build(deps-dev): bump the development-dependencies group with 5 updates

[dependabot[bot]]

Bumps the development-dependencies group with 5 updates:

Package	From	To
ava	6.0.1	6.1.1
c8	8.0.1	9.1.0
dotenv	16.3.1	16.4.1
esbuild	0.19.11	0.20.0
undici	6.2.1	6.6.0

Updates ava from 6.0.1 to 6.1.1

Release notes

Sourced from ava's releases.

v6.1.1

What's Changed

• Fix 'previous failures' in watch mode always incrementing by @​novemberborn in avajs/ava#3297

Full Changelog: https://github.com/avajs/ava/compare/v6.1.0...v6.1.1

v6.1.0

What's Changed

• Implement registerCompletionHandler() by @​novemberborn in avajs/ava#3283

  AVA 6 expects test code to clean up gracefully when the tests are complete, allowing the test environment (worker thread or child process) to exit. If this does not happen, AVA will report a timeout. You can use registerCompletionHandler() to perform any other clean up (or indeed exit the process) after AVA has completed the test execution. See the description here.

• Fix potential bug with watch mode when no failed test files are written by @​novemberborn in avajs/ava#3287

• Fix ava/internal ESM type module by @​codetheweb in avajs/ava#3292

Full Changelog: https://github.com/avajs/ava/compare/v6.0.1...v6.1.0

Commits

• 2e0c2b1 6.1.1
• 5161bf7 Update dependencies
• 15dddf3 Fix external-assertions snapshot for Node.js 20.11
• db0fdb2 Fix 'previous failures' in watch mode always incrementing
• 735bf41 Update TypeScript recipe to suggest --import flag and tsimp
• aae39b2 6.1.0
• c3e2c72 Fix ava/internal ESM type module
• 0a05024 Implement registerCompletionHandler()
• cc8b839 Ensure AVA exits with code 1 after an unexpected process.exit() in a test worker
• 35f6c86 Fix potential bug with watch mode when no failed test files are written
• Additional commits viewable in compare view

Updates c8 from 8.0.1 to 9.1.0

Release notes

Sourced from c8's releases.

v9.1.0

9.1.0 (2024-01-11)

Features

• support passing reporter options from config (#459) (88db5db)

Bug Fixes

• refactor: remove stale check for createDynamicModule (5e18365)

v9.0.0

9.0.0 (2024-01-03)

⚠ BREAKING CHANGES

• build: minimum Node.js version is now 14.14.0

Features

• build: minimum Node.js version is now 14.14.0 (2cdc86b)
• deps: update foreground-child to promise API (#512) (b46b640)
• deps: use Node.js built in rm (2cdc86b)

Changelog

Sourced from c8's changelog.

9.1.0 (2024-01-11)

Features

• support passing reporter options from config (#459) (88db5db)

Bug Fixes

• refactor: remove stale check for createDynamicModule (5e18365)

9.0.0 (2024-01-03)

⚠ BREAKING CHANGES

• build: minimum Node.js version is now 14.14.0

Features

• build: minimum Node.js version is now 14.14.0 (2cdc86b)
• deps: update foreground-child to promise API (#512) (b46b640)
• deps: use Node.js built in rm (2cdc86b)

Commits

• 4ae2a4d chore(main): release 9.1.0 (#513)
• 88db5db feat: support passing reporter options from config (#459)
• 5e18365 fix(refactor): remove stale check for createDynamicModule
• 128bee2 chore(main): release 9.0.0 (#510)
• 8724c70 chore(deps): update dependency @​types/node to v20 (#496)
• 66705b5 chore(deps): update dependency typescript to v5 (#458)
• b46b640 feat(deps): update foreground-child to promise API (#512)
• ef672da test: fix snapshot (#511)
• 2cdc86b chore(deps): Remove rimraf (#509)
• See full diff in compare view

Updates dotenv from 16.3.1 to 16.4.1

Changelog

Sourced from dotenv's changelog.

16.4.1 (2024-01-24)

• Patch support for array as path option #797

16.4.0 (2024-01-23)

• Add error.code to error messages around .env.vault decryption handling #795
• Add ability to find .env.vault file when filename(s) passed as an array #784

16.3.2 (2024-01-18)

Added

• Add debug message when no encoding set #735

Changed

• Fix output typing for populate #792
• Use subarray instead of slice #793

Commits

• e251ee2 16.4.1
• a7fee29 update CHANGELOG 🪵
• 579d136 update README
• 7ea2f81 Merge pull request #798 from motdotla/fix-tests
• 6b829d2 demonstrate currently failing (pending) test. multiple env files should merge
• 3e2284b largely remove mocking from tests except where useful
• 2039c4e wip: fix tests
• 48a6ade Merge pull request #797 from tran-simon/master
• cfd735d fix: support array for path option
• a44cb3d update README
• Additional commits viewable in compare view

Updates esbuild from 0.19.11 to 0.20.0

Release notes

Sourced from esbuild's releases.

v0.20.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.19.0 or ~0.19.0. See npm's documentation about semver for more information.

This time there is only one breaking change, and it only matters for people using Deno. Deno tests that use esbuild will now fail unless you make the change described below.

• Work around API deprecations in Deno 1.40.x (#3609, #3611)

  Deno 1.40.0 was just released and introduced run-time warnings about certain APIs that esbuild uses. With this release, esbuild will work around these run-time warnings by using newer APIs if they are present and falling back to the original APIs otherwise. This should avoid the warnings without breaking compatibility with older versions of Deno.

  Unfortunately, doing this introduces a breaking change. The newer child process APIs lack a way to synchronously terminate esbuild's child process, so calling esbuild.stop() from within a Deno test is no longer sufficient to prevent Deno from failing a test that uses esbuild's API (Deno fails tests that create a child process without killing it before the test ends). To work around this, esbuild's stop() function has been changed to return a promise, and you now have to change esbuild.stop() to await esbuild.stop() in all of your Deno tests.

• Reorder implicit file extensions within node_modules (#3341, #3608)

  In version 0.18.0, esbuild changed the behavior of implicit file extensions within node_modules directories (i.e. in published packages) to prefer .js over .ts even when the --resolve-extensions= order prefers .ts over .js (which it does by default). However, doing that also accidentally made esbuild prefer .css over .ts, which caused problems for people that published packages containing both TypeScript and CSS in files with the same name.

  With this release, esbuild will reorder TypeScript file extensions immediately after the last JavaScript file extensions in the implicit file extension order instead of putting them at the end of the order. Specifically the default implicit file extension order is .tsx,.ts,.jsx,.js,.css,.json which used to become .jsx,.js,.css,.json,.tsx,.ts in node_modules directories. With this release it will now become .jsx,.js,.tsx,.ts,.css,.json instead.

  Why even rewrite the implicit file extension order at all? One reason is because the .js file is more likely to behave correctly than the .ts file. The behavior of the .ts file may depend on tsconfig.json and the tsconfig.json file may not even be published, or may use extends to refer to a base tsconfig.json file that wasn't published. People can get into this situation when they forget to add all .ts files to their .npmignore file before publishing to npm. Picking .js over .ts helps make it more likely that resulting bundle will behave correctly.

v0.19.12

• The "preserve" JSX mode now preserves JSX text verbatim (#3605)

  The JSX specification deliberately doesn't specify how JSX text is supposed to be interpreted and there is no canonical way to interpret JSX text. Two most popular interpretations are Babel and TypeScript. Yes they are different (esbuild deliberately follows TypeScript by the way).

  Previously esbuild normalized text to the TypeScript interpretation when the "preserve" JSX mode is active. However, "preserve" should arguably reproduce the original JSX text verbatim so that whatever JSX transform runs after esbuild is free to interpret it however it wants. So with this release, esbuild will now pass JSX text through unmodified:

  // Original code
  let el =
    <a href={'/'} title='&apos;&quot;'> some text
      {foo}
        more text </a>
  // Old output (with --loader=jsx --jsx=preserve)
  let el = <a href="/" title={'&quot;}>
  {" some text"}
  {foo}
  {"more text "}
  </a>;
  // New output (with --loader=jsx --jsx=preserve)
  let el = <a href={"/"} title='&apos;&quot;'> some text
  {foo}
  more text </a>;
  

• Allow JSX elements as JSX attribute values

  JSX has an obscure feature where you can use JSX elements in attribute position without surrounding them with {...}. It looks like this:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.20.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.19.0 or ~0.19.0. See npm's documentation about semver for more information.

This time there is only one breaking change, and it only matters for people using Deno. Deno tests that use esbuild will now fail unless you make the change described below.

• Work around API deprecations in Deno 1.40.x (#3609, #3611)

  Deno 1.40.0 was just released and introduced run-time warnings about certain APIs that esbuild uses. With this release, esbuild will work around these run-time warnings by using newer APIs if they are present and falling back to the original APIs otherwise. This should avoid the warnings without breaking compatibility with older versions of Deno.

  Unfortunately, doing this introduces a breaking change. The newer child process APIs lack a way to synchronously terminate esbuild's child process, so calling esbuild.stop() from within a Deno test is no longer sufficient to prevent Deno from failing a test that uses esbuild's API (Deno fails tests that create a child process without killing it before the test ends). To work around this, esbuild's stop() function has been changed to return a promise, and you now have to change esbuild.stop() to await esbuild.stop() in all of your Deno tests.

• Reorder implicit file extensions within node_modules (#3341, #3608)

  In version 0.18.0, esbuild changed the behavior of implicit file extensions within node_modules directories (i.e. in published packages) to prefer .js over .ts even when the --resolve-extensions= order prefers .ts over .js (which it does by default). However, doing that also accidentally made esbuild prefer .css over .ts, which caused problems for people that published packages containing both TypeScript and CSS in files with the same name.

  With this release, esbuild will reorder TypeScript file extensions immediately after the last JavaScript file extensions in the implicit file extension order instead of putting them at the end of the order. Specifically the default implicit file extension order is .tsx,.ts,.jsx,.js,.css,.json which used to become .jsx,.js,.css,.json,.tsx,.ts in node_modules directories. With this release it will now become .jsx,.js,.tsx,.ts,.css,.json instead.

  Why even rewrite the implicit file extension order at all? One reason is because the .js file is more likely to behave correctly than the .ts file. The behavior of the .ts file may depend on tsconfig.json and the tsconfig.json file may not even be published, or may use extends to refer to a base tsconfig.json file that wasn't published. People can get into this situation when they forget to add all .ts files to their .npmignore file before publishing to npm. Picking .js over .ts helps make it more likely that resulting bundle will behave correctly.

0.19.12

• The "preserve" JSX mode now preserves JSX text verbatim (#3605)

  The JSX specification deliberately doesn't specify how JSX text is supposed to be interpreted and there is no canonical way to interpret JSX text. Two most popular interpretations are Babel and TypeScript. Yes they are different (esbuild deliberately follows TypeScript by the way).

  Previously esbuild normalized text to the TypeScript interpretation when the "preserve" JSX mode is active. However, "preserve" should arguably reproduce the original JSX text verbatim so that whatever JSX transform runs after esbuild is free to interpret it however it wants. So with this release, esbuild will now pass JSX text through unmodified:

  // Original code
  let el =
    <a href={'/'} title='&apos;&quot;'> some text
      {foo}
        more text </a>
  // Old output (with --loader=jsx --jsx=preserve)
  let el = <a href="/" title={'&quot;}>
  {" some text"}
  {foo}
  {"more text "}
  </a>;
  // New output (with --loader=jsx --jsx=preserve)
  let el = <a href={"/"} title='&apos;&quot;'> some text
  {foo}
  more text </a>;
  

• Allow JSX elements as JSX attribute values

... (truncated)

Commits

• 2af5ccf publish 0.20.0 to npm
• 0bccf08 fix esbuild/deno-esbuild#5
• 931f87d work around api deprecations in deno 1.40.x (#3609) (#3611)
• 22a9cf5 fix #3341, fix #3608: sort .ts right after .js
• f8ec300 run npm pkg fix as suggested by the npm cli
• d7fd1ad publish 0.19.12 to npm
• e04a690 fix #3605: print the original JSX AST unmodified
• f571399 allow jsx elements as jsx attribute values
• a652e73 run make update-compat-table
• 35c0d65 fix #3574: ts type parser bug with infer + extends
• Additional commits viewable in compare view

Updates undici from 6.2.1 to 6.6.0

Release notes

Sourced from undici's releases.

v6.6.0

What's Changed

• add webSocket example by @​mertcanaltin in nodejs/undici#2626
• chore: remove atomic-sleep as dev dependency by @​Uzlopak in nodejs/undici#2648
• chore: remove semver as dev dependency by @​Uzlopak in nodejs/undici#2646
• chore: remove table as dev dependency by @​Uzlopak in nodejs/undici#2649
• chore: remove delay as dev dependency by @​Uzlopak in nodejs/undici#2647
• chore: reduce noise in test-logs test/issue-2349.js by @​Uzlopak in nodejs/undici#2655
• chore: fix faketimer warning in test/request-timeout.js by @​Uzlopak in nodejs/undici#2656
• chore: reduce noise in test logs test/client-node-max-header-size.js by @​Uzlopak in nodejs/undici#2654
• refactor: use fromInnerResponse by @​tsctx in nodejs/undici#2635
• fix: support deflate raw responses by @​Uzlopak in nodejs/undici#2650
• Support building for externally shared js builtins by @​mochaaP in nodejs/undici#2643
• fix: typo clampAndCoarsenConnectionTimingInfo by @​Uzlopak in nodejs/undici#2653
• chore: use 'node:'-prefix for requiring node core modules by @​Uzlopak in nodejs/undici#2662
• build(deps-dev): bump husky from 8.0.3 to 9.0.7 by @​dependabot in nodejs/undici#2667
• build(deps-dev): bump cronometro from 1.2.0 to 2.0.2 by @​dependabot in nodejs/undici#2668
• remove timers/promises import by @​KhafraDev in nodejs/undici#2665
• chore: fix various codesmells by @​Uzlopak in nodejs/undici#2669
• chore: remove this alias in agent.js by @​Uzlopak in nodejs/undici#2671
• chore: use optional chaining by @​Uzlopak in nodejs/undici#2666
• chore: small perf improvements by @​Uzlopak in nodejs/undici#2661
• implement spec changes from a while ago by @​KhafraDev in nodejs/undici#2676
• websocket: fix close when no closing code is received by @​KhafraDev in nodejs/undici#2680
• fix: make ci less flaky by @​Uzlopak in nodejs/undici#2684

New Contributors

• @​mochaaP made their first contribution in nodejs/undici#2643

Full Changelog: https://github.com/nodejs/undici/compare/v6.5.0...v6.6.0

v6.5.0

What's Changed

• build(deps-dev): bump jsdom from 23.2.0 to 24.0.0 by @​dependabot in nodejs/undici#2632
• feat: Implement EventSource by @​Uzlopak in nodejs/undici#2608
• fix: readable body by @​ronag in nodejs/undici#2642

Full Changelog: https://github.com/nodejs/undici/compare/v6.4.0...v6.5.0

v6.4.0

What's Changed

• refactor: version cleanup by @​tsctx in nodejs/undici#2605
• cacheStorage: separate matchAll logic by @​KhafraDev in nodejs/undici#2599
• cleanup index by @​KhafraDev in nodejs/undici#2598
• feat: port balanced-pool, ca-fingerprint, client-abort tests to node:test by @​sosukesuzuki in nodejs/undici#2584
• ci: unpin nodejs workflow version by @​dominykas in nodejs/undici#2434
• test(#2600): Flaky debug test by @​metcoder95 in nodejs/undici#2607
• fix: h2 hang issue with empty body by @​timursevimli in nodejs/undici#2601
• Fix tests for Node.js v21 by @​sosukesuzuki in nodejs/undici#2609

... (truncated)

Commits

• fa2d2d2 Bumped v6.6.0
• 9bcf6f8 fix: make ci less flaky (#2684)
• 0808a72 websocket: fix close when no closing code is received (#2680)
• 8220e7d implement spec changes from a while ago (#2676)
• f1d7ada chore: small perf improvements (#2661)
• 3e37392 chore: use optional chaining (#2666)
• ee35bb0 chore: remove this alias in agent.js (#2671)
• 82477d7 chore: fix various codesmells (#2669)
• 2144da4 remove timers/promises import (#2665)
• bed8489 build(deps-dev): bump cronometro from 1.2.0 to 2.0.2 (#2668)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[create-app-token-action-releaser[bot]]

:tada: This PR is included in version 1.8.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: