[Security] Bump xterm from 3.3.0 to 4.5.0

[dependabot-preview]

Bumps xterm from 3.3.0 to 4.5.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Low severity vulnerability that affects xterm A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.

Affected versions: < 3.8.1

Release notes

Sourced from xterm's releases.

4.5.0

🚀 Features

📦 API

• New experimental link provider API (#2530, #2710) via @jmbockhorst. This flips around how links in the terminal work by asking an addon what links are available at a particular cell when its hovered, instead of pre-parsing the entire viewport using the current link matcher API. The plan is for this to eventually replace the registerLinkMatcher API. You can test this new API by setting the _useLinkProvider parameter on the web links addon.
• The alternate buffer can now be accessed via the experimental buffer API (#2713) via @JavaCS3. This breaks the previous API so if you're an early adopter be sure to update accordingly.

🐞 Bug fixes

• Remove duplicate CSS rule being added (#2715) via @kumaran-14
• Make cursor display on the last cell if it's off the edge of the screen (#2731) via @jerch
• Fix transparent theme colors on old Edge (#2739) via @felixse
• Fix addDisposableDomListener leaking events (#2767) via @JavaCS3
• Use role=list attribute when screenReaderMode is enabled (#2814) via @Tyriar
• Ensure multiple cursor blink animations aren't occurring at same time (#2817) via @Tyriar

📝 Documentation and internal improvements

• Typo, improving wording (#2698, #2766) via @Tyriar
• Consolidate integration test helper functions (#2711) via @jmbockhorst
• Migrate from puppeteer to playwright (#2712) @jmbockhorst
• Run tests in Firefox and WebKit (#2722, #2725) via @Tyriar
• Update to TypeScript 3.8 (#2730) via @Tyriar
• Document VT features in code and extract for the website (#2754) via @jerch
• Upgrade several dev dependencies (#2758, #2760, #2770, #2772, #2779, #2780, #2783, #2795, #2801, #2803, #2805, #2810, #2815, #2819, #2820) via @Tyriar, @dependabot, @dependabot-preview
• Migrate from tslint to eslint (#2786, #2799, #2827) via @Tyriar
• Upgrade mac agent in pipelines (#2800) via @Tyriar
• Use debug instead of warn log level for open on non-attached element (#2825) via @Tyriar

🛑 Breaking changes

• The buffer API has changed significantly:

  // before 4.5.0
  const activeBuffer = term.buffer
  // after 4.5.0
  const activeBuffer = term.buffer.active

🎉 New real-world use cases

• x-terminal (#2723) via @UziTech
• CoCalc (#2761) via @slel

---

🤝 Compatible addon versions

... (truncated)

Commits

• 4809a2e Merge pull request #2828 from Tyriar/release45
• f61d632 v4.5.0
• c66b25b Merge pull request #2827 from Tyriar/eslint_types
• a66edbd Merge pull request #2713 from JavaCS3/master
• ef0d834 Convert eslintrc to json and fix errors
• 89daaca Add missing api docs
• f4f15ee Add missing line in api
• 4c36ef9 Don't pass buffers to BufferApiView
• 886af69 Use a separate emitter for BufferNamespaceApi.onBufferChange
• c63949f Merge branch 'master' into master
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by tyriar, a new releaser for xterm since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #18.