build(deps): Bump the npm-production-dependencies group with 2 updates

[dependabot]

Bumps the npm-production-dependencies group with 2 updates: diff and simple-git.

Updates diff from 8.0.4 to 9.0.0

Changelog

Sourced from diff's changelog.

9.0.0

(All changes part of PR #672.)

• ES5 support is dropped. parsePatch now uses TextDecoder and Uint8Array, which are not available in ES5, and TypeScript is now compiled with the "es6" target. From now on, I intend to freely use any features that are deemed "Widely available" by Baseline. Users who need ES5 support should stick to version 8.

• C-style quoted strings in filename headers are now properly supported.

  When the name of either the old or new file in a patch contains "special characters", both GNU diff and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; parsePatch would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. formatPatch, meanwhile, did not quote or escape special characters at all.

  Now, parsePatch parses all the possible escape sequences that GNU diff (or Git) ever output, and formatPatch quotes and escapes filenames containing special characters in the same way GNU diff does.

• formatPatch now omits file headers when oldFileName or newFileName in the provided patch object are undefined, regardless of the headerOptions parameter. (Previously, it would treat the absence of oldFileName or newFileName as indicating the filename was the word "undefined" and emit headers --- undefined / +++ undefined.)

• formatPatch no longer outputs trailing tab characters at the end of ---/+++ headers.

  Previously, if formatPatch was passed a patch object to serialize that had empty strings for the oldHeader or newHeader property, it would include a trailing tab character after the filename in the --- and/or +++ file header. Now, this scenario is treated the same as when oldHeader/newHeader is undefined - i.e. the trailing tab is omitted.

• formatPatch no longer mutates its input when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously formatPatch would provide the correct output but also mutate the oldLines or newLines property on the hunk, changing the meaning of the underlying patch.

• Git-style patches are now supported by parsePatch, formatPatch, and reversePatch.

  Patches output by git diff can include some features that are unlike those output by GNU diff, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the content of two files, but Git diffs can also indicate, via "extended headers", the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated ---/+++ file headers nor any hunks.

  jsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now parsePatch parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no --- or +++ file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by parsePatch. See isGit and subsequent properties in the docs in the README.md file.

  formatPatch now outputs extended headers based on these new Git-specific properties, and reversePatch respects them as far as possible (with one unavoidable caveat noted in the README.md file).

• Unpaired file headers now cause parsePatch to throw.

  It remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a @@ hunk header on the very first line), but a patch with only a --- header or only a +++ header is now considered an error.

• parsePatch is now more tolerant of "trailing garbage"

  That is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of "garbage" (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a +, -, or and thus is interpretable as part of a hunk still triggers a throw).

  This means we no longer reject patches output by tools that include extra data in "garbage" lines not understood by generic unified diff parsers. (For example, SVN patches can include "Property changes on:" lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)

  This change brings jsdiff's behaviour more in line with GNU patch, which is highly permissive of "garbage".

• The oldFileName and newFileName fields of StructuredPatch are now typed as string | undefined instead of string. This type change reflects the (pre-existing) reality that parsePatch can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).

Commits

• ed13aca Update version in package.json and in release notes (#683)
• 7a49317 Bump dependencies again (#682)
• afe5aec Add Git support, and otherwise variously improve & fix parsePatch (and other ...
• 2e46779 Fix a typo (#679)
• See full diff in compare view

Updates simple-git from 3.35.2 to 3.36.0

Release notes

Sourced from simple-git's releases.

simple-git@3.36.0

Minor Changes

• 89a2294: Extend known exploitable configuration keys and per-task environment variables.

  Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

  Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

• 1ad57e8: Remove conflicting node:buffer import
• Updated dependencies [89a2294]
• Updated dependencies [675570a]
  • @​simple-git/argv-parser@​1.1.0
  • @​simple-git/args-pathspec@​1.0.3

Changelog

Sourced from simple-git's changelog.

3.36.0

Minor Changes

• 89a2294: Extend known exploitable configuration keys and per-task environment variables.

  Note - ParsedVulnerabilities from argv-parser is removed in favour of a readonly array of Vulnerability to match usage in simple-git, rolled into the new vulnerabilityCheck for simpler access to the identified issues.

  Thanks to @​zebbern for identifying the need to block core.fsmonitor. Thanks to @​kodareef5 for identifying the need to block GIT_CONFIG_COUNT environment variables and --template / merge related config.

Patch Changes

• 1ad57e8: Remove conflicting node:buffer import
• Updated dependencies [89a2294]
• Updated dependencies [675570a]
  • @​simple-git/argv-parser@​1.1.0
  • @​simple-git/args-pathspec@​1.0.3

Commits

• 7dc1a53 Version Packages
• 76f5376 Merge pull request #1061 from Vinzent03/fix/buffer-import
• 89a2294 Environment Parsing (#1156)
• 1b91b76 fix: remove explicit node:buffer import
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Hi, thank you for creating your PR, we will check it out very soon

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.73%. Comparing base (ef903d6) to head (d9cacd7).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #311   +/-   ##
=======================================
  Coverage   88.73%   88.73%           
=======================================
  Files          99       99           
  Lines        3434     3434           
  Branches      870      870           
=======================================
  Hits         3047     3047           
  Misses        346      346           
  Partials       41       41           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.