chore(deps): bump the production-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates in the / directory: esbuild, isomorphic-dompurify and sass.

Updates esbuild from 0.20.2 to 0.21.5

Release notes

Sourced from esbuild's releases.

v0.21.5

• Fix Symbol.metadata on classes without a class decorator (#3781)

  This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

• Allow unknown import attributes to be used with the copy loader (#3792)

  Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

  // This is an error with "--bundle" without also using "--external:./bagel.js"
  import tasty from "./bagel.js" with { type: "bagel" }

  Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

  However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

  // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
  import tasty from "./tasty.bagel" with { type: "bagel" }

• Support import attributes with glob-style imports (#3797)

  This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

  async function loadLocale(locale: string): Locale {
    const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
    return unpackLocale(locale, data)
  }

  Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

  ✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data
  example.ts:2:28:
    2 │   const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
      ╵                             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  

  In addition, this change means plugins can now access the contents of with for glob-style imports.

• Support ${configDir} in tsconfig.json files (#3782)

  This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.21.5

• Fix Symbol.metadata on classes without a class decorator (#3781)

  This release fixes a bug with esbuild's support for the decorator metadata proposal. Previously esbuild only added the Symbol.metadata property to decorated classes if there was a decorator on the class element itself. However, the proposal says that the Symbol.metadata property should be present on all classes that have any decorators at all, not just those with a decorator on the class element itself.

• Allow unknown import attributes to be used with the copy loader (#3792)

  Import attributes (the with keyword on import statements) are allowed to alter how that path is loaded. For example, esbuild cannot assume that it knows how to load ./bagel.js as type bagel:

  // This is an error with "--bundle" without also using "--external:./bagel.js"
  import tasty from "./bagel.js" with { type: "bagel" }

  Because of that, bundling this code with esbuild is an error unless the file ./bagel.js is external to the bundle (such as with --bundle --external:./bagel.js).

  However, there is an additional case where it's ok for esbuild to allow this: if the file is loaded using the copy loader. That's because the copy loader behaves similarly to --external in that the file is left external to the bundle. The difference is that the copy loader copies the file into the output folder and rewrites the import path while --external doesn't. That means the following will now work with the copy loader (such as with --bundle --loader:.bagel=copy):

  // This is no longer an error with "--bundle" and "--loader:.bagel=copy"
  import tasty from "./tasty.bagel" with { type: "bagel" }

• Support import attributes with glob-style imports (#3797)

  This release adds support for import attributes (the with option) to glob-style imports (dynamic imports with certain string literal patterns as paths). These imports previously didn't support import attributes due to an oversight. So code like this will now work correctly:

  async function loadLocale(locale: string): Locale {
    const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
    return unpackLocale(locale, data)
  }

  Previously this didn't work even though esbuild normally supports forcing the JSON loader using an import attribute. Attempting to do this used to result in the following error:

  ✘ [ERROR] No loader is configured for ".data" files: locales/en-US.data
  example.ts:2:28:
    2 │   const data = await import(`./locales/${locale}.data`, { with: { type: 'json' } })
      ╵                             ~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  

  In addition, this change means plugins can now access the contents of with for glob-style imports.

• Support ${configDir} in tsconfig.json files (#3782)

  This adds support for a new feature from the upcoming TypeScript 5.5 release. The character sequence ${configDir} is now respected at the start of baseUrl and paths values, which are used by esbuild during bundling to correctly map import paths to file system paths. This feature lets base tsconfig.json files specified via extends refer to the directory of the top-level tsconfig.json file. Here is an example:

... (truncated)

Commits

• fc37c2f publish 0.21.5 to npm
• cb11924 fix Symbol.metadata errors in decorator tests
• b93a2a9 fix #3781: add metadata to all decorated classes
• 953dae9 fix #3797: import attributes and glob-style import
• 98cb2ed fix #3782: support ${configDir} in tsconfig.json
• 8e6603b run make update-compat-table
• db1b8ca fix #3792: import attributes and the copy loader
• de572d0 fix non-deterministic import attribute plugin test
• ae8d1b4 fix #3794: --supported:object-accessors=false
• 67cbf87 publish 0.21.4 to npm
• Additional commits viewable in compare view

Updates isomorphic-dompurify from 2.9.0 to 2.12.0

Release notes

Sourced from isomorphic-dompurify's releases.

Updated dependencies

Changelog

• Updated dompurify and other dependencies.

See the complete changelog for more details.

Release

2.12.0

Updated dependencies

Changelog

• Updated dompurify.

See the complete changelog for more details.

Release

2.11.0

Updated dependencies

Changelog

• Updated dompurify.

See the complete changelog for more details.

Release

2.10.0

Commits

• dafb24e Updated dependencies. Increased version.
• 4bfd3bc Merge pull request #271 from kkomelin/dependabot/npm_and_yarn/dompurify-3.1.5
• 7f4ee0a Bump dompurify from 3.1.4 to 3.1.5
• fa0afff Merge pull request #269 from kkomelin/dependabot/npm_and_yarn/jsdom-24.1.0
• a8ded3c Bump jsdom from 24.0.0 to 24.1.0
• 422a93d Updated dependencies.
• fc2f1e0 Merge pull request #268 from kkomelin/dependabot/npm_and_yarn/dompurify-3.1.4
• b312969 ---
• cf2d9f1 Upgraded dependencies. Added some more meta-keywords. Increased version.
• 5b7d3cf Merge pull request #267 from kkomelin/dependabot/npm_and_yarn/dompurify-3.1.3
• Additional commits viewable in compare view

Updates sass from 1.76.0 to 1.77.6

Release notes

Sourced from sass's releases.

Dart Sass 1.77.5

To install Sass 1.77.5, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fully trim redundant selectors generated by @extend.

See the full changelog for changes in earlier releases.

Dart Sass 1.77.4

To install Sass 1.77.4, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Embedded Sass

• Support passing Version input for fatalDeprecations as string over embedded protocol.

• Fix a bug in the JS Embedded Host where Version could be incorrectly accepted as input for silenceDeprecations and futureDeprecations in pure JS.

See the full changelog for changes in earlier releases.

Dart Sass 1.77.3

To install Sass 1.77.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Dart API

• Deprecation.duplicateVariableFlags has been deprecated and replaced with Deprecation.duplicateVarFlags to make it consistent with the duplicate-var-flags name used on the command line and in the JS API.

See the full changelog for changes in earlier releases.

Dart Sass 1.77.2

To install Sass 1.77.2, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

... (truncated)

Changelog

Sourced from sass's changelog.

1.77.6

• Fix a few cases where comments and occasionally even whitespace wasn't allowed between the end of Sass statements and the following semicolon.

1.77.5

• Fully trim redundant selectors generated by @extend.

1.77.4

Embedded Sass

• Support passing Version input for fatalDeprecations as string over embedded protocol.

• Fix a bug in the JS Embedded Host where Version could be incorrectly accepted as input for silenceDeprecations and futureDeprecations in pure JS.

1.77.3

Dart API

• Deprecation.duplicateVariableFlags has been deprecated and replaced with Deprecation.duplicateVarFlags to make it consistent with the duplicate-var-flags name used on the command line and in the JS API.

1.77.2

• Don't emit deprecation warnings for functions and mixins beginning with __.

• Allow user-defined functions whose names begin with _ and otherwise look like vendor-prefixed functions with special CSS syntax.

Command-Line Interface

• Properly handle the --silence-deprecation flag.

• Handle the --fatal-deprecation and --future-deprecation flags for --interactive mode.

1.77.1

• Fix a crash that could come up with importers in certain contexts.

1.77.0

• Don't throw errors for at-rules in keyframe blocks.

Commits

• 7aae1e6 Fix a bug where comments were incorrectly forbidden in some cases (#2264)
• cf6f9d0 Build AOT releases with native arm64 runners (#2262)
• a1b372e Enable AOT build for linux-riscv64 (#2260)
• ecff05d Remove the heuristic where long selector lists wouldn't be trimmed (#2255)
• 5ddd7fc Enable AOT build for linux-riscv64-musl (#2258)
• 53b9ead Regenerate protobuf as part of default task (#2257)
• 21eeb4d Parse Deprecation.forVersion on compiler side (#2248)
• 1073c7b Generate deprecations list from the language repo (#2253)
• fc24fec Use pubspec_parse dependency equality (#2254)
• 5121eb1 Don't treat underscores as hyphens for the purpose of error checking (#2247)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for triviaccessibility ready!

Name	Link
🔨 Latest commit	f436786
🔍 Latest deploy log	https://app.netlify.com/sites/triviaccessibility/deploys/6679075687ec520008a91fe4
😎 Deploy Preview	https://deploy-preview-213--triviaccessibility.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[dependabot]

Superseded by #215.