deps(dev): Bump the dev-dependencies group with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates:

Package	From	To
@rollup/wasm-node	4.9.0	4.9.1
eslint	8.55.0	8.56.0
@types/react-dom	18.2.17	18.2.18
postcss	8.4.31	8.4.32
tailwindcss	3.3.6	3.4.0

Updates @rollup/wasm-node from 4.9.0 to 4.9.1

Release notes

Sourced from @​rollup/wasm-node's releases.

v4.9.1

4.9.1

2023-12-17

Bug Fixes

• Fix an issue where break statements could include the wrong label (#5297)

Pull Requests

• #5297: fix: use a new includedLabels in the body of the LabeledStatement (@​TrickyPi)
• #5300: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

Changelog

Sourced from @​rollup/wasm-node's changelog.

4.9.1

2023-12-17

Bug Fixes

• Fix an issue where break statements could include the wrong label (#5297)

Pull Requests

• #5297: fix: use a new includedLabels in the body of the LabeledStatement (@​TrickyPi)
• #5300: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

Commits

• d56ac63 4.9.1
• 0574563 fix: use a new includedLabels in the body of the LabeledStatement (#5297)
• 4081802 chore(deps): lock file maintenance minor/patch updates (#5300)
• See full diff in compare view

Updates eslint from 8.55.0 to 8.56.0

Release notes

Sourced from eslint's releases.

v8.56.0

Features

• 0dd9704 feat: Support custom severity when reporting unused disable directives (#17212) (Bryan Mishkin)
• 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818) (Arka Pratim Chaudhuri)

Bug Fixes

• 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846) (Francesco Trotta)
• 74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#17812) (Bryan Mishkin)

Documentation

• 9007719 docs: update link in ways-to-extend.md (#17839) (Amel SELMANE)
• 3a22236 docs: Update README (GitHub Actions Bot)
• 54c3ca6 docs: fix migration-guide example (#17829) (Tanuj Kanti)
• 4391b71 docs: check config comments in rule examples (#17815) (Francesco Trotta)
• fd28363 docs: remove mention about ESLint stylistic rules in readme (#17810) (Zwyx)
• 48ed5a6 docs: Update README (GitHub Actions Bot)

Chores

• ba6af85 chore: upgrade @​eslint/js@​8.56.0 (#17864) (Milos Djermanovic)
• 60a531a chore: package.json update for @​eslint/js release (Jenkins)
• ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783) (renovate[bot])
• 9271d10 chore: add GitHub issue template for docs issues (#17845) (Josh Goldberg ✨)
• 70a686b chore: Convert rule tests to FlatRuleTester (#17819) (Nicholas C. Zakas)
• f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#17837) (唯然)
• 905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#17838) (唯然)
• 4d7c3ce chore: update eslint-plugin-n v16.4.0 (#17836) (唯然)
• fd0c60c ci: unpin Node.js 21.2.0 (#17821) (Francesco Trotta)

Changelog

Sourced from eslint's changelog.

v8.56.0 - December 15, 2023

• ba6af85 chore: upgrade @​eslint/js@​8.56.0 (#17864) (Milos Djermanovic)
• 60a531a chore: package.json update for @​eslint/js release (Jenkins)
• 0dd9704 feat: Support custom severity when reporting unused disable directives (#17212) (Bryan Mishkin)
• 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818) (Arka Pratim Chaudhuri)
• ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783) (renovate[bot])
• 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846) (Francesco Trotta)
• 9271d10 chore: add GitHub issue template for docs issues (#17845) (Josh Goldberg ✨)
• 70a686b chore: Convert rule tests to FlatRuleTester (#17819) (Nicholas C. Zakas)
• 9007719 docs: update link in ways-to-extend.md (#17839) (Amel SELMANE)
• f3a599d chore: upgrade eslint-plugin-unicorn to v49.0.0 (#17837) (唯然)
• 905d4b7 chore: upgrade eslint-plugin-eslint-plugin v5.2.1 (#17838) (唯然)
• 4d7c3ce chore: update eslint-plugin-n v16.4.0 (#17836) (唯然)
• 3a22236 docs: Update README (GitHub Actions Bot)
• 54c3ca6 docs: fix migration-guide example (#17829) (Tanuj Kanti)
• 4391b71 docs: check config comments in rule examples (#17815) (Francesco Trotta)
• fd28363 docs: remove mention about ESLint stylistic rules in readme (#17810) (Zwyx)
• fd0c60c ci: unpin Node.js 21.2.0 (#17821) (Francesco Trotta)
• 48ed5a6 docs: Update README (GitHub Actions Bot)
• 74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#17812) (Bryan Mishkin)

Commits

• 8e8e9f8 8.56.0
• 085978b Build: changelog update for 8.56.0
• ba6af85 chore: upgrade @​eslint/js@​8.56.0 (#17864)
• 60a531a chore: package.json update for @​eslint/js release
• 0dd9704 feat: Support custom severity when reporting unused disable directives (#17212)
• 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#17818)
• ba87a06 chore: update dependency markdownlint to ^0.32.0 (#17783)
• 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#17846)
• 9271d10 chore: add GitHub issue template for docs issues (#17845)
• 70a686b chore: Convert rule tests to FlatRuleTester (#17819)
• Additional commits viewable in compare view

Updates @types/react-dom from 18.2.17 to 18.2.18

Commits

• See full diff in compare view

Updates postcss from 8.4.31 to 8.4.32

Release notes

Sourced from postcss's releases.

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

Changelog

Sourced from postcss's changelog.

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

Commits

• a0d9f10 Release 8.4.32 version
• 0146b3e Add Node.js 21 to CI
• 2398534 Update dependencies
• 1918533 Merge pull request #1902 from ferreira-tb/main
• 395e6dc Fix ProcessOptions interface
• fa8cd15 Update dependencies
• 199a7c4 Typo
• 2528047 Update EM link
• See full diff in compare view

Updates tailwindcss from 3.3.6 to 3.4.0

Release notes

Sourced from tailwindcss's releases.

v3.4.0

Tailwind CSS v3.4 has arrived! Check out the announcement post for a guided tour through all of the highlights.

Added

• Add svh, lvh, and dvh values to default height/min-height/max-height theme (#11317)
• Add has-* variants for :has(...) pseudo-class (#11318)
• Add text-wrap utilities including text-balance and text-pretty (#11320, #12031)
• Extend default opacity scale to include all steps of 5 (#11832)
• Update Preflight html styles to include shadow DOM :host pseudo-class (#11200)
• Increase default values for grid-rows-* utilities from 1–6 to 1–12 (#12180)
• Add size-* utilities (#12287)
• Add utilities for CSS subgrid (#12298)
• Add spacing scale to min-w-*, min-h-*, and max-w-* utilities (#12300)
• Add forced-color-adjust utilities (#11931)
• Add forced-colors variant (#11694, #12582)
• Add appearance-auto utility (#12404)
• Add logical property values for float and clear utilities (#12480)
• Add * variant for targeting direct children (#12551)

Changed

• Simplify the sans font-family stack (#11748)
• Disable the tap highlight overlay on iOS (#12299)
• Improve relative precedence of rtl, ltr, forced-colors, and dark variants (#12584)

v3.3.7

Fixed

• Fix support for container query utilities with arbitrary values (#12534)
• Fix custom config loading in Standalone CLI (#12616)

Changelog

Sourced from tailwindcss's changelog.

[3.4.0] - 2023-12-19

Added

• Add svh, lvh, and dvh values to default height/min-height/max-height theme (#11317)
• Add has-* variants for :has(...) pseudo-class (#11318)
• Add text-wrap utilities including text-balance and text-pretty (#11320, #12031)
• Extend default opacity scale to include all steps of 5 (#11832)
• Update Preflight html styles to include shadow DOM :host pseudo-class (#11200)
• Increase default values for grid-rows-* utilities from 1–6 to 1–12 (#12180)
• Add size-* utilities (#12287)
• Add utilities for CSS subgrid (#12298)
• Add spacing scale to min-w-*, min-h-*, and max-w-* utilities (#12300)
• Add forced-color-adjust utilities (#11931)
• Add forced-colors variant (#11694, #12582)
• Add appearance-auto utility (#12404)
• Add logical property values for float and clear utilities (#12480)
• Add * variant for targeting direct children (#12551)

Changed

• Simplify the sans font-family stack (#11748)
• Disable the tap highlight overlay on iOS (#12299)
• Improve relative precedence of rtl, ltr, forced-colors, and dark variants (#12584)

[3.3.7] - 2023-12-18

Fixed

• Fix support for container query utilities with arbitrary values (#12534)
• Fix custom config loading in Standalone CLI (#12616)

Commits

• 8350cff 3.4.0
• fbdb858 Improve relative precedence of rtl, ltr, forced-colors and dark varia...
• dae4618 Update changelog
• 11a6ba3 Move forced-colors variant after dark variant (#12582)
• 47dbb4a Add * variant for targeting direct children (#12551)
• 7642e28 Disable tap highlights on iOS (#12299)
• 0697206 feat(preflight): simplify sans-serif font stack (#11748)
• b215f13 Update changelog
• 9129def Add logical properties support for float and clear (#12480)
• 4ef9717 Fix typo in changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

New and updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
postcss	8.4.32	None	+0	197 kB	ai
@rollup/wasm-node	4.9.0...4.9.1	None	+0/-0	3.8 MB	lukastaegert
@types/react-dom	18.2.17...18.2.18	None	+0/-0	33.3 kB	types
tailwindcss	3.3.6...3.4.0	None	+4/-0	6.37 MB	adamwathan
eslint	8.55.0...8.56.0	None	+5/-5	3.1 MB	eslintbot

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Chronological version anomaly	@types/react-dom	18.2.18	Previous Chronological: @types/[email protected] (11/22/2023, 12:59:22 AM) Previous Semver: @types/[email protected] (11/22/2023, 12:59:09 AM)	examples/nextjs-13-pages-wrap/package.json examples/nextjs-14-app-dir-rl/package.json examples/nextjs-14-app-dir-validate-email/package.json examples/nextjs-14-pages-wrap/package.json

Next steps

What is a chronological version anomaly?

Semantic versions published out of chronological order.

This could either indicate dependency confusion or a patched vulnerability.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore @types/[email protected]

[blaine-arcjet]

@dependabot recreate