chore(ci-deps): bump the minor-patch-dependencies group in /.github/actions with 11 updates

[dependabot]

Bumps the minor-patch-dependencies group in /.github/actions with 11 updates:

Package	From	To
@octokit/action	4.0.8	4.0.10
tslib	2.4.0	2.8.1
@octokit/rest	19.0.4	19.0.13
@types/node	20.12.12	20.17.43
debug	4.3.4	4.4.0
@types/debug	4.1.7	4.1.12
esbuild	0.15.10	0.25.4
esbuild-runner	2.2.1	2.2.2
ts-jest	27.1.3	27.1.5
typescript	4.7.4	4.9.5
unzipper	0.10.11	0.12.3

Updates @octokit/action from 4.0.8 to 4.0.10

Release notes

Sourced from @​octokit/action's releases.

v4.0.10

4.0.10 (2022-10-13)

Bug Fixes

• deps: update dependency @​octokit/plugin-paginate-rest to v5 (#440) (67dca5b)

v4.0.9

4.0.9 (2022-10-13)

Bug Fixes

• deps: update dependency @​octokit/types to v8 (b4d1990)

Commits

• 67dca5b fix(deps): update dependency @​octokit/plugin-paginate-rest to v5 (#440)
• 8ca0665 ci(release): use OCTOKITBOT_NPM_TOKEN org secret for npm publish
• b4d1990 fix(deps): update dependency @​octokit/types to v8
• 4180dfb build(deps): lock file maintenance
• ce6b04d build(deps): lock file maintenance (#437)
• d5ef3bf ci(codeql-analysis.yml): set version v2 to github/codeql-action/autobuild
• b7dd69c ci(codeql-analysis.yml): set version v2 to github/codeql-action/init
• d7274be ci(codeql-analysis.yml): set version v2 to github/codeql-action/analyze
• ff9be94 ci(update-prettier.yml): set version v3 to actions/setup-node
• 79999ce ci(test.yml): set version v3 to actions/setup-node
• Additional commits viewable in compare view

Updates tslib from 2.4.0 to 2.8.1

Release notes

Sourced from tslib's releases.

v2.8.1

What's Changed

• Fix publish workflow by @​andrewbranch in microsoft/tslib#271
• Include non-enumerable keys in __importStar helper by @​rbuckton in microsoft/tslib#272
• Remove use of ES2015 syntax by @​andrewbranch in microsoft/tslib#275

Full Changelog: microsoft/tslib@v2.8.0...v2.8.1

v2.8.0

What's Changed

• Validate export structure of every entrypoint by @​andrewbranch in microsoft/tslib#269
• Add rewriteRelativeImportExtension helper by @​andrewbranch in microsoft/tslib#270

Full Changelog: microsoft/tslib@v2.7.0...v2.8.0

v2.7.0

What's Changed

• Implement deterministic collapse of await in await using by @​rbuckton in microsoft/tslib#262
• Use global 'Iterator.prototype' for downlevel generators by @​rbuckton in microsoft/tslib#267

Full Changelog: microsoft/tslib@v2.6.3...v2.7.0

v2.6.3

What's Changed

• 'await using' normative changes by @​rbuckton in microsoft/tslib#258

Full Changelog: microsoft/tslib@v2.6.2...v2.6.3

tslib 2.6.2

What's Changed

• Fix path to exports["module"]["types"] by @​andrewbranch in microsoft/tslib#217

Full Changelog: microsoft/tslib@v2.6.1...v2.6.2

tslib 2.6.1

What's Changed

• Allow functions as values in __addDisposableResource by @​rbuckton in microsoft/tslib#215
• Stop using es6 syntax in the es6 file by @​andrewbranch in microsoft/tslib#216

Full Changelog: microsoft/tslib@2.6.0...v2.6.1

tslib 2.6.0

What's Changed

• Add helpers for using and await using by @​rbuckton in microsoft/tslib#213

... (truncated)

Commits

• d72d6f7 2.8.1
• 11fa982 Merge pull request #275 from microsoft/bug/es5-compat
• 3c532eb Remove use of ES2015 syntax
• b0076c4 Include non-enumerable keys in __importStar helper (#272)
• 7c11588 Add missing registry-url parameter
• 1fec667 Merge pull request #271 from microsoft/fix-publish
• 097e99e Fix publish workflow
• ca5f7fb 2.8.0
• 2334267 Merge pull request #270 from microsoft/rewriteRelativeImportExtension
• c4cde74 Missed update
• Additional commits viewable in compare view

Updates @octokit/rest from 19.0.4 to 19.0.13

Release notes

Sourced from @​octokit/rest's releases.

v19.0.13

19.0.13 (2023-06-16)

Bug Fixes

• deps: revert breaking dependency changes (#320) (f02bfd5), closes #318

v19.0.12

19.0.12 (2023-06-16)

Bug Fixes

• deps: update dependency @​octokit/plugin-paginate-rest to v7 (#316) (a860845)

v19.0.11

19.0.11 (2023-05-20)

Bug Fixes

• deps: upgrade @octokit/* packages (#300) (f1b3579)

v19.0.10

19.0.10 (2023-05-20)

Bug Fixes

• export type only RestEndpointMethodTypes (#299) (11f8e63), closes #298

v19.0.9

19.0.9 (2023-05-20)

Bug Fixes

• build: replace pika with esbuild and tsc (#297) (5ca150f)

v19.0.8

19.0.8 (2023-05-14)

Bug Fixes

• deps: bump plugin versions (#292) (9b047a0), closes #290

v19.0.7

19.0.7 (2023-01-21)

... (truncated)

Commits

• f02bfd5 fix(deps): revert breaking dependency changes (#320)
• a860845 fix(deps): update dependency @​octokit/plugin-paginate-rest to v7 (#316)
• 615edf6 chore(deps): update dependency @​octokit/tsconfig to v2 (#308)
• 393ca57 docs: replace references to Skypack CDN with esm.sh (#317)
• e4dfad4 chore(deps): update dependency html-react-parser to v4 (#304)
• 9be9f1f build(deps): lock file maintenance
• 5307789 chore(deps): update dependency esbuild to ^0.18.0 (#310)
• 00cd789 build(deps): lock file maintenance (#307)
• 31a27cd build(deps): lock file maintenance
• 217f55b build(deps): lock file maintenance (#301)
• Additional commits viewable in compare view

Updates @types/node from 20.12.12 to 20.17.43

Commits

• See full diff in compare view

Updates debug from 4.3.4 to 4.4.0

Release notes

Sourced from debug's releases.

4.4.0

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

4.3.7

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in debug-js/debug#969

New Contributors

• @​bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

4.3.5

Patch

• cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

Commits

• 7e3814c 4.4.0
• d2d6bf0 fix inefficient .enable() regex and .enabled() test
• bc60914 4.3.7
• c63e96e Upgrade ms to version 2.1.3 (#819)
• 382864a remove archaic badges from readme
• c33b464 4.3.6
• 7956a45 Avoid using deprecated RegExp.$1
• 5464bdd 4.3.5
• f244ada update authorship contact info
• cac39b1 Fix/debug depth (#926)
• Additional commits viewable in compare view

Updates @types/debug from 4.1.7 to 4.1.12

Commits

• See full diff in compare view

Updates esbuild from 0.15.10 to 0.25.4

Release notes

Sourced from esbuild's releases.

v0.25.4

• Add simple support for CORS to esbuild's development server (#4125)

  Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

  To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

  Some examples:

  • CLI:

    esbuild --servedir=. --cors-origin=https://example.com
    

  • JS:

    const ctx = await esbuild.context({})
    await ctx.serve({
      servedir: '.',
      cors: {
        origin: 'https://example.com',
      },
    })

  • Go:

    ctx, _ := api.Context(api.BuildOptions{})
    ctx.Serve(api.ServeOptions{
      Servedir: ".",
      CORS: api.CORSOptions{
        Origin: []string{"https://example.com"},
      },
    })

  The special origin * can be used to allow any origin to access esbuild's development server. Note that this means any website you visit will be able to read everything served by esbuild.

• Pass through invalid URLs in source maps unmodified (#4169)

  This fixes a regression in version 0.25.0 where sources in source maps that form invalid URLs were not being passed through to the output. Version 0.25.0 changed the interpretation of sources from file paths to URLs, which means that URL parsing can now fail. Previously URLs that couldn't be parsed were replaced with the empty string. With this release, invalid URLs in sources should now be passed through unmodified.

• Handle exports named __proto__ in ES modules (#4162, #4163)

  In JavaScript, the special property name __proto__ sets the prototype when used inside an object literal. Previously esbuild's ESM-to-CommonJS conversion didn't special-case the property name of exports named __proto__ so the exported getter accidentally became the prototype of the object literal. It's unclear what this affects, if anything, but it's better practice to avoid this by using a computed property name in this case.

  This fix was contributed by @​magic-akari.

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2022

This changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).

0.16.12

• Loader defaults to js for extensionless files (#2776)

  Certain packages contain files without an extension. For example, the yargs package contains the file yargs/yargs which has no extension. Node, Webpack, and Parcel can all understand code that imports yargs/yargs because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for "" (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:

  • CLI:

    esbuild --bundle --loader:=css
    

  • JS:

    esbuild.build({
      bundle: true,
      loader: { '': 'css' },
    })

  • Go:

    api.Build(api.BuildOptions{
      Bundle: true,
      Loader: map[string]api.Loader{"": api.LoaderCSS},
    })

  In addition, the "type" field in package.json files now only applies to files with an explicit .js, .jsx, .ts, or .tsx extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than .mjs, .mts, .cjs, or .cts including extensionless files. So for example an extensionless file in a "type": "module" package is now treated as CommonJS instead of ESM.

0.16.11

• Avoid a syntax error in the presence of direct eval (#2761)

  The behavior of nested function declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested function declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested function declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:

  // Original code
  if (true) {
    function foo() {}
    console.log(!!foo)
    foo = null
    console.log(!!foo)
  }

... (truncated)

Commits

• 218d29e publish 0.25.4 to npm
• e66cd0b dev server: simple support for CORS requests (#4171)
• 8bf3368 js api: validate some options as arrays of strings
• 1e7375a js api: simplify comma-separated array validation
• 5f5964d release notes for #4163
• adb5284 fix: handle __proto__ as a computed property in exports and add tests for s...
• 0aa9f7b fix #4169: keep invalid source map URLs unmodified
• 5959289 add additional guards for #4114 when using :is()
• 677910b publish 0.25.3 to npm
• a41040e fix #4110: support custom non-IP host values
• Additional commits viewable in compare view

Updates esbuild-runner from 2.2.1 to 2.2.2

Changelog

Sourced from esbuild-runner's changelog.

2.2.2 (2022-10-14)

Bug Fixes

• jest 28 support (#65) (1d068c1)

Commits

• 7fcc18d chore(release): 2.2.2
• d054029 build: update nodejs to 16.x
• d2f77ec chore: updated
• 1d068c1 fix: jest 28 support (#65)
• See full diff in compare view

Updates ts-jest from 27.1.3 to 27.1.5

Changelog

Sourced from ts-jest's changelog.

27.1.5 (2022-05-17)

Bug Fixes

• transformers use Array.sort in hoisting transformer (#3498) (e400a6e), fixes #3476

27.1.4 (2022-03-24)

Bug Fixes

• compiler: revert #3194 (#3362) (2b7dffe), closes #3272
• remove esbuild from peer dependency (#3360) (8c8c1ca), closes #3346
• support Babel config file with .cjs extension (#3361) (5e5ac4a), closes #3335

Commits

• d0bf120 chore(release): 27.1.5
• c89a907 fix(transformers): use Array.sort in hoisting transformer (#3498)
• 8fc3e07 chore(release): 27.1.4
• 8c8c1ca fix: remove esbuild from peer dependency (#3360)
• 5e5ac4a fix: support Babel config file with .cjs extension (#3361)
• 2b7dffe fix(compiler): revert #3194 (#3362)
• b6ba9dc build(deps-dev): bump node-fetch from 3.2.2 to 3.2.3 (#3330)
• 7900ee7 build(deps-dev): bump eslint-plugin-jsdoc from 37.9.7 to 38.0.0 (#3331)
• 796b5a4 Merge pull request #3325 from kulshekhar/dependabot/npm_and_yarn/eslint-plugi...
• 917f0ff Merge pull request #3326 from kulshekhar/dependabot/npm_and_yarn/node-fetch-3...
• Additional commits viewable in compare view

Updates typescript from 4.7.4 to 4.9.5

Release notes

Sourced from typescript's releases.

TypeScript 4.9.5

For release notes, check out the release announcement.

Downloads are available on:

• npm
• NuGet package

Changes:

• 69e88ef5513a81acf69ec78f4af1f927da0d0584 Port ignore deprecations to 4.9 (#52419)
• daf4e817a18def96b70ac34703b158ff0e6d58df Port timestamp fix to 4.9 (#52426)

TypeScript 4.9.4

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript v4.9.4.

Downloads are available on:

• npm
• NuGet package

Changes:

• e2868216f637e875a74c675845625eb15dcfe9a2 Bump version to 4.9.4 and LKG.
• eb5419fc8d980859b98553586dfb5f40d811a745 Cherry-pick #51704 to release 4.9 (#51712)
• b4d382b9b12460adf2da4cc0d1429cf19f8dc8be Cherry-pick changes for narrowing to tagged literal types.
• e7a02f43fce47e1a39259ada5460bcc33c8e98b5 Port of #51626 and #51689 to release-4.9 (#51627)
• 1727912f0437a7f367d90040fc4b0b4f3efd017a Cherry-pick fix around visitEachChild to release-4.9. (#51544)

This list of changes was auto generated.

TypeScript 4.9

For release notes, check out the release announcement.

Downloads are available on:

• npm
• NuGet package

Changes:

• 93bd577458d55cd720b2677705feab5c91eb12ce Bump version to 4.9.3 and LKG.
• 107f832b80df2dc97748021cb00af2b6813db75b Update LKG.
• 31bee5682df130a14ffdd5742f994dbe7313dd0e Cherry-pick PR #50977 into release-4.9 (#51363) [ #50872 ]
• 1e2fa7ae15f8530910fef8b916ec8a4ed0b59c45 Update version to 4.9.2-rc and LKG.
• 7ab89e5c6e401d161f31f28a6c555a3ba530910e Merge remote-tracking branch 'origin/main' into release-4.9
• e5cd686defb1a4cbdb36bd012357ba5bed28f371 Update package-lock.json
• 8d40dc15d1b9945837e7860320fdccfe27c40cad Update package-lock.json

... (truncated)

Commits

• ccf3d3c Bump version to '4.9.5' and LKG.
• 69e88ef Port ignore deprecations to 4.9 (#52419)
• daf4e81 Port timestamp fix to 4.9 (#52426)
• e286821 Bump version to 4.9.4 and LKG.
• eb5419f Cherry-pick #51704 to release 4.9 (#51712)
• b4d382b Cherry-pick changes for narrowing to tagged literal types.
• e7a02f4 Port of #51626 and #51689 to release-4.9 (#51627)
• 1727912 Cherry-pick fix around visitEachChild to release-4.9. (#51544)
• 93bd577 Bump version to 4.9.3 and LKG.
• 107f832 Update LKG.
• Additional commits viewable in compare view

Updates unzipper from 0.10.11 to 0.12.3

Release notes

Sourced from unzipper's releases.

v0.12.3

Add @​ts-ignore to unblock typescript errors

v0.12.2

• Support for @​aws-sdk version 3 (@​alice-was-here)
• Fix zip64 extra field (@​Cruaier)
• Upgrade bluebird (snyk)

v0.12.1

• unmaintained fstream replaced with fs-extra
• empty directories in a zip file will now be created when zip file is extracted
• big-integer replaced with node-int64 (up to 20x performance increase on large encrypted files)
• npm deployment added to github actions

v0.12.0

• unmaintained fstream replaced with fs-extra
• empty directories in a zip file will now be created when zip file is extracted
• big-integer replaced with node-int64 (up to 20x performance increase on large encrypted files)
• npm deployment added to github actions

0.11.2

• remove polyfills - no longer supporting ancient node versions
• use GitHub actions for testing and coverage
• remove 'binary' dependency
• break up huge promise chain to minimize memory usage
• ignore window zip slipped files
• use pipeline to propagate errors in a chain of streams

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automerge, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
island-tax	❌ Failed (Inspect)			May 7, 2025 10:19am