fix(deps): update dependency smol-toml to v1.3.1 [security] (#11733)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [smol-toml](https://redirect.github.com/squirrelchat/smol-toml) |
[`1.3.0` ->
`1.3.1`](https://renovatebot.com/diffs/npm/smol-toml/1.3.0/1.3.1) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/smol-toml/1.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/smol-toml/1.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/smol-toml/1.3.0/1.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/smol-toml/1.3.0/1.3.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

### GitHub Vulnerability Alerts

####
[GHSA-pqhp-25j4-6hq9](https://redirect.github.com/squirrelchat/smol-toml/security/advisories/GHSA-pqhp-25j4-6hq9)

### Summary
An attacker can send a maliciously crafted TOML to cause the parser to
crash because of a stack overflow caused by a deeply nested inline
structure. A similar problem occurs when attempting to stringify deeply
nested objects.

The library does not limit the maximum exploration depth while parsing
or producing TOML documents, nor does it offer a way to do so.

### Proof of concept
```js
require("smol-toml").parse("e=" + "{e=".repeat(9999) + "{}" + "}".repeat(9999))
```

### Impact
Applications which parse arbitrary TOML documents may suffer
availability issues if they receive malicious input. If uncaught, the
crash may cause the application itself to crash. The impact is deemed
minor, as the function is already likely to throw errors on invalid
input and therefore to properly handle errors.

Due to the design of most JavaScript runtimes, the uncontrolled
recursion does not lead to excessive memory usage and the execution is
quickly aborted.

As a reminder, it is **strongly** advised when working with untrusted
user input to expect errors to occur and to appropriately catch them.

### Patches
Version 1.3.1 offers a mechanism to limit the exploration depth before
halting with a `TomlError` when parsing, with a default cap of 1000. A
same mechanism has been implemented for stringifying objects.

**Please note that the parser will *still* throw an error upon such
cases.** It is, however, a now-controlled and documented behavior of the
library.

### Workarounds
Wrap all invocations of `parse` and `stringify` in a try/catch block.

---

### Release Notes

<details>
<summary>squirrelchat/smol-toml (smol-toml)</summary>

###
[`v1.3.1`](https://redirect.github.com/squirrelchat/smol-toml/compare/v1.3.0...5ed3ead57e7cff51ecd1543c4dc6a8e0825458bd)

[Compare
Source](https://redirect.github.com/squirrelchat/smol-toml/compare/v1.3.0...5ed3ead57e7cff51ecd1543c4dc6a8e0825458bd)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/redwoodjs/redwood).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuMTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Author: renovate[bot]

packages/cli-helpers/package.json

@@ -68,7 +68,7 @@
     "prettier": "3.3.3",
     "prompts": "2.4.2",
     "semver": "7.6.3",
-    "smol-toml": "1.3.0",
+    "smol-toml": "1.3.1",
     "terminal-link": "2.1.1",
     "yargs-parser": "21.1.1"
   },

packages/cli/package.json

@@ -74,7 +74,7 @@
     "prompts": "2.4.2",
     "rimraf": "6.0.1",
     "semver": "7.6.3",
-    "smol-toml": "1.3.0",
+    "smol-toml": "1.3.1",
     "string-env-interpolation": "1.0.1",
     "systeminformation": "5.23.5",
     "terminal-link": "2.1.1",

packages/project-config/package.json

@@ -38,7 +38,7 @@
   "dependencies": {
     "deepmerge": "4.3.1",
     "fast-glob": "3.3.2",
-    "smol-toml": "1.3.0",
+    "smol-toml": "1.3.1",
     "string-env-interpolation": "1.0.1"
   },
   "devDependencies": {

packages/structure/package.json

@@ -43,7 +43,7 @@
     "lodash-decorators": "6.0.1",
     "lru-cache": "11.0.1",
     "proxyquire": "2.1.3",
-    "smol-toml": "1.3.0",
+    "smol-toml": "1.3.1",
     "ts-morph": "23.0.0",
     "vscode-languageserver": "6.1.1",
     "vscode-languageserver-textdocument": "1.0.12",

yarn.lock

@@ -8084,7 +8084,7 @@ __metadata:
     prettier: "npm:3.3.3"
     prompts: "npm:2.4.2"
     semver: "npm:7.6.3"
-    smol-toml: "npm:1.3.0"
+    smol-toml: "npm:1.3.1"
     terminal-link: "npm:2.1.1"
     tsx: "npm:4.19.1"
     typescript: "npm:5.6.2"
@@ -8169,7 +8169,7 @@ __metadata:
     prompts: "npm:2.4.2"
     rimraf: "npm:6.0.1"
     semver: "npm:7.6.3"
-    smol-toml: "npm:1.3.0"
+    smol-toml: "npm:1.3.1"
     string-env-interpolation: "npm:1.0.1"
     systeminformation: "npm:5.23.5"
     terminal-link: "npm:2.1.1"
@@ -8676,7 +8676,7 @@ __metadata:
     fast-glob: "npm:3.3.2"
     publint: "npm:0.2.11"
     rimraf: "npm:6.0.1"
-    smol-toml: "npm:1.3.0"
+    smol-toml: "npm:1.3.1"
     string-env-interpolation: "npm:1.0.1"
     tsx: "npm:4.19.1"
     typescript: "npm:5.6.2"
@@ -8827,7 +8827,7 @@ __metadata:
     lodash-decorators: "npm:6.0.1"
     lru-cache: "npm:11.0.1"
     proxyquire: "npm:2.1.3"
-    smol-toml: "npm:1.3.0"
+    smol-toml: "npm:1.3.1"
     ts-morph: "npm:23.0.0"
     typescript: "npm:5.6.2"
     vitest: "npm:2.0.5"
@@ -27493,10 +27493,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"smol-toml@npm:1.3.0":
-  version: 1.3.0
-  resolution: "smol-toml@npm:1.3.0"
-  checksum: 10c0/442b4d033236ff6dd05bf91d57695fd9070a8221af080a5b2782cb2d9fad8bc31f698c61de5308a351907c1200202ba3ee51d52c5704f5349149e7c374f5fe90
+"smol-toml@npm:1.3.1":
+  version: 1.3.1
+  resolution: "smol-toml@npm:1.3.1"
+  checksum: 10c0/bac5bf4f2655fd561fe41f9426d70ab68b486631beff97a7f127f5d2f811b5e247d50a06583be03d35a625dcb05b7984b94a61a81c68ea2810ac7a9bf4edc64d
   languageName: node
   linkType: hard