build(deps): bump the npm_and_yarn group across 3 directories with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: webpack, ajv, minimatch and systeminformation.
Bumps the npm_and_yarn group with 1 update in the /buildutils directory: minimatch.
Bumps the npm_and_yarn group with 1 update in the /jupyterlab/staging directory: webpack.

Updates webpack from 5.94.0 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

• Added DotenvPlugin and top level dotenv option to enable this plugin
• Added WebpackManifestPlugin
• Added support the ignoreList option in devtool plugins
• Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

Commits

• 24e3c2d chore(release): new release (#20253)
• 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
• c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
• 4b0501c ci: fix release (#20252)
• 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
• 5bf8bc5 refactor: types for benchmarks and tests
• 505a5e7 chore(release): new release (#20188)
• 0c06680 refactor: update eslint configuration
• 2eb0d6a ci: release announcement (#20238)
• b2b2459 ci: cancel in progress (#20239)
• Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

• e3af0a7 6.14.0
• b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
• 72f2286 docs: update v7 info
• 231e52b Merge pull request #1320 from philsturgeon/patch-1
• d3475fc Add spectral, an AJV util from a sponsor
• 413afe0 docs: v7.0.0-beta.3
• 11e997b update readme for v7
• See full diff in compare view

Updates minimatch from 3.0.6 to 10.2.1

Changelog

Sourced from minimatch's changelog.

change log

10.2

• Add braceExpandMax option

10.1

• Add magicalBraces option for escape
• Fix makeRe when partial: true is set.
• Fix makeRe when pattern ends in a final ** path part.

10.0

• Require node 20 or 22 and higher

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits

• 6d7ac34 10.2.1
• 2e111f3 coalesce consecutive non-globstar * characters
• 1a62a2a 10.2.0
• 758b5a3 changelog 10.2
• 903e50b add braceExpandMax option, format
• a50a110 10.1.3
• a08c046 move back to og brace-expansion
• fde70d1 10.1.2
• 05210d8 update deps
• ba4093c update workflows and package stuff
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates systeminformation from 5.27.17 to 5.30.8

Release notes

Sourced from systeminformation's releases.

v5.30.8

Full Changelog: sebhildebrandt/systeminformation@v5.30.7...v5.30.8

v5.30.7

Full Changelog: sebhildebrandt/systeminformation@v5.30.6...v5.30.7

v5.30.6

Full Changelog: sebhildebrandt/systeminformation@v5.30.5...v5.30.6

v5.30.5

Full Changelog: sebhildebrandt/systeminformation@v5.30.4...v5.30.5

v5.30.4

Full Changelog: sebhildebrandt/systeminformation@v5.30.3...v5.30.4

v5.30.3

Full Changelog: sebhildebrandt/systeminformation@v5.30.2...v5.30.3

v5.30.2

Full Changelog: sebhildebrandt/systeminformation@v5.30.1...v5.30.2

v5.30.1

Full Changelog: sebhildebrandt/systeminformation@v5.30.0...v5.30.1

v5.30.0

Full Changelog: sebhildebrandt/systeminformation@v5.29.1...v5.30.0

v5.29.1

Full Changelog: sebhildebrandt/systeminformation@v5.29.0...v5.29.1

v5.29.0

Full Changelog: sebhildebrandt/systeminformation@v5.28.10...v5.29.0

Changelog

Sourced from systeminformation's changelog.

Changelog

Major Changes - Version 5

New Functions

• audio() detailed audio information
• bluetoothDevices() detailed information detected bluetooth devices
• dockerImages() detailed information docker images
• dockerVolumes() detailed information docker volumes
• printers() detailed printer information
• usb() detailed USB information
• wifiInterfaces() detected Wi-Fi interfaces
• wifiConnections() active Wi-Fi connections

Breaking Changes

Be aware, that the new version 5.x is NOT fully backward compatible to version 4.x ...

We had to make several interface changes to keep systeminformation as consistent as possible. We highly recommend to go through the complete list and adapt your own code to be again compatible to the new version 5.

Function	Old	New (V5)	Comments
unsupported values	-1	null	values which are unknown orunsupported on platform
battery()	hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining	hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining	pascalCase conformity
blockDevices()	fstype	fsType	pascalCase conformity
cpu()	speedminspeedmax	speedMinspeedMax	pascalCase conformity
cpu().speedcpu().speedMincpu().speedMax	string values	now returningnumerical values	better value handling
cpuCurrentspeed()		cpuCurrentSpeed()	function name changedpascalCase conformity
currentLoad()	avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload	avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad	pascalCase conformity
dockerContainerStats()	mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats	memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats	pascalCase conformity
dockerContainerProcesses()	pid_host	pidHost	pascalCase conformity
graphics().display	pixeldepthresolutionxresolutionysizexsizey	pixelDepthresolutionXresolutionYsizeXsizeY	pascalCase conformity
networkConnections()	localaddresslocalportpeeraddresspeerport	localAddresslocalPortpeerAddresspeerPort	pascalCase conformity
networkInterfaces()	carrier_changes	carrierChanges	pascalCase conformity
processes()	mem_vszmem_rsspcpupcpuupcpuspmem	memVszmemRsscpucpuucpusmem	pascalCase conformityrenamed attributes
processLoad()	result as object	result as array of objects	function now allows to provide more thanone process (as a comma separated list)
services()	pcpupmem	cpumem	renamed attributes
vbox()	HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC	hpetpaeapicx2ApicacpiioApicbiosApicModertc	pascalCase conformity

Other Improvements and Changes

• baseboard(): added memMax, memSlots
• bios(): added language and features (linux)
• blockDevices() added raid group member (linux)
• cpu(): extended AMD processor list

... (truncated)

Commits

• 612d97e 5.30.8
• 22242aa wifiNetworks() fixed CWE-78 command injection issue (linux)
• 41c7ea4 5.30.7
• f4ff1d9 networkInterfaces() fixed getWindowsIEEE8021x issue (windows)
• ea02021 5.30.6
• 53cca2f graphics() improved nvidia-smi detection (windows)
• 5231c64 fix nvidia-smi folder search (windows)
• 42bc5a7 5.30.5
• 505d327 networkInterfaces() fix uppercase iface names (linux)
• 06e47be 5.30.4
• Additional commits viewable in compare view

Updates minimatch from 3.0.8 to 10.2.2

Changelog

Sourced from minimatch's changelog.

change log

10.2

• Add braceExpandMax option

10.1

• Add magicalBraces option for escape
• Fix makeRe when partial: true is set.
• Fix makeRe when pattern ends in a final ** path part.

10.0

• Require node 20 or 22 and higher

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits

• 6d7ac34 10.2.1
• 2e111f3 coalesce consecutive non-globstar * characters
• 1a62a2a 10.2.0
• 758b5a3 changelog 10.2
• 903e50b add braceExpandMax option, format
• a50a110 10.1.3
• a08c046 move back to og brace-expansion
• fde70d1 10.1.2
• 05210d8 update deps
• ba4093c update workflows and package stuff
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates webpack from 5.94.0 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

• Added DotenvPlugin and top level dotenv option to enable this plugin
• Added WebpackManifestPlugin
• Added support the ignoreList option in devtool plugins
• Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

Commits

• 24e3c2d chore(release): new release (#20253)
• 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
• c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
• 4b0501c ci: fix release (#20252)
• 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
• 5bf8bc5 refactor: types for benchmarks and tests
• 505a5e7 chore(release): new release (#20188)
• 0c06680 refactor: update eslint configuration
• 2eb0d6a ci: release announcement (#20238)
• b2b2459 ci: cancel in progress (#20239)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.