Bump the npm_and_yarn group across 2 directories with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /src/interface/obsidian directory: esbuild.
Bumps the npm_and_yarn group with 1 update in the /src/interface/web directory: next.

Updates esbuild from 0.14.47 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
    color: red;
    }
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
    color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:

    /* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2022

This changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).

0.16.12

• Loader defaults to js for extensionless files (#2776)

  Certain packages contain files without an extension. For example, the yargs package contains the file yargs/yargs which has no extension. Node, Webpack, and Parcel can all understand code that imports yargs/yargs because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for "" (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:

  • CLI:

    esbuild --bundle --loader:=css
    

  • JS:

    esbuild.build({
      bundle: true,
      loader: { '': 'css' },
    })

  • Go:

    api.Build(api.BuildOptions{
      Bundle: true,
      Loader: map[string]api.Loader{"": api.LoaderCSS},
    })

  In addition, the "type" field in package.json files now only applies to files with an explicit .js, .jsx, .ts, or .tsx extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than .mjs, .mts, .cjs, or .cts including extensionless files. So for example an extensionless file in a "type": "module" package is now treated as CommonJS instead of ESM.

0.16.11

• Avoid a syntax error in the presence of direct eval (#2761)

  The behavior of nested function declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested function declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested function declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:

  // Original code
  if (true) {
    function foo() {}
    console.log(!!foo)
    foo = null
    console.log(!!foo)
  }

... (truncated)

Commits

• e9174d6 publish 0.25.0 to npm
• c27dbeb fix hosts in plugin-tests.js
• 6794f60 fix hosts in node-unref-tests.js
• de85afd Merge commit from fork
• da1de1b fix #4065: bitwise operators can return bigints
• f4e9d19 switch case liveness: default is always last
• 7aa47c3 fix #4028: minify live/dead switch cases better
• 22ecd30 minify: more constant folding for strict equality
• 4cdf03c fix #4053: reordering of .tsx in node_modules
• dc71977 fix #3692: 0 now picks a random ephemeral port
• Additional commits viewable in compare view

Updates next from 14.2.25 to 15.2.4

Release notes

Sourced from next's releases.

v15.1.8

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: Merge link header from middleware with the ones from React (#73431)
• fix(edge): run after() if request is cancelled mid-streaming (#76013)
• gate segmentCache branch in base-server (#79505)

Credits

Huge thanks to @​amannn, @​lubieowoce, and @​ztanner for helping!

v14.2.29

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only share incremental cache for edge in next start (#79389)

Credits

Huge thanks to @​ijjk for helping!

v14.2.28

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: node.js module import error when using middleware (#77945)

Credits

Huge thanks to @​ztanner for helping!

v14.2.27

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix dynamic route interception not working when deployed with middleware (#64923)

Credits

Huge thanks to @​ztanner for helping!

Commits

• 804aa35 v15.2.4
• ecb72ee Match subrequest handling for edge and node (#77474)
• 25f810b exclude images and static media from dev origin check (#77417)
• d9bcb83 ensure /__next middleware URLs are included in the origin check (#77416)
• cfeaa86 remove direct ip/port bypass in dev origin check (#77414)
• f847302 switch development origin verification to be opt-in rather than opt-out (#77395)
• 535e26d v15.2.3
• 2fcae1d Update default allowed origins list (#77212)
• adf5462 unify allowed origin detection handling (#77053)
• 5e59da1 Add dev warning for cross-origin and stabilize allowedDevOrigins (#77044)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Tóm tắt từ Sourcery

Nâng cấp các dependency esbuild và Next.js trong các interface tương ứng và tạo lại các file lock

Cải tiến:

• Nâng cấp esbuild từ 0.14.47 lên 0.25.0 trong src/interface/obsidian
• Nâng cấp Next.js từ 14.2.25 lên 15.2.4 trong src/interface/web

Công việc vặt:

• Tạo lại các file yarn.lock cho cả hai interface

Original summary in English

Summary by Sourcery

Bump esbuild and Next.js dependencies in their respective interfaces and regenerate lock files

Enhancements:

• Bump esbuild from 0.14.47 to 0.25.0 in src/interface/obsidian
• Bump Next.js from 14.2.25 to 15.2.4 in src/interface/web

Chores:

• Regenerate yarn.lock files for both interfaces

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[sourcery-ai]

Hướng dẫn dành cho người đánh giá

PR này áp dụng các nâng cấp phiên bản chính do Dependabot điều khiển cho nhóm phụ thuộc npm_and_yarn: nó cập nhật esbuild trong giao diện Obsidian và Next.js trong giao diện Web bằng cách tăng phiên bản của chúng trong package.json và tạo lại các tệp yarn.lock tương ứng.

Sơ đồ trình tự: Máy chủ Dev esbuild - Kiểm soát truy cập chặt chẽ hơn (Sau v0.25.0)

sequenceDiagram
    actor Client
    participant DevServer as "esbuild Dev Server (>=v0.25.0)"

    Client->>DevServer: HTTP Request (Host: 'some.host', Origin: 'any.origin')
    activate DevServer
    DevServer->>DevServer: 1. Check 'Host' header against configured 'serve' hosts
    alt Host header matches configured hosts
        DevServer->>DevServer: 2. Perform CORS check (now stricter, default disabled)
        alt CORS check passes OR not applicable (e.g. same-origin)
            DevServer-->>Client: Serve content
        else CORS check fails
            DevServer-->>Client: Deny request (CORS error)
        end
    else Host header does not match configured 'serve' hosts
        DevServer-->>Client: Deny request (Host mismatch)
    end
    deactivate DevServer

Loading

Sơ đồ trình tự: Chế độ Watch esbuild - Xử lý lỗi xây dựng (Sau v0.25.0)

sequenceDiagram
    actor Developer
    participant Watcher as "esbuild Watch Process (>=v0.25.0)"
    participant FileSystem as "Output Directory"

    Developer->>Watcher: Modifies a source file
    activate Watcher
    Watcher->>Watcher: Trigger rebuild of project
    alt Rebuild fails (e.g. syntax error)
        Watcher->>FileSystem: Delete all output files
        Watcher-->>Developer: Notify build failure (e.g. console error, files disappear)
    else Rebuild succeeds
        Watcher->>FileSystem: Write/update output files
        Watcher-->>Developer: Notify build success (e.g. console message, files updated)
    end
    deactivate Watcher

Loading

Thay đổi cấp độ tệp

Thay đổi	Chi tiết	Tệp
Nâng cấp esbuild từ v0.14.47 lên v0.25.0 trong giao diện Obsidian	Cập nhật phiên bản esbuild trong package.json Tạo lại yarn.lock để phản ánh phiên bản esbuild mới	src/interface/obsidian/package.json src/interface/obsidian/yarn.lock
Nâng cấp Next.js từ v14.2.25 lên v15.2.4 trong giao diện Web	Cập nhật phiên bản next trong package.json Tạo lại yarn.lock để phản ánh phiên bản next mới	src/interface/web/package.json src/interface/web/yarn.lock

---

Mẹo và lệnh

Tương tác với Sourcery

• Khởi chạy đánh giá mới: Bình luận @sourcery-ai review trên pull request.
• Tiếp tục thảo luận: Trả lời trực tiếp các bình luận đánh giá của Sourcery.
• Tạo một issue GitHub từ một bình luận đánh giá: Yêu cầu Sourcery tạo một
  issue từ một bình luận đánh giá bằng cách trả lời nó. Bạn cũng có thể trả lời một
  bình luận đánh giá bằng @sourcery-ai issue để tạo một issue từ nó.
• Tạo tiêu đề pull request: Viết @sourcery-ai ở bất kỳ đâu trong tiêu đề
  pull request để tạo tiêu đề bất kỳ lúc nào. Bạn cũng có thể bình luận
  @sourcery-ai title trên pull request để (tạo lại) tiêu đề bất kỳ lúc nào.
• Tạo tóm tắt pull request: Viết @sourcery-ai summary ở bất kỳ đâu trong
  phần thân pull request để tạo bản tóm tắt PR bất kỳ lúc nào chính xác nơi bạn
  muốn. Bạn cũng có thể bình luận @sourcery-ai summary trên pull request để
  (tạo lại) bản tóm tắt bất kỳ lúc nào.
• Tạo hướng dẫn dành cho người đánh giá: Bình luận @sourcery-ai guide trên pull
  request để (tạo lại) hướng dẫn dành cho người đánh giá bất kỳ lúc nào.
• Giải quyết tất cả các bình luận của Sourcery: Bình luận @sourcery-ai resolve trên
  pull request để giải quyết tất cả các bình luận của Sourcery. Hữu ích nếu bạn đã
  giải quyết tất cả các bình luận và không muốn thấy chúng nữa.
• Bỏ qua tất cả các đánh giá của Sourcery: Bình luận @sourcery-ai dismiss trên pull
  request để bỏ qua tất cả các đánh giá hiện có của Sourcery. Đặc biệt hữu ích nếu bạn
  muốn bắt đầu lại với một đánh giá mới - đừng quên bình luận
  @sourcery-ai review để kích hoạt một đánh giá mới!

Tùy chỉnh trải nghiệm của bạn

Truy cập bảng điều khiển của bạn để:

• Bật hoặc tắt các tính năng đánh giá như bản tóm tắt pull request do Sourcery tạo,
  hướng dẫn dành cho người đánh giá và các tính năng khác.
• Thay đổi ngôn ngữ đánh giá.
• Thêm, xóa hoặc chỉnh sửa hướng dẫn đánh giá tùy chỉnh.
• Điều chỉnh các cài đặt đánh giá khác.

Nhận trợ giúp

• Liên hệ với nhóm hỗ trợ của chúng tôi nếu có câu hỏi hoặc phản hồi.
• Truy cập tài liệu của chúng tôi để biết các hướng dẫn và thông tin chi tiết.
• Giữ liên lạc với nhóm Sourcery bằng cách theo dõi chúng tôi trên X/Twitter, LinkedIn hoặc GitHub.

Original review guide in English

Reviewer's Guide

This PR applies Dependabot-driven major version upgrades to the npm_and_yarn dependency group: it updates esbuild in the Obsidian interface and Next.js in the Web interface by bumping their versions in package.json and regenerating the corresponding yarn.lock files.

Sequence Diagram: esbuild Dev Server - Stricter Access Control (Post v0.25.0)

sequenceDiagram
    actor Client
    participant DevServer as "esbuild Dev Server (>=v0.25.0)"

    Client->>DevServer: HTTP Request (Host: 'some.host', Origin: 'any.origin')
    activate DevServer
    DevServer->>DevServer: 1. Check 'Host' header against configured 'serve' hosts
    alt Host header matches configured hosts
        DevServer->>DevServer: 2. Perform CORS check (now stricter, default disabled)
        alt CORS check passes OR not applicable (e.g. same-origin)
            DevServer-->>Client: Serve content
        else CORS check fails
            DevServer-->>Client: Deny request (CORS error)
        end
    else Host header does not match configured 'serve' hosts
        DevServer-->>Client: Deny request (Host mismatch)
    end
    deactivate DevServer

Loading

Sequence Diagram: esbuild Watch Mode - Handling Build Failures (Post v0.25.0)

sequenceDiagram
    actor Developer
    participant Watcher as "esbuild Watch Process (>=v0.25.0)"
    participant FileSystem as "Output Directory"

    Developer->>Watcher: Modifies a source file
    activate Watcher
    Watcher->>Watcher: Trigger rebuild of project
    alt Rebuild fails (e.g. syntax error)
        Watcher->>FileSystem: Delete all output files
        Watcher-->>Developer: Notify build failure (e.g. console error, files disappear)
    else Rebuild succeeds
        Watcher->>FileSystem: Write/update output files
        Watcher-->>Developer: Notify build success (e.g. console message, files updated)
    end
    deactivate Watcher

Loading

File-Level Changes

Change	Details	Files
Upgrade esbuild from v0.14.47 to v0.25.0 in the Obsidian interface	Update esbuild version in package.json Regenerate yarn.lock to reflect new esbuild version	src/interface/obsidian/package.json src/interface/obsidian/yarn.lock
Upgrade Next.js from v14.2.25 to v15.2.4 in the Web interface	Update next version in package.json Regenerate yarn.lock to reflect new next version	src/interface/web/package.json src/interface/web/yarn.lock

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.