📦 Update subpackage devDependencies

[renovate[bot]]

This PR contains the following updates:

Package	Update	Type	Change	Package file	Age	Adoption	Passing	Confidence
actions/dependency-review-action	patch	action	v4.3.3 -> v4.3.4	.github/workflows/dependency-review.yml
actions/upload-artifact	patch	action	v4.3.4 -> v4.3.6	.github/workflows/scorecard.yml
eslint (source)	minor	devDependencies	9.6.0 -> 9.8.0	third_party/amp-toolbox-cache-url/package.json
github/codeql-action	patch	action	v3.25.11 -> v3.25.15	.github/workflows/scorecard.yml
jasmine (source)	minor	devDependencies	5.1.0 -> 5.2.0	third_party/amp-toolbox-cache-url/package.json
karma (source)	patch	devDependencies	6.4.3 -> 6.4.4	third_party/amp-toolbox-cache-url/package.json
ossf/scorecard-action	minor	action	v2.3.3 -> v2.4.0	.github/workflows/scorecard.yml
rollup (source)	minor	devDependencies	4.18.1 -> 4.20.0	third_party/amp-toolbox-cache-url/package.json
rollup-plugin-json	replacement	devDependencies	4.0.0 -> 4.0.0	third_party/amp-toolbox-cache-url/package.json
semver	patch	devDependencies	7.6.2 -> 7.6.3	third_party/amp-toolbox-cache-url/package.json
step-security/harden-runner	minor	action	v2.8.1 -> v2.9.1	.github/workflows/update-session-issues.yml

See all other Renovate PRs on the Dependency Dashboard

How to resolve breaking changes

This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below: ```sh # Check out the PR branch git checkout -b renovate/subpackage-devdependencies main git pull https://github.com/ampproject/amphtml.git renovate/subpackage-devdependencies # Directly make fixes and commit them amp lint --fix # For lint errors in JS files amp prettify --fix # For prettier errors in non-JS files # Edit source code in case of new compiler warnings / errors # Push the changes to the branch git push git@github.com:ampproject/amphtml.git renovate/subpackage-devdependencies:renovate/subpackage-devdependencies ```

This is a special PR that replaces rollup-plugin-json with the community suggested minimal stable replacement version.

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

### [`v4.3.4`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.4) [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4) #### What's Changed - Include all added dependencies in scorecard entries by [@​elireisman](https://togithub.com/elireisman) in [https://github.com/actions/dependency-review-action/pull/783](https://togithub.com/actions/dependency-review-action/pull/783) - Update SPDX Expression Parsing by [@​febuiles](https://togithub.com/febuiles) in [https://github.com/actions/dependency-review-action/pull/719](https://togithub.com/actions/dependency-review-action/pull/719) - This PR is a significant refactor of SPDX expression parsing that *may* fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version. **Full Changelog**: https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4

actions/upload-artifact (actions/upload-artifact)

### [`v4.3.6`](https://togithub.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) ### [`v4.3.5`](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)

eslint/eslint (eslint)

### [`v9.8.0`](https://togithub.com/eslint/eslint/compare/v9.7.0...63881dc11299aba1d0960747c199a4cf48d6b9c8) [Compare Source](https://togithub.com/eslint/eslint/compare/v9.7.0...v9.8.0) ### [`v9.7.0`](https://togithub.com/eslint/eslint/releases/tag/v9.7.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v9.6.0...v9.7.0) #### Features - [`7bd9839`](https://togithub.com/eslint/eslint/commit/7bd98398f112da020eddcda2c26cf4cc563af004) feat: add support for es2025 duplicate named capturing groups ([#​18630](https://togithub.com/eslint/eslint/issues/18630)) (Yosuke Ota) - [`1381394`](https://togithub.com/eslint/eslint/commit/1381394a75b5902ce588455765a3919e2f138a7a) feat: add `regex` option in `no-restricted-imports` ([#​18622](https://togithub.com/eslint/eslint/issues/18622)) (Nitin Kumar) #### Bug Fixes - [`14e9f81`](https://togithub.com/eslint/eslint/commit/14e9f81ccdb51d2b915b68f442d48ced0a691646) fix: destructuring in catch clause in `no-unused-vars` ([#​18636](https://togithub.com/eslint/eslint/issues/18636)) (Francesco Trotta) #### Documentation - [`9f416db`](https://togithub.com/eslint/eslint/commit/9f416db680ad01716a769296085bf3eb93f76424) docs: Add Powered by Algolia label to the search. ([#​18633](https://togithub.com/eslint/eslint/issues/18633)) (Amaresh S M) - [`c8d26cb`](https://togithub.com/eslint/eslint/commit/c8d26cb4a2f9d89bfc1914167d3e9f1d3314ffe7) docs: Open JS Foundation -> OpenJS Foundation ([#​18649](https://togithub.com/eslint/eslint/issues/18649)) (Milos Djermanovic) - [`6e79ac7`](https://togithub.com/eslint/eslint/commit/6e79ac76f44b34c24a3e92c20713fbafe1dcbae2) docs: `loadESLint` does not support option `cwd` ([#​18641](https://togithub.com/eslint/eslint/issues/18641)) (Francesco Trotta) #### Chores - [`793b718`](https://togithub.com/eslint/eslint/commit/793b7180119e7e440d685defb2ee01597574ef1e) chore: upgrade [@​eslint/js](https://togithub.com/eslint/js)[@​9](https://togithub.com/9).7.0 ([#​18680](https://togithub.com/eslint/eslint/issues/18680)) (Francesco Trotta) - [`7ed6f9a`](https://togithub.com/eslint/eslint/commit/7ed6f9a4db702bbad941422f456451a8dba7a450) chore: package.json update for [@​eslint/js](https://togithub.com/eslint/js) release (Jenkins) - [`7bcda76`](https://togithub.com/eslint/eslint/commit/7bcda760369c44d0f1131fccaaf1ccfed5af85f1) refactor: Add type references ([#​18652](https://togithub.com/eslint/eslint/issues/18652)) (Nicholas C. Zakas) - [`51bf57c`](https://togithub.com/eslint/eslint/commit/51bf57c493a65baeee3a935f2d0e52e27271fb48) chore: add tech sponsors through actions ([#​18624](https://togithub.com/eslint/eslint/issues/18624)) (Strek) - [`6320732`](https://togithub.com/eslint/eslint/commit/6320732c3e2a52a220552e348108c53c60f9ef7a) refactor: don't use `parent` property in `NodeEventGenerator` ([#​18653](https://togithub.com/eslint/eslint/issues/18653)) (Milos Djermanovic) - [`9e6d640`](https://togithub.com/eslint/eslint/commit/9e6d6405c3ee774c2e716a3453ede9696ced1be7) refactor: move "Parsing error" prefix adding to Linter ([#​18650](https://togithub.com/eslint/eslint/issues/18650)) (Milos Djermanovic)

github/codeql-action (github/codeql-action)

### [`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14) ### [`v3.25.13`](https://togithub.com/github/codeql-action/compare/v3.25.12...v3.25.13) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.12...v3.25.13) ### [`v3.25.12`](https://togithub.com/github/codeql-action/compare/v3.25.11...v3.25.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.11...v3.25.12)

jasmine/jasmine-npm (jasmine)

### [`v5.2.0`](https://togithub.com/jasmine/jasmine-npm/releases/tag/v5.2.0) [Compare Source](https://togithub.com/jasmine/jasmine-npm/compare/v5.1.0...v5.2.0) Please see the [release notes](https://togithub.com/jasmine/jasmine-npm/blob/main/release_notes/5.2.0.md).

karma-runner/karma (karma)

### [`v6.4.4`](https://togithub.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#644-2024-07-29) [Compare Source](https://togithub.com/karma-runner/karma/compare/v6.4.3...v6.4.4)

ossf/scorecard-action (ossf/scorecard-action)

### [`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410) - :bug: lower license sarif alert threshold to 9 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@​jkowalleck](https://togithub.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@​jkowalleck](https://togithub.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0

rollup/rollup (rollup)

### [`v4.20.0`](https://togithub.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4200) [Compare Source](https://togithub.com/rollup/rollup/compare/v4.19.2...v4.20.0) *2024-08-03* ##### Features - Allow plugins to specify the original file name when emitting assets ([#​5596](https://togithub.com/rollup/rollup/issues/5596)) ##### Pull Requests - [#​5596](https://togithub.com/rollup/rollup/pull/5596): Add originalFIleName property to emitted assets ([@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5599](https://togithub.com/rollup/rollup/pull/5599): chore(deps): update dependency eslint-plugin-unicorn to v55 ([@​renovate](https://togithub.com/renovate)\[bot], [@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5600](https://togithub.com/rollup/rollup/pull/5600): chore(deps): lock file maintenance minor/patch updates ([@​renovate](https://togithub.com/renovate)\[bot], [@​lukastaegert](https://togithub.com/lukastaegert)) ### [`v4.19.2`](https://togithub.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4192) [Compare Source](https://togithub.com/rollup/rollup/compare/v4.19.1...v4.19.2) *2024-08-01* ##### Bug Fixes - Avoid "cannot get value of null" error when using optional chaining with namespaces ([#​5597](https://togithub.com/rollup/rollup/issues/5597)) ##### Pull Requests - [#​5597](https://togithub.com/rollup/rollup/pull/5597): Fix retrieval of literal values for chained namespaces ([@​lukastaegert](https://togithub.com/lukastaegert)) ### [`v4.19.1`](https://togithub.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4191) [Compare Source](https://togithub.com/rollup/rollup/compare/v4.19.0...v4.19.1) *2024-07-27* ##### Bug Fixes - Do not remove parantheses when tree-shaking logical expressions ([#​5584](https://togithub.com/rollup/rollup/issues/5584)) - Do not ignore side effects in calls left of an optional chaining operator ([#​5589](https://togithub.com/rollup/rollup/issues/5589)) ##### Pull Requests - [#​5584](https://togithub.com/rollup/rollup/pull/5584): fix: find whitespace from operator position to start ([@​TrickyPi](https://togithub.com/TrickyPi)) - [#​5587](https://togithub.com/rollup/rollup/pull/5587): docs: improve command by code-group ([@​thinkasany](https://togithub.com/thinkasany), [@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5589](https://togithub.com/rollup/rollup/pull/5589): Fix side effect detection in optional chains ([@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5592](https://togithub.com/rollup/rollup/pull/5592): chore(deps): lock file maintenance minor/patch updates ([@​renovate](https://togithub.com/renovate)\[bot]) - [#​5593](https://togithub.com/rollup/rollup/pull/5593): chore(deps): lock file maintenance minor/patch updates ([@​renovate](https://togithub.com/renovate)\[bot]) - [#​5594](https://togithub.com/rollup/rollup/pull/5594): chore(deps): lock file maintenance ([@​renovate](https://togithub.com/renovate)\[bot]) - [#​5595](https://togithub.com/rollup/rollup/pull/5595): chore(deps): lock file maintenance ([@​renovate](https://togithub.com/renovate)\[bot]) ### [`v4.19.0`](https://togithub.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4190) [Compare Source](https://togithub.com/rollup/rollup/compare/v4.18.1...v4.19.0) *2024-07-20* ##### Features - Implement support for decorators ([#​5562](https://togithub.com/rollup/rollup/issues/5562)) ##### Bug Fixes - Improve soucemap generation when tree-shaking logical expressions ([#​5581](https://togithub.com/rollup/rollup/issues/5581)) ##### Pull Requests - [#​5562](https://togithub.com/rollup/rollup/pull/5562): feat: implementing decorator support ([@​TrickyPi](https://togithub.com/TrickyPi), [@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5570](https://togithub.com/rollup/rollup/pull/5570): refactor(finalisers): condition branch ([@​Simon-He95](https://togithub.com/Simon-He95), [@​zhangmo8](https://togithub.com/zhangmo8)) - [#​5572](https://togithub.com/rollup/rollup/pull/5572): Improve chunk and asset type information in docs ([@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5573](https://togithub.com/rollup/rollup/pull/5573): Switch to audit resolver to ignore requirejs vulnerability ([@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5575](https://togithub.com/rollup/rollup/pull/5575): chore(deps): update dependency inquirer to v10 ([@​renovate](https://togithub.com/renovate)\[bot], [@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5576](https://togithub.com/rollup/rollup/pull/5576): chore(deps): lock file maintenance minor/patch updates ([@​renovate](https://togithub.com/renovate)\[bot], [@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5580](https://togithub.com/rollup/rollup/pull/5580): chore(deps): lock file maintenance minor/patch updates ([@​renovate](https://togithub.com/renovate)\[bot], [@​lukastaegert](https://togithub.com/lukastaegert)) - [#​5581](https://togithub.com/rollup/rollup/pull/5581): When tree-shaking logical expression, make sure to remove all trailing white-space. ([@​lukastaegert](https://togithub.com/lukastaegert))

npm/node-semver (semver)

### [`v7.6.3`](https://togithub.com/npm/node-semver/blob/HEAD/CHANGELOG.md#763-2024-07-16) [Compare Source](https://togithub.com/npm/node-semver/compare/v7.6.2...v7.6.3) ##### Bug Fixes - [`73a3d79`](https://togithub.com/npm/node-semver/commit/73a3d79c4ec32d5dd62c9d5f64e5af7fbdad9ec0) [#​726](https://togithub.com/npm/node-semver/pull/726) optimize Range parsing and formatting ([#​726](https://togithub.com/npm/node-semver/issues/726)) ([@​jviide](https://togithub.com/jviide)) ##### Documentation - [`2975ece`](https://togithub.com/npm/node-semver/commit/2975ece120e17660c9f1ef517de45c09ff821064) [#​719](https://togithub.com/npm/node-semver/pull/719) fix extra backtick typo ([#​719](https://togithub.com/npm/node-semver/issues/719)) ([@​stdavis](https://togithub.com/stdavis))

step-security/harden-runner (step-security/harden-runner)

### [`v2.9.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.9.0...v2.9.1) ##### What's Changed Release v2.9.1 by [@​h0x0er](https://togithub.com/h0x0er) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [#​440](https://togithub.com/step-security/harden-runner/issues/440) This release includes two changes: 1. Updated markdown displayed in the job summary by the Harden-Runner Action. 2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.9.1 ### [`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@​h0x0er](https://togithub.com/h0x0er) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435) This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.9.0

---

Configuration

📅 Schedule: Branch creation - "after 12am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.