chore(deps): update all non-major dependencies (main) - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@types/chrome (source)	^0.0.268 -> ^0.0.269					devDependencies	patch
actions/download-artifact	v4.1.7 -> v4.1.8					action	patch
actions/setup-node	v4.0.2 -> v4.0.3					action	patch
actions/upload-artifact	v4.3.3 -> v4.3.4					action	patch	v4.3.5
esbuild	~0.21.0 -> ~0.23.0					dependencies	minor
esbuild	~0.21.0 -> ~0.23.0					devDependencies	minor
github/codeql-action	v3.25.10 -> v3.25.15					action	patch
husky	~9.0.11 -> ~9.1.0					devDependencies	minor
memfs	~4.9.0 -> ~4.11.0					peerDependencies	minor
memfs	~4.9.0 -> ~4.11.0					devDependencies	minor
ossf/scorecard-action	v2.3.3 -> v2.4.0					action	minor
typedoc (source)	~0.25.0 -> ~0.26.0					dependencies	minor
typedoc (source)	~0.25.0 -> ~0.26.0					devDependencies	minor
webpack	~5.92.0 -> ~5.93.0					peerDependencies	minor
webpack	~5.92.0 -> ~5.93.0					devDependencies	minor

---

Release Notes

actions/download-artifact (actions/download-artifact)

v4.1.8

Compare Source

What's Changed

• Update @​actions/artifact version, bump dependencies by @​robherley in https://github.com/actions/download-artifact/pull/341

Full Changelog: actions/download-artifact@v4...v4.1.8

actions/setup-node (actions/setup-node)

v4.0.3

Compare Source

actions/upload-artifact (actions/upload-artifact)

v4.3.4

Compare Source

What's Changed

• Update @​actions/artifact version, bump dependencies by @​robherley in https://github.com/actions/upload-artifact/pull/584

Full Changelog: actions/upload-artifact@v4.3.3...v4.3.4

evanw/esbuild (esbuild)

v0.23.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.22.0 or ~0.22.0. See npm's documentation about semver for more information.

• Revert the recent change to avoid bundling dependencies for node (#​3819)

  This release reverts the recent change in version 0.22.0 that made --packages=external the default behavior with --platform=node. The default is now back to --packages=bundle.

  I've just been made aware that Amazon doesn't pin their dependencies in their "AWS CDK" product, which means that whenever esbuild publishes a new release, many people (potentially everyone?) using their SDK around the world instantly starts using it without Amazon checking that it works first. This change in version 0.22.0 happened to break their SDK. I'm amazed that things haven't broken before this point. This revert attempts to avoid these problems for Amazon's customers. Hopefully Amazon will pin their dependencies in the future.

  In addition, this is probably a sign that esbuild is used widely enough that it now needs to switch to a more complicated release model. I may have esbuild use a beta channel model for further development.

• Fix preserving collapsed JSX whitespace (#​3818)

  When transformed, certain whitespace inside JSX elements is ignored completely if it collapses to an empty string. However, the whitespace should only be ignored if the JSX is being transformed, not if it's being preserved. This release fixes a bug where esbuild was previously incorrectly ignoring collapsed whitespace with --jsx=preserve. Here is an example:

  // Original code
  <Foo>
    <Bar />
  </Foo>
  
  // Old output (with --jsx=preserve)
  <Foo><Bar /></Foo>;
  
  // New output (with --jsx=preserve)
  <Foo>
    <Bar />
  </Foo>;

v0.22.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.21.0 or ~0.21.0. See npm's documentation about semver for more information.

• Omit packages from bundles by default when targeting node (#​1874, #​2830, #​2846, #​2915, #​3145, #​3294, #​3323, #​3582, #​3809, #​3815)

  This breaking change is an experiment. People are commonly confused when using esbuild to bundle code for node (i.e. for --platform=node) because some packages may not be intended for bundlers, and may use node-specific features that don't work with a bundler. Even though esbuild's "getting started" instructions say to use --packages=external to work around this problem, many people don't read the documentation and don't do this, and are then confused when it doesn't work. So arguably this is a bad default behavior for esbuild to have if people keep tripping over this.

  With this release, esbuild will now omit packages from the bundle by default when the platform is node (i.e. the previous behavior of --packages=external is now the default in this case). Note that your dependencies must now be present on the file system when your bundle is run. If you don't want this behavior, you can do --packages=bundle to allow packages to be included in the bundle (i.e. the previous default behavior). Note that --packages=bundle doesn't mean all packages are bundled, just that packages are allowed to be bundled. You can still exclude individual packages from the bundle using --external: even when --packages=bundle is present.

  The --packages= setting considers all import paths that "look like" package imports in the original source code to be package imports. Specifically import paths that don't start with a path segment of / or . or .. are considered to be package imports. The only two exceptions to this rule are subpath imports (which start with a # character) and TypeScript path remappings via paths and/or baseUrl in tsconfig.json (which are applied first).

• Drop support for older platforms (#​3802)

  This release drops support for the following operating systems:

  • Windows 7
  • Windows 8
  • Windows Server 2008
  • Windows Server 2012

  This is because the Go programming language dropped support for these operating system versions in Go 1.21, and this release updates esbuild from Go 1.20 to Go 1.22.

  Note that this only affects the binary esbuild executables that are published to the esbuild npm package. It's still possible to compile esbuild's source code for these older operating systems. If you need to, you can compile esbuild for yourself using an older version of the Go compiler (before Go version 1.21). That might look something like this:

  git clone https://github.com/evanw/esbuild.git
  cd esbuild
  go build ./cmd/esbuild
  ./esbuild.exe --version
  

  In addition, this release increases the minimum required node version for esbuild's JavaScript API from node 12 to node 18. Node 18 is the oldest version of node that is still being supported (see node's release schedule for more information). This increase is because of an incompatibility between the JavaScript that the Go compiler generates for the esbuild-wasm package and versions of node before node 17.4 (specifically the crypto.getRandomValues function).

• Update await using behavior to match TypeScript

  TypeScript 5.5 subtly changes the way await using behaves. This release updates esbuild to match these changes in TypeScript. You can read more about these changes in microsoft/TypeScript#58624.

• Allow es2024 as a target environment

  The ECMAScript 2024 specification was just approved, so it has been added to esbuild as a possible compilation target. You can read more about the features that it adds here: https://2ality.com/2024/06/ecmascript-2024.html. The only addition that's relevant for esbuild is the regular expression /v flag. With --target=es2024, regular expressions that use the /v flag will now be passed through untransformed instead of being transformed into a call to new RegExp.

• Publish binaries for OpenBSD on 64-bit ARM (#​3665, #​3674)

  With this release, you should now be able to install the esbuild npm package in OpenBSD on 64-bit ARM, such as on an Apple device with an M1 chip.

  This was contributed by @​ikmckenz.

• Publish binaries for WASI (WebAssembly System Interface) preview 1 (#​3300, #​3779)

  The upcoming WASI (WebAssembly System Interface) standard is going to be a way to run WebAssembly outside of a JavaScript host environment. In this scenario you only need a .wasm file without any supporting JavaScript code. Instead of JavaScript providing the APIs for the host environment, the WASI standard specifies a "system interface" that WebAssembly code can access directly (e.g. for file system access).

  Development versions of the WASI specification are being released using preview numbers. The people behind WASI are currently working on preview 2 but the Go compiler has released support for preview 1, which from what I understand is now considered an unsupported legacy release. However, some people have requested that esbuild publish binary executables that support WASI preview 1 so they can experiment with them.

  This release publishes esbuild precompiled for WASI preview 1 to the @esbuild/wasi-preview1 package on npm (specifically the file @esbuild/wasi-preview1/esbuild.wasm). This binary executable has not been tested and won't be officially supported, as it's for an old preview release of a specification that has since moved in another direction. If it works for you, great! If not, then you'll likely have to wait for the ecosystem to evolve before using esbuild with WASI. For example, it sounds like perhaps WASI preview 1 doesn't include support for opening network sockets so esbuild's local development server is unlikely to work with WASI preview 1.

• Warn about onResolve plugins not setting a path (#​3790)

  Plugins that return values from onResolve without resolving the path (i.e. without setting either path or external: true) will now cause a warning. This is because esbuild only uses return values from onResolve if it successfully resolves the path, and it's not good for invalid input to be silently ignored.

• Add a new Go API for running the CLI with plugins (#​3539)

  With esbuild's Go API, you can now call cli.RunWithPlugins(args, plugins) to pass an array of esbuild plugins to be used during the build process. This allows you to create a CLI that behaves similarly to esbuild's CLI but with additional Go plugins enabled.

  This was contributed by @​edewit.

github/codeql-action (github/codeql-action)

v3.25.15

Compare Source

v3.25.14

Compare Source

v3.25.13

Compare Source

v3.25.12

Compare Source

v3.25.11

Compare Source

typicode/husky (husky)

v9.1.4

Compare Source

v9.1.3

Compare Source

• fix: better handle space in PATH

v9.1.2

Compare Source

v9.1.1

Compare Source

v9.1.0

Compare Source

Super saiyan god dog! It's over 9.0.0!

There's a bug with this release which prevents the deprecation notice to appear and requires to remove #!/usr/bin/env sh and . "$(dirname -- "$0")/_/husky.sh" (which are deprecated by the way). I'll publish a new version to fix that. Sorry about any inconvenience.

What's new

You can now run package commands directly, no need for npx or equivalents.
It makes writing hooks more intuitive and is also slightly faster 🐺⚡️

### .husky/pre-commit
- npx jest
+ jest # ~0.2s faster

A new recipe has been added to the docs. Lint staged files without external dependencies (inspired by Prettier docs). Feel free to modify it.

### .husky/pre-commit
prettier $(git diff --cached --name-only --diff-filter=ACMR | sed 's| |\\ |g') --write --ignore-unknown
git update-index --again

For more advanced use cases, see lint-staged.

Fixes

• bunx husky init command
• Workaround for some hooks implementation on Windows 🤷

Deprecations

• Remove #!/usr/bin/env sh and . "$(dirname -- "$0")/_/husky.sh" from your hooks
• Move your code from ~/.huskyrc to .config/husky/init.sh

Support for these will be removed in v10, notices have been added.

Friendly reminder

If Git hooks don't fit your workflow, you can disable Husky globally. Just add export HUSKY=0 to .config/husky/init.sh.

I've seen some confusion about this on X, so just a heads-up!

Sponsoring

Husky is downloaded over 45M times per month and used by ~1.5M projects. If your company wants to sponsor, you can do so here: GitHub Sponsors.

Have a nice summer ☀️ I'm open to new opportunities/consulting so feel free to drop me a message 😉

streamich/memfs (memfs)

v4.11.1

Compare Source

Bug Fixes

• 🐛 declare ReadableStream global type (#​1048) (57fba2c)

v4.11.0

Compare Source

Features

• volume implementation of .opendir() method (7072fb7)

v4.10.0

Compare Source

Features

• 🎸 add IReadableWebStreamOptions type (99ebd64)
• 🎸 implement FileHandle.readableWebStream() (c3ddc6c)

4.9.4 (2024-07-23)

Bug Fixes

• ensure files in subdirectories are returned as buffers when calling toJSON with asBuffer (#​1041) (c3d4cf3)

4.9.3 (2024-06-14)

Bug Fixes

• replace sonic-forest with tree-dump (#​1038) (f989dcd)

4.9.2 (2024-04-30)

Bug Fixes

• 🐛 bump @​jsonjoy.com/util package (eea3b42)
• 🐛 bump json-pack (32cc4da)

4.9.1 (2024-04-27)

Bug Fixes

• 🐛 use latest json-pack implementation (de54ab5)

v4.9.4

Compare Source

Bug Fixes

• ensure files in subdirectories are returned as buffers when calling toJSON with asBuffer (#​1041) (c3d4cf3)

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1410
• 🐛 lower license sarif alert threshold to 9 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1411

Documentation

• docs: dogfooding badge by @​jkowalleck in https://github.com/ossf/scorecard-action/pull/1399

New Contributors

• @​jkowalleck made their first contribution in https://github.com/ossf/scorecard-action/pull/1399

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

TypeStrong/TypeDoc (typedoc)

v0.26.5

Compare Source

Features

• TypeDoc now exposes array option defaults under OptionDefaults, #​2640.

Bug Fixes

• Constructor parameters which share a name with a property on a parent class will no longer inherit the comment on the parent class, #​2636.
• Packages mode will now attempt to use the comment declared in the comment class for inherited members, #​2622.
• TypeDoc no longer crashes when @document includes an empty file, #​2638.
• API: Event listeners added later with the same priority will be called later, #​2643.

Thanks!

• @​bladerunner2020

v0.26.4

Compare Source

Bug Fixes

• The page navigation sidebar no longer incorrectly includes re-exports if the same member is exported with multiple names #​2625.
• Page navigation now ensures the current page is visible when the page is first loaded, #​2626.
• If a relative linked image is referenced multiple times, TypeDoc will no longer sometimes produce invalid links to the image #​2627.
• @link tags will now be validated in referenced markdown documents, #​2629.
• @link tags are now resolved in project documents, #​2629.
• HTML/JSON output generated by TypeDoc now contains a trailing newline, #​2632.
• TypeDoc now correctly handles markdown documents with CRLF line endings, #​2628.
• @hidden is now properly applied when placed in a function implementation comment, #​2634.
• Comments on re-exports are now rendered.

Thanks!

• @​bukowa
• @​garrett-hopper

v0.26.3

Compare Source

Features

• "On This Page" navigation now includes the page groups in collapsible sections, #​2616.

Bug Fixes

• mailto: links are no longer incorrectly recognized as relative paths, #​2613.
• Added @since to the default list of recognized tags, #​2614.
• Relative paths to directories will no longer cause the directory to be copied into the media directory, #​2617.

v0.26.2

Compare Source

Features

• Added a --suppressCommentWarningsInDeclarationFiles option to disable warnings from
  parsing comments in declaration files, #​2611.
• Improved comment discovery to more closely match TypeScript's discovery when getting comments
  for members of interfaces/classes, #​2084, #​2545.

Bug Fixes

• The text non-highlighted language no longer causes warnings when rendering, #​2610.
• If a comment on a method is inherited from a parent class, and the child class does not
  use an @param tag from the parent, TypeDoc will no longer warn about the @param tag.

v0.26.1

Compare Source

Features

• Improved Korean translation coverage, #​2602.

Bug Fixes

• Added @author to the default list of recognized tags, #​2603.
• Anchor links are no longer incorrectly checked for relative paths, #​2604.
• Fixed an issue where line numbers reported in error messages could be incorrect, #​2605.
• Fixed relative link detection for markdown links containing code in their label, #​2606.
• Fixed an issue with packages mode where TypeDoc would use (much) more memory than required, #​2607.
• TypeDoc will no longer crash when asked to render highlighted code for an unsupported language, #​2609.
• Fixed an issue where relatively-linked files would not be copied to the output directory in packages mode.
• Fixed an issue where modifier tags were not applied to top level modules in packages mode.
• Fixed an issue where excluded tags were not removed from top level modules in packages mode.
• .jsonc configuration files are now properly read as JSONC, rather than being passed to require.

Thanks!

• @​KNU-K

v0.26.0

Compare Source

Breaking Changes

• Drop support for Node 16.
• Moved from marked to markdown-it for parsing as marked has moved to an async model which supporting would significantly complicate TypeDoc's rendering code.
  This means that any projects setting markedOptions needs to be updated to use markdownItOptions.
  Unlike marked@4, markdown-it pushes lots of functionality to plugins. To use plugins, a JavaScript config file must be used with the markdownItLoader option.
• Updated Shiki from 0.14 to 1.x. This should mostly be a transparent update which adds another 23 supported languages and 13 supported themes.
  As Shiki adds additional languages, the time it takes to load the highlighter increases linearly. To avoid rendering taking longer than necessary,
  TypeDoc now only loads a few common languages. Additional languages can be loaded by setting the --highlightLanguages option.
• Changed default of --excludePrivate to true.
• Renamed --sitemapBaseUrl to --hostedBaseUrl to reflect that it can be used for more than just the sitemap.
• Removed deprecated navigation.fullTree option.
• Removed --media option, TypeDoc will now detect image links within your comments and markdown documents and automatically copy them to the site.
• Removed --includes option, use the @document tag instead.
• Removed --stripYamlFrontmatter option, TypeDoc will always do this now.
• Renamed the --htmlLang option to --lang.
• Removed the --gaId option for Google Analytics integration and corresponding analytics theme member, #​2600.
• All function-likes may now have comments directly attached to them. This is a change from previous versions of TypeDoc where functions comments
  were always moved down to the signature level. This mostly worked, but caused problems with type aliases, so was partially changed in 0.25.13.
  This change was extended to apply not only to type aliases, but also other function-likes declared with variables and callable properties.
  As a part of this change, comments on the implementation signature of overloaded functions will now be added to the function reflection, and will
  not be inherited by signatures of that function, #​2521.
• API: TypeDoc now uses a typed event emitter to provide improved type safety, this found a bug where Converter.EVENT_CREATE_DECLARATION
  was emitted for ProjectReflection in some circumstances.
• API: MapOptionDeclaration.mapError has been removed.
• API: Deprecated BindOption decorator has been removed.
• API: DeclarationReflection.indexSignature has been renamed to DeclarationReflection.indexSignatures.
  Note: This also affects JSON serialization. TypeDoc will support JSON output from 0.25 through at least 0.26.
• API: JSONOutput.SignatureReflection.typeParameter has been renamed to typeParameters to match the JS API.
• API: DefaultThemeRenderContext.iconsCache has been removed as it is no longer needed.
• API: DefaultThemeRenderContext.hook must now be passed context if required by the hook.

Features

• Added support for TypeScript 5.5.
• Added new --projectDocuments option to specify additional Markdown documents to be included in the generated site #​247, #​1870, #​2288, #​2565.
• TypeDoc now has the architecture in place to support localization. No languages besides English
  are currently shipped in the package, but it is now possible to add support for additional languages, #​2475.
• Added support for a packageOptions object which specifies options that should be applied to each entry point when running with --entryPointStrategy packages, #​2523.
• --hostedBaseUrl will now be used to generate a <link rel="canonical"> element in the project root page, #​2550.
• Added support for documenting individual elements of a union type, #​2585.
  Note: This feature is only available on type aliases directly containing unions.
• TypeDoc will now log the number of errors/warnings errors encountered, if any, after a run, #​2581.
• New option, --customFooterHtml to add custom HTML to the generated page footer, #​2559.
• TypeDoc will now copy modifier tags to children if specified in the --cascadedModifierTags option, #​2056.
• TypeDoc will now warn if mutually exclusive modifier tags are specified for a comment (e.g. both @alpha and @beta), #​2056.
• Groups and categories can now be collapsed in the page body, #​2330.
• Added support for JSDoc @hideconstructor tag.
  This tag should only be used to work around TypeScript#58653, prefer the more general @hidden/@ignore tag to hide members normally, #​2577.
• Added --useHostedBaseUrlForAbsoluteLinks option to use the --hostedBaseUrl option to produce absolute links to pages on a site, #​940.
• Tag headers now generate permalinks in the default theme, #​2308.
• TypeDoc now attempts to use the "most likely name" for a symbol if the symbol is not present in the documentation, #​2574.
• Fixed an issue where the "On This Page" section would include markdown if the page contained headings which contained markdown.
• TypeDoc will now warn if a block tag is used which is not defined by the --blockTags option.
• Added three new sort strategies documents-first, documents-last, and alphabetical-ignoring-documents to order markdown documents.
• Added new --alwaysCreateEntryPointModule option. When set, TypeDoc will always create a Module for entry points, even if only one is provided.
  If --projectDocuments is used to add documents, this option defaults to true, otherwise, defaults to false.
• Added new --highlightLanguages option to control what Shiki language packages are loaded.
• TypeDoc will now render union elements on new lines if there are more than 3 items in the union.
• TypeDoc will now only render the "Type Declaration" section if it will provide additional information not already presented in the page.
  This results in significantly smaller documentation pages in many cases where that section would just repeat what has already been presented in the rendered type.
• Added comment.beforeTags and comment.afterTags hooks for plugin use.
  Combined with CommentTag.skipRendering this can be used to provide custom tag handling at render time.

Bug Fixes

• TypeDoc now supports objects with multiple index signatures, #​2470.
• Header anchor links in rendered markdown are now more consistent with headers generated by TypeDoc, #​2546.
• Types rendered in the Returns header are now properly colored, #​2546.
• Links added with the navigationLinks option are now moved into the pull out navigation on mobile displays, #​2548.
• @license and @import comments will be ignored at the top of files, #​2552.
• Fixed issue in documentation validation where constructor signatures where improperly considered not documented, #​2553.
• Keyboard focus is now visible on dropdowns and checkboxes in the default theme, #​2556.
• The color theme label in the default theme now has an accessible name, #​2557.
• Fixed issue where search results could not be navigated while Windows Narrator was on, #​2563.
• charset is now correctly cased in <meta> tag generated by the default theme, #​2568.
• Fixed very slow conversion on Windows where Msys git was used by typedoc to discover repository links, #​2586.
• Validation will now be run in watch mode, #​2584.
• Fixed an issue where custom themes which added dependencies in the <head> element could result in broken icons, #​2589.
• @default and @defaultValue blocks are now recognized as regular blocks if they include inline tags, #​2601.
• Navigation folders sharing a name will no longer be saved with a shared key to localStorage.
• The --hideParameterTypesInTitle option no longer applies when rendering function types.
• Broken @link tags in readme files will now cause a warning when link validation is enabled.
• Fixed externalSymbolLinkMappings option's support for meanings in declaration references.
• Buttons to copy code now have the type=button attribute set to avoid being treated as submit buttons.
• --hostedBaseUrl will now implicitly add a trailing slash to the generated URL.

Thanks!

• @​Aryakoste
• @​bladerunner2020
• @​Dinnerbone
• @​HarelM
• @​kraenhansen
• @​Nil2000
• @​steve02081504
• @​tristanzander

webpack/webpack (webpack)

v5.93.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.