build(deps): bump the npm-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the npm-dependencies group with 13 updates in the / directory:

Package	From	To
@cyclonedx/cyclonedx-library	6.13.1	9.4.1
fast-xml-parser	5.3.4	5.3.9
packageurl-js	1.0.2	2.0.1
yargs	17.7.2	18.0.0
@types/node	20.19.31	25.3.0
c8	10.1.3	11.0.0
chai	4.5.0	6.2.2
eslint	8.57.1	10.0.2
mocha	10.8.2	11.7.5
msw	2.12.7	2.12.10
sinon	15.2.0	21.0.1
sinon-chai	3.7.0	4.0.1
which	5.0.0	6.0.1

Updates @cyclonedx/cyclonedx-library from 6.13.1 to 9.4.1

Release notes

Sourced from @​cyclonedx/cyclonedx-library's releases.

9.4.1

Fixed

• Type declarations for deprecated symbols support usage as types (#1350 via #1351)

Refactor

• Deprecated symbols turned from re-exports into re-declares (via #1351)
  Note: this change adds runtime overhead for the sake of documentation.

#1350: CycloneDX/cyclonedx-javascript-library#1350 #1351: CycloneDX/cyclonedx-javascript-library#1351

---

What's Changed

• fix: 6.4.0 deprecated types by @​jkowalleck in CycloneDX/cyclonedx-javascript-library#1351

Full Changelog: CycloneDX/cyclonedx-javascript-library@v9.4.0...v9.4.1

9.4.0

Added

• New entry points for /Contrib and known submodules (via #1343)
  See package.json::exports for details.

Changes

• Moved non‑standard implementations to Contrib area (#1344 via #1343)

Deprecated

• Certain exports have been deprecated; downstream imports should be updated to the new locations (#1344 via #1343)
  Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details.

Refactor

• The following symbols were moved. (#1344 via #1343)
  The symbols are still import-able through their old location.
  • OLD -> NEW
  • Builders.FromNodePackageJson -> Contrib.FromNodePackageJson.Builders
  • Factories.FromNodePackageJson -> Contrib.FromNodePackageJson.Factories
  • Factories.LicenseFactory -> Contrib.License.Factories.LicenseFactory
  • Factories.PackageUrlFactory -> Contrib.PackageUrl.Factories.PackageUrlFactory
  • Types.assertNodePackageJson -> Contrib.FromNodePackageJson.Types.assertNodePackageJson
  • Types.isNodePackageJson -> Contrib.FromNodePackageJson.Types.isNodePackageJson
  • Types.NodePackageJson -> Contrib.FromNodePackageJson.Types.NodePackageJson
  • Utils.BomUtility -> Contrib.Bom.Utils
  • Utils.LicenseUtility -> Contrib.License.Utils
  • Utils.NpmjsUtility -> Contrib.FromNodePackageJson.Utils

Style

• Applied latest code style (via #1341)

Build

• Use webpack v5.103.0 now, was v5.102.1 (via #1340)

#1340: CycloneDX/cyclonedx-javascript-library#1340 #1341: CycloneDX/cyclonedx-javascript-library#1341 #1343: CycloneDX/cyclonedx-javascript-library#1343

... (truncated)

Changelog

Sourced from @​cyclonedx/cyclonedx-library's changelog.

9.4.1 -- 2025-12-04

• Fixed
  • Type declarations for deprecated symbols support usage as types (#1350 via #1351)
• Refactor
  • Deprecated symbols turned from re-exports into re-declares (via #1351)
    Note: this change adds runtime overhead for the sake of documentation.

#1350: CycloneDX/cyclonedx-javascript-library#1350 #1351: CycloneDX/cyclonedx-javascript-library#1351

9.4.0 -- 2025-12-02

• Added
  • New entry points for /Contrib and known submodules (via #1343)
    See package.json::exports for details.
• Changes
  • Moved non‑standard implementations to Contrib area (#1344 via #1343)
• Deprecated
  • Certain exports have been deprecated; downstream imports should be updated to the new locations (#1344 via #1343)
    Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details.
• Refactor
  • The following symbols were moved. (#1344 via #1343)
    The symbols are still import-able through their old location.
    • OLD -> NEW
    • Builders.FromNodePackageJson -> Contrib.FromNodePackageJson.Builders
    • Factories.FromNodePackageJson -> Contrib.FromNodePackageJson.Factories
    • Factories.LicenseFactory -> Contrib.License.Factories.LicenseFactory
    • Factories.PackageUrlFactory -> Contrib.PackageUrl.Factories.PackageUrlFactory
    • Types.assertNodePackageJson -> Contrib.FromNodePackageJson.Types.assertNodePackageJson
    • Types.isNodePackageJson -> Contrib.FromNodePackageJson.Types.isNodePackageJson
    • Types.NodePackageJson -> Contrib.FromNodePackageJson.Types.NodePackageJson
    • Utils.BomUtility -> Contrib.Bom.Utils
    • Utils.LicenseUtility -> Contrib.License.Utils
    • Utils.NpmjsUtility -> Contrib.FromNodePackageJson.Utils
• Style
  • Applied latest code style (via #1341)
• Build
  • Use webpack v5.103.0 now, was v5.102.1 (via #1340)

#1340: CycloneDX/cyclonedx-javascript-library#1340 #1341: CycloneDX/cyclonedx-javascript-library#1341 #1343: CycloneDX/cyclonedx-javascript-library#1343 #1344: CycloneDX/cyclonedx-javascript-library#1344

9.2.0 -- 2025-10-22

• Added
  • Support CycloneDX 1.7 (#1325 via #1324)

... (truncated)

Commits

• 1315d65 9.4.1
• d124458 fix: 6.4.0 deprecated types (#1351)
• ded3f6b 9.4.0
• 781fdf9 9.3.0
• ea8f1f3 feat: Moved non‑standard implementations to Contrib area (#1343)
• 8c36d6c docs
• 4b0373e chore(deps): bump knip from 5.70.2 to 5.71.0 in /tools/test-dependencies (#1349)
• 84a70fd chore: fix dependabot cfg
• ee7fb13 docs
• 743dcf9 chore(deps): bump the eslint group across 1 directory with 4 updates (#1341)
• Additional commits viewable in compare view

Updates fast-xml-parser from 5.3.4 to 5.3.9

Release notes

Sourced from fast-xml-parser's releases.

support strictReservedNames

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.9...v5.3.9

handle non-array input for XML builder && support maxNestedTags

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.7...v5.3.8

CJS typing fix

What's Changed

• Unexport X2jOptions at declaration site by @​Drarig29 in NaturalIntelligence/fast-xml-parser#787

New Contributors

• @​Drarig29 made their first contribution in NaturalIntelligence/fast-xml-parser#787

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.6...v5.3.7

Entity security and performance

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.5...v5.3.6

v5.3.5

What's Changed

• Add missing exports to fxp commonjs types by @​jeremymeng in NaturalIntelligence/fast-xml-parser#782
• fix: Escape regex char in entity name
• update strnum to 2.1.2

New Contributors

• @​jeremymeng made their first contribution in NaturalIntelligence/fast-xml-parser#782

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.4...v5.3.5

Changelog

Sourced from fast-xml-parser's changelog.

5.3.9 5.3.9 / 2026-02-25

• support strictReservedNames

5.3.8 5.3.8 / 2026-02-25

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies

5.3.7 5.3.7 / 2026-02-20

• fix typings for CJS (By Corentin Girard)

5.3.6 / 2026-02-14

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

• fix: Escape regex char in entity name
• update strnum to 2.1.2
• add missing exports in CJS typings

5.3.4 / 2026-01-30

• fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

• fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

• fix for import statement for v6

5.3.1 / 2025-11-03

• Performance improvement for stopNodes (By Maciek Lamberski)

5.3.0 / 2025-10-03

• Use Uint8Array in place of Buffer in Parser

5.2.5 / 2025-06-08

• Inform user to use fxp-cli instead of in-built CLI feature
• Export typings for direct use

5.2.4 / 2025-06-06

... (truncated)

Commits

• 6f333a8 update release info
• c3ffbab support strictReservedNames
• c692040 update release info
• 107e34c avoid {} to create an empty object
• 60835a4 support maxNestedTags
• f55657c avoid direct call to hasOwnProperty
• c13a961 handle non-array input for XML builder when preserveOrder is true
• fc97a55 update relese info
• b9aef04 Unexport X2jOptions at declaration site (#787)
• c20fbd6 remove unused code
• Additional commits viewable in compare view

Updates packageurl-js from 1.0.2 to 2.0.1

Changelog

Sourced from packageurl-js's changelog.

2.0.1

Bug Fix

• Fix decoding problems around the % character #75 (fix contributed by @​jdalton)

2.0.0

• Significant refactor based on code from @​jdalton
• Numerous bug fixes and improvements the community was asking for
  • See closed issues and PRs for details (too many to list here)

1.2.1

Bug Fixes

• purls with + in versions are now valid #52 (contributed by @​satanshiro)
• purl names staring with : are now accepted #45 (contributed by @​aniruth37)

1.2.0

Features

• Add pub parsing for Dart and Flutter packages (contributed by @​topaztee)

1.1.1

Bug Fix

• publish errors

1.1.0

Features

• Verify entire version string is properly encoded (contributed by @​mcombuechen, @​topaztee)

Commits

• cd1eb4b chore: bump to v2.0.1 (#77)
• f7dccd6 fix: error on decode with meaningful message
• 07b818b fix: only decode in parseString
• c2f576f bump to v2.0.0 (#74)
• b5660a5 Merge pull request #73 from package-url/jdalton/sync
• 400de0c Merge pull request #72 from package-url/dependabot/npm_and_yarn/braces-3.0.3
• b6c8ce8 fix: correct package-url.d.ts readonly type casing
• 96822af fix: correct param name typos
• f81a6be fix: use encodeQualifierValue for qualifierKey and qualifierValue
• ff590d2 feat: encode qualifiers with URLSearchParams
• Additional commits viewable in compare view

Updates yargs from 17.7.2 to 18.0.0

Changelog

Sourced from yargs's changelog.

18.0.0 (2025-05-26)

⚠ BREAKING CHANGES

• command names are not derived from modules passed to command.
• singleton usage of yargs yargs.foo, yargs().argv, has been removed.
• minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23.
• yargs is now ESM first

Features

• commandDir now works with ESM files (#2461) (27eec18)
• locale: adds hebrew translation (#2357) (4266485)
• yargs is now ESM first (d90af45)
• zsh: Add default completion as fallback (#2331) (e02c91b)

Bug Fixes

• addDirectory do not support absolute command dir (#2465) (3a40a78)
• allows ESM modules commands to be extensible using visit option (#2468) (200e1aa)
• browser: fix shims so that yargs continues working in browser context (#2457) (4ae5f57)
• build: address problems with typescript compilation (#2445) (8d72fb3)
• coerce should play well with parser configuration (#2308) (8343c66)
• deps: update dependency yargs-parser to v22 (#2470) (639130d)
• exit after async handler done (#2313) (e326cde)
• handle spaces in bash completion (#2452) (83b7788)
• parser-configuration should work well with generated completion script (#2332) (888db19)
• propagate Dictionary including undefined in value type (#2393) (2b2f7f5)
• zsh: completion no longer requires double tab when using autoloaded (0dd8fe4)

Code Refactoring

• command names are not derived from modules passed to command. (d90af45)
• singleton usage of yargs yargs.foo, yargs().argv, has been removed. (d90af45)

Build System

• minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23. (d90af45)

Commits

• 0bc7255 chore(main): release 18.0.0 (#2325)
• 639130d fix(deps): update dependency yargs-parser to v22 (#2470)
• 200e1aa fix: allows ESM modules commands to be extensible using visit option (#2468)
• 888db19 fix: parser-configuration should work well with generated completion script (...
• 3a40a78 fix: addDirectory do not support absolute command dir (#2465)
• 90e9eca docs: remove to old slack channel (#2466)
• 0dd8fe4 fix(zsh): completion no longer requires double tab when using autoloaded
• 27eec18 feat: commandDir now works with ESM files (#2461)
• f9c72a7 docs: update examples to run from examples folder (#2463)
• e02c91b feat(zsh): Add default completion as fallback (#2331)
• Additional commits viewable in compare view

Updates @types/node from 20.19.31 to 25.3.0

Commits

• See full diff in compare view

Updates c8 from 10.1.3 to 11.0.0

Release notes

Sourced from c8's releases.

v11.0.0

11.0.0 (2026-02-22)

⚠ BREAKING CHANGES

• deps: transitive deps require 20 || >=22

Bug Fixes

• deps: pull newer minimatch addressing CVE-2026-26996 (#576) (678eeca)

Changelog

Sourced from c8's changelog.

11.0.0 (2026-02-22)

⚠ BREAKING CHANGES

• deps: transitive deps require 20 || >=22

Bug Fixes

• deps: pull newer minimatch addressing CVE-2026-26996 (#576) (678eeca)

Commits

• ce78df4 chore(main): release 11.0.0 (#577)
• 678eeca fix(deps)!: pull newer minimatch addressing CVE-2026-26996 (#576)
• ec4c5e4 chore: .editorconfig to avoid unintended mods to .snap files (#556)
• See full diff in compare view

Updates chai from 4.5.0 to 6.2.2

Release notes

Sourced from chai's releases.

v6.2.2

What's Changed

• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in chaijs/chai#1745
• chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 by @​renovate[bot] in chaijs/chai#1746
• build(deps): bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in chaijs/chai#1747
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in chaijs/chai#1749
• fix: avoid BigInt literal in closeTo for runtime compat by @​bheemreddy-samsara in chaijs/chai#1748
• chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 by @​renovate[bot] in chaijs/chai#1751
• chore(deps): update dependency prettier to v3.7.3 by @​renovate[bot] in chaijs/chai#1754
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1755
• chore(deps): update dependencies to v9.39.2 by @​renovate[bot] in chaijs/chai#1757
• chore: add --legal-comments=none option by @​hyperz111 in chaijs/chai#1756
• chore(deps): update dependency esbuild to v0.27.2 by @​renovate[bot] in chaijs/chai#1759

New Contributors

• @​bheemreddy-samsara made their first contribution in chaijs/chai#1748
• @​hyperz111 made their first contribution in chaijs/chai#1756

Full Changelog: chaijs/chai@v6.2.1...v6.2.2

v6.2.1

What's Changed

• chore: add renovate config by @​43081j in chaijs/chai#1709
• chore: use new renovate schema by @​43081j in chaijs/chai#1713
• chore(deps): update actions/setup-node action to v5 (main) by @​renovate[bot] in chaijs/chai#1711
• chore(deps): update actions/checkout action to v5 (main) by @​renovate[bot] in chaijs/chai#1710
• chore(deps): update dependency eslint to v9 (main) by @​renovate[bot] in chaijs/chai#1715
• chore(deps): update dependency @​rollup/plugin-commonjs to v28 (main) by @​renovate[bot] in chaijs/chai#1714
• chore(deps): update dependency mocha to v11 (main) by @​renovate[bot] in chaijs/chai#1717
• chore(deps): update dependency eslint-plugin-jsdoc to v60 (main) by @​renovate[bot] in chaijs/chai#1716
• chore: disable renovate for 4.x.x by @​43081j in chaijs/chai#1722
• chore(deps): update dependency eslint-plugin-jsdoc to v61 by @​renovate[bot] in chaijs/chai#1727
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in chaijs/chai#1729
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1726
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1730
• chore(deps): update dependency node to v24 by @​renovate[bot] in chaijs/chai#1731
• chore(deps): update dependency @​rollup/plugin-commonjs to v29 by @​renovate[bot] in chaijs/chai#1732
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1734
• build(deps): bump koa from 2.14.2 to 2.16.1 by @​dependabot[bot] in chaijs/chai#1683
• docs: update browser usage by @​43081j in chaijs/chai#1736
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1740
• docs: add comprehensive documentation for containSubset assertion by @​Aashish-Jha-11 in chaijs/chai#1739
• Set esbuild target to es2021 to support Safari < 16.4 by @​larabr in chaijs/chai#1737

New Contributors

• @​renovate[bot] made their first contribution in chaijs/chai#1711
• @​Aashish-Jha-11 made their first contribution in chaijs/chai#1739
• @​larabr made their first contribution in chaijs/chai#1737

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

... (truncated)

Commits

• 814172d chore(deps): update dependency esbuild to v0.27.2 (#1759)
• b38c22b chore: add legal-comments=none option (#1756)
• 180d4cc chore(deps): update dependencies to v9.39.2 (#1757)
• 678cd00 chore(deps): update dependencies (#1755)
• c8fb100 chore(deps): update dependency prettier to v3.7.3 (#1754)
• d63c74e chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 (#1751)
• 243bf86 fix: avoid BigInt literal in closeTo for runtime compat (#1748)
• d8b0395 chore(deps): update actions/checkout action to v6 (#1749)
• 7e1e247 build(deps): bump glob from 10.4.5 to 10.5.0 (#1747)
• b25e5d8 chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 (#1746)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chai since your current version.

Updates eslint from 8.57.1 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits

• 55122d6 10.0.2
• 80f1e29 Build: changelog update for 10.0.2
• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
• 98cbf6b docs: update migration guide per Program range change (#20534)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• Additional commits viewable in compare view

Updates mocha from 10.8.2 to 11.7.5

Release notes

Sourced from mocha's releases.

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

• swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

• run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
• setup release-please for v11 (#5522) (663fff4)

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

• watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

• migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

• remove trailing spaces (#5475) (7f68e5c)

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

• use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

• add security escalation policy (#5466) (4122c7d)
• fix duplicate global leak documentation (#5461) (1164b9d)
• migrate third party UIs wiki page to docs (#5434) (6654704)
• update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

... (truncated)

Changelog

Sourced from mocha's changelog.

11.7.5 (2025-11-04)

🩹 Fixes

• swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

• run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
• setup release-please for v11 (#5522) (663fff4)

11.7.4 (2025-10-01)

🩹 Fixes

• watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

• migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

• remove trailing spaces (#5475) (7f68e5c)

11.7.3 (...

Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.