Update Frontend

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@ianvs/prettier-plugin-sort-imports	4.2.0 -> 4.2.1
@playwright/test (source)	1.42.0 -> 1.43.0
@types/node (source)	20.11.27 -> 20.12.5
sharp (source, changelog)	0.33.2 -> 0.33.3
typescript (source)	5.4.2 -> 5.4.4

---

Release Notes

ianvs/prettier-plugin-sort-imports (@​ianvs/prettier-plugin-sort-imports)

v4.2.1

Compare Source

What's Changed

Bugfixes

• Detect Vue 2.7 / 3 more reliably by @​IanVS in https://github.com/IanVS/prettier-plugin-sort-imports/pull/160
• Setting importOrder to [] should disable plugin by @​IanVS in https://github.com/IanVS/prettier-plugin-sort-imports/pull/161

Full Changelog: IanVS/prettier-plugin-sort-imports@v4.2.0...v4.2.1

microsoft/playwright (@​playwright/test)

v1.43.0

Compare Source

New APIs

• Method browserContext.clearCookies() now supports filters to remove only some cookies.

  // Clear all cookies.
  await context.clearCookies();
  // New: clear cookies with a particular name.
  await context.clearCookies({ name: 'session-id' });
  // New: clear cookies for a particular domain.
  await context.clearCookies({ domain: 'my-origin.com' });

• New mode retain-on-first-failure for testOptions.trace. In this mode, trace is recorded for the first run of each test, but not for retires. When test run fails, the trace file is retained, otherwise it is removed.

  import { defineConfig } from '@​playwright/test';
  
  export default defineConfig({
    use: {
      trace: 'retain-on-first-failure',
    },
  });

• New property testInfo.tags exposes test tags during test execution.

  test('example', async ({ page }) => {
    console.log(test.info().tags);
  });

• New method locator.contentFrame() converts a Locator object to a FrameLocator. This can be useful when you have a Locator object obtained somewhere, and later on would like to interact with the content inside the frame.

  const locator = page.locator('iframe[name="embedded"]');
  // ...
  const frameLocator = locator.contentFrame();
  await frameLocator.getByRole('button').click();

• New method frameLocator.owner() converts a FrameLocator object to a Locator. This can be useful when you have a FrameLocator object obtained somewhere, and later on would like to interact with the iframe element.

  const frameLocator = page.frameLocator('iframe[name="embedded"]');
  // ...
  const locator = frameLocator.owner();
  await expect(locator).toBeVisible();

UI Mode Updates

• See tags in the test list.
• Filter by tags by typing @fast or clicking on the tag itself.
• New shortcuts:
  • F5 to run tests.
  • Shift F5 to stop running tests.
  • Ctrl ` to toggle test output.

Browser Versions

• Chromium 124.0.6367.29
• Mozilla Firefox 124.0
• WebKit 17.4

This version was also tested against the following stable channels:

• Google Chrome 123
• Microsoft Edge 123

v1.42.1

Compare Source

Highlights

https://github.com/microsoft/playwright/issues/29732 - [Regression]: HEAD requests to webServer.url since v1.42.0https://github.com/microsoft/playwright/issues/297466 - [Regression]: Playwright CT CLI scripts fail due to broken initializePlugin imporhttps://github.com/microsoft/playwright/issues/2973939 - [Bug]: Component tests fails when imported a module with a dot in a nahttps://github.com/microsoft/playwright/issues/29731731 - [Regression]: 1.42.0 breaks some import statemehttps://github.com/microsoft/playwright/issues/297609760 - [Bug]: Possible regression with chained locators in v1.42

Browser Versions

• Chromium 123.0.6312.4
• Mozilla Firefox 123.0
• WebKit 17.4

This version was also tested against the following stable channels:

• Google Chrome 122
• Microsoft Edge 123

lovell/sharp (sharp)

v0.33.3

Compare Source

Microsoft/TypeScript (typescript)

v5.4.4: TypeScript 5.4.4

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.4.0 (Beta).
• fixed issues query for Typescript 5.4.1 (RC).
• fixed issues query for Typescript 5.4.2 (Stable).
• fixed issues query for Typescript 5.4.3 (Stable).
• fixed issues query for Typescript 5.4.4 (Stable).

Downloads are available on:

• NuGet package

v5.4.3: TypeScript 5.4.3

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.4.0 (Beta).
• fixed issues query for Typescript 5.4.1 (RC).
• fixed issues query for Typescript 5.4.2 (Stable).
• fixed issues query for Typescript 5.4.3 (Stable).

Downloads are available on:

• NuGet package

---

Configuration

📅 Schedule: Branch creation - "on the 2nd and 4th day instance on sunday after 9pm" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[acouch]

The same CVE-2024-28085 is tripping up our front-end tests:

┌───────────────┬────────────────┬──────────┬────────┬────────────────────┬──────────────────┬─────────────────────────────────────────────────────────────┐
│    Library    │ Vulnerability  │ Severity │ Status │ Installed Version  │  Fixed Version   │                            Title                            │
├───────────────┼────────────────┼──────────┼────────┼────────────────────┼──────────────────┼─────────────────────────────────────────────────────────────┤
│ bsdutils      │ CVE-2024-28085 │ HIGH     │ fixed  │ 1:2.36.1-8+deb11u1 │ 2.36.1-8+deb11u2 │ util-linux: CVE-2024-28085: wall: escape sequence injection │
│               │                │          │        │                    │                  │ https://avd.aquasec.com/nvd/cve-2024-28085                  │
├───────────────┤                │          │        ├────────────────────┤                  │                                                             │
│ libblkid1     │                │          │        │ 2.[36](https://github.com/HHS/simpler-grants-gov/actions/runs/8513273599/job/23316649271?pr=1529#step:6:37).1-8+deb11u1   │                  │                                                             │
│               │                │          │        │                    │                  │                                                             │
├───────────────┤

Noting that we are using bullesye in the front-end and bookworm (not bullesye in the API. The bookworm node docker image has the util-linux fix. We could wait for an upstream fix to node-20:bullseye-slim, try to upgrade, or add this to the list.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.