrome console: #71581
• [dynamicIO] Update prerender to use Fizz prerender: #71580
• misc(next-upgrade): reuse process.cwd() value: #71558
• [dynamicIO]: dev navigations should show disallowed dynamic errors: #71595
• next-lint: Use ESLint v9 by default: #71371
• fix: prevent router errors from being logged on the client: #71583
• fix: next package resolving in dev overlay: #71632
• Improve type coverage of setup-dev-bundler: #71443
• fix(turbo-tasks): Implement ValueDebugFormat for ResolvedVc: #71173
• Add --turbopack CLI flag: #71657
• [dynamicIO] detect metadata boundaries in dev using server component stacks: #71666

Example Changes

• chore: Update with-supabase to be compatible with Nextjs 15: #71631
• Update Sanity example to next v15: #71640

Misc Changes

• docs(ppr): remove v14 mention for ppr: #71498
• docs: fix upgrade codemod command: #71578
• Turbopack: Always use blob: URLs for assets in middleware: #71471
• fix: metadata image route Windows path escaping: #71615
• fix: third-parties package peer dependency: #71620
• Fix module_resolution: "nodenext" with mjs or cjs: #71635
• react-sync: Automatically update peer dependencies in libraries: #71636
• chore(docs): fix typo in image.mdx docs: #71647
• docs: remove the canary note on instrumentation: #71649
• test: fix async api tests: #71652
• Enable source maps for pnpm debug: #71653
• codemod(turbopack): Rewrite more Vc fields in structs as ResolvedVc: #71172

Credits

Huge thanks to @​gnoff, @​devjiwonchoi, @​samcx, @​ztanner, @​unstubbable, @​huozhi, @​mischnic, @​lubieowoce, @​eps1lon, @​ivasilov, @​styfle, @​bgw, @​stipsan, and @​timneutkens for helping!

v15.0.1-canary.3

Core Changes

... (truncated)

Commits

• 914d0f3 v15.0.1
• b075951 v15.0.1-canary.3
• a7a7b19 [dynamicIO] detect metadata boundaries in dev using server component stacks (...
• cfa003c Add --turbopack CLI flag (#71657)
• 9bd38dd codemod(turbopack): Rewrite more Vc fields in structs as ResolvedVc (#71172)
• cfd816d Update Sanity example to next v15 (#71640)
• ce41f6b Enable source maps for pnpm debug (#71653)
• 8275078 test: fix async api tests (#71652)
• 95720f4 fix(turbo-tasks): Implement ValueDebugFormat for ResolvedVc (#71173)
• e06cd47 docs: remove the canary note on instrumentation (#71649)
• Additional commits viewable in compare view

Updates sass from 1.79.4 to 1.80.3

Release notes

Sourced from sass's releases.

Dart Sass 1.80.3

To install Sass 1.80.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fix a bug where @import url("...") would crash in plain CSS files.

• Improve consistency of how warnings are emitted by different parts of the compiler. This should result in minimal user-visible changes, but different types of warnings should now respond more reliably to flags like --quiet, --verbose, and --silence-deprecation.

See the full changelog for changes in earlier releases.

Dart Sass 1.80.2

To install Sass 1.80.2, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fix a bug where deprecation warnings were incorrectly emitted for the plain-CSS invert() function.

See the full changelog for changes in earlier releases.

Dart Sass 1.80.1

To install Sass 1.80.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fix a bug where repeated deprecation warnings were not automatically limited.

See the full changelog for changes in earlier releases.

Dart Sass 1.80.0

To install Sass 1.80.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• @import is now officially deprecated, as are global built-in functions that are available within built-in modules. See the Sass blog post for more details on the deprecation process.

... (truncated)

Changelog

Sourced from sass's changelog.

1.80.3

• Fix a bug where @import url("...") would crash in plain CSS files.

• Improve consistency of how warnings are emitted by different parts of the compiler. This should result in minimal user-visible changes, but different types of warnings should now respond more reliably to flags like --quiet, --verbose, and --silence-deprecation.

1.80.2

• Fix a bug where deprecation warnings were incorrectly emitted for the plain-CSS invert() function.

1.80.1

• Fix a bug where repeated deprecation warnings were not automatically limited.

1.80.0

• @import is now officially deprecated, as are global built-in functions that are available within built-in modules. See the Sass blog post for more details on the deprecation process.

Embedded Host

• Fix an error that would sometimes occur when deprecation warnings were emitted when using a custom importer with the legacy API.

1.79.6

• Fix a bug where Sass would add an extra */ after loud comments with whitespace after an explicit */ in the indented syntax.

• Potentially breaking bug fix: Adding text after an explicit */ in the indented syntax is now an error, rather than silently generating invalid CSS.

Embedded Host

• Properly export the SassBoolean type.

1.79.5

• Changes to how selector.unify() and @extend combine selectors:

  • The relative order of pseudo-classes (like :hover) and pseudo-elements (like ::before) within each original selector is now preserved when they're combined.

... (truncated)

Commits

• 76cfd6b Fix @import url("...") in plain CSS (#2398)
• 60d440a Emit all warnings in the evaluator (#2396)
• 01b2a5b Fix setup-node (#2395)
• 2ad2133 Don't emit warnings for plain-CSS invert() (#2394)
• e6391d3 Always limit the repetition of loggers (#2391)
• ab19f94 Deprecate @​import and global builtins (#2282)
• f7b2e63 Fix GitHub Actions config (#2387)
• 1e27aeb Add a changelog entry for sass/embedded-host-node#338 (#2384)
• 73ff9a9 Don't generate extra */s for trailing whitespace in Sass (#2383)
• 164224f Update QEMU (#2382)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions