Bump the npm_and_yarn group across 2 directories with 40 updates

[dependabot]

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package	From	To
electron	13.2.1	35.1.2
karma	6.3.4	6.4.4
@babel/traverse	7.15.0	7.27.0
ansi-regex	5.0.0	5.0.1
ansi-regex	4.1.0	5.0.1
ansi-regex	3.0.0	5.0.1
postcss	7.0.36	8.5.2
@angular-builders/custom-webpack	12.1.1	19.0.0
@angular-devkit/build-angular	12.2.2	19.2.5
ejs	3.1.6	3.1.10
follow-redirects	1.14.2	1.15.9
http-cache-semantics	4.1.0	4.1.1
ip	1.1.5	removed
socks	2.6.1	2.8.4
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
nanoid	3.1.23	removed
mocha	9.1.0	11.1.0
node-fetch	2.6.1	2.7.0
plist	3.0.3	3.1.0
qs	6.5.2	6.13.0
tar-fs	2.1.1	2.1.2

Bumps the npm_and_yarn group with 3 updates in the /app directory: electron, ansi-regex and braces.

Updates electron from 13.2.1 to 35.1.2

Release notes

Sourced from electron's releases.

electron v35.1.2

Release Notes for v35.1.2

Fixes

• Fixed an issue where navigationHistory.restore() failed to restore the userAgent if it was overridden. #46300 (Also in 34, 36)

Other Changes

• Security: backported fix for CVE-2025-2783. #46303
• Updated Chromium to 134.0.6998.178. #46287

electron v35.1.1

Release Notes for v35.1.1

Fixes

• Fixed build failure when building with printing disabled. #46285 (Also in 34, 36)

electron v35.1.0

Release Notes for v35.1.0

Features

• Added ffmpeg.dll to delay load configuration. #46172 (Also in 34, 36)

Fixes

• Fixed NODE_OPTIONS parsing for child processes on macOS. #46244 (Also in 34, 36)
• Fixed a crash seen on Linux when calling webContents.print(). #46147 (Also in 36)
• Fixed an issue where system-context-menu incorrectly fired for all regions in frameless windows. #46178 (Also in 33, 34, 36)
• Fixed an issue where webContents.printToPDF() didn't work as expected with cross-process subframes. #46257 (Also in 34, 36)
• Fixed an issue where the resizing border didn't work as expected on Wayland windows. #46224 (Also in 33, 34, 36)
• Fixed an issue with token formatting for tokens received after calling pushNotifications.registerForAPNSNotifications(). #46148 (Also in 34, 36)
• Fixed crash on Linux when PipeWire screenshare source selection is cancelled. #46234 (Also in 36)
• Fixed crash with out-of-bounds string read when parsing NODE_OPTIONS. #46248 (Also in 34, 36)

Other Changes

• Improved performance of desktopCapturer.getSources when not requesting thumbnails on macOS. #46249 (Also in 34, 36)
• Updated Chromium to 134.0.6998.165. #46196

electron v35.0.3

Release Notes for v35.0.3

Fixes

• Fixed an issue where snapped windows in Windows may sometimes be improperly restored. #46040 (Also in 33, 34, 36)
• Fixed incorrect titlebar in file save dialogs. #46074 (Also in 33, 34, 36)

Documentation

• Documentation changes: #46102

... (truncated)

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

• API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
• Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
• Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
• Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
• Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (37.0)

Behavior Changed: BrowserWindow.IsVisibleOnAllWorkspaces() on Linux

BrowserWindow.IsVisibleOnAllWorkspaces() will now return false on Linux if the window is not currently visible.

Behavior Changes: app.commandLine

app.commandLine will convert upper-cases switches and arguments to lowercase.

app.commandLine was only meant to handle chromium switches (which aren't case-sensitive) and switches passed via app.commandLine will not be passed down to any of the child processes.

If you were using app.commandLine to control the behavior of the main process, you should do this via process.argv.

Planned Breaking API Changes (36.0)

Utility Process unhandled rejection behavior change

Utility Processes will now warn with an error message when an unhandled rejection occurs instead of crashing the process.

To restore the previous behavior, you can use:

process.on('unhandledRejection', () => {
  process.exit(1)
})

Removed: isDefault and status properties on PrinterInfo

These properties have been removed from the PrinterInfo Object because they have been removed from upstream Chromium.

Removed: quota type syncable in Session.clearStorageData(options)

... (truncated)

Commits

• 39cbd0c chore: reconcile Chrome roll patches (#46314)
• cd5da1b perf: avoid redundant map lookup in WebContents::DevToolsIndexPath() (#46296)
• 3023f14 perf: avoid std::map temporaries in `WebContents::DevToolsRequestFileSyste...
• fe44586 fix: set userAgent on navigationHistory.restore() (#46300)
• f916496 chore: bump chromium to 134.0.6998.178 (35-x-y) (#46287)
• e0014f5 perf: avoid redundant map lookup in AddComponentResourceEntries() (#46288)
• 44afb48 chore: cherry-pick 1 changes from 3-M134 (#46303)
• 6e112a8 fix: build failure when printing is disabled (#46285)
• c6c6720 refactor: add ElectronBrowserContext::GetDefaultBrowserContext() (#46085)
• a3ba653 perf: avoid redundant map lookup in WebFrameMain constructor (#46275)
• Additional commits viewable in compare view

Updates karma from 6.3.4 to 6.4.4

Release notes

Sourced from karma's releases.

v6.4.4

6.4.4 (2024-07-29)

v6.4.3

6.4.3 (2024-02-24)

Bug Fixes

• add build commits for patch release (d7f2d69)

v6.4.2

6.4.2 (2023-04-21)

Bug Fixes

• few typos (c6a4271)

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.4 (2024-07-29)

6.4.3 (2024-02-24)

Bug Fixes

• add build commits for patch release (d7f2d69)

6.4.2 (2023-04-21)

Bug Fixes

• few typos (c6a4271)

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

... (truncated)

Commits

• 84f85e7 chore(release): 6.4.4 [skip ci]
• a4d1284 build(deps-dev): bump ws from 6.2.1 to 6.2.3
• d8cf806 chore(release): 6.4.3 [skip ci]
• d7f2d69 fix: add build commits for patch release
• 85a2eeb build(deps-dev): bump decode-uri-component from 0.2.0 to 0.2.2
• 0bffce2 build(deps): updated socket.io version to fix security issues with socket.io-...
• 86667ab build(deps): bump follow-redirects from 1.11.0 to 1.15.4
• 450fdfd docs: Add deprecation notice to Karma README
• 9de3c00 chore(release): 6.4.2 [skip ci]
• c6a4271 fix: few typos
• Additional commits viewable in compare view

Updates @babel/traverse from 7.15.0 to 7.27.0

Release notes

Sourced from @​babel/traverse's releases.

v7.27.0 (2025-03-24)

Thanks @​ishchhabra and @​vovkasm for your first PRs!

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Ish Chhabra (@​ishchhabra)
• Vladimir Timofeev (@​vovkasm)
• @​liuxingbaoyu

v7.26.10 (2025-03-11)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.0 (2025-03-24)

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

v7.26.10 (2025-03-11)

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)

... (truncated)

Commits

• 5c350ea v7.27.0
• 582538c Allow traverseFast to exit early (#17169)
• 4ad63a4 [Babel 8] Remove BLOCK_SCOPED_SYMBOL and NOT_LOCAL_BINDING (#17148)
• 0d0d577 fix: Reset child scopes when scope.crawl() (#17170)
• c51cffd feat: Add upToScope parameter to hasBinding (#17102)
• f902742 chore: Update TS 5.8 (#17185)
• b1bca3d fix: Uninitialized var declarator in loop marked as constantViolation (#17168)
• e1ce99d v7.26.10
• 51ec746 fix: Should not evaluate vars in child scope (#17151)
• 64bca7b v7.26.9
• Additional commits viewable in compare view

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates ansi-regex from 4.1.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates ansi-regex from 3.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates postcss from 7.0.36 to 8.5.2

Release notes

Sourced from postcss's releases.

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

... (truncated)

Commits

• 692fcde Release 8.5.2 version
• b70e98f Update dependencies
• ba587e3 Fix end position of rules with ownSemicon (#2012)
• 7b02c75 Release 8.5.1 version
• 4c15339 Update dependencies
• 7efe91e Improve backwards compat for Input#document (#2000)
• 6873270 Release 8.5 version
• 4223bb9 Fix 80 columns limit
• 80e2401 Add Input#document (#1996)
• 6f86879 Update dependencies
• Additional commits viewable in compare view

Updates @angular-builders/custom-webpack from 12.1.1 to 19.0.0

Changelog

Sourced from @​angular-builders/custom-webpack's changelog.

19.0.0 (2025-01-05)

Note: Version bump only for package @​angular-builders/custom-webpack

19.0.0-beta.0 (2024-12-05)

⚠ BREAKING CHANGES

• deps: update to Angular 19 (#1871)

Miscellaneous Chores

• deps: update to Angular 19 (#1871) (d3b17ed)

18.0.1-beta.0 (2024-07-24)

Note: Version bump only for package @​angular-builders/custom-webpack

18.0.0 (2024-06-17)

Note: Version bump only for package @​angular-builders/custom-webpack

18.0.0-beta.3 (2024-05-30)

⚠ BREAKING CHANGES

• update to Angular 18 (#1787)

Miscellaneous Chores

• update to Angular 18 (#1787) (eba47d5)

18.0.0-beta.0 (2024-05-30)

⚠ BREAKING CHANGES

• update to Angular 18 (#1787)

Miscellaneous Chores

• update to Angular 18 (#1787) (eba47d5)

17.0.3-beta.1 (2024-04-10)

Note: Version bump only for package @​angular-builders/custom-webpack

17.0.3-beta.0 (2024-04-04)

Note: Version bump only for package @​angular-builders/custom-webpack

... (truncated)

Commits

• 8bb2a95 ci(release): publish
• 4095a1f ci(release): publish
• d3b17ed chore(deps)!: update to Angular 19 (#1871)
• a05bf0a ci(release): publish
• d306471 chore(deps): update dependency webpack-merge to v6 (#1824)
• 8369c67 ci(release): publish
• 6c442d8 ci(release): publish
• 58bb846 ci(release): publish
• e8d7f5d ci(release): publish
• eba47d5 chore!: update to Angular 18 (#1787)
• Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 12.2.2 to 19.2.5

Release notes

Sourced from @​angular-devkit/build-angular's releases.

19.2.5

@​angular/build

Commit	Description
	correct handling of response/request errors
	handle undefined getOrCreateAngularServerApp during error compilation
	normalize karma asset paths before lookup
	update vite to 6.2.3

v19.2.4

19.2.4 (2025-03-19)

@​schematics/angular

Commit	Description
	replace @angular/platform-browser-dynamic with @angular/platform-browser

@​angular/build

Commit	Description
	ensure errors for missing component resources
	ensure relative karma stack traces for test failures

v19.2.3

19.2.3 (2025-03-13)

@​angular/build

Commit	Description
	update babel packages

v19.2.2

19.2.2 (2025-03-12)

@​angular/cli

Commit	Description
	record analytics for nested schematics

@​angular/build

Commit	Description
	exclude all entrypoints of a library from prebundling
	handle postcss compilation errors gracefully
	provide extract-i18n does not respect
	remove duplicate prebundling warning

@​angular/ssr

Commit	Description
	prevent stream draining if write does not return a boolean

v19.2.1

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

19.2.5 (2025-03-26)

@​angular/build

Commit	Type	Description
20455e2a6	fix	correct handling of response/request errors
32b1dcd91	fix	handle undefined getOrCreateAngularServerApp during error compilation
7552a9fec	fix	normalize karma asset paths before lookup
1eb5b4357	fix	update vite to 6.2.3

18.2.16 (2025-03-26)

@​angular-devkit/build-angular

Commit	Type	Description
4267a80c5	fix	remove @vitejs/plugin-basic-ssl from dependencies

@​angular/build

Commit	Type	Description
9c2904d0d	fix	update vite to 5.4.15

17.3.14 (2025-03-26)

@​angular-devkit/build-angular

Commit	Type	Description
cb8f859f1	fix	update vite to 5.4.15

20.0.0-next.2 (2025-03-19)

Breaking Changes

@​schematics/angular

... (truncated)

Commits

• ab0bdce release: cut the v19.2.5 release
• 1eb5b43 fix(@​angular/build): update vite to 6.2.3
• 7552a9f fix(@​angular/build): normalize karma asset paths before lookup
• 32b1dcd fix(@​angular/build): handle undefined getOrCreateAngularServerApp during er...
• 20455e2 fix(@​angular/build): correct handling of response/request errors
• e2413f5 test: correct test description typos
• 148023a release: cut the v19.2.4 release
• b0b643e fix(@​angular/build): ensure errors for missing component resources
• 0a4e96b f...

  Description has been truncated