build(deps): bump the npm-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the npm-dependencies group with 12 updates in the / directory:

Package	From	To
@cyclonedx/cyclonedx-library	6.13.1	9.4.1
fast-xml-parser	5.3.4	5.4.1
packageurl-js	1.0.2	2.0.1
@trustify-da/trustify-da-api-model	2.0.3	2.0.7
@types/node	20.19.31	25.3.2
chai	4.5.0	6.2.2
eslint	8.57.1	10.0.2
mocha	10.8.2	11.7.5
msw	2.12.7	2.12.10
sinon	15.2.0	21.0.1
sinon-chai	3.7.0	4.0.1
which	5.0.0	6.0.1

Updates @cyclonedx/cyclonedx-library from 6.13.1 to 9.4.1

Release notes

Sourced from @​cyclonedx/cyclonedx-library's releases.

9.4.1

Fixed

• Type declarations for deprecated symbols support usage as types (#1350 via #1351)

Refactor

• Deprecated symbols turned from re-exports into re-declares (via #1351)
  Note: this change adds runtime overhead for the sake of documentation.

#1350: CycloneDX/cyclonedx-javascript-library#1350 #1351: CycloneDX/cyclonedx-javascript-library#1351

---

What's Changed

• fix: 6.4.0 deprecated types by @​jkowalleck in CycloneDX/cyclonedx-javascript-library#1351

Full Changelog: CycloneDX/cyclonedx-javascript-library@v9.4.0...v9.4.1

9.4.0

Added

• New entry points for /Contrib and known submodules (via #1343)
  See package.json::exports for details.

Changes

• Moved non‑standard implementations to Contrib area (#1344 via #1343)

Deprecated

• Certain exports have been deprecated; downstream imports should be updated to the new locations (#1344 via #1343)
  Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details.

Refactor

• The following symbols were moved. (#1344 via #1343)
  The symbols are still import-able through their old location.
  • OLD -> NEW
  • Builders.FromNodePackageJson -> Contrib.FromNodePackageJson.Builders
  • Factories.FromNodePackageJson -> Contrib.FromNodePackageJson.Factories
  • Factories.LicenseFactory -> Contrib.License.Factories.LicenseFactory
  • Factories.PackageUrlFactory -> Contrib.PackageUrl.Factories.PackageUrlFactory
  • Types.assertNodePackageJson -> Contrib.FromNodePackageJson.Types.assertNodePackageJson
  • Types.isNodePackageJson -> Contrib.FromNodePackageJson.Types.isNodePackageJson
  • Types.NodePackageJson -> Contrib.FromNodePackageJson.Types.NodePackageJson
  • Utils.BomUtility -> Contrib.Bom.Utils
  • Utils.LicenseUtility -> Contrib.License.Utils
  • Utils.NpmjsUtility -> Contrib.FromNodePackageJson.Utils

Style

• Applied latest code style (via #1341)

Build

• Use webpack v5.103.0 now, was v5.102.1 (via #1340)

#1340: CycloneDX/cyclonedx-javascript-library#1340 #1341: CycloneDX/cyclonedx-javascript-library#1341 #1343: CycloneDX/cyclonedx-javascript-library#1343

... (truncated)

Changelog

Sourced from @​cyclonedx/cyclonedx-library's changelog.

9.4.1 -- 2025-12-04

• Fixed
  • Type declarations for deprecated symbols support usage as types (#1350 via #1351)
• Refactor
  • Deprecated symbols turned from re-exports into re-declares (via #1351)
    Note: this change adds runtime overhead for the sake of documentation.

#1350: CycloneDX/cyclonedx-javascript-library#1350 #1351: CycloneDX/cyclonedx-javascript-library#1351

9.4.0 -- 2025-12-02

• Added
  • New entry points for /Contrib and known submodules (via #1343)
    See package.json::exports for details.
• Changes
  • Moved non‑standard implementations to Contrib area (#1344 via #1343)
• Deprecated
  • Certain exports have been deprecated; downstream imports should be updated to the new locations (#1344 via #1343)
    Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details.
• Refactor
  • The following symbols were moved. (#1344 via #1343)
    The symbols are still import-able through their old location.
    • OLD -> NEW
    • Builders.FromNodePackageJson -> Contrib.FromNodePackageJson.Builders
    • Factories.FromNodePackageJson -> Contrib.FromNodePackageJson.Factories
    • Factories.LicenseFactory -> Contrib.License.Factories.LicenseFactory
    • Factories.PackageUrlFactory -> Contrib.PackageUrl.Factories.PackageUrlFactory
    • Types.assertNodePackageJson -> Contrib.FromNodePackageJson.Types.assertNodePackageJson
    • Types.isNodePackageJson -> Contrib.FromNodePackageJson.Types.isNodePackageJson
    • Types.NodePackageJson -> Contrib.FromNodePackageJson.Types.NodePackageJson
    • Utils.BomUtility -> Contrib.Bom.Utils
    • Utils.LicenseUtility -> Contrib.License.Utils
    • Utils.NpmjsUtility -> Contrib.FromNodePackageJson.Utils
• Style
  • Applied latest code style (via #1341)
• Build
  • Use webpack v5.103.0 now, was v5.102.1 (via #1340)

#1340: CycloneDX/cyclonedx-javascript-library#1340 #1341: CycloneDX/cyclonedx-javascript-library#1341 #1343: CycloneDX/cyclonedx-javascript-library#1343 #1344: CycloneDX/cyclonedx-javascript-library#1344

9.2.0 -- 2025-10-22

• Added
  • Support CycloneDX 1.7 (#1325 via #1324)

... (truncated)

Commits

• 1315d65 9.4.1
• d124458 fix: 6.4.0 deprecated types (#1351)
• ded3f6b 9.4.0
• 781fdf9 9.3.0
• ea8f1f3 feat: Moved non‑standard implementations to Contrib area (#1343)
• 8c36d6c docs
• 4b0373e chore(deps): bump knip from 5.70.2 to 5.71.0 in /tools/test-dependencies (#1349)
• 84a70fd chore: fix dependabot cfg
• ee7fb13 docs
• 743dcf9 chore(deps): bump the eslint group across 1 directory with 4 updates (#1341)
• Additional commits viewable in compare view

Updates fast-xml-parser from 5.3.4 to 5.4.1

Release notes

Sourced from fast-xml-parser's releases.

Separate Builder

XML Builder was the part of fast-xml-parser for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.

Migration

To migrate to fast-xml-builder;

From

import { XMLBuilder } from "fast-xml-parser";

To

import  XMLBuilder  from "fast-xml-builder";

XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.

support strictReservedNames

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.9...v5.3.9

handle non-array input for XML builder && support maxNestedTags

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.7...v5.3.8

CJS typing fix

What's Changed

• Unexport X2jOptions at declaration site by @​Drarig29 in NaturalIntelligence/fast-xml-parser#787

New Contributors

• @​Drarig29 made their first contribution in NaturalIntelligence/fast-xml-parser#787

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.6...v5.3.7

Entity security and performance

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.5...v5.3.6

v5.3.5

What's Changed

• Add missing exports to fxp commonjs types by @​jeremymeng in NaturalIntelligence/fast-xml-parser#782
• fix: Escape regex char in entity name

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.4.1 / 2026-02-25

• fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

• migrate to fast-xml-builder

5.3.9 / 2026-02-25

• support strictReservedNames

5.3.8 / 2026-02-25

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies

5.3.7 / 2026-02-20

• fix typings for CJS (By Corentin Girard)

5.3.6 / 2026-02-14

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

• fix: Escape regex char in entity name
• update strnum to 2.1.2
• add missing exports in CJS typings

5.3.4 / 2026-01-30

• fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

• fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

• fix for import statement for v6

5.3.1 / 2025-11-03

• Performance improvement for stopNodes (By Maciek Lamberski)

5.3.0 / 2025-10-03

... (truncated)

Commits

• 4e7ca80 update release info
• 36023b4 fix (#785) unpairedTag node should not have tag content
• b366026 separate builder
• 6f333a8 update release info
• c3ffbab support strictReservedNames
• c692040 update release info
• 107e34c avoid {} to create an empty object
• 60835a4 support maxNestedTags
• f55657c avoid direct call to hasOwnProperty
• c13a961 handle non-array input for XML builder when preserveOrder is true
• Additional commits viewable in compare view

Updates packageurl-js from 1.0.2 to 2.0.1

Changelog

Sourced from packageurl-js's changelog.

2.0.1

Bug Fix

• Fix decoding problems around the % character #75 (fix contributed by @​jdalton)

2.0.0

• Significant refactor based on code from @​jdalton
• Numerous bug fixes and improvements the community was asking for
  • See closed issues and PRs for details (too many to list here)

1.2.1

Bug Fixes

• purls with + in versions are now valid #52 (contributed by @​satanshiro)
• purl names staring with : are now accepted #45 (contributed by @​aniruth37)

1.2.0

Features

• Add pub parsing for Dart and Flutter packages (contributed by @​topaztee)

1.1.1

Bug Fix

• publish errors

1.1.0

Features

• Verify entire version string is properly encoded (contributed by @​mcombuechen, @​topaztee)

Commits

• cd1eb4b chore: bump to v2.0.1 (#77)
• f7dccd6 fix: error on decode with meaningful message
• 07b818b fix: only decode in parseString
• c2f576f bump to v2.0.0 (#74)
• b5660a5 Merge pull request #73 from package-url/jdalton/sync
• 400de0c Merge pull request #72 from package-url/dependabot/npm_and_yarn/braces-3.0.3
• b6c8ce8 fix: correct package-url.d.ts readonly type casing
• 96822af fix: correct param name typos
• f81a6be fix: use encodeQualifierValue for qualifierKey and qualifierValue
• ff590d2 feat: encode qualifiers with URLSearchParams
• Additional commits viewable in compare view

Updates @trustify-da/trustify-da-api-model from 2.0.3 to 2.0.7

Release notes

Sourced from @​trustify-da/trustify-da-api-model's releases.

Release 2.0.7

What's Changed

• fix: version bump missing update-sources by @​ruromero in guacsec/trustify-da-api-spec#103
• build(release): release 2.0.5 and bump to next development version by @​github-actions[bot] in guacsec/trustify-da-api-spec#102

Full Changelog: guacsec/trustify-da-api-spec@v2.0.5...v2.0.7

Release 2.0.5

What's Changed

• chore: bump to next development version by @​github-actions[bot] in guacsec/trustify-da-api-spec#85
• chore(ci): centralize pkg publication and update the release workflow by @​ruromero in guacsec/trustify-da-api-spec#87
• chore(ci): bump publish node version by @​ruromero in guacsec/trustify-da-api-spec#88
• chore(ci): publish npm independently by @​ruromero in guacsec/trustify-da-api-spec#89
• chore(ci): remove npm cache by @​ruromero in guacsec/trustify-da-api-spec#90
• chore: use short sha for ea version and fix publishing by @​ruromero in guacsec/trustify-da-api-spec#91
• build(release): release 2.0.3 and bump to next development version by @​github-actions[bot] in guacsec/trustify-da-api-spec#92
• fix: publish on release by @​ruromero in guacsec/trustify-da-api-spec#93
• fix: fix publish pipeline to run automatically for prod releases by @​Strum355 in guacsec/trustify-da-api-spec#94
• feat: add OSS licenses definition by @​ruromero in guacsec/trustify-da-api-spec#96
• chore: push to next development version by @​ruromero in guacsec/trustify-da-api-spec#97
• feat: add projectLicense info and identify, fetch endpoints by @​ruromero in guacsec/trustify-da-api-spec#99
• fix: wrong step id used in variable by @​ruromero in guacsec/trustify-da-api-spec#100
• fix: invalid version bump and body generation by @​ruromero in guacsec/trustify-da-api-spec#101

New Contributors

• @​Strum355 made their first contribution in guacsec/trustify-da-api-spec#94

Full Changelog: guacsec/trustify-da-api-spec@v2.0.2...v2.0.5

v2.0.4

What's Changed

• chore: bump to next development version by @​github-actions[bot] in guacsec/trustify-da-api-spec#85
• chore(ci): centralize pkg publication and update the release workflow by @​ruromero in guacsec/trustify-da-api-spec#87
• chore(ci): bump publish node version by @​ruromero in guacsec/trustify-da-api-spec#88
• chore(ci): publish npm independently by @​ruromero in guacsec/trustify-da-api-spec#89
• chore(ci): remove npm cache by @​ruromero in guacsec/trustify-da-api-spec#90
• chore: use short sha for ea version and fix publishing by @​ruromero in guacsec/trustify-da-api-spec#91
• build(release): release 2.0.3 and bump to next development version by @​github-actions[bot] in guacsec/trustify-da-api-spec#92
• fix: publish on release by @​ruromero in guacsec/trustify-da-api-spec#93
• fix: fix publish pipeline to run automatically for prod releases by @​Strum355 in guacsec/trustify-da-api-spec#94
• feat: add OSS licenses definition by @​ruromero in guacsec/trustify-da-api-spec#96

New Contributors

• @​Strum355 made their first contribution in guacsec/trustify-da-api-spec#94

Full Changelog: guacsec/trustify-da-api-spec@v2.0.2...v2.0.4

Commits

• 07b74de build(release): release version 2.0.7
• 92e04bc Merge pull request #102 from guacsec/release/v2.0.5
• 92185f6 Merge branch 'main' into release/v2.0.5
• c0e5cc6 Merge pull request #103 from ruromero/fix/publish-release
• c4999e2 fix: version bump missing update-sources
• f54c1c8 build(release): bump to next development version
• 1d981c7 build(release): release version 2.0.5
• 817898b Merge pull request #101 from ruromero/fix/release-version
• f62a400 fix: avoid creating unnecessary backup pom
• d08c39e fix: invalid version bump and body generation
• Additional commits viewable in compare view

Updates @types/node from 20.19.31 to 25.3.2

Commits

• See full diff in compare view

Updates chai from 4.5.0 to 6.2.2

Release notes

Sourced from chai's releases.

v6.2.2

What's Changed

• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in chaijs/chai#1745
• chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 by @​renovate[bot] in chaijs/chai#1746
• build(deps): bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in chaijs/chai#1747
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in chaijs/chai#1749
• fix: avoid BigInt literal in closeTo for runtime compat by @​bheemreddy-samsara in chaijs/chai#1748
• chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 by @​renovate[bot] in chaijs/chai#1751
• chore(deps): update dependency prettier to v3.7.3 by @​renovate[bot] in chaijs/chai#1754
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1755
• chore(deps): update dependencies to v9.39.2 by @​renovate[bot] in chaijs/chai#1757
• chore: add --legal-comments=none option by @​hyperz111 in chaijs/chai#1756
• chore(deps): update dependency esbuild to v0.27.2 by @​renovate[bot] in chaijs/chai#1759

New Contributors

• @​bheemreddy-samsara made their first contribution in chaijs/chai#1748
• @​hyperz111 made their first contribution in chaijs/chai#1756

Full Changelog: chaijs/chai@v6.2.1...v6.2.2

v6.2.1

What's Changed

• chore: add renovate config by @​43081j in chaijs/chai#1709
• chore: use new renovate schema by @​43081j in chaijs/chai#1713
• chore(deps): update actions/setup-node action to v5 (main) by @​renovate[bot] in chaijs/chai#1711
• chore(deps): update actions/checkout action to v5 (main) by @​renovate[bot] in chaijs/chai#1710
• chore(deps): update dependency eslint to v9 (main) by @​renovate[bot] in chaijs/chai#1715
• chore(deps): update dependency @​rollup/plugin-commonjs to v28 (main) by @​renovate[bot] in chaijs/chai#1714
• chore(deps): update dependency mocha to v11 (main) by @​renovate[bot] in chaijs/chai#1717
• chore(deps): update dependency eslint-plugin-jsdoc to v60 (main) by @​renovate[bot] in chaijs/chai#1716
• chore: disable renovate for 4.x.x by @​43081j in chaijs/chai#1722
• chore(deps): update dependency eslint-plugin-jsdoc to v61 by @​renovate[bot] in chaijs/chai#1727
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in chaijs/chai#1729
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1726
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1730
• chore(deps): update dependency node to v24 by @​renovate[bot] in chaijs/chai#1731
• chore(deps): update dependency @​rollup/plugin-commonjs to v29 by @​renovate[bot] in chaijs/chai#1732
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1734
• build(deps): bump koa from 2.14.2 to 2.16.1 by @​dependabot[bot] in chaijs/chai#1683
• docs: update browser usage by @​43081j in chaijs/chai#1736
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1740
• docs: add comprehensive documentation for containSubset assertion by @​Aashish-Jha-11 in chaijs/chai#1739
• Set esbuild target to es2021 to support Safari < 16.4 by @​larabr in chaijs/chai#1737

New Contributors

• @​renovate[bot] made their first contribution in chaijs/chai#1711
• @​Aashish-Jha-11 made their first contribution in chaijs/chai#1739
• @​larabr made their first contribution in chaijs/chai#1737

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

... (truncated)

Commits

• 814172d chore(deps): update dependency esbuild to v0.27.2 (#1759)
• b38c22b chore: add legal-comments=none option (#1756)
• 180d4cc chore(deps): update dependencies to v9.39.2 (#1757)
• 678cd00 chore(deps): update dependencies (#1755)
• c8fb100 chore(deps): update dependency prettier to v3.7.3 (#1754)
• d63c74e chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 (#1751)
• 243bf86 fix: avoid BigInt literal in closeTo for runtime compat (#1748)
• d8b0395 chore(deps): update actions/checkout action to v6 (#1749)
• 7e1e247 build(deps): bump glob from 10.4.5 to 10.5.0 (#1747)
• b25e5d8 chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 (#1746)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chai since your current version.

Updates eslint from 8.57.1 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits

• 55122d6 10.0.2
• 80f1e29 Build: changelog update for 10.0.2
• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
• 98cbf6b docs: update migration guide per Program range change (#20534)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• Additional commits viewable in compare view

Updates mocha from 10.8.2 to 11.7.5

Release notes

Sourced from mocha's releases.

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

• swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

• run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
• setup release-please for v11 (#5522) (663fff4)

v11.7.4

11.7.4 (2025-10-01)

🩹 Fixes

• watch mode using chokidar v4 (#5379) (c2667c3)

📚 Documentation

• migrate remaining legacy wiki pages to main documentation (#5465) (bff9166)

🧹 Chores

• remove trailing spaces (#5475) (7f68e5c)

v11.7.3

11.7.3 (2025-09-30)

🩹 Fixes

• use original require() error for TS files if ERR_UNKNOWN_FILE_EXTENSION (#5408) (ebdbc48)

📚 Documentation

• add security escalation policy (#5466) (4122c7d)
• fix duplicate global leak documentation (#5461) (1164b9d)
• migrate third party UIs wiki page to docs (#5434) (6654704)
• update maintainer release notes for release-please (#5453) (185ae1e)

🤖 Automation

... (truncated)

Changelog

Sourced from mocha's changelog.

11.7.5 (2025-11-04)

🩹 Fixes

• swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

• run tests on PRs for and pushes to v11.x (#5525) (8b21b38)
• setup release-please ...

  Description has been truncated