chore(deps): bump org.webjars.npm:unpoly from 3.0.0-rc2 to 3.6.1

[dependabot]

Bumps org.webjars.npm:unpoly from 3.0.0-rc2 to 3.6.1.

Changelog

Sourced from org.webjars.npm:unpoly's changelog.

3.6.1

• Fix a bug where new overlays would not have history if the initial fragment matches a layer-specific main target like [up-main=modal].

3.6.0

Targeting fragments

• Unpoly-specific pseudo selectors like :main or :layer can now be used in a compound target, e.g. :main .child.
• Targeting :main will no longer match in the region of the interaction origin. It will now always use the first matching selector in up.fragment.config.mainTargets.
• Fix a bug where following a navigation item outside a main element would focus the <body> instead of the main element.

Performance improvements

• Unpoy now uses the native :has() selector where available. Unpoly's polyfill for :has() will remain included for the time being. It will be removed as Firefox' :has() support has reached the majority of users (available on Nightly now).
• Improve performance of many element lookups, by finding elements via CSS selectors (vs. filtering lists with JavaScript).

Support for structured data markup

• Structured data in script[type="application/ld+json"] elements is considered a meta tag that will be updated with history changes.
• script[type="application/ld+json"] elements in are now preserved in new fragments with up.fragment.config.runScripts = false.

Bugfixes and minor improvements

• CSP nonces embedded into attribute callbacks now work with Content-Security-Policy-Report-Only.
• When the X-Up-Validate header value exceeds 2048 characters, it is now set to :unknown. This is to prevent web infrastructure from rejecting an overly long request line with an 413 Entity Too Large error.
• Fix a bug where up:assets:changed would be emitted for every response when configuring up.fragment.config.runScripts = false.
• up.form.isSubmittable() now returns false for forms with a cross-origin URL in their [action] attribute.
• up.util.contains() now works on NodeList objects.
• You can now configure which elements are removed by up.fragment.config.runScripts = false.

3.5.2

Continuing our focus on stability, this release addresses some long-standing issues:

• Fix a bug where <video> and <audio> elements would render incorrectly in Safari (#432).
• Fix a bug where <script up-keep> elements would re-run during subsequent render passes.
• Fix a bug where <script> elements would not run when targeted directly.
• Fix a bug where <noscript up-keep> elements would not be persisted during fragment updated.
• Fix a bug where <noscript> elements would lose their text content when targeted directly.

... (truncated)

Commits

• 6d4f13a Polish CHANGELOG for 3.6.1
• 7f7844a Version 3.6.1
• f1b1e81 [layer] Test that new layers don't use mode-specific main targets configured ...
• 2a8ac18 3.6.1-rc1
• 8497256 Fix a bug where overlays opened with { history: 'auto' } would not have histo...
• b79edeb TODOs
• 59354a1 Changed typo in label 'for' value
• 9a2a757 Version 3.6.0
• aad0925 Version 3.6.0-rc1
• bb87dc0 TODOs
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.webjars.npm:unpoly	[>= 3.0.a, < 3.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)