chore(deps): bump rollup, vite, vite-aliases and vite-plugin-checker

[dependabot]

Bumps rollup to 4.22.4 and updates ancestor dependencies rollup, vite, vite-aliases and vite-plugin-checker. These dependencies need to be updated together.

Updates rollup from 2.74.1 to 4.22.4

Release notes

Sourced from rollup's releases.

v4.22.4

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

v4.22.3

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

v4.22.2

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

v4.22.1

4.22.1

2024-09-20

Bug Fixes

• Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

4.22.1

2024-09-20

Bug Fixes

• Revert #5644 "stable chunk hashes" while issues are being investigated

Pull Requests

• #5663: chore(deps): update dependency inquirer to v11 (@​renovate[bot], @​lukastaegert)
• #5664: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5665: fix: type in CI file (@​YuHyeonWook)

... (truncated)

Commits

• 79c0aba 4.22.4
• e2552c9 Fix DOM Clobbering CVE (#5671)
• 10ab90e refactor: Use object.prototype to check for reserved properties (#5670)
• e1cba8e 4.22.3
• 59cec3e Ensure impure dependencies of pure modules are added (#5669)
• b86ffd7 4.22.2
• d5ff63d Partially revert #5658 and re-apply #5644 (#5667)
• 0a821d9 Create SECURITY.md
• 76e962d 4.22.1
• 68c23da Partially revert #5644
• Additional commits viewable in compare view

Updates vite from 2.9.14 to 5.4.7

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.7 (2024-09-20)

• fix: treat config file as ESM in Deno (#18158) (b5908a2), closes #18158

5.4.6 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (179b177), closes #18115
• fix: fs raw query (#18112) (6820bb3), closes #18112

5.4.5 (2024-09-13)

• fix(preload): backport #18098, throw error preloading module as well (#18099) (faa2405), closes #18098 #18099

5.4.4 (2024-09-11)

• fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorrect 304 (#18078) (74a79c5), closes #17997 #18078
• fix: backport #18063, allow scanning exports from script module in svelte (#18077) (d90ba40), closes #18063 #18077
• fix(preload): backport #18046, allow ignoring dep errors (#18076) (8760293), closes #18046 #18076

5.4.3 (2024-09-03)

• fix: allow getting URL of JS files in publicDir (#17915) (943ece1), closes #17915
• fix: cjs warning respect the logLevel flag (#17993) (dc3c14f), closes #17993
• fix: improve CJS warning trace information (#17926) (5c5f82c), closes #17926
• fix: only remove entry assets handled by Vite core (#17916) (ebfaa7e), closes #17916
• fix: waitForRequestIdle locked (#17982) (ad13760), closes #17982
• fix(css): fix directory index import in sass modern api (#17960) (9b001ba), closes #17960
• fix(css): fix sass file:// reference (#17909) (561b940), closes #17909
• fix(css): fix sass modern source map (#17938) (d428e7e), closes #17938
• fix(deps): bump tsconfck (#17990) (8c661b2), closes #17990
• fix(html): rewrite assets url in <template> (#17988) (413c86a), closes #17988
• fix(preload): add crossorigin attribute in CSS link tags (#17930) (15871c7), closes #17930
• chore: reduce diffs with v6 branch (#17942) (bf9065a), closes #17942
• chore(deps): update all non-major dependencies (#17945) (cfb621e), closes #17945
• chore(deps): update all non-major dependencies (#17991) (0ca53cf), closes #17991

5.4.2 (2024-08-20)

• chore: remove stale TODOs (#17866) (e012f29), closes #17866
• refactor: remove redundant prepend/strip base (#17887) (3b8f03d), closes #17887

... (truncated)

Commits

• a403e73 release: v5.4.7
• b5908a2 fix: treat config file as ESM in Deno (#18158)
• f969176 release: v5.4.6
• 179b177 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 6820bb3 fix: fs raw query (#18112)
• 37881e7 release: v5.4.5
• faa2405 fix(preload): backport #18098, throw error preloading module as well (#18099)
• 54c55db release: v5.4.4
• 74a79c5 fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorr...
• d90ba40 fix: backport #18063, allow scanning exports from script module in svelte (...
• Additional commits viewable in compare view

Updates vite-aliases from 0.9.2 to 0.9.9

Release notes

Sourced from vite-aliases's releases.

v0.9.9

• fix aliases to be always an array instead of an object [issue: #47]

v0.9.8

• fix readme
• update packages

v0.9.7

No release notes provided.

v0.9.5

• add full esm support
• overhaul config and log generation (should be faster now and handle missing files a bite more gracefully)
• update chokidar watch behavior (this needs further testing, as vitest differs from vite, thus it could still mean that it doesnt stop on dev server using vitest)
• better typescript support

v0.9.3

No release notes provided.

Commits

• 8c7acf1 chore: release v0.9.9
• cc8ca6d add toArray to index
• ce06ec1 update packages
• 32775fc chore: release v0.9.8
• f902b2a fix readme
• d818929 update packages
• cfb0f7b chore: release v0.9.7
• a140808 chore: release v0.9.6
• 1156657 Merge pull request #42 from Subwaytime/v10
• 30005e0 Merge branch 'main' into v10
• Additional commits viewable in compare view

Updates vite-plugin-checker from 0.3.4 to 0.8.0

Release notes

Sourced from vite-plugin-checker's releases.

[email protected]

   🚨 Breaking Changes

• vue-tsc: Updated createVueLanguagePlugin syntax, version pin  -  by @​daniluk4000 and drodichkin in fi3ework/vite-plugin-checker#398 (5f5b9)

  Now, vite-plugin-checker requires "vue-tsc": "~2.1.6".

   🚀 Features

• Advance typescript teminal consolelog text color  -  by @​jaceechan in fi3ework/vite-plugin-checker#393 (aa3d4)

   🐞 Bug Fixes

• ui: Use a Vue key so file paths update correctly  -  by @​artursapek in fi3ework/vite-plugin-checker#389 (fcbb6)

    View changes on GitHub

[email protected]

Patch Changes

• 568b782: Added basic support for Biome
• 82972e0: fix: tweak biome configs

[email protected]

Patch Changes

• 909182e: Remove extraneous non props attributes warning
• e881c44: Bump @​vitejs/plugin-vue to resolve runtime warning, see #346
• 80ca69c: Resolve optionaltor from ESLint path, do not requires to install optionator anymore
• 78fc007: Throw error and hint user when vue-tsc working with typescript lower than 5.0.0
• 52423b2: sync runTsc https://github.com/volarjs/volar.js/blob/630f31118d3986c00cc730eb83cd896709fd547e/packages/typescript/lib/quickstart/runTsc.ts
• 2a0af74: refactor: reuse codeFrame helper in logger and deduplicate code
• 7d985e7: refactor: import @volar/typescript from vue-tsc

[email protected]

Minor Changes

• 0747729: fix: compatibility with vue-tsc 2.x

[email protected]

Patch Changes

• 83e1028: Remove lodash-es from dependencies
• b0cce16: fix: add explicitly ltr direction to the overlay

[email protected]

Patch Changes

• e5a26d6: feat: support initially open overlay for errors
• bc4fa05: Remove lodash per method packages
• c5d5109: support eslint flat config

... (truncated)

Changelog

Sourced from vite-plugin-checker's changelog.

0.6.0 (2023-04-30)

• fix: compatible with mac’s duplication watch report (5dd90c9)
• fix: require vue-tsc >= 1.3.9 (69a73a9)
• fix: support vue-tsc works with ts5 (ebf8996)
• fix: throw when using —fix with ESLint (6d3887d)
• fix(stylelint): parse lintCommand like argv (20b7399)
• build: bump vitest (30510a6)
• chore: bump vue-tsc to latest (8a99b8f)

0.5.6 (2023-02-17)

• chore(playground): lock vue-tsc to ~1.0.0 (50a2609)
• fix: use Vite's native logger to log and clean screen before log (#209) (8dd4915), closes #209
• fix(vue-tsc): compatible with vue-tsc@^1.1.0 (96b762b)
• docs: add how to use with Nuxt (7eb4c84)
• docs: add missing step for Nuxt (9ceacd6)
• docs: add version requirement (219c7ed)
• docs: eslint (#210) (f65aa71), closes #210
• refactor: clean code (90780c3)
• ci: add publint (ee50bae)

0.5.5 (2023-01-26)

• refactor: bump vite in devDep to ^4 (#208) (61b7aea), closes #208
• refactor(vue-tsc): sync tsc.js override code from volar (fce521e)
• docs: polish doc (8c0f9fd)
• docs: update issue template (4453a73)
• fix: avoid running twice in SSR mode (0816f95)
• fix: compatible with jiti (b3c271e)
• fix: show overlay even runtime is loaded after connection event (#207) (fee7924), closes #207
• fix(vue-tsc): clean fixture building steps (c133cb2)
• test: fix playground (1d0851a)

0.5.4 (2023-01-20)

• refactor: add skipRuntime flag (f107514)
• refactor: do not use Vite's CustomPayload type (47471b6)
• fix: set plugin as force: 'pre' (034a7ad)
• fix: use import.meta.hot.on to do client server communication (aa853a8)
• fix: vue-tsc should be an optional peer dep (5e6318e)
• build: only deploy docs when tagging a commit (7b54a0c)
• test: fix backend-integration root path (7b2a8a3)
• docs: add trobleshooting (234695b)

... (truncated)

Commits

• 19c58e3 v0.8.0
• 5179e57 ci: drop changesets, use manual triggered version release
• fcbb687 fix(ui): use a Vue key so file paths update correctly (#389)
• aa3d413 feat: advance typescript teminal consolelog text color (#393)
• 5f5b92a fix(vue-tsc): updated createVueLanguagePlugin syntax, version pin (#398)
• b2c3236 chore(deps): update dependency @​types/babel__code-frame to ^7.0.6 (#376)
• 8827a1e chore(deps): update dependency @​types/debug to ^4.1.12 (#377)
• 152eafb chore(deps): update dependency @​tsconfig/esm to ^1.0.5 (#374)
• 3a21a23 chore(deps): update dependency @​tsconfig/strictest to ^2.0.5 (#375)
• 5d01c86 chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0 (#371)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.