Bump rollup, @sveltejs/vite-plugin-svelte and vite in /ui

[dependabot]

Bumps rollup to 4.22.4 and updates ancestor dependencies rollup, @sveltejs/vite-plugin-svelte and vite. These dependencies need to be updated together.

Updates rollup from 2.79.1 to 4.22.4

Release notes

Sourced from rollup's releases.

v4.22.4

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

v4.22.3

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

v4.22.2

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

v4.22.1

4.22.1

2024-09-20

Bug Fixes

• Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

4.22.1

2024-09-20

Bug Fixes

• Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

• #5663: chore(deps): update dependency inquirer to v11 (@​renovate[bot], @​lukastaegert)
• #5664: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5665: fix: type in CI file (@​YuHyeonWook)

... (truncated)

Commits

• 79c0aba 4.22.4
• e2552c9 Fix DOM Clobbering CVE (#5671)
• 10ab90e refactor: Use object.prototype to check for reserved properties (#5670)
• e1cba8e 4.22.3
• 59cec3e Ensure impure dependencies of pure modules are added (#5669)
• b86ffd7 4.22.2
• d5ff63d Partially revert #5658 and re-apply #5644 (#5667)
• 0a821d9 Create SECURITY.md
• 76e962d 4.22.1
• 68c23da Partially revert #5644
• Additional commits viewable in compare view

Updates @sveltejs/vite-plugin-svelte from 1.3.1 to 3.1.2

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​3.1.2

Patch Changes

• add warning for svelte5 users to update to vite-plugin-svelte@4 (#964)

@​sveltejs/vite-plugin-svelte@​3.1.1

Patch Changes

• fix: ensure vite config is only resolved once during lazy init of vitePreprocess (#917)

• fix: disable hmr when vite config server.hmr is false (#917)

@​sveltejs/vite-plugin-svelte@​3.1.0

Minor Changes

• feat(svelte5): enable hmr option in dev (#836)

Patch Changes

• Remove unnecessary enableSourcemap option usage and prevent passing it in Svelte 5 (#862)

• Updated dependencies [8ae3dc8cf415355f406f23d6104cb6153d75dfc8]:

  • @​sveltejs/vite-plugin-svelte-inspector@​2.1.0

@​sveltejs/vite-plugin-svelte@​3.0.2

Patch Changes

• fix(compile): correctly determine script lang in files where a comment precedes the script tag (#844)

@​sveltejs/vite-plugin-svelte@​3.0.1

Patch Changes

• fix: improve checking of script and style in .svelte code to work with new generic= attribute (#799)

• Fix optional parameter types (#797)

• Update log level for HMR updates where the output is functionally equivalent to the previous version to "debug" (#806)

@​sveltejs/vite-plugin-svelte@​3.0.0

Major Changes

• breaking: update minimum supported node version to node18 (#744)

• breaking: update supported vite version to vite 5 (#743)

• breaking: remove support for svelte 3 (#746)

• Preprocess style tags by default with vitePreprocess (#756)

• breaking: remove package.json export (#751)

... (truncated)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

3.1.2

Patch Changes

• add warning for svelte5 users to update to vite-plugin-svelte@4 (#964)

3.1.1

Patch Changes

• fix: ensure vite config is only resolved once during lazy init of vitePreprocess (#917)

• fix: disable hmr when vite config server.hmr is false (#917)

3.1.0

Minor Changes

• feat(svelte5): enable hmr option in dev (#836)

Patch Changes

• Remove unnecessary enableSourcemap option usage and prevent passing it in Svelte 5 (#862)

• Updated dependencies [8ae3dc8cf415355f406f23d6104cb6153d75dfc8]:

  • @​sveltejs/vite-plugin-svelte-inspector@​2.1.0

3.0.2

Patch Changes

• fix(compile): correctly determine script lang in files where a comment precedes the script tag (#844)

3.0.1

Patch Changes

• fix: improve checking of script and style in .svelte code to work with new generic= attribute (#799)

• Fix optional parameter types (#797)

• Update log level for HMR updates where the output is functionally equivalent to the previous version to "debug" (#806)

3.0.0

Major Changes

• breaking: update minimum supported node version to node18 (#744)

• breaking: update supported vite version to vite 5 (#743)

... (truncated)

Commits

• b3edb77 Version Packages (#965)
• 4f95193 chore(logs): encourage svelte5 users to update from vps3 to vps4 (#964)
• 9515421 Version Packages (#923)
• 722f8ff chore: backport fixes (#917)
• 6c59572 chore(deps): update all non-major dependencies (#885)
• acb1f88 Version Packages (#864)
• f12e3f0 feat(svelte5): enable hmr (#836)
• 826dfc6 chore(deps): update all non-major dependencies (#881)
• 5152462 chore(deps): update all non-major dependencies (#878)
• 67a3ae9 chore(deps): update all non-major dependencies (#876)
• Additional commits viewable in compare view

Updates vite from 3.2.10 to 5.4.7

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.7 (2024-09-20)

• fix: treat config file as ESM in Deno (#18158) (b5908a2), closes #18158

5.4.6 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (179b177), closes #18115
• fix: fs raw query (#18112) (6820bb3), closes #18112

5.4.5 (2024-09-13)

• fix(preload): backport #18098, throw error preloading module as well (#18099) (faa2405), closes #18098 #18099

5.4.4 (2024-09-11)

• fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorrect 304 (#18078) (74a79c5), closes #17997 #18078
• fix: backport #18063, allow scanning exports from script module in svelte (#18077) (d90ba40), closes #18063 #18077
• fix(preload): backport #18046, allow ignoring dep errors (#18076) (8760293), closes #18046 #18076

5.4.3 (2024-09-03)

• fix: allow getting URL of JS files in publicDir (#17915) (943ece1), closes #17915
• fix: cjs warning respect the logLevel flag (#17993) (dc3c14f), closes #17993
• fix: improve CJS warning trace information (#17926) (5c5f82c), closes #17926
• fix: only remove entry assets handled by Vite core (#17916) (ebfaa7e), closes #17916
• fix: waitForRequestIdle locked (#17982) (ad13760), closes #17982
• fix(css): fix directory index import in sass modern api (#17960) (9b001ba), closes #17960
• fix(css): fix sass file:// reference (#17909) (561b940), closes #17909
• fix(css): fix sass modern source map (#17938) (d428e7e), closes #17938
• fix(deps): bump tsconfck (#17990) (8c661b2), closes #17990
• fix(html): rewrite assets url in <template> (#17988) (413c86a), closes #17988
• fix(preload): add crossorigin attribute in CSS link tags (#17930) (15871c7), closes #17930
• chore: reduce diffs with v6 branch (#17942) (bf9065a), closes #17942
• chore(deps): update all non-major dependencies (#17945) (cfb621e), closes #17945
• chore(deps): update all non-major dependencies (#17991) (0ca53cf), closes #17991

5.4.2 (2024-08-20)

• chore: remove stale TODOs (#17866) (e012f29), closes #17866
• refactor: remove redundant prepend/strip base (#17887) (3b8f03d), closes #17887

... (truncated)

Commits

• a403e73 release: v5.4.7
• b5908a2 fix: treat config file as ESM in Deno (#18158)
• f969176 release: v5.4.6
• 179b177 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 6820bb3 fix: fs raw query (#18112)
• 37881e7 release: v5.4.5
• faa2405 fix(preload): backport #18098, throw error preloading module as well (#18099)
• 54c55db release: v5.4.4
• 74a79c5 fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorr...
• d90ba40 fix: backport #18063, allow scanning exports from script module in svelte (...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.