chore(deps): lock file maintenance all non-major

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
		lockFileMaintenance	All locks refreshed
@​types/base64url	devDependencies	patch	2.0.3 -> 2.0.7
@types/node (source)	devDependencies	patch	24.10.0 -> 24.10.1
esbuild	devDependencies	minor	0.25.x -> 0.27.x
js-yaml	dependencies	patch	4.1.0 -> 4.1.1
nodemon (source)	devDependencies	patch	3.1.10 -> 3.1.11
typescript-eslint (source)	devDependencies	patch	8.46.3 -> 8.46.4

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

evanw/esbuild (esbuild)

v0.27.0

Compare Source

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#​4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#​4208, #​4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

Compare Source

• Enable trusted publishing (#​4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

nodeca/js-yaml (js-yaml)

v4.1.1

Compare Source

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

remy/nodemon (nodemon)

v3.1.11

Compare Source

typescript-eslint/typescript-eslint (typescript-eslint)

v8.46.4

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud