[5.3] Update dependencies

[laoneo]

Updates the dependencies.

[HLeithner]

Did a code review on all direct dependencies, sa11y is hard to review, many language changes and precompiled/minified files. Also checked a couple uncommon transient dependencies.

[brianteeman]

I have tested this item ✅ successfully on 2d6b088

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/45071.}

[richard67]

@laoneo Could you update this PR for the new version 3.1.0 of the filesystem framework? https://github.com/joomla-framework/filesystem/releases/tag/3.1.0

[laoneo]

done

[richard67]

Thanks. That was quick.

[richard67]

I have tested this item ✅ successfully on caa3c70

I've reviewed the changes and have compared the full install zip packages created without and with this PR, have compared the console output from both builds, and have tested an installation with the PR applied and finally a live update of that installation to the patched package for this PR.

It all worked, and the comparison of the packages has not shown any unexpected differences, i.e. our js and css compile works as before.

On the installation with the PR applied, there were no unexpected new errors in the PHP error log or the developer console.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/45071.}

[richard67]

@laoneo Why have you invalidated the human test count by an unnecessary branch update?

[laoneo]

It is then already up to date.

[richard67]

That still doesn’t explain why you don’t restore the human test with the „alter test“ button in the issue tracker after the branch update.

[laoneo]

rtc

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/45071.}

[richard67]

rtc

Not really right as @brianteeman ‘s test was invalidated by a later commit which updated again some dependencies.

[laoneo]

back to pending then

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/45071.}

[richard67]

back to pending then

It still needs to restore my test result in the issue tracker so that my test is still counted because the commit after my test was just a clean branch update. I will do that for now, but plese remember doing that yourself next time when you update the branch of a PR which has tests but is not RTC yet so you don't cause additional work for other maintainers. Thanks.

[laoneo]

Thanks

[richard67]

@brianteeman Could you repeat your test (or review)? The PR has received an update meanwhile. Thanks in advance.

[brianteeman]

esbuild <=0.24.2
Severity: moderate
esbuild enables any website to send any requests to the development server and read the response - GHSA-67mh-4wv8-2f99
fix available via npm audit fix --force
Will install [email protected], which is a breaking change

[richard67]

Well, it requires the force parameter and is a breaking change, so we can’t do that, I think.

[laoneo]

And it is on development only anyway, not being shipped with the public installable package.