Bump the minor group with 11 updates

[dependabot]

Bumps the minor group with 11 updates:

Package	From	To
@sentry/node	8.33.1	8.34.0
express	4.21.0	4.21.1
express-session	1.18.0	1.18.1
govuk-frontend	5.6.0	5.7.1
@ministryofjustice/hmpps-probation-integration-e2e-tests	1.23.0	1.26.0
@playwright/test	1.47.2	1.48.0
@types/node	22.7.4	22.7.5
@typescript-eslint/eslint-plugin	8.8.0	8.8.1
@typescript-eslint/parser	8.8.0	8.8.1
sass	1.79.4	1.79.5
typescript	5.6.2	5.6.3

Updates @sentry/node from 8.33.1 to 8.34.0

Release notes

Sourced from @​sentry/node's releases.

8.34.0

Important Changes

• ref(nextjs): Remove dead code (#13828)

Relevant for users of the @sentry/nextjs package: If you have previously configured a SENTRY_IGNORE_API_RESOLUTION_ERROR environment variable, it is now safe to unset it.

Other Changes

• feat(cdn): Export getReplay in replay CDN bundles (#13881)
• feat(replay): Clear fallback buffer when switching buffers (#13914)
• feat(replay): Upgrade rrweb packages to 2.28.0 (#13732)
• fix(docs): Correct supported browsers due to globalThis (#13788)
• fix(nextjs): Adjust path to requestAsyncStorageShim.js template file (#13928)
• fix(nextjs): Detect new locations for request async storage to support Next.js v15.0.0-canary.180 and higher (#13920)
• fix(nextjs): Drop _not-found spans for all HTTP methods (#13906)
• fix(nextjs): Fix resolution of request storage shim fallback (#13929)
• fix(node): Ensure graphql options are correct when preloading (#13769)
• fix(node): Local variables handle error (#13827)
• fix(node): Remove dataloader instrumentation from default integrations (#13873)
• fix(nuxt): Create declaration files for Nuxt module (#13909)
• fix(replay): Ensure replay_id is removed from frozen DSC when stopped (#13893)
• fix(replay): Try/catch sendBufferedReplayOrFlush to prevent cycles (#13900)
• fix(sveltekit): Ensure trace meta tags are always injected (#13231)
• fix(sveltekit): Update wrapServerRouteWithSentry to respect ParamMatchers (#13390)
• fix(wasm): Integration wasm uncaught WebAssembly.Exception (#13787) (#13854)
• ref(nextjs): Ignore sentry spans based on query param attribute (#13905)
• ref(utils): Move vercelWaitUntil to utils (#13891)

Work in this release was contributed by @​trzeciak, @​gurpreetatwal, @​ykzts and @​lizhiyao. Thank you for your contributions!

Bundle size 📦

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

8.34.0

Important Changes

• ref(nextjs): Remove dead code (#13828)

Relevant for users of the @sentry/nextjs package: If you have previously configured a SENTRY_IGNORE_API_RESOLUTION_ERROR environment variable, it is now safe to unset it.

Other Changes

• feat(cdn): Export getReplay in replay CDN bundles (#13881)
• feat(replay): Clear fallback buffer when switching buffers (#13914)
• feat(replay): Upgrade rrweb packages to 2.28.0 (#13732)
• fix(docs): Correct supported browsers due to globalThis (#13788)
• fix(nextjs): Adjust path to requestAsyncStorageShim.js template file (#13928)
• fix(nextjs): Detect new locations for request async storage to support Next.js v15.0.0-canary.180 and higher (#13920)
• fix(nextjs): Drop _not-found spans for all HTTP methods (#13906)
• fix(nextjs): Fix resolution of request storage shim fallback (#13929)
• fix(node): Ensure graphql options are correct when preloading (#13769)
• fix(node): Local variables handle error (#13827)
• fix(node): Remove dataloader instrumentation from default integrations (#13873)
• fix(nuxt): Create declaration files for Nuxt module (#13909)
• fix(replay): Ensure replay_id is removed from frozen DSC when stopped (#13893)
• fix(replay): Try/catch sendBufferedReplayOrFlush to prevent cycles (#13900)
• fix(sveltekit): Ensure trace meta tags are always injected (#13231)
• fix(sveltekit): Update wrapServerRouteWithSentry to respect ParamMatchers (#13390)
• fix(wasm): Integration wasm uncaught WebAssembly.Exception (#13787) (#13854)
• ref(nextjs): Ignore sentry spans based on query param attribute (#13905)
• ref(utils): Move vercelWaitUntil to utils (#13891)

Work in this release was contributed by @​trzeciak, @​gurpreetatwal, @​ykzts and @​lizhiyao. Thank you for your contributions!

Commits

• d7749ae release: 8.34.0
• 2a1dd9a Merge pull request #13941 from getsentry/prepare-release/8.34.0
• 20914b0 meta(changelog): Update changelog for 8.34.0
• 86c626e fix(nextjs): Fix resolution of request storage shim fallback (#13929)
• fcc3d2b meta(ci): Don't fail CI run when codecov fails to upload (#13930)
• 0b00605 ci(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 (#13844)
• 6b4401f fix(nextjs): Detect new locations for request async storage to support Next.j...
• 0be3137 fix(nextjs): Adjust path to requestAsynStorageShim.js template file (#13928)
• d7c33a2 feat(replay): Upgrade rrweb packages to 2.28.0 (#13732)
• 37b45c1 feat(replay): Clear fallback buffer when switching buffers (#13914)
• Additional commits viewable in compare view

Updates express from 4.21.0 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• See full diff in compare view

Updates express-session from 1.18.0 to 1.18.1

Release notes

Sourced from express-session's releases.

1.18.1

What's Changed

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/session#984
• dep: [email protected] by @​knolleary in expressjs/session#997
• Release: 1.18.1 by @​UlisesGascon in expressjs/session#998

New Contributors

• @​inigomarquinez made their first contribution in expressjs/session#984
• @​knolleary made their first contribution in expressjs/session#997
• @​UlisesGascon made their first contribution in expressjs/session#998

Full Changelog: expressjs/session@v1.18.0...v1.18.1

Changelog

Sourced from express-session's changelog.

1.18.1 / 2024-10-08

• deps: [email protected]
  • Fix object assignment of hasOwnProperty
• deps: [email protected]
  • Allow leading dot for domain
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
• deps: [email protected]
  • perf: parse cookies ~10% faster
  • fix: narrow the validation of cookies to match RFC6265
  • fix: add main to package.json for rspack

Commits

• bbeca94 1.18.1
• 341b179 dep: [email protected] (#997)
• 8f0a1c4 ci: add support for OSSF scorecard reporting (#984)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express-session since your current version.

Updates govuk-frontend from 5.6.0 to 5.7.1

Release notes

Sourced from govuk-frontend's releases.

GOV.UK Frontend v5.7.1

To install this version with npm, run npm install [email protected]. You can also find more information about how to stay up to date in our documentation.

Recommended changes

Stop setting a value for File upload components

The File upload component currently supports a value parameter, which populates the value HTML attribute of the input.

However, since no modern browser supports passing a value to a file input, we've made the decision to remove this parameter. It has been deprecated and will be removed in a future version of GOV.UK Frontend.

We introduced this change in [pull request #5330: Deprecate File upload component's value parameter](alphagov/govuk-frontend#5330).

Fixes

We've made fixes to GOV.UK Frontend in the following pull requests:

• #5396: Update various department brand colours

GOV.UK Frontend v5.7.0

To install this version with npm, run npm install [email protected]. You can also find more information about how to stay up to date in our documentation.

New features

The Royal Arms has been updated

The Royal Arms in the GOV.UK footer has been updated to reflect the version introduced by King Charles III.

If your service does not use the image directly from the Frontend package, you should ensure the new image is being copied to your service’s image assets folder. By default this folder is located at /assets/images.

If you’re using Nunjucks, the asset path may have been changed by the assetPath global variable or assetsPath parameter on the header component.

Copy the govuk-crest.svg file from /dist/assets/images into your assets folder.

You can safely delete the old image files, named govuk-crest.png and govuk-crest-2x.png.

We introduced this change in [pull request #5376: Update the Royal Arms graphic in footer (v5.x)](alphagov/govuk-frontend#5376).

Components will not longer initialise twice on the same element

GOV.UK Frontend components now throw an error if they've already been initialised on the DOM Element they're receiving for initialisation. This prevents components from being initialised more than once and therefore not working properly.

We introduced this change in [pull request #5272: Prevent multiple initialisations of a single component instance](alphagov/govuk-frontend#5272)

Respond to initialisation errors when using createAll and initAll

We've added a new onError option for createAll and initAll that lets you respond to initialisation errors. The functions will continue catching errors and initialising components further down the page if one component fails to initialise, but this option will let you react to a component failing to initialise. For example, to allow reporting to an error monitoring service.

... (truncated)

Changelog

Sourced from govuk-frontend's changelog.

v5.7.1 (Fix release)

To install this version with npm, run npm install [email protected]. You can also find more information about how to stay up to date in our documentation.

Recommended changes

Stop setting a value for File upload components

The File upload component currently supports a value parameter, which populates the value HTML attribute of the input.

However, since no modern browser supports passing a value to a file input, we've made the decision to remove this parameter. It has been deprecated and will be removed in a future version of GOV.UK Frontend.

We introduced this change in [pull request #5330: Deprecate File upload component's value parameter](alphagov/govuk-frontend#5330).

Fixes

We've made fixes to GOV.UK Frontend in the following pull requests:

• #5396: Update various department brand colours

v5.7.0 (Feature release)

To install this version with npm, run npm install [email protected]. You can also find more information about how to stay up to date in our documentation.

New features

The Royal Arms has been updated

The Royal Arms in the GOV.UK footer has been updated to reflect the version introduced by King Charles III.

If your service does not use the image directly from the Frontend package, you should ensure the new image is being copied to your service’s image assets folder. By default this folder is located at /assets/images.

If you’re using Nunjucks, the asset path may have been changed by the assetPath global variable or assetsPath parameter on the header component.

Copy the govuk-crest.svg file from /dist/assets/images into your assets folder.

You can safely delete the old image files, named govuk-crest.png and govuk-crest-2x.png.

We introduced this change in [pull request #5376: Update the Royal Arms graphic in footer (v5.x)](alphagov/govuk-frontend#5376).

Components will not longer initialise twice on the same element

GOV.UK Frontend components now throw an error if they've already been initialised on the DOM Element they're receiving for initialisation. This prevents components from being initialised more than once and therefore not working properly.

We introduced this change in [pull request #5272: Prevent multiple initialisations of a single component instance](alphagov/govuk-frontend#5272)

Respond to initialisation errors when using createAll and initAll

We've added a new onError option for createAll and initAll that lets you respond to initialisation errors.

... (truncated)

Commits

• 77521fc Merge pull request #5400 from alphagov/release-5.7.1
• 23569ac Release v5.7.1
• 782fba5 Merge pull request #5330 from alphagov/file-upload-deprecate-value-param
• 8a95be4 Mark file upload ‘value’ parameter as deprecated
• 4e1ccea Merge pull request #5396 from alphagov/update-organisation-colours-oct-2024
• 617ef04 Update for Scotland and Wales office rebrands
• 1bc77e1 Update DCMS, Defra, DSIT and FCDO brand colours
• 6805620 Merge pull request #5390 from alphagov/component-options-this-root
• 663748a Merge pull request #5394 from alphagov/release-5.7.0
• 9fb4b89 Release v5.7.0
• Additional commits viewable in compare view

Updates @ministryofjustice/hmpps-probation-integration-e2e-tests from 1.23.0 to 1.26.0

Commits

• See full diff in compare view

Updates @playwright/test from 1.47.2 to 1.48.0

Release notes

Sourced from @​playwright/test's releases.

v1.48.0

WebSocket routing

New methods page.routeWebSocket() and browserContext.routeWebSocket() allow to intercept, modify and mock WebSocket connections initiated in the page. Below is a simple example that mocks WebSocket communication by responding to a "request" with a "response".

await page.routeWebSocket('/ws', ws => {
  ws.onMessage(message => {
    if (message === 'request')
      ws.send('response');
  });
});

See WebSocketRoute for more details.

UI updates

• New "copy" buttons for annotations and test location in the HTML report.
• Route method calls like route.fulfill() are not shown in the report and trace viewer anymore. You can see which network requests were routed in the network tab instead.
• New "Copy as cURL" and "Copy as fetch" buttons for requests in the network tab.

Miscellaneous

• Option form and similar ones now accept FormData.
• New method page.requestGC() may help detect memory leaks.
• New option location to pass custom step location.
• Requests made by APIRequestContext now record detailed timing and security information in the HAR.

Browser Versions

• Chromium 130.0.6723.19
• Mozilla Firefox 130.0
• WebKit 18.0

This version was also tested against the following stable channels:

• Google Chrome 129
• Microsoft Edge 129

Commits

• 0cdbb11 chore: mark v1.48.0 (#33009)
• ca368d4 cherry-pick(#32991): fix(routeWebSocket): do not show in the trace (#33004)
• c329c5c cherry-pick(#33005): chore(driver): roll driver to recent Node.js LTS version
• 97aaa12 cherry-pick(#32956): fix(fetch): listener leaks on Socket
• 0c17732 cherry-pick(#32949): feat(chromium): roll to r1140
• 530f043 cherry-pick(#32938): feat(firefox): roll to r1465
• 1054930 cherry-pick(#32924): docs: fix Java/.NET types for docs rolling
• e732f68 cherry-pick(#32906): feat(chromium): roll to r1139
• dfa0e8b cherry-pick(#32905): chore: remove 'screenshot instead of snapshot' usages
• 7155356 cherry-pick(#32880): chore: unflake 'should record'
• Additional commits viewable in compare view

Updates @types/node from 22.7.4 to 22.7.5

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.8.1

8.8.1 (2024-10-07)

🩹 Fixes

• eslint-plugin: stop warning on @​ts-nocheck comments which aren't at the beginning of the file (#10046)
• typescript-estree: fix crash when running from a node --eval script (#10098)
• typescript-estree: ensure mjs/mts files are always be parsed as ESM (#10011)

❤️ Thank You

• Brad Zacher @​bradzacher
• Ronen Amiel
• WhitePiano @​goldentrash

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.8.1 (2024-10-07)

🩹 Fixes

• eslint-plugin: stop warning on @​ts-nocheck comments which aren't at the beginning of the file

❤️ Thank You

• Brad Zacher
• Ronen Amiel
• WhitePiano

You can read about our versioning strategy and releases on our website.

Commits

• f898248 chore(release): publish 8.8.1
• 2d6ee87 fix(eslint-plugin): stop warning on @​ts-nocheck comments which aren't at the ...
• See full diff in compare view

Updates @typescript-eslint/parser from 8.8.0 to 8.8.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.8.1

8.8.1 (2024-10-07)

🩹 Fixes

• eslint-plugin: stop warning on @​ts-nocheck comments which aren't at the beginning of the file (#10046)
• typescript-estree: fix crash when running from a node --eval script (#10098)
• typescript-estree: ensure mjs/mts files are always be parsed as ESM (#10011)

❤️ Thank You

• Brad Zacher @​bradzacher
• Ronen Amiel
• WhitePiano @​goldentrash

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.8.1 (2024-10-07)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• f898248 chore(release): publish 8.8.1
• See full diff in compare view

Updates sass from 1.79.4 to 1.79.5

Release notes

Sourced from sass's releases.

Dart Sass 1.79.5

To install Sass 1.79.5, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Changes to how selector.unify() and @extend combine selectors:

  • The relative order of pseudo-classes (like :hover) and pseudo-elements (like ::before) within each original selector is now preserved when they're combined.

  • Pseudo selectors are now consistently placed at the end of the combined selector, regardless of which selector they came from. Previously, this reordering only applied to pseudo-selectors in the second selector.

• Tweak the color transformation matrices for OKLab and OKLCH to match the newer, more accurate values in the CSS spec.

• Fix a slight inaccuracy case when converting to srgb-linear and display-p3.

• Potentially breaking bug fix: math.unit() now wraps multiple denominator units in parentheses. For example, px/(em*em) instead of px/em*em.

Command-Line Interface

• Use @parcel/watcher to watch the filesystem when running from JavaScript and not using --poll. This should mitigate more frequent failures users have been seeing since version 4.0.0 of Chokidar, our previous watching tool, was released.

JS API

• Fix SassColor.interpolate() to allow an undefined options parameter, as the types indicate.

Embedded Sass

• Properly pass missing color channel values to and from custom functions.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.79.5

• Changes to how selector.unify() and @extend combine selectors:

  • The relative order of pseudo-classes (like :hover) and pseudo-elements (like ::before) within each original selector is now preserved when they're combined.

  • Pseudo selectors are now consistently placed at the end of the combined selector, regardless of which selector they came from. Previously, this reordering only applied to pseudo-selectors in the second selector.

• Tweak the color transformation matrices for OKLab and OKLCH to match the newer, more accurate values in the CSS spec.

• Fix a slight inaccuracy case when converting to srgb-linear and display-p3.

• Potentially breaking bug fix: math.unit() now wraps multiple denominator units in parentheses. For example, px/(em*em) instead of px/em*em.

Command-Line Interface

• Use @parcel/watcher to watch the filesystem when running from JavaScript and not using --poll. This should mitigate more frequent failures users have been seeing since version 4.0.0 of Chokidar, our previous watching tool, was released.

JS API

• Fix SassColor.interpolate() to allow an undefined options parameter, as the types indicate.

Embedded Sass

• Properly pass missing color channel values to and from custom functions.

Commits

• 7290399 Partially replace chokidar with @​parcel/watcher (#2379)
• 85b467b Update LMS matrices (#2374)
• 2c5f1e9 Use correct notation for multiple denominator units (#2375)
• d58e219 Add sass-parser support for for the @supports rule (#2378)
• 5535d1f Fix srgb to linear (#2372)
• 5acae8a Fix JS API color.interpolate(color2) without options (#2369)
• 4890989 Add support for missing color channels to the protofier (#2366)
• 67fecff unifyComound() and unifyComplex() no longer move pseudo-classes across pseudo...
• See full diff in compare view

Updates typescript from 5.6.2 to 5.6.3

Release notes

Sourced from typescript's releases.

TypeScript 5.6.3

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).
• fixed issues query for Typescript 5.6.3 (Stable).

Downloads are available on:

• npm
• NuGet package

Commits

• d48a5cf Bump version to 5.6.3 and LKG
• fefa70a 🤖 Pick PR #60083 (Don't issue implicit any when obtai...) into release-5.6 (#...
• ff71692 [release-5.6] Remove tsbuildInfo specification error now that we need it for ...
• 1f44dcf 🤖 Pick PR #60157 (fix automatic type acquisition) into release-5.6 (#60169)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud