fix(deps): update npm - - package.json

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/core (source)	^7.23.2 -> ^7.26.10
@babel/eslint-parser (source)	^7.22.9 -> ^7.27.0
@babel/preset-react (source)	^7.22.5 -> ^7.26.3
@commitlint/cli (source)	^19.0.0 -> ^19.8.0
@commitlint/config-conventional (source)	^19.0.0 -> ^19.8.0
@esbuild/darwin-arm64	^0.18.20 -> ^0.25.2
@esbuild/darwin-x64	^0.23.0 -> ^0.25.2
@esbuild/linux-x64	0.23.0 -> 0.25.2
@esbuild/win32-x64	0.23.0 -> 0.25.2
@material-ui/core (source)	^4.11.0 -> ^4.12.4
@primer/octicons-react (source)	^19.8.0 -> ^19.15.1
@seald-io/nedb	^4.0.2 -> ^4.1.1
@vitejs/plugin-react (source)	^4.0.2 -> ^4.3.4
axios (source)	^1.6.0 -> ^1.8.4
body-parser	^1.20.1 -> ^1.20.3
chai (source)	^4.2.0 -> ^4.5.0
chai-http	^4.3.0 -> ^4.4.0
concurrently	^9.0.0 -> ^9.1.2
cypress (source)	^14.0.0 -> ^14.2.1
diff2html (source)	^3.4.33 -> ^3.4.51
eslint (source)	^8.57.0 -> ^8.57.1
eslint-config-prettier	^10.0.1 -> ^10.1.1
eslint-plugin-prettier	^5.0.0 -> ^5.2.5
eslint-plugin-react	^7.21.5 -> ^7.37.4
express (source)	^4.18.2 -> ^4.21.2
express-http-proxy	^2.0.0 -> ^2.1.1
express-rate-limit	^7.1.5 -> ^7.5.0
express-session	^1.17.1 -> ^1.18.1
husky	^9.0.0 -> ^9.1.7
isomorphic-git (source)	^1.27.1 -> ^1.30.1
jsonschema	^1.4.1 -> ^1.5.0
load-plugin	^6.0.0 -> ^6.0.3
mocha (source)	^10.2.0 -> ^10.8.2
moment (source)	^2.29.4 -> ^2.30.1
mongodb	^5.0.0 -> ^5.9.2
nodemailer (source)	^6.6.1 -> ^6.10.0
nyc (source)	^17.0.0 -> ^17.1.0
openid-client	^6.2.0 -> ^6.3.4
passport-activedirectory	^1.0.4 -> ^1.4.0
perfect-scrollbar (source)	^1.5.5 -> ^1.5.6
prettier (source)	^3.0.0 -> ^3.5.3
react (source)	^16.13.1 -> ^16.14.0
react-dom (source)	^16.13.1 -> ^16.14.0
react-router-dom (source)	6.28.2 -> 6.30.0
simple-git (source)	^3.25.0 -> ^3.27.0
sinon (source)	^19.0.2 -> ^19.0.5
uuid	^11.0.0 -> ^11.1.0
vite (source)	^4.4.2 -> ^4.5.11

---

Release Notes

babel/babel (@​babel/core)

v7.26.10

Compare Source

👓 Spec Compliance

• babel-parser
  • #​17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #​17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #​17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #​17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #​17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #​17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #​17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #​17173 Fix processing of replacement pattern with named capture groups (@​mmmsssttt404)

💅 Polish

• babel-standalone
  • #​17158 Avoid warnings when re-bundling @​babel/standalone with webpack (@​liuxingbaoyu)

🏠 Internal

• babel-parser
  • #​17160 Left-value parsing cleanup (@​JLHwung)

v7.26.9

Compare Source

🐛 Bug Fix

• babel-types
  • #​17103 fix: Definition for TSPropertySignature.kind (@​liuxingbaoyu)
• babel-generator, babel-types
  • #​17062 Print TypeScript optional/definite in ClassPrivateProperty (@​jamiebuilds-signal)

🏠 Internal

• babel-types
  • #​17130 Use .ts files with explicit reexports to solve name conflicts (@​nicolo-ribaudo)
• babel-core
  • #​17127 Do not depend on @types/gensync in Babel 7 (@​nicolo-ribaudo)

v7.26.8

Compare Source

v7.26.8 (2025-02-08)

🏠 Internal

• babel-preset-env
  • #​17097 Update dependency babel-plugin-polyfill-corejs3 to ^0.11.0

v7.26.7

Compare Source

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #​17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #​17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)
• babel-parser
  • #​17079 Respect ranges option in estree method value (@​JLHwung)
• babel-core
  • #​17052 Do not try to parse .ts configs as JSON if natively supported (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #​17050 fix: correctly resolve references to non-constant enum members (@​branchseer)
• babel-plugin-transform-typescript, babel-traverse, babel-types
  • #​17025 fix: Remove type-only import x = y.z (@​liuxingbaoyu)

conventional-changelog/commitlint (@​commitlint/cli)

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/cli

19.6.1 (2024-12-15)

Note: Version bump only for package @​commitlint/cli

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/config-conventional

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

evanw/esbuild (@​esbuild/darwin-arm64)

v0.25.2

Compare Source

• Support flags in regular expressions for the API (#​4121)

  The JavaScript plugin API for esbuild takes JavaScript regular expression objects for the filter option. Internally these are translated into Go regular expressions. However, this translation previously ignored the flags property of the regular expression. With this release, esbuild will now translate JavaScript regular expression flags into Go regular expression flags. Specifically the JavaScript regular expression /\.[jt]sx?$/i is turned into the Go regular expression `(?i)\.[jt]sx?$` internally inside of esbuild's API. This should make it possible to use JavaScript regular expressions with the i flag. Note that JavaScript and Go don't support all of the same regular expression features, so this mapping is only approximate.

• Fix node-specific annotations for string literal export names (#​4100)

  When node instantiates a CommonJS module, it scans the AST to look for names to expose via ESM named exports. This is a heuristic that looks for certain patterns such as exports.NAME = ... or module.exports = { ... }. This behavior is used by esbuild to "annotate" CommonJS code that was converted from ESM with the original ESM export names. For example, when converting the file export let foo, bar from ESM to CommonJS, esbuild appends this to the end of the file:

  // Annotate the CommonJS export names for ESM import in node:
  0 && (module.exports = {
    bar,
    foo
  });

  However, this feature previously didn't work correctly for export names that are not valid identifiers, which can be constructed using string literal export names. The generated code contained a syntax error. That problem is fixed in this release:

  // Original code
  let foo
  export { foo as "foo!" }
  
  // Old output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
    "foo!"
  });
  
  // New output (with --format=cjs --platform=node)
  ...
  0 && (module.exports = {
    "foo!": null
  });

• Basic support for index source maps (#​3439, #​4109)

  The source map specification has an optional mode called index source maps that makes it easier for tools to create an aggregate JavaScript file by concatenating many smaller JavaScript files with source maps, and then generate an aggregate source map by simply providing the original source maps along with some offset information. My understanding is that this is rarely used in practice. I'm only aware of two uses of it in the wild: ClojureScript and Turbopack.

  This release provides basic support for indexed source maps. However, the implementation has not been tested on a real app (just on very simple test input). If you are using index source maps in a real app, please try this out and report back if anything isn't working for you.

  Note that this is also not a complete implementation. For example, index source maps technically allows nesting source maps to an arbitrary depth, while esbuild's implementation in this release only supports a single level of nesting. It's unclear whether supporting more than one level of nesting is important or not given the lack of available test cases.

  This feature was contributed by @​clyfish.

v0.25.1

Compare Source

• Fix incorrect paths in inline source maps (#​4070, #​4075, #​4105)

  This fixes a regression from version 0.25.0 where esbuild didn't correctly resolve relative paths contained within source maps in inline sourceMappingURL data URLs. The paths were incorrectly being passed through as-is instead of being resolved relative to the source file containing the sourceMappingURL comment, which was due to the data URL not being a file URL. This regression has been fixed, and this case now has test coverage.

• Fix invalid generated source maps (#​4080, #​4082, #​4104, #​4107)

  This release fixes a regression from version 0.24.1 that could cause esbuild to generate invalid source maps. Specifically under certain conditions, esbuild could generate a mapping with an out-of-bounds source index. It was introduced by code that attempted to improve esbuild's handling of "null" entries in source maps (i.e. mappings with a generated position but no original position). This regression has been fixed.

  This fix was contributed by @​jridgewell.

• Fix a regression with non-file source map paths (#​4078)

  The format of paths in source maps that aren't in the file namespace was unintentionally changed in version 0.25.0. Path namespaces is an esbuild-specific concept that is optionally available for plugins to use to distinguish paths from file paths and from paths meant for other plugins. Previously the namespace was prepended to the path joined with a : character, but version 0.25.0 unintentionally failed to prepend the namespace. The previous behavior has been restored.

• Fix a crash with switch optimization (#​4088)

  The new code in the previous release to optimize dead code in switch statements accidentally introduced a crash in the edge case where one or more switch case values include a function expression. This is because esbuild now visits the case values first to determine whether any cases are dead code, and then visits the case bodies once the dead code status is known. That triggered some internal asserts that guard against traversing the AST in an unexpected order. This crash has been fixed by changing esbuild to expect the new traversal ordering. Here's an example of affected code:

  switch (x) {
    case '':
      return y.map(z => z.value)
    case y.map(z => z.key).join(','):
      return []
  }

• Update Go from 1.23.5 to 1.23.7 (#​4076, #​4077)

  This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain reports from vulnerability scanners that detect which version of the Go compiler esbuild uses.

  This PR was contributed by @​MikeWillCook.

v0.25.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#​3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#​3620, #​3877, #​3933, #​3997, #​4005, #​4037, #​4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
      color: red;
    }
    
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
      color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work corre

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	aaa02a7
🔍 Latest deploy log	https://app.netlify.com/sites/endearing-brigadeiros-63f9d0/deploys/67ea8992f48fdd000840a1ce

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 1 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 7 package(s) with unknown licenses.
• ⚠️ 5 packages with OpenSSF Scorecard issues.

View full job summary

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 61.88%. Comparing base (83e814b) to head (aaa02a7).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #883   +/-   ##
=======================================
  Coverage   61.88%   61.88%           
=======================================
  Files          49       49           
  Lines        1805     1805           
=======================================
  Hits         1117     1117           
  Misses        688      688           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.