Bump the npm_and_yarn group in /ui with 2 updates

[dependabot]

Bumps the npm_and_yarn group in /ui with 3 updates: rollup and vite.

Updates rollup from 2.66.1 to 4.28.0

Release notes

Sourced from rollup's releases.

v4.28.0

4.28.0

2024-11-30

Features

• Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

Pull Requests

• #5743: fix: supports modify the import attributes key in the config file (@​TrickyPi, @​lukastaegert)
• #5747: chore(deps): update codecov/codecov-action action to v5 (@​renovate[bot])
• #5748: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.27.4

4.27.4

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

• #5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.27.3

4.27.3

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#5736)

Pull Requests

• #5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

v4.27.2

4.27.2

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#5728)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.28.0

2024-11-30

Features

• Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

Pull Requests

• #5743: fix: supports modify the import attributes key in the config file (@​TrickyPi, @​lukastaegert)
• #5747: chore(deps): update codecov/codecov-action action to v5 (@​renovate[bot])
• #5748: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.27.4

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

• #5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.27.3

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#5736)

Pull Requests

• #5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

4.27.2

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

• #5728: Fix more variable deconflicting issues (@​lukastaegert)

... (truncated)

Commits

• 0595e43 4.28.0
• 5053019 fix: supports modify the import attributes key in the config file (#5743)
• a0f1dcc chore(deps): lock file maintenance minor/patch updates (#5748)
• a949c87 chore(deps): update codecov/codecov-action action to v5 (#5747)
• e805b54 4.27.4
• dd623b5 chore(deps): lock file maintenance minor/patch updates (#5740)
• 7c0b1f8 4.27.3
• 10bc150 Revert object tree-shaking (#5420) until some issues have been resolved (#5736)
• a503a4d 4.27.2
• 6c68455 Fix more variable deconflicting issues (#5728)
• Additional commits viewable in compare view

Updates rollup from 3.29.4 to 4.28.0

Release notes

Sourced from rollup's releases.

v4.28.0

4.28.0

2024-11-30

Features

• Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

Pull Requests

• #5743: fix: supports modify the import attributes key in the config file (@​TrickyPi, @​lukastaegert)
• #5747: chore(deps): update codecov/codecov-action action to v5 (@​renovate[bot])
• #5748: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.27.4

4.27.4

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

• #5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.27.3

4.27.3

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#5736)

Pull Requests

• #5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

v4.27.2

4.27.2

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#5728)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.28.0

2024-11-30

Features

• Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

Pull Requests

• #5743: fix: supports modify the import attributes key in the config file (@​TrickyPi, @​lukastaegert)
• #5747: chore(deps): update codecov/codecov-action action to v5 (@​renovate[bot])
• #5748: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.27.4

2024-11-23

Bug Fixes

• Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

• #5740: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.27.3

2024-11-18

Bug Fixes

• Revert object property tree-shaking for now (#5736)

Pull Requests

• #5736: Revert object tree-shaking until some issues have been resolved (@​lukastaegert)

4.27.2

2024-11-15

Bug Fixes

• Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

• #5728: Fix more variable deconflicting issues (@​lukastaegert)

... (truncated)

Commits

• 0595e43 4.28.0
• 5053019 fix: supports modify the import attributes key in the config file (#5743)
• a0f1dcc chore(deps): lock file maintenance minor/patch updates (#5748)
• a949c87 chore(deps): update codecov/codecov-action action to v5 (#5747)
• e805b54 4.27.4
• dd623b5 chore(deps): lock file maintenance minor/patch updates (#5740)
• 7c0b1f8 4.27.3
• 10bc150 Revert object tree-shaking (#5420) until some issues have been resolved (#5736)
• a503a4d 4.27.2
• 6c68455 Fix more variable deconflicting issues (#5728)
• Additional commits viewable in compare view

Updates vite from 2.9.18 to 6.0.3

Release notes

Sourced from vite's releases.

v6.0.3

Please refer to CHANGELOG.md for details.

v6.0.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.0.1

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0-beta.10

Please refer to CHANGELOG.md for details.

v6.0.0-beta.9

Please refer to CHANGELOG.md for details.

v6.0.0-beta.8

Please refer to CHANGELOG.md for details.

v6.0.0-beta.7

Please refer to CHANGELOG.md for details.

v6.0.0-beta.6

Please refer to CHANGELOG.md for details.

v6.0.0-beta.5

Please refer to CHANGELOG.md for details.

v6.0.0-beta.4

Please refer to CHANGELOG.md for details.

v6.0.0-beta.3

Please refer to CHANGELOG.md for details.

v6.0.0-beta.2

Please refer to CHANGELOG.md for details.

v6.0.0-beta.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.3 (2024-12-05)

• fix: handle postcss load unhandled rejections (#18886) (d5fb653), closes #18886
• fix: make handleInvoke interface compatible with invoke (#18876) (a1dd396), closes #18876
• fix: make result interfaces for ModuleRunnerTransport#invoke more explicit (#18851) (a75fc31), closes #18851
• fix: merge environments.ssr.resolve with root ssr config (#18857) (3104331), closes #18857
• fix: no permission to create vite config file (#18844) (ff47778), closes #18844
• fix: remove CSS import in CJS correctly in some cases (#18885) (690a36f), closes #18885
• fix(config): bundle files referenced with imports field (#18887) (2b5926a), closes #18887
• fix(config): make stacktrace path correct when sourcemap is enabled (#18833) (20fdf21), closes #18833
• fix(css): rewrite url when image-set and url exist at the same time (#18868) (d59efd8), closes #18868
• fix(deps): update all non-major dependencies (#18853) (5c02236), closes #18853
• fix(html): allow unexpected question mark in tag name (#18852) (1b54e50), closes #18852
• fix(module-runner): decode uri for file url passed to import (#18837) (88e49aa), closes #18837
• refactor: fix logic errors found by no-unnecessary-condition rule (#18891) (ea802f8), closes #18891
• chore: fix duplicate attributes issue number in comment (#18860) (ffee618), closes #18860

6.0.2 (2024-12-02)

• chore: run typecheck in unit tests (#18858) (49f20bb), closes #18858
• chore: update broken links in changelog (#18802) (cb754f8), closes #18802
• chore: update broken links in changelog (#18804) (47ec49f), closes #18804
• fix: don't store temporary vite config file in node_modules if deno (#18823) (a20267b), closes #18823
• fix(css): referencing aliased svg asset with lightningcss enabled errored (#18819) (ae68958), closes #18819
• fix(manifest): use style.css as a key for the style file for cssCodesplit: false (#18820) (ec51115), closes #18820
• fix(optimizer): resolve all promises when cancelled (#18826) (d6e6194), closes #18826
• fix(resolve): don't set builtinModules to external by default (#18821) (2250ffa), closes #18821
• fix(ssr): set ssr.target: 'webworker' defaults as fallback (#18827) (b39e696), closes #18827
• feat(css): format lightningcss error (#18818) (dac7992), closes #18818
• refactor: make properties of ResolvedServerOptions and ResolvedPreviewOptions required (#18796) (51a5569), closes #18796

6.0.1 (2024-11-27)

• fix: default empty server proxy prevents starting http2 server (#18788) (bbaf514), closes #18788
• fix(manifest): do not override existing js manifest entry (#18776) (3b0837e), closes #18776
• fix(server): close _ssrCompatModuleRunner on server close (#18784) (9b4c410), closes #18784
• fix(server): skip hot channel client normalization for wsServer (#18782) (cc7670a), closes #18782
• fix(worker): fix applyToEnvironment hooks on worker build (#18793) (0c6cdb0), closes #18793
• chore: flat v6 config file (#18777) (c7b3308), closes #18777
• chore: split changelog (#18787) (8542632), closes #18787
• chore: update changelog for v6 (#18773) (b254fac), closes #18773
• revert: update moduleResolution value casing (#18409) (#18774) (b0fc6e3), closes #18409 #18774

6.0.0 (2024-11-26)

... (truncated)

Commits

• 7a0758c release: v6.0.3
• a1dd396 fix: make handleInvoke interface compatible with invoke (#18876)
• ea802f8 refactor: fix logic errors found by no-unnecessary-condition rule (#18891)
• 690a36f fix: remove CSS import in CJS correctly in some cases (#18885)
• d5fb653 fix: handle postcss load unhandled rejections (#18886)
• 2b5926a fix(config): bundle files referenced with imports field (#18887)
• 1b54e50 fix(html): allow unexpected question mark in tag name (#18852)
• d59efd8 fix(css): rewrite url when image-set and url exist at the same time (#18868)
• 20fdf21 fix(config): make stacktrace path correct when sourcemap is enabled (#18833)
• 88e49aa fix(module-runner): decode uri for file url passed to import (#18837)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
vite	[>= 5.a, < 6]
vite	[>= 4.a, < 5]
vite	[>= 3.a, < 4]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[kkovaletp]

Anchore Grype scan results:

Anchore Grype detected vulnerabilities in project dependencies, for which fixed versions are available.
Please find more details in the "Checks" tab of this PR > "Code scanning results" > "Grype".

|

language id severity name version fix-versions path description go GHSA-22fx-6r9m-r8h9 Medium github.com/strukturag/libheif v1.15.1 1.15.2 /api/go.mod libheif vulnerable to segmentation fault via floating point exception javascript GHSA-7fh5-64p2-3v2j Medium postcss 6.0.23 8.4.31 /ui/package-lock.json PostCSS line return parsing error javascript GHSA-566m-qj78-rww5 Medium postcss 6.0.23 7.0.36 /ui/package-lock.json Regular Expression Denial of Service in postcss javascript GHSA-7fh5-64p2-3v2j Medium postcss 7.0.39 8.4.31 /ui/package-lock.json PostCSS line return parsing error

[sonarcloud]

Quality Gate passed for 'photoview'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 28.74%. Comparing base (1d43ebe) to head (00b3c93).
Report is 8 commits behind head on master.

✅ All tests successful. No failed tests found.

❗ There is a different number of reports uploaded between BASE (1d43ebe) and HEAD (00b3c93). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (1d43ebe)	HEAD (00b3c93)
ui	1	0

Additional details and impacted files

@@             Coverage Diff             @@
##           master     #230       +/-   ##
===========================================
- Coverage   54.77%   28.74%   -26.03%     
===========================================
  Files         195       97       -98     
  Lines       17518     6443    -11075     
  Branches      507        0      -507     
===========================================
- Hits         9595     1852     -7743     
+ Misses       7646     4314     -3332     
  Partials      277      277               

Flag	Coverage Δ
api-mysql	27.65% <ø> (ø)
api-postgres	27.75% <ø> (ø)
api-sqlite	26.18% <ø> (ø)
ui	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sonarcloud]

Quality Gate passed for 'photoview'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[kkovaletp]

@dependabot recreate

[dependabot]

Dependabot cannot update to the required version as all versions were ignored. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot cannot update to the required version as all versions were ignored. Because of this, Dependabot cannot update this pull request.

[kkovaletp]

@dependabot show rollup ignore conditions

[dependabot]

No ignore conditions found for the dependency rollup

[dependabot]

Dependabot cannot update to the required version as all versions were ignored. Because of this, Dependabot cannot update this pull request.

[kkovaletp]

@dependabot show vite ignore conditions

[dependabot]

Ignore Conditions

Dependency	Ignore Condition
vite	[>= 6.a, < 7]
vite	[>= 3.a, < 4]
vite	[>= 4.a, < 5]
vite	[>= 5.a, < 6]

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml