chore(deps): lock file maintenance all non-major

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
		lockFileMaintenance	All locks refreshed
@types/node (source)	devDependencies	patch	24.10.9 → 24.10.12
actions/cache	action	patch	v5.0.2 → v5.0.3
axios (source)	dependencies	patch	1.13.3 → 1.13.5
dotenv	dependencies	patch	17.2.3 → 17.2.4
esbuild	devDependencies	patch	0.27.2 → 0.27.3
re2js	dependencies	patch	1.2.0 → 1.2.1
semver	dependencies	patch	7.7.3 → 7.7.4

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

actions/cache (actions/cache)

v5.0.3

Compare Source

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

axios/axios (axios)

v1.13.5

Compare Source

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #​7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #​7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #​7369)

Fixes

• Fix/5657. (PR #​7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #​7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #​7326)
• Refactor: bump minor package versions. (PR #​7356)

Documentation

• Clarify object-check comment. (PR #​7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #​7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #​7355)
• CI: update workflow YAMLs. (PR #​7372)
• CI: fix run condition. (PR #​7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #​7360)
• Chore(release): prepare release 1.13.5. (PR #​7379)

New Contributors

• @​sachin11063 (first contribution — PR #​7323)
• @​asmitha-16 (first contribution — PR #​7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Compare Source

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#​7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release
  • Cleaned up interceptor test files
  • Improved workflow configurations

Infrastructure & CI/CD

• refactor: ci and build (#​7340) (8ff6c19)

  • Major refactoring of CI/CD workflows
  • Consolidated workflow files for better maintainability
  • Added mise configuration for the development environment
  • Improved sponsor block update automation
  • Enhanced issue and PR templates
  • Added automatic release notes generation
  • Implemented workflow cancellation for concurrent runs

• chore: codegen and some updates to workflows (76cf77b)

  • Code generation improvements
  • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

• jasonsaayman - Release management and CI/CD improvements

motdotla/dotenv (dotenv)

v17.2.4

Compare Source

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#​915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

evanw/esbuild (esbuild)

v0.27.3

Compare Source

• Preserve URL fragments in data URLs (#​4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

• Parse and print CSS @scope rules (#​4322)

  This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

  Here's an example:

  /* Original code */
  @​scope (:global(.foo)) to (:local(.bar)) {
    .bar {
      color: red;
    }
  }
  
  /* Old output (with --loader=local-css --minify) */
  @​scope (:global(.foo)) to (:local(.bar)){.o{color:red}}
  
  /* New output (with --loader=local-css --minify) */
  @​scope(.foo)to (.o){.o{color:red}}

• Fix a minification bug with lowering of for await (#​4378, #​4385)

  This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

• Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

  This PR was contributed by @​MikeWillCook.

le0pard/re2js (re2js)

v1.2.1

Compare Source

What's Changed

• Fix return types of .start()/.end by @​alexmv in #​19
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​20
• Bump diff from 5.2.0 to 5.2.2 by @​dependabot[bot] in #​22
• Bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in #​23

New Contributors

• @​alexmv made their first contribution in #​19

Full Changelog: le0pard/re2js@1.2.0...1.2.1

npm/node-semver (semver)

v7.7.4

Compare Source

Bug Fixes

• a29faa5 #​835 cli: pass options to semver.valid() for loose version validation (#​835) (@​mldangelo)

Documentation

• 1d28d5e #​836 fix typos and update -n CLI option documentation (#​836) (@​mldangelo)

Dependencies

• 120968b #​840 @npmcli/template-oss@4.29.0 (#​840)

Chores

• 44d7130 #​824 bump @​npmcli/eslint-config from 5.1.0 to 6.0.0 (#​824) (@​dependabot[bot])
• 7073576 #​820 reorder parameters in invalid-versions.js test (#​820) (@​reggi)
• 5816d4c #​829 bump @​npmcli/template-oss from 4.28.0 to 4.28.1 (#​829) (@​dependabot[bot], @​npm-cli-bot)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.