build(deps): bump the npm_and_yarn group across 3 directories with 7 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
webpack	5.94.0	5.95.0
@grpc/grpc-js	1.11.2	1.11.3
axios	1.7.2	1.7.4
express	4.20.0	4.21.0
bl	6.0.14	6.0.15
vite	5.3.3	5.3.6
find-my-way	8.1.0	8.2.2

Bumps the npm_and_yarn group with 1 update in the /packages/cacti-ledger-browser directory: vite.
Bumps the npm_and_yarn group with 2 updates in the /weaver/samples/fabric/fabric-cli directory: @grpc/grpc-js and express.

Updates webpack from 5.94.0 to 5.95.0

Release notes

Sourced from webpack's releases.

v5.95.0

Bug Fixes

• Fixed hanging when attempting to read a symlink-like file that it can't read
• Handle default for import context element dependency
• Merge duplicate chunks call after split chunks
• Generate correctly code for dynamically importing the same file twice and destructuring
• Use content hash as [base] and [name] for extracted DataURI's
• Distinguish module and import in module-import for externals import's
• [Types] Make EnvironmentPlugin default values types less strict
• [Types] Typescript 5.6 compatibility

New Features

• Add new optimization.entryIife option (true by default for the production mode)
• Pass output.hash* options to loader context

Performance

• Avoid unneeded re-visit in build chunk graph

Commits

• e20fd63 chore(release): 5.95.0
• 4866b0d feat: added new optimization.entryIife option
• d90f692 fix: merge duplicate chunks after split chunks
• 90dec30 fix(externals): distinguish “module” and “import” in “module-import”
• c1a0a46 fix(externals): distinguish “module” and “import” in “module-import”
• 14d8fa8 fix: all tests cases
• dae16ad feat: pass output.hash* options to loader context
• 75d185d feat: pass output.hash* options to loader context
• 46e0b9c test: update
• 8e62f9f test
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.11.2 to 1.11.3

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.11.3

• Ensure the client queries the name resolver again after connections drop while using the round_robin load balancing policy (#2825)

Commits

• 8841efe Merge pull request #2825 from murgatroid99/grpc-js_round_robin_reresolve
• a1b8972 Merge pull request #2806 from murgatroid99/grpc-js_connectivity_management_fixes
• b3c24d0 grpc-js: round_robin: Request resolution on connection drop
• 3d43b1a Further reduce pick_first state space
• a6575c3 grpc-js: Simplify pick_first behavior
• See full diff in compare view

Updates axios from 1.7.2 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Commits

• abd24a7 chore(release): v1.7.4 (#6544)
• 6b6b605 fix(sec): CVE-2024-39338 (#6539) (#6543)
• 07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)
• c6cce43 chore(release): v1.7.3 (#6521)
• e3c76fc fix(adapter): fix progress event emitting; (#6518)
• 85d4d0e fix(fetch): fix withCredentials request config (#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
• See full diff in compare view

Updates express from 4.20.0 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

Commits

• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• See full diff in compare view

Updates bl from 6.0.14 to 6.0.15

Release notes

Sourced from bl's releases.

v6.0.15

6.0.15 (2024-09-10)

Trivial Changes

• deps-dev: bump typescript from 5.5.4 to 5.6.2 (edfc739)

Changelog

Sourced from bl's changelog.

6.0.15 (2024-09-10)

Trivial Changes

• deps-dev: bump typescript from 5.5.4 to 5.6.2 (edfc739)

Commits

• 074b33a chore(release): 6.0.15 [skip ci]
• edfc739 chore(deps-dev): bump typescript from 5.5.4 to 5.6.2
• See full diff in compare view

Updates vite from 5.3.3 to 5.3.6

Changelog

Sourced from vite's changelog.

5.3.6 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (2691bb3), closes #18115
• fix: fs raw query (#18112) (4573a6f), closes #18112

5.3.5 (2024-07-25)

• refactor(asset): remove rollup 3 public file watch workaround (#16331) (66bdb1d), closes #16331
• fix: make server type less restrictive (fix #17627) (#17628) (b55c32f), closes #17627 #17628
• fix: show error if vite client cannot be loaded (#17419) (db5ab1d), closes #17419
• fix(build): env output is not stable (#17748) (b240a83), closes #17748
• fix(client): fix vite error path (#17744) (3c1bde3), closes #17744
• fix(css): resolve url aliases with fragments (fix: #17690) (#17691) (d906d3f)
• fix(deps): update all non-major dependencies (#17629) (93281b0), closes #17629
• fix(importMetaGlob): handle alias that starts with hash (#17743) (b58b423), closes #17743
• fix(ssrTransform): sourcemaps with multiple sources (#17677) (f321fa8), closes #17677
• chore: extend commit hash (#17709) (4fc9b64), closes #17709
• chore(deps): update all non-major dependencies (#17734) (9983731), closes #17734
• chore(deps): update typescript (#17699) (df5ceb3), closes #17699
• revert: fix(logger): truncate log over 5000 characters long (#16581) (#17729) (f4f488f), closes #16581 #17729

5.3.4 (2024-07-16)

• fix: update Terser type definitions (fix #17668) (#17669) (b723a75), closes #17668 #17669
• fix(build): skip preload treeshaking for nested braces (#17687) (4be96b4), closes #17687
• fix(css): include .css?url in assets field of manifest (#17623) (1465b20), closes #17623
• fix(worker): nested inlined worker always fallbacked to data URI worker instead of using blob worker (07bc489), closes #17509
• refactor: replace includes with logical operations (#17620) (c4a2227), closes #17620
• chore: add callback to http-proxy.d.ts jsdoc (#17646) (d8a5d70), closes #17646

Commits

• f469ceb release: v5.3.6
• 2691bb3 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 4573a6f fix: fs raw query (#18112)
• 4407839 release: v5.3.5
• 66bdb1d refactor(asset): remove rollup 3 public file watch workaround (#16331)
• b240a83 fix(build): env output is not stable (#17748)
• b58b423 fix(importMetaGlob): handle alias that starts with hash (#17743)
• d906d3f fix(css): resolve url aliases with fragments (fix: #17690) (#17691)
• 3c1bde3 fix(client): fix vite error path (#17744)
• 9983731 chore(deps): update all non-major dependencies (#17734)
• Additional commits viewable in compare view

Updates find-my-way from 8.1.0 to 8.2.2

Release notes

Sourced from find-my-way's releases.

v8.2.2

⚠️ Security Release ⚠️

Fixes: GHSA-rrr8-f88r-h8q6 CVE-2024-45813

Full Changelog: delvedor/find-my-way@v8.2.0...v8.2.2

v8.2.0

What's Changed

• Update contraint check to throw with 32 handlers by @​valeneiko in delvedor/find-my-way#344
• feat: add node: prefix for assert by @​SavaCool122 in delvedor/find-my-way#347
• add dependabot.yml by @​Uzlopak in delvedor/find-my-way#350
• chore: bump actions/setup-node from 3 to 4 by @​dependabot in delvedor/find-my-way#351
• chore: bump actions/checkout from 3 to 4 by @​dependabot in delvedor/find-my-way#352
• Achieve 100% test coverage by @​jean-michelet in delvedor/find-my-way#349
• chore: bump the dependencies-major group with 1 update by @​dependabot in delvedor/find-my-way#353
• Fix header in README by @​selimb in delvedor/find-my-way#345
• Exclude Node v14 and v16 on macos by @​mcollina in delvedor/find-my-way#364
• add node v22. Skip old nodes on mac by @​mcollina in delvedor/find-my-way#363
• Support optional params on root by @​mcollina in delvedor/find-my-way#367

New Contributors

• @​valeneiko made their first contribution in delvedor/find-my-way#344
• @​SavaCool122 made their first contribution in delvedor/find-my-way#347
• @​dependabot made their first contribution in delvedor/find-my-way#351
• @​jean-michelet made their first contribution in delvedor/find-my-way#349
• @​selimb made their first contribution in delvedor/find-my-way#345

Full Changelog: delvedor/find-my-way@v8.1.0...v8.2.0

Commits

• 9e666a1 Bumped v8.2.2
• 17fae69 Merge commit from fork
• ea27fa2 Bumped v8.2.0
• cce5437 Support optional params on root (#367)
• 984ff20 add node v22. Skip old nodes on mac (#363)
• 20e7b1c Exclude Node v14 and v16 on macos (#364)
• a9d1ee1 Fix header in README (#345)
• 8c7983c chore: bump the dependencies-major group with 1 update (#353)
• e117960 Achieve 100% test coverage (#349)
• 9731ad7 chore: bump actions/checkout from 3 to 4 (#352)
• Additional commits viewable in compare view

Updates vite from 5.1.7 to 5.1.8

Changelog

Sourced from vite's changelog.

5.3.6 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (2691bb3), closes #18115
• fix: fs raw query (#18112) (4573a6f), closes #18112

5.3.5 (2024-07-25)

• refactor(asset): remove rollup 3 public file watch workaround (#16331) (66bdb1d), closes #16331
• fix: make server type less restrictive (fix #17627) (#17628) (b55c32f), closes #17627 #17628
• fix: show error if vite client cannot be loaded (#17419) (db5ab1d), closes #17419
• fix(build): env output is not stable (#17748) (b240a83), closes #17748
• fix(client): fix vite error path (#17744) (3c1bde3), closes #17744
• fix(css): resolve url aliases with fragments (fix: #17690) (#17691) (d906d3f)
• fix(deps): update all non-major dependencies (#17629) (93281b0), closes #17629
• fix(importMetaGlob): handle alias that starts with hash (#17743) (b58b423), closes #17743
• fix(ssrTransform): sourcemaps with multiple sources (#17677) (f321fa8), closes #17677
• chore: extend commit hash (#17709) (4fc9b64), closes #17709
• chore(deps): update all non-major dependencies (#17734) (9983731), closes #17734
• chore(deps): update typescript (#17699) (df5ceb3), closes #17699
• revert: fix(logger): truncate log over 5000 characters long (#16581) (#17729) (f4f488f), closes #16581 #17729

5.3.4 (2024-07-16)

• fix: update Terser type definitions (fix #17668) (#17669) (b723a75), closes #17668 #17669
• fix(build): skip preload treeshaking for nested braces (#17687) (4be96b4), closes #17687
• fix(css): include .css?url in assets field of manifest (#17623) (1465b20), closes #17623
• fix(worker): nested inlined worker always fallbacked to data URI worker instead of using blob worker (07bc489), closes #17509
• refactor: replace includes with logical operations (#17620) (c4a2227), closes #17620
• chore: add callback to http-proxy.d.ts jsdoc (#17646) (d8a5d70), closes #17646

Commits

• f469ceb release: v5.3.6
• 2691bb3 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 4573a6f fix: fs raw query (#18112)
• 4407839 release: v5.3.5
• 66bdb1d refactor(asset): remove rollup 3 public file watch workaround (#16331)
• b240a83 fix(build): env output is not stable (#17748)
• b58b423 fix(importMetaGlob): handle alias that starts with hash (#17743)
• d906d3f fix(css): resolve url aliases with fragments (fix: #17690) (#17691)
• 3c1bde3 fix(client): fix vite error path (#17744)
• 9983731 chore(deps): update all non-major dependencies (#17734)
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.11.2 to 1.11.3

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.11.3

• Ensure the client queries the name resolver again after connections drop while using the round_robin load balancing policy (#2825)

Commits

• 8841efe Merge pull request #2825 from murgatroid99/grpc-js_round_robin_reresolve
• a1b8972 Merge pull request #2806 from murgatroid99/grpc-js_connectivity_management_fixes
• b3c24d0 grpc-js: round_robin: Request resolution on connection drop
• 3d43b1a Further reduce pick_first state space
• a6575c3 grpc-js: Simplify pick_first behavior
• See full diff in compare view

Updates express from 4.20.0 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

Commits

• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[petermetz]

I'm going to manually update this PR again to avoid the accidental downgrades.

[petermetz]

@hyperledger/cacti-maintainers I've updated the PR so that it doesn't downgrade dependencies anymore. Ready for your review.