Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
element-plus	2.0.4	2.1.0
decode-uri-component	0.2.0	0.2.2
rollup	2.67.0	2.79.2
semver	6.3.0	6.3.1
webpack	5.75.0	5.95.0

Updates element-plus from 2.0.4 to 2.1.0

Release notes

Sourced from element-plus's releases.

2.1.0

2022-03-12

Features

• Components [message] support re-render vnode (#6527 by @​sxzz)

Bug fixes

• Ci remove clean script (#6550 by @​JeremyWuuuuu)

• Ci clean up several warning (#6551 by @​HerringtonDarkholme)

• Ci fix cascader ns querySelector class (#6552 by @​HerringtonDarkholme)

• Build move eslint config to internal (#6553 by @​sxzz)

• Ci suppress warning by mark icon as raw (#6555 by @​HerringtonDarkholme)

• Components [upload] photo-wall wrap (#6546 by @​YunYouJun)

Refactors

• Components [link] dynamic css vars & fix inner align (#6557 by @​YunYouJun)

• Components [link] refactor (#6543 by @​sxzz)

2.0.6

2022-03-11

Features

• [el-table] support always show scrollbar & get selection rows (#6469 by @​msidolphin)

• Extract eslint config to separate package (#6495 by @​sxzz)

• Export dayjs instance, closes #6498 (#6517 by @​sxzz)

• Components [select]add collapse-tags-tooltip (#6245 by @​Alanscut)

• Components [select-v2]add collapse-tags-tooltip (#6532 by @​Alanscut)

• Components [cascader]add collapse-tags-tooltip (#6331 by @​Alanscut)

Bug fixes

• Deps update all non-major dependencies (#6448 by @​renovate[bot])

• Components [el-select] optimize prefix size & selected style (#6267 by @​msidolphin)

• Components [el-table] defaultSort not working (#6322 by @​msidolphin)

• [el-table] fixed columns display when horizontal cannot scroll (#6320 by @​msidolphin)

• Components [el-checkbox] modelValue (#6168 by @​gjfei) (#6169)

• Components[select] (#6446 by @​gjfei) (#6474)

• Components [el-collapse] collapse item key pressing jumping (#6462 by @​JeremyWuuuuu)

• Components [message] offset error (#6497 by @​Alanscut)

• Components[select] namespace (#6486 by @​gjfei)

• Components el-select-allow-dynamically-update-options (#6473 by @​gjfei)

• Components [el-tooltip] close the dropdown after set disabled (#6467 by @​Alanscut)

... (truncated)

Changelog

Sourced from element-plus's changelog.

2.1.0

2022-03-12

Features

• Components [message] support re-render vnode (#6527 by @​sxzz)

Bug fixes

• Ci remove clean script (#6550 by @​JeremyWuuuuu)
• Ci clean up several warning (#6551 by @​HerringtonDarkholme)
• Ci fix cascader ns querySelector class (#6552 by @​HerringtonDarkholme)
• Build move eslint config to internal (#6553 by @​sxzz)
• Ci suppress warning by mark icon as raw (#6555 by @​HerringtonDarkholme)
• Components [upload] photo-wall wrap (#6546 by @​YunYouJun)

Refactors

• Components [link] dynamic css vars & fix inner align (#6557 by @​YunYouJun)
• Components [link] refactor (#6543 by @​sxzz)

2.0.6

2022-03-11

Features

• [el-table] support always show scrollbar & get selection rows (#6469 by @​msidolphin)
• Extract eslint config to separate package (#6495 by @​sxzz)
• Export dayjs instance, closes #6498 (#6517 by @​sxzz)
• Components [select]add collapse-tags-tooltip (#6245 by @​Alanscut)
• Components [select-v2]add collapse-tags-tooltip (#6532 by @​Alanscut)
• Components [cascader]add collapse-tags-tooltip (#6331 by @​Alanscut)

Bug fixes

• Deps update all non-major dependencies (#6448 by @​renovate[bot])
• Components [el-select] optimize prefix size & selected style (#6267 by @​msidolphin)
• Components [el-table] defaultSort not working (#6322 by @​msidolphin)
• [el-table] fixed columns display when horizontal cannot scroll (#6320 by @​msidolphin)
• Components [el-checkbox] modelValue (#6168 by @​gjfei) (#6169)
• Components[select] (#6446 by @​gjfei) (#6474)
• Components [el-collapse] collapse item key pressing jumping (#6462 by @​JeremyWuuuuu)
• Components [message] offset error (#6497 by @​Alanscut)
• Components[select] namespace (#6486 by @​gjfei)
• Components el-select-allow-dynamically-update-options (#6473 by @​gjfei)
• Components [el-tooltip] close the dropdown after set disabled (#6467 by @​Alanscut)
• Docs improve component typings (#6524 by @​sxzz)

... (truncated)

Commits

• d6690f8 Merge pull request #6560 from element-plus/dev
• 45d915f chore: Update changelog 2.1.0 (#6561)
• 58897ec ci(build): add threshold to build product workflow (#6564)
• e98d129 refactor(components): [link] refactor (#6543)
• 9172120 test(ci): add build product checking for prs (#6558)
• 2db400c refactor(components): [link] dynamic css vars & fix inner align (#6557)
• 93ee392 fix(components): [upload] photo-wall wrap (#6546)
• 14353db fix(ci): suppress warning by mark icon as raw (#6555)
• 88b574e fix(build): move eslint config to internal (#6553)
• e10a1e4 fix(ci): fix cascader ns querySelector class (#6552)
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates rollup from 2.67.0 to 2.79.2

Changelog

Sourced from rollup's changelog.

rollup changelog

4.22.5

2024-09-27

Bug Fixes

• Allow parsing of certain unicode characters again (#5674)

Pull Requests

• #5674: Fix panic with unicode characters (@​sapphi-red, @​lukastaegert)
• #5675: chore(deps): update dependency rollup to v4.22.4 [security] (@​renovate[bot])
• #5680: chore(deps): update dependency @​rollup/plugin-commonjs to v28 (@​renovate[bot], @​lukastaegert)
• #5681: chore(deps): update dependency @​rollup/plugin-replace to v6 (@​renovate[bot])
• #5682: chore(deps): update dependency @​rollup/plugin-typescript to v12 (@​renovate[bot])
• #5684: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

2024-09-20

Bug Fixes

... (truncated)

Commits

• c9bd03d 2.79.2
• 48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
• 69ff418 2.79.1
• 04dce1b Update changelog
• 159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
• e1392b3 Update type definition of resolveId (#4641)
• 7836357 Improve performance of chunk naming collision check (#4643)
• 71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
• 8193ea5 Adapt workflow to use Node 14 sub-version to work with branch protection
• 8477f8f 2.79.0
• Additional commits viewable in compare view

Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

6.2.0

• Coerce numbers to strings when passed to semver.coerce()
• Add rtl option to coerce from right to left

6.1.3

• Handle X-ranges properly in includePrerelease mode

6.1.2

• Do not throw when testing invalid version strings

6.1.1

• Add options support for semver.coerce()
• Handle undefined version passed to Range.test

6.1.0

• Add semver.compareBuild function
• Support * in semver.intersects

6.0

• Fix intersects logic.

  This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits

• 44d27bc chore: release 6.3.1
• 928e56d fix: better handling of whitespace (#591)
• 39f6326 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates webpack from 5.75.0 to 5.95.0

Release notes

Sourced from webpack's releases.

v5.95.0

Bug Fixes

• Fixed hanging when attempting to read a symlink-like file that it can't read
• Handle default for import context element dependency
• Merge duplicate chunks call after split chunks
• Generate correctly code for dynamically importing the same file twice and destructuring
• Use content hash as [base] and [name] for extracted DataURI's
• Distinguish module and import in module-import for externals import's
• [Types] Make EnvironmentPlugin default values types less strict
• [Types] Typescript 5.6 compatibility

New Features

• Add new optimization.avoidEntryIife option (true by default for the production mode)
• Pass output.hash* options to loader context

Performance

• Avoid unneeded re-visit in build chunk graph

v5.94.0

Bug Fixes

• Added runtime condition for harmony reexport checked
• Handle properly data/http/https protocols in source maps
• Make bigint optimistic when browserslist not found
• Move @​types/eslint-scope to dev deps
• Related in asset stats is now always an array when no related found
• Handle ASI for export declarations
• Mangle destruction incorrect with export named default properly
• Fixed unexpected asi generation with sequence expression
• Fixed a lot of types

New Features

• Added new external type "module-import"
• Support webpackIgnore for new URL() construction
• [CSS] @import pathinfo support

Security

• Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

• Generate correct relative path to runtime chunks
• Makes DefinePlugin quieter under default log level
• Fixed mangle destructuring default in namespace import

... (truncated)

Commits

• e20fd63 chore(release): 5.95.0
• 4866b0d feat: added new optimization.entryIife option
• d90f692 fix: merge duplicate chunks after split chunks
• 90dec30 fix(externals): distinguish “module” and “import” in “module-import”
• c1a0a46 fix(externals): distinguish “module” and “import” in “module-import”
• 14d8fa8 fix: all tests cases
• dae16ad feat: pass output.hash* options to loader context
• 75d185d feat: pass output.hash* options to loader context
• 46e0b9c test: update
• 8e62f9f test
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.