deps: bump workbox-streams from 6.1.5 to 6.4.1

[dependabot[bot]]

Bumps workbox-streams from 6.1.5 to 6.4.1.

Release notes

Sourced from workbox-streams's releases.

Workbox v6.4.1

The Workbox v6.4.1 release fixes a few issues:

🐛 What's Fixed?

workbox-build

• The dependency on @apideck/better-ajv-errors has been updated, which in turn addresses a security issue in one of its dependencies. #2977

worbox-navigation-preload

• The inline TypeScript definition for preloadResponse was incorrect, and has been fixed to reflect the previous definition that used to be provided by the TypeScript standard library. #2975

worbox-strategies

• Take request.url into account in StrategyHandler.getCacheKey(). This ensures if a custom strategy overrides the Strategy._handle() method and performs multiple cache operations on different URLs, the cache key is properly calculated for each distinct URL. #2973

Workbox v6.4.0 includes:

🎉 What's New?

• We upgraded to TypeScript 4.4.3. This required us to declare inline some types that are now longer part of the TypeScript standard; see #2946 for more context. #2950

worbox-background-sync

• You can check the number of requests in the sync queue with the new method size(). #2941

🐛 What's Fixed?

• We upgraded @​surma/rollup-plugin-off-main to patch a vulnerability from the dependency. #2962
• A missing sourcemap is no longer a fatal error when running injectManifest. It returns now returns a warning and continues with execution. #2959

🎁 Thank you

To our new contributors in this version: @​StephanBijzitter and @​fuzail-ahmed!

Workbox v6.3.0 includes a couple of bug fixes and several new features.

🎉 What's New?

Allow precaching "repair" when using subresource integrity

Although unexpected, there are edge cases where the precache might not be in an inconsistent state, most likely due to a developer manually deleting something in DevTools.

When this happens, workbox-precaching defaults to falling-back to using a network response (assuming the device is online) when there's a precaching miss. Up until now, workbox-precaching hasn't attempting to use this network response to repopulate the precache, because there are no guarantees that the network response corresponds to the version of the asset specified in the precache manifest.

However, if the precache entry includes an integrity property, then subresource integrity guarantees that the response does correspond to the same version of the asset in the manifest. So it should be safe to "repair" the cache with that response. #2921

IDB writes use relaxed durability

This small change to the way Workbox writes to IndexedDB should lead to slightly better performance, without any appreciable downsides. #2934

notifyAllClients option in BroadcastCacheUpdate

BroadcastCacheUpdate uses postMessage() to notify all open tabs controlled by the current service worker about a cache update. This default behavior is not changing.

... (truncated)

Commits

• 5d90dac v6.4.1
• 754b814 Bump a dep (#2977)
• 7b09c60 Fix preloadResponse type (#2975)
• bbaac60 Make request.url part of the key (#2973)
• cdad230 v6.4.0
• 4d39dfa upgrade to @​surma/rollup-plugin-off-main-thread dependencies from 1.4.1 to 2....
• e0bcb29 Export more classes/types publicly (#2955)
• 97fc646 Treat a missing sourcemap as a warning (#2959)
• cef23f1 Updates to the contribution guide (#2949)
• 80cbaf6 Updates for TypeScript 4.4.3 (#2950)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)