chore(deps-dev): bump sinon from 18.0.0 to 22.0.0 in /build

[dependabot]

Bumps sinon from 18.0.0 to 22.0.0.

Changelog

Sourced from sinon's changelog.

22.0.0

• ed911df5 Update Ruby gems (Carl-Erik Kopseng)
• 75a1e5b8 Update to Node 26 (Carl-Erik Kopseng)
• 197d6608 Update documentation on faking timers to reflect the current state of fake-timers (Carl-Erik Kopseng)
• c5ddf80b Update fake-timers@15.4: includes new Temporal API (Carl-Erik Kopseng)
• f4ab02f6 Update updatable packages (Carl-Erik Kopseng)
• 0536afc8 Quality: Global mutable call id can grow unbounded across long-lived processes (#2691) (tuanaiseo)

  • refactor: global mutable call id can grow unbounded across l

  callId is module-scoped and incremented on every invocation. In long-running test runners or embedded usage, this can grow indefinitely and eventually lose integer precision semantics for strict ordering comparisons.

  Affected files: proxy-invoke.js

  Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com

  • Wrap around for all values that are too high

  ---

  Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com

• f4f7d93b Perform additional cleanup when calling callThrough() (#2670) (Cyrille)
• 6199e9e4 improve GitHubworkflows by introducing zizmor for monitoring (#2686) (Till!)

  • fix(workflows): fetch-depth is for actions/checkout
  • chore(workflows): update

  • pin all actions to precise commits
  • avoid credential leakage from actions/checkout
  • group action updates going forward
  • add zimor config to ignore "secrets outside env"
  • add job to keep validating workflows

• f7476b59 Use path.normalize() for path normalization (Carl-Erik Kopseng)
• 2c975393 fix: make build and node test scripts cross-platform (laplace young)
• a7692917 fix: isolate walk state from Object prototype (laplace young)
• 66df977a Fix sinon.restore() cascade-restoring sub-sandboxes (#2704) (Charlie Leitheiser)

  The ESM port of createApi (#2683, shipped in 21.1.0) replaced createSandbox: createSandbox with a wrapper that pushes every newly-created sandbox into the root sandbox's fake collection:

... (truncated)

Commits

• 52555af 22.0.0
• ed911df Update Ruby gems
• 75a1e5b Update to Node 26
• 197d660 Update documentation on faking timers to reflect the current state of fake-ti...
• c5ddf80 Update fake-timers@15.4: includes new Temporal API
• f4ab02f Update updatable packages
• 0536afc Quality: Global mutable call id can grow unbounded across long-lived processe...
• f4f7d93 Perform additional cleanup when calling callThrough() (#2670)
• 6199e9e improve GitHubworkflows by introducing zizmor for monitoring (#2686)
• 1519009 Merge #2703: isolate walk state from Object prototype
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[update-docs]

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.