Build(deps): Bump braces, webpack, jest and webpack-cli

[dependabot]

Bumps braces to 3.0.3 and updates ancestor dependencies braces, webpack, jest and webpack-cli. These dependencies need to be updated together.

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed
• Require Node.js >= 8.3

Non-breaking changes

• Caching was removed

Commits

• See full diff in compare view

Updates webpack from 4.47.0 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

• Added DotenvPlugin and top level dotenv option to enable this plugin
• Added WebpackManifestPlugin
• Added support the ignoreList option in devtool plugins
• Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

Commits

• 24e3c2d chore(release): new release (#20253)
• 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
• c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
• 4b0501c ci: fix release (#20252)
• 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
• 5bf8bc5 refactor: types for benchmarks and tests
• 505a5e7 chore(release): new release (#20188)
• 0c06680 refactor: update eslint configuration
• 2eb0d6a ci: release announcement (#20238)
• b2b2459 ci: cancel in progress (#20239)
• Additional commits viewable in compare view

Updates jest from 25.5.4 to 30.2.0

Release notes

Sourced from jest's releases.

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)

30.1.0

Features

• [jest-leak-detector] Configurable GC aggressiveness regarding to V8 heap snapshot generation (#15793)
• [jest-runtime] Reduce redundant ReferenceError messages
• [jest-core] Include test modules that failed to load when --onlyFailures is active

Fixes

• `[jest-snapshot-utils] Fix deprecated goo.gl snapshot guide link not getting replaced with fully canonical URL (#15787)
• [jest-circus] Fix it.concurrent not working with describe.skip (#15765)
• [jest-snapshot] Fix mangled inline snapshot updates when used with Prettier 3 and CRLF line endings
• [jest-runtime] Importing from @jest/globals in more than one file no longer breaks relative paths (#15772)

Chore

• [expect] Update docblock for toContain() to display info on substring check (#15789)

30.0.2

What's Changed

... (truncated)

Changelog

Sourced from jest's changelog.

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [jest-matcher-utils] Fix infinite recursion with self-referential getters in deepCyclicCopyReplaceable (#15831)
• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)
• [jest-snapshot-utils] Improve messaging about goo.gl snapshot link change (#15821)

30.1.0

Features

• [jest-leak-detector] Configurable GC aggressiveness regarding to V8 heap snapshot generation (#15793)
• [jest-runtime] Reduce redundant ReferenceError messages
• [jest-core] Include test modules that failed to load when --onlyFailures is active

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot guide link not getting replaced with fully canonical URL (#15787)
• [jest-circus] Fix it.concurrent not working with describe.skip (#15765)
• [jest-snapshot] Fix mangled inline snapshot updates when used with Prettier 3 and CRLF line endings
• [jest-runtime] Importing from @jest/globals in more than one file no longer breaks relative paths (#15772)

... (truncated)

Commits

• 855864e v30.2.0
• da9b532 v30.1.3
• ebfa31c v30.1.2
• d347c0f v30.1.1
• 4d5f41d v30.1.0
• 22236cf v30.0.5
• f4296d2 v30.0.4
• d4a6c94 v30.0.3
• 393acbf v30.0.2
• 5ce865b v30.0.1
• Additional commits viewable in compare view

Updates webpack-cli from 3.3.12 to 6.0.1

Release notes

Sourced from webpack-cli's releases.

v6.0.1

6.0.1 (2024-12-20)

Bug Fixes

• update peer dependencies (#4356) (7a7e5d9)

v6.0.0

6.0.0 (2024-12-19)

BREAKING CHANGES

• the minimum required Node.js version is 18.12.0
• removed init, loader and plugin commands in favor create-webpack-app
• dropped support for webpack-dev-server@v4
• minimum supported webpack version is 5.82.0
• The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

• allow to require webpack.config.js in ESM format (#4346) (5106684)
• correct the minimum help output (#4057) (c727c4f)
• gracefully shutting down (#4145) (90720e2)
• improve help output for possible values (#4316) (4cd5aef)
• no serve when dev-server is false (#2947) (a93e860)

Features

• output pnpm version with info/version command (#3906) (38f3c6f)

v5.1.4

5.1.4 (2023-06-07)

Bug Fixes

• multi compiler progress output (f659624)

v5.1.3

5.1.3 (2023-06-04)

Bug Fixes

• regression for custom configurations (#3834) (bb4f8eb)

v5.1.2

5.1.2 (2023-06-04)

Bug Fixes

• improve check for custom webpack and webpack-dev-server package existance (0931ab6)

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

6.0.1 (2024-12-20)

Bug Fixes

• update peer dependencies (#4356) (7a7e5d9)

6.0.0 (2024-12-19)

BREAKING CHANGES

• the minimum required Node.js version is 18.12.0
• removed init, loader and plugin commands in favor create-webpack-app
• dropped support for webpack-dev-server@v4
• minimum supported webpack version is 5.82.0
• The --define-process-env-node-env option was renamed to --config-node-env

Bug Fixes

• allow to require webpack.config.js in ESM format (#4346) (5106684)
• correct the minimum help output (#4057) (c727c4f)
• gracefully shutting down (#4145) (90720e2)
• improve help output for possible values (#4316) (4cd5aef)
• no serve when dev-server is false (#2947) (a93e860)

Features

• output pnpm version with info/version command (#3906) (38f3c6f)

5.1.4 (2023-06-07)

Bug Fixes

• multi compiler progress output (f659624)

5.1.3 (2023-06-04)

Bug Fixes

• regression for custom configurations (#3834) (bb4f8eb)

5.1.2 (2023-06-04)

Bug Fixes

• improve check for custom webpack and webpack-dev-server package existance (0931ab6)
• improve help for some flags (f468614)
• improved support for .cts and .mts extensions (a77daf2)

5.1.1 (2023-05-09)

... (truncated)

Commits

• 480b33d chore(release): publish new version
• 7a5071b test: fix
• 8326501 fix: better default values
• eab2f39 fix: less dependencies
• 2db1195 refactor: code
• fca8c00 fix: logging
• 09c7cd7 fix: reduce package size, avoid *.d.ts
• 7a7e5d9 fix: update peer dependencies (#4356)
• 5405aed chore(deps-dev): bump readable-stream in the dependencies group (#4355)
• 270fdc2 chore(release): create-webpack-app
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}