deps(deps-dev): bump the development-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the development-dependencies group with 8 updates in the / directory:

Package	From	To
@types/express	5.0.3	5.0.5
@types/node	24.8.1	24.10.1
@vitest/browser	3.2.4	4.0.13
@vitest/coverage-v8	3.2.4	4.0.13
esbuild	0.25.11	0.27.0
happy-dom	20.0.7	20.0.10
nodemon	3.1.10	3.1.11
vitest	3.2.4	4.0.13

Updates @types/express from 5.0.3 to 5.0.5

Commits

• See full diff in compare view

Updates @types/node from 24.8.1 to 24.10.1

Commits

• See full diff in compare view

Updates @vitest/browser from 3.2.4 to 4.0.13

Release notes

Sourced from @​vitest/browser's releases.

v4.0.13

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in vitest-dev/vitest#9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in vitest-dev/vitest#9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in vitest-dev/vitest#9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in vitest-dev/vitest#9076 (6b9a1)

    View changes on GitHub

v4.0.12

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in vitest-dev/vitest#9063 (9a8bc)
• Don't import from @opentelemetry/api in public types  -  by @​sheremet-va in vitest-dev/vitest#9066 (e944a)

    View changes on GitHub

v4.0.11

   🚀 Experimental Features

• api: Add extensible test artifact API  -  by @​macarie in vitest-dev/vitest#8987 (77292)
  • See more at https://vitest.dev/api/advanced/artifacts
• expect: Provide task in MatchState  -  by @​macarie in vitest-dev/vitest#9022 (afd1f)
• experimental: Support OpenTelemetry traces  -  by @​sheremet-va in vitest-dev/vitest#8994 (d6d33)
  • See more at https://vitest.dev/guide/open-telemetry

   🏎 Performance

• experimental: Add file system cache  -  by @​sheremet-va in vitest-dev/vitest#9026 (1b147)
  • See more at https://vitest.dev/config/experimental#experimental-fsmodulecache

    View changes on GitHub

v4.0.10

   🐞 Bug Fixes

• Remove onCancel when worker is terminated  -  by @​sheremet-va in vitest-dev/vitest#9033 (6d7f0)
• browser:
  • Don't scale the iframe if UI is disabled  -  by @​sheremet-va in vitest-dev/vitest#9018 (5406e)
  • Handle dependency stack traces with external source maps. Resolves: #9003  -  by @​iclectic in vitest-dev/vitest#9016 and vitest-dev/vitest#9003 (57ae5)
• bun:
  • Parsing of stack trace for bun runtime  -  by @​nazarhussain in vitest-dev/vitest#9032 (f3ec6)
• core:
  • Prevent starting new run when cancelling  -  by @​AriPerkkio in vitest-dev/vitest#8991 (eb98d)
• pool:

... (truncated)

Commits

• 73b54ce chore: release v4.0.13
• 5aa84d5 chore: release v4.0.12
• c3befb0 chore: release v4.0.11
• 7729236 feat(api): add extensible test artifact API (#8987)
• d6d3359 feat(experimental): support OpenTelemetry traces (#8994)
• 259a3d1 chore: release v4.0.10
• 57ae547 fix(browser): handle dependency stack traces with external source maps. Resol...
• 44dca5f chore: print a better error when browser orchestrator fails to run a test (#8...
• 62fab24 chore: release v4.0.9
• 353ee5b fix(browser): add favicon icons to the browser mode ui (#8972)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitest/browser since your current version.

Updates @vitest/coverage-v8 from 3.2.4 to 4.0.13

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.0.13

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in vitest-dev/vitest#9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in vitest-dev/vitest#9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in vitest-dev/vitest#9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in vitest-dev/vitest#9076 (6b9a1)

    View changes on GitHub

v4.0.12

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in vitest-dev/vitest#9063 (9a8bc)
• Don't import from @opentelemetry/api in public types  -  by @​sheremet-va in vitest-dev/vitest#9066 (e944a)

    View changes on GitHub

v4.0.11

   🚀 Experimental Features

• api: Add extensible test artifact API  -  by @​macarie in vitest-dev/vitest#8987 (77292)
  • See more at https://vitest.dev/api/advanced/artifacts
• expect: Provide task in MatchState  -  by @​macarie in vitest-dev/vitest#9022 (afd1f)
• experimental: Support OpenTelemetry traces  -  by @​sheremet-va in vitest-dev/vitest#8994 (d6d33)
  • See more at https://vitest.dev/guide/open-telemetry

   🏎 Performance

• experimental: Add file system cache  -  by @​sheremet-va in vitest-dev/vitest#9026 (1b147)
  • See more at https://vitest.dev/config/experimental#experimental-fsmodulecache

    View changes on GitHub

v4.0.10

   🐞 Bug Fixes

• Remove onCancel when worker is terminated  -  by @​sheremet-va in vitest-dev/vitest#9033 (6d7f0)
• browser:
  • Don't scale the iframe if UI is disabled  -  by @​sheremet-va in vitest-dev/vitest#9018 (5406e)
  • Handle dependency stack traces with external source maps. Resolves: #9003  -  by @​iclectic in vitest-dev/vitest#9016 and vitest-dev/vitest#9003 (57ae5)
• bun:
  • Parsing of stack trace for bun runtime  -  by @​nazarhussain in vitest-dev/vitest#9032 (f3ec6)
• core:
  • Prevent starting new run when cancelling  -  by @​AriPerkkio in vitest-dev/vitest#8991 (eb98d)
• pool:

... (truncated)

Commits

• 73b54ce chore: release v4.0.13
• 5aa84d5 chore: release v4.0.12
• c3befb0 chore: release v4.0.11
• 259a3d1 chore: release v4.0.10
• 62fab24 chore: release v4.0.9
• 46bfd09 chore: release v4.0.8
• da8b93a fix(deps): update all non-major dependencies (#8636)
• 1f5d9d2 chore: release v4.0.7
• 2e7b2b8 chore: release v4.0.6
• e3b7775 fix(coverage): prevent filtering out virtual files before remapping to source...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitest/coverage-v8 since your current version.

Updates esbuild from 0.25.11 to 0.27.0

Release notes

Sourced from esbuild's releases.

v0.27.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#4208, #4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

v0.26.0

• Enable trusted publishing (#4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

v0.25.12

• Fix a minification regression with CSS media queries (#4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

  // This can now be tree-shaken by esbuild:

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.26.0 or ~0.26.0. See npm's documentation about semver for more information.

• Use Uint8Array.fromBase64 if available (#4286)

  With this release, esbuild's binary loader will now use the new Uint8Array.fromBase64 function unless it's unavailable in the configured target environment. If it's unavailable, esbuild's previous code for this will be used as a fallback. Note that this means you may now need to specify target when using this feature with Node (for example --target=node22) unless you're using Node v25+.

• Update the Go compiler from v1.23.12 to v1.25.4 (#4208, #4311)

  This raises the operating system requirements for running esbuild:

  • Linux: now requires a kernel version of 3.2 or later
  • macOS: now requires macOS 12 (Monterey) or later

0.26.0

• Enable trusted publishing (#4281)

  GitHub and npm are recommending that maintainers for packages such as esbuild switch to trusted publishing. With this release, a VM on GitHub will now build and publish all of esbuild's packages to npm instead of me. In theory.

  Unfortunately there isn't really a way to test that this works other than to do it live. So this release is that live test. Hopefully this release is uneventful and is exactly the same as the previous one (well, except for the green provenance attestation checkmark on npm that happens with trusted publishing).

0.25.12

• Fix a minification regression with CSS media queries (#4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

... (truncated)

Commits

• 2b91699 publish 0.27.0 to npm
• 22b425c fix #4286: use Uint8Array.fromBase64 if present (#4295)
• 6d187ef update go 1.25.3 => 1.25.4
• 9d0d4e7 update go 1.23.12 => 1.25.3 (#4318)
• b6979d8 use a patched go compiler for release builds
• 893d2b9 delete temporary release.yml workflow
• cee3918 add a temporary release.yml workflow
• f5bb1d6 fix publish.yml
• 17ff82b publish 0.26.0 to npm
• f87181f enable trusted publishing (#4319)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates happy-dom from 20.0.7 to 20.0.10

Release notes

Sourced from happy-dom's releases.

v20.0.10

👷‍♂️ Patch fixes

• Clears event listeners on all nodes when a Window is closed to prevent memory leaks - By @​TrevorBurnham in task #1892

v20.0.9

👷‍♂️ Patch fixes

• Elements should only be upgraded to a custom element (web component) when the element is in the document - By @​capricorn86 in task #1945
  • This will also improve the memory footprint as the listeners prevented nodes from being garbage collected until the document was closed

v20.0.8

👷‍♂️ Patch fixes

• Fixes issue where previousSibling() and nextSibling() didn't work in HTMLSelectElement and HTMLFormElement - By @​capricorn86 in task #1939
• Fixes issue where parsing an item without a permitted parent (e.g. <tr>) should be valid inside a \<template> element - By @​capricorn86 in task #1939

Commits

• 2cc0443 fix: #1892 Clears event listeners on all Nodes when a window to prevent mem...
• 70dde49 fix: #1945 Elements should only be upgraded to a custom element when the el...
• 6070199 fix: #1939 Fixes issue where HTMLSelectElement previousSibling and nextSibl...
• See full diff in compare view

Updates nodemon from 3.1.10 to 3.1.11

Release notes

Sourced from nodemon's releases.

v3.1.11

3.1.11 (2025-11-11)

Bug Fixes

• script.start with missing file (8d927f1), closes #2258

Commits

• 8d927f1 fix: script.start with missing file
• 9c966c1 chore: website
• 1bf915d chore: website
• 89e92da chore: website
• 838ea0c chore: website
• 7a64464 chore: website
• 079c683 chore: website
• 71934a3 chore: website
• d6ec490 chore: website
• 745a994 Merge branch 'main' of github.com:remy/nodemon
• Additional commits viewable in compare view

Updates vitest from 3.2.4 to 4.0.13

Release notes

Sourced from vitest's releases.

v4.0.13

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in vitest-dev/vitest#9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in vitest-dev/vitest#9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in vitest-dev/vitest#9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in vitest-dev/vitest#9076 (6b9a1)

    View changes on GitHub

v4.0.12

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in vitest-dev/vitest#9063 (9a8bc)
• Don't import from @opentelemetry/api in public types  -  by @​sheremet-va in vitest-dev/vitest#9066 (e944a)

    View changes on GitHub

v4.0.11

   🚀 Experimental Features

• api: Add extensible test artifact API  -  by @​macarie in vitest-dev/vitest#8987 (77292)
  • See more at https://vitest.dev/api/advanced/artifacts
• expect: Provide task in MatchState  -  by @​macarie in vitest-dev/vitest#9022 (afd1f)
• experimental: Support OpenTelemetry traces  -  by @​sheremet-va in vitest-dev/vitest#8994 (d6d33)
  • See more at https://vitest.dev/guide/open-telemetry

   🏎 Performance

• experimental: Add file system cache  -  by @​sheremet-va in vitest-dev/vitest#9026 (1b147)
  • See more at https://vitest.dev/config/experimental#experimental-fsmodulecache

    View changes on GitHub

v4.0.10

   🐞 Bug Fixes

• Remove onCancel when worker is terminated  -  by @​sheremet-va in vitest-dev/vitest#9033 (6d7f0)
• browser:
  • Don't scale the iframe if UI is disabled  -  by @​sheremet-va in vitest-dev/vitest#9018 (5406e)
  • Handle dependency stack traces with external source maps. Resolves: #9003  -  by @​iclectic in vitest-dev/vitest#9016 and vitest-dev/vitest#9003 (57ae5)
• bun:
  • Parsing of stack trace for bun runtime  -  by @​nazarhussain in vitest-dev/vitest#9032 (f3ec6)
• core:
  • Prevent starting new run when cancelling  -  by @​AriPerkkio in vitest-dev/vitest#8991 (eb98d)
• pool:

... (truncated)

Commits

• 73b54ce chore: release v4.0.13
• b27e002 perf: avoid fetchModule roundtrip if the module is cached (#9075)
• 6b9a1b5 perf(experimental): if fsCacheModule is enabled, read from the memory when ...
• 332afa0 fix(types): don't import node.js dependent types in vitest/browser (#9068)
• 6356b1d fix(types): don't use type from Vite 7.1 (#9071)
• 5aa84d5 chore: release v4.0.12
• e944a37 fix: don't import from @opentelemetry/api in public types (#9066)
• 9a8bc78 fix: inherit fsModuleCachePath by default (#9063)
• c3befb0 chore: release v4.0.11
• 1b14737 perf(experimental): add file system cache (#9026)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.66%. Comparing base (0d6d9e4) to head (627aa5f).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #13      +/-   ##
==========================================
+ Coverage   89.68%   90.66%   +0.97%     
==========================================
  Files          31       28       -3     
  Lines        3491     1906    -1585     
  Branches      622      540      -82     
==========================================
- Hits         3131     1728    -1403     
+ Misses        360      177     -183     
- Partials        0        1       +1     

Flag	Coverage Δ
unittests	90.66% <ø> (+0.97%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.