chore(deps): bump the npm_and_yarn group across 2 directories with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: webpack and lodash.
Bumps the npm_and_yarn group with 3 updates in the /e2e/native-esm directory: lodash, minimatch and tar.

Updates webpack from 5.102.1 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

• Added DotenvPlugin and top level dotenv option to enable this plugin
• Added WebpackManifestPlugin
• Added support the ignoreList option in devtool plugins
• Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

Commits

• 24e3c2d chore(release): new release (#20253)
• 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
• c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
• 4b0501c ci: fix release (#20252)
• 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
• 5bf8bc5 refactor: types for benchmarks and tests
• 505a5e7 chore(release): new release (#20188)
• 0c06680 refactor: update eslint configuration
• 2eb0d6a ci: release announcement (#20238)
• b2b2459 ci: cancel in progress (#20239)
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates minimatch from 9.0.5 to 9.0.6

Commits

• 7117ef3 9.0.6
• 2418458 update deps, do not checkin dist
• 1d1f531 update deps
• 03b1778 update CI matrix and actions
• f1aaffe update test expectations for coalesced consecutive stars
• 5012655 coalesce consecutive non-globstar * characters
• 3515d1e [meta] add publishConfig.tag legacy-v9
• See full diff in compare view

Updates tar from 7.5.6 to 7.5.9

Commits

• 1f0c2c9 7.5.9
• fbb0851 build minified version as default export
• 6b8eba0 7.5.8
• 2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
• d18e4e1 fix: do not write linkpaths through symlinks
• 4a37eb9 7.5.7
• f4a7aa9 fix: properly sanitize hard links containing ..
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[netlify]

✅ Deploy Preview for jestjs ready!

Name	Link
🔨 Latest commit	6b27816
🔍 Latest deploy log	https://app.netlify.com/projects/jestjs/deploys/699e2e8092f1b2000801a3a1
😎 Deploy Preview	https://deploy-preview-15968--jestjs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[pkg-pr-new]

Open in StackBlitz

babel-jest

npm i https://pkg.pr.new/babel-jest@15968

babel-plugin-jest-hoist

npm i https://pkg.pr.new/babel-plugin-jest-hoist@15968

babel-preset-jest

npm i https://pkg.pr.new/babel-preset-jest@15968

create-jest

npm i https://pkg.pr.new/create-jest@15968

@jest/diff-sequences

npm i https://pkg.pr.new/@jest/diff-sequences@15968

expect

npm i https://pkg.pr.new/expect@15968

@jest/expect-utils

npm i https://pkg.pr.new/@jest/expect-utils@15968

jest

npm i https://pkg.pr.new/jest@15968

jest-changed-files

npm i https://pkg.pr.new/jest-changed-files@15968

jest-circus

npm i https://pkg.pr.new/jest-circus@15968

jest-cli

npm i https://pkg.pr.new/jest-cli@15968

jest-config

npm i https://pkg.pr.new/jest-config@15968

@jest/console

npm i https://pkg.pr.new/@jest/console@15968

@jest/core

npm i https://pkg.pr.new/@jest/core@15968

@jest/create-cache-key-function

npm i https://pkg.pr.new/@jest/create-cache-key-function@15968

jest-diff

npm i https://pkg.pr.new/jest-diff@15968

jest-docblock

npm i https://pkg.pr.new/jest-docblock@15968

jest-each

npm i https://pkg.pr.new/jest-each@15968

@jest/environment

npm i https://pkg.pr.new/@jest/environment@15968

jest-environment-jsdom

npm i https://pkg.pr.new/jest-environment-jsdom@15968

@jest/environment-jsdom-abstract

npm i https://pkg.pr.new/@jest/environment-jsdom-abstract@15968

jest-environment-node

npm i https://pkg.pr.new/jest-environment-node@15968

@jest/expect

npm i https://pkg.pr.new/@jest/expect@15968

@jest/fake-timers

npm i https://pkg.pr.new/@jest/fake-timers@15968

@jest/get-type

npm i https://pkg.pr.new/@jest/get-type@15968

@jest/globals

npm i https://pkg.pr.new/@jest/globals@15968

jest-haste-map

npm i https://pkg.pr.new/jest-haste-map@15968

jest-jasmine2

npm i https://pkg.pr.new/jest-jasmine2@15968

jest-leak-detector

npm i https://pkg.pr.new/jest-leak-detector@15968

jest-matcher-utils

npm i https://pkg.pr.new/jest-matcher-utils@15968

jest-message-util

npm i https://pkg.pr.new/jest-message-util@15968

jest-mock

npm i https://pkg.pr.new/jest-mock@15968

@jest/pattern

npm i https://pkg.pr.new/@jest/pattern@15968

jest-phabricator

npm i https://pkg.pr.new/jest-phabricator@15968

jest-regex-util

npm i https://pkg.pr.new/jest-regex-util@15968

@jest/reporters

npm i https://pkg.pr.new/@jest/reporters@15968

jest-resolve

npm i https://pkg.pr.new/jest-resolve@15968

jest-resolve-dependencies

npm i https://pkg.pr.new/jest-resolve-dependencies@15968

jest-runner

npm i https://pkg.pr.new/jest-runner@15968

jest-runtime

npm i https://pkg.pr.new/jest-runtime@15968

@jest/schemas

npm i https://pkg.pr.new/@jest/schemas@15968

jest-snapshot

npm i https://pkg.pr.new/jest-snapshot@15968

@jest/snapshot-utils

npm i https://pkg.pr.new/@jest/snapshot-utils@15968

@jest/source-map

npm i https://pkg.pr.new/@jest/source-map@15968

@jest/test-result

npm i https://pkg.pr.new/@jest/test-result@15968

@jest/test-sequencer

npm i https://pkg.pr.new/@jest/test-sequencer@15968

@jest/transform

npm i https://pkg.pr.new/@jest/transform@15968

@jest/types

npm i https://pkg.pr.new/@jest/types@15968

jest-util

npm i https://pkg.pr.new/jest-util@15968

jest-validate

npm i https://pkg.pr.new/jest-validate@15968

jest-watcher

npm i https://pkg.pr.new/jest-watcher@15968

jest-worker

npm i https://pkg.pr.new/jest-worker@15968

pretty-format

npm i https://pkg.pr.new/pretty-format@15968

commit: 6b27816