Bump the "maintenance" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the maintenance group with 1 update: actions/checkout.

Updates actions/checkout from 5 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695

... (truncated)

Commits

• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• See full diff in compare view

Bumps the maintenance group with 5 updates:

Package	From	To
esbuild	0.27.0	0.27.2
@eslint/js	9.39.1	9.39.2
eslint	9.39.1	9.39.2
jsdom	27.2.0	27.4.0
sinon	21.0.0	21.0.1

Updates esbuild from 0.27.0 to 0.27.2

Release notes

Sourced from esbuild's releases.

v0.27.2

• Allow import path specifiers starting with #/ (#4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#4357, #4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  /* Old output (with --target=chrome110) */
  main {
  mask: url(x.png) center/5rem no-repeat;
  }
  /* New output (with --target=chrome110) */
  main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#4176, #4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }
  // Old output (with --minify)
  switch(x){case 0:foo();break;case 1:default:bar()}
  // New output (with --minify)

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.2

• Allow import path specifiers starting with #/ (#4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#4357, #4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  /* Old output (with --target=chrome110) */
  main {
  mask: url(x.png) center/5rem no-repeat;
  }
  /* New output (with --target=chrome110) */
  main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#4176, #4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }
  // Old output (with --minify)
  switch(x){case 0:foo();break;case 1:default:bar()}

... (truncated)

Commits

• cd83297 publish 0.27.2 to npm
• 2759721 additional tests for switch with break
• fd2b4b3 update release notes
• c8d93a7 fix #4357: -webkit- prefix for mask shorthand (#4358)
• 92ff12c compat table: update @types/node
• a35eceb compat table: fix a type error with the new types
• f598984 fix make compat-table to install dependencies
• f7f6df0 release notes for #4361
• 6f8ec15 fix: allow subpath imports that start with #/ (#4361)
• f7ae61f minify some switch statements to if-else statement
• Additional commits viewable in compare view

Updates @eslint/js from 9.39.1 to 9.39.2

Release notes

Sourced from @​eslint/js's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/[email protected] (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• c43ce24 chore: package.json update for @​eslint/js release
• See full diff in compare view

Updates eslint from 9.39.1 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/[email protected] (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• 9278324 9.39.2
• 542266a Build: changelog update for 9.39.2
• 7ca0af7 chore: upgrade to @eslint/[email protected] (#20394)
• c43ce24 chore: package.json update for @​eslint/js release
• 5705833 fix: warn when eslint-env configuration comments are found (#20381)
• 506f154 build: add .scss files entry to knip (#20391)
• 4c9858e ci: add v9.x-dev branch (#20382)
• See full diff in compare view

Updates jsdom from 27.2.0 to 27.4.0

Release notes

Sourced from jsdom's releases.

Version 27.4.0

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

Version 27.3.0

• Improved CSS parsing and CSSOM object APIs via updates to @acemir/cssom. (acemir)

Changelog

Sourced from jsdom's changelog.

27.4.0

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

27.3.0

• Improved CSS parsing and CSSOM object APIs via updates to @acemir/cssom. (acemir)

Commits

• 098d16d Version 27.4.0
• 1cd029e Improve asciiLowercase/asciiUppercase performance
• 83fcb62 Implement TextEncoder and TextDecoder; improve XML decoding
• ddad97d Switch from iconv-lite to exodus/bytes for decoding
• 25cb2a1 Use weak references for ranges
• ed4f5ed Add currently-failing CSS regression tests
• 56b75c2 Version 27.3.0
• decdb95 Update dependencies and dev dependencies
• 542b1a6 CSSOM improvements
• See full diff in compare view

Updates sinon from 21.0.0 to 21.0.1

Changelog

Sourced from sinon's changelog.

21.0.1

• 456a65c2 Update dependencies - except @​sinonjs/samsam (#2669) (Carl-Erik Kopseng)
• f04f3eb1 Fix issue 2618 - Remove browserify in favor of esbuild (#2661) (Artur Parkhisenko)
• 48b69df2 fix(docs): remove assert.failException from documentation (#2666) (Steffen Schroeder)
• 13b27ccc Fix sandbox restore not handling stubbed functions (#2667) (thamion)
• ae9e09ac Update compatibility target to ES2023 (Carl-Erik Kopseng)

  Updated compatibility target from ES2017 to ES2023 and clarified the note on breaking changes.

• 26055043 Improve error message for immutable descriptors (#2664) (Stuart Dotson)
• 80fa9a5b Also mirror the calledOnceWith assertion (#2660) (Benedikt Meurer)

Released by Carl-Erik Kopseng on 2025-12-19.

Commits

• a8bebe0 21.0.1
• 456a65c Update dependencies - except @​sinonjs/samsam (#2669)
• f04f3eb Fix issue 2618 - Remove browserify in favor of esbuild (#2661)
• 48b69df fix(docs): remove assert.failException from documentation (#2666)
• 13b27cc Fix sandbox restore not handling stubbed functions (#2667)
• ae9e09a Update compatibility target to ES2023
• 2605504 Improve error message for immutable descriptors (#2664)
• 6d48f12 Update text to emphasise that the target is moving
• 3d852ae Remember to quit on first error
• 43c88c9 Add some output
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions