build(deps): bump the xterm group with 2 updates

[dependabot]

Bumps the xterm group with 2 updates: xterm and xterm-addon-canvas.

Updates xterm from 5.1.0 to 5.3.0

Release notes

Sourced from xterm's releases.

5.3.0

🚀 Features

• The default DOM-based renderer is significantly faster now (#4605, #4631, #4651, #4662, #4681, #4754) via @​jerch, @​Tyriar, @​PerBothner, @​tisilent
• The smooth scroll feature now affects scrollLines, scrollPages,scrollToLine, scrollToTop and scrollToBottom (#4482, #4714) via @​tisilent, @​Tyriar
• minimumContrastRatio now applies 50% of the contrast ratio to dimmed text (#4672) via @​Tyrira

📦 API

• There's a new trace log level (#4687, 4709) via @​Tyriar

  const term = new Terminal({
      logLevel: 'trace'
  });

• New logger delegate option (#4563, #4564) via @​Tyriar. This new API allows the embedder to define the logging behavior, instead of always using to console

  const term = new Terminal({
      logger: {
          trace: (e, args) => console.log('trace: ', e, args),
          debug: (e, args) => console.log('debug: ', e, args),
          info: (e, args) => console.log('info: ', e, args),
          warn: (e, args) => console.log('warn: ', e, args),
          error: (e, args) => console.log('error: ', e, args)
      }
  });

• New ignoreBracketedPasteMode option that allows explicitly disabling bracketed paste mode, regardless of whether the shell enables it or not (#4636) via @​Tyriar

  const term = new Terminal({
      ignoreBracketedPasteMode: true
  });

• New cursorInactiveStyle option (#4657) via @​tisilent

  const term = new Terminal({
      cursorInactiveStyle: 'none'
  });

🐞 Bug fixes

• Fix character size being affected by CSS transformations (#4366) via @​arekouzounian
• Fix mouse tracking behavior (#4583) via @​jerch
• Improve rendering of the DOM renderer's underline cursor (#4584) via @​dlech
• Fix issues in the accessibility tree (#4637) via @​meganrogge
• Fix reset and clear leaving viewport in a bad state (#4638) via @​Tyriar
• Fix API facade memory leaks (#4655) via @​Tyriar
• Fix memory leak in cursor blink state manager (#4659) via @​SvanT
• Fix inverse rendering when a transparent foreground is used (#4667) via @​Dennnnny

... (truncated)

Commits

• 2e02c37 Merge pull request #4756 from Tyriar/tyriar/5_3__2
• 71ee3c7 Disable image addon publishing
• 009add2 Merge pull request #4755 from Tyriar/tyriar/5_3
• fb4b662 v5.3.0 and bump all addons
• 7b52b8e Merge pull request #4754 from tisilent/DomRenderer-Focus-Cursor
• c03cb2b When DomRenderer focus,render the cursor line.
• 29dd30a Merge pull request #4735 from Tyriar/playwright
• 68c5723 Remove debugger statement
• 5e628d7 Use arrow functions
• 93aae67 Readme explaining test/api
• Additional commits viewable in compare view

Updates xterm-addon-canvas from 0.4.0 to 0.5.0

Commits

• e572734 Syntax fix
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[jelly]

I get a CSP violation, this seems to happen on main as well?

DomRenderer.ts:252 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-V3jh1fvXRuEn6z41bHv17b92KR1ldZBpSklJy+WfZPk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Cockpit uses the same version, so this should imo just work (tm).

[jelly]

I can't reproduce this without running the test, so I assume it has something to do with our resize handling or calling something when the terminal is hidden.

[jelly]

Digging into it, where it goes wrong is:

  public setRenderer(renderer: IRenderer): void {
    this._renderer.value = renderer;
    this._renderer.value.onRequestRedraw(e => this.refreshRows(e.start, e.end, true));

We call it with renderer is undefined triggered by this.term.dispose() in ComponentWillUnmount.

This is a bug in xterm.js xtermjs/xterm.js#4757 it has been fixed but no new release has been made.

[martinpitt]

Thanks @jelly for debugging! AFAIR, just closing this PR should ignore this version 5.3.0 in dependabot, but it'll create a new PR as soon as the next release happens. Let's try?

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

[jelly]

Thanks @jelly for debugging! AFAIR, just closing this PR should ignore this version 5.3.0 in dependabot, but it'll create a new PR as soon as the next release happens. Let's try?

I think it doesn't, but it seems for groups it does!