Bump the npm_and_yarn group across 2 directories with 10 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /frontend/keycloak-theme directory:

Package	From	To
vite	5.2.13	5.2.14
cross-spawn	7.0.3	7.0.6
express	4.19.2	4.21.1
micromatch	4.0.7	4.0.8
rollup	4.18.0	4.27.4
ws	8.17.0	8.18.0

Bumps the npm_and_yarn group with 3 updates in the /frontend/spa directory: vite, cross-spawn and @eslint/plugin-kit.

Updates vite from 5.2.13 to 5.2.14

Release notes

Sourced from vite's releases.

v5.2.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.2.14 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (ebb94c5), closes #18115
• fix: fs raw query (#18112) (8339d74), closes #18112

Commits

• 673ae16 release: v5.2.14
• ebb94c5 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 8339d74 fix: fs raw query (#18112)
• See full diff in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• Additional commits viewable in compare view

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates path-to-regexp from 0.1.7 to 0.1.10

Release notes

Sourced from path-to-regexp's releases.

Backtrack protection

Fixed

• Add backtrack protection to parameters 29b96b4
  • This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

• Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

• Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

• c827fce 0.1.10
• 29b96b4 Add backtrack protection to parameters
• ac4c234 Update repo url (#314)
• bdb6635 0.1.9
• c4272e4 Allow a non-lookahead regex (#312)
• 51a1955 0.1.8
• 114f62d Add support for named matching groups (#301)
• See full diff in compare view

Updates rollup from 4.18.0 to 4.27.4

Release notes

Sourced from rollup's releases.

v4.27.4

4.27.4

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

• #5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.27.3

4.27.3

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#5736)

Pull Requests

• #5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

v4.27.2

4.27.2

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

• #5728: Fix more variable deconflicting issues (@​lukastaegert)

v4.27.1

4.27.1

2024-11-15

Bug Fixes

• Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.27.4

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

• #5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.27.3

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#5736)

Pull Requests

• #5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

4.27.2

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

• #5728: Fix more variable deconflicting issues (@​lukastaegert)

4.27.1

2024-11-15

Bug Fixes

• Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

Pull Requests

• #5727: Debug out-of-memory issues with Rollup v4.27.0 (@​lukastaegert)

4.27.0

... (truncated)

Commits

• e805b54 4.27.4
• dd623b5 chore(deps): lock file maintenance minor/patch updates (#5740)
• 7c0b1f8 4.27.3
• 10bc150 Revert object tree-shaking (#5420) until some issues have been resolved (#5736)
• a503a4d 4.27.2
• 6c68455 Fix more variable deconflicting issues (#5728)
• aaf38b7 4.27.1
• faeb905 Debug out-of-memory issues with Rollup v4.27.0 (#5727)
• c035068 4.27.0
• b58e48b fix(deps): update swc monorepo (major) (#5724)
• Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: [email protected]

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): [email protected]
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates ws from 8.17.0 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• See full diff in compare view

Updates vite from 5.4.9 to 6.0.1

Release notes

Sourced from vite's releases.

v5.2.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.2.14 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (ebb94c5), closes #18115
• fix: fs raw query (#18112) (8339d74), closes #18112

Commits

• 673ae16 release: v5.2.14
• ebb94c5 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 8339d74 fix: fs raw query (#18112)
• See full diff in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates rollup from 4.24.0 to 4.27.4

Release notes

Sourced from rollup's releases.

v4.27.4

4.27.4

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

• #5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.27.3

4.27.3

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#5736)

Pull Requests

• #5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

v4.27.2

4.27.2

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

• #5728: Fix more variable deconflicting issues (@​lukastaegert)

v4.27.1

4.27.1

2024-11-15

Bug Fixes

• Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.27.4

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

• #5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.27.3

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#5736)

Pull Requests

• #5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

4.27.2

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

• #5728: Fix more variable deconflicting issues (@​lukastaegert)

4.27.1

2024-11-15

Bug Fixes

• Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

Pull Requests

• #5727: Debug out-of-memory issues with Rollup v4.27.0 (@​lukastaegert)

4.27.0

... (truncated)

Commits

• e805b54 4.27.4
• dd623b5 chore(deps): lock file maintenance minor/patch updates (#5740)
• 7c0b1f8 4.27.3
• 10bc150 Revert object tree-shaking (#5420) until some issues have been resolved (#5736)
• a503a4d 4.27.2
• 6c68455 Fix more variable deconflicting issues (#5728)
• aaf38b7 4.27.1
• faeb905 Debug out-of-memory issues with Rollup v4.27.0 (#5727)
• c035068 4.27.0
• b58e48b fix(deps): update swc monorepo (major) (#5724)
• Additional commits viewable in compare view

Updates @eslint/plugin-kit from 0.2.0 to 0.2.3

Release notes

Sourced from @​eslint/plugin-kit's releases.

plugin-kit: v0.2.3

0.2.3 (2024-11-14)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.8.0 to ^0.9.0

plugin-kit: v0.2.2

0.2.2 (2024-10-25)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.7.0 to ^0.8.0

plugin-kit: v0.2.1

0.2.1 (2024-10-18)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.6.0 to ^0.7.0

Commits

• a957ee3 chore: release main (#130)
• 3591a78 feat: Add Language#normalizeLanguageOptions() (#131)
• 2fa68b7 chore: fix formatting error (#133)
• 071be84 Merge commit from fork
• e73b1dc docs: Update README sponsors
• d0b2e70 fix: non-optional properties in generic interfaces (#132)
• 3a87bbb fix: Support legacy schema properties (#128)
• c24083b docs: Update README sponsors
• 0dc78d3 chore: release main (#125)
• ffa176f feat: Add rule types (#110)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #179.