projects icon indicating copy to clipboard operation
projects copied to clipboard

Published 20 hours ago verified publisher icon LearningTypeScript

⬆️ build(deps-dev): Bump zx from 8.5.3 to 8.8.5

Open dependabot[bot] opened this issue 1 month ago • 0 comments
trafficstars

Bumps zx from 8.5.3 to 8.8.5.

Release notes

Sourced from zx's releases.

8.8.5 — Temporary Reservoir

This release fixes the issue, when zx flushes external node_modules on linking #1348 #1349 #1355

Also [email protected] arrives here.

8.8.4 — Flange Coupling

It's time. This release updates zx internals to make the ps API and related methods ProcessPromise.kill(), kill() work on Windows systems without wmic. #1344 webpod/ps#15

  1. WMIC will be missing in Windows 11 25H2 (kernel >= 26000)
  2. The windows-latest label in GitHub Actions will migrate from Windows Server 2022 to Windows Server 2025 beginning September 2, 2025 and finishing by September 30, 2025.

https://github.blog/changelog/2025-07-31-github-actions-new-apis-and-windows-latest-migration-notice/#windows-latest-image-label-migration

8.8.3 — Sealing Gasket

Continues #1339 to prevent injections via Proxy input or custom toString() manipulations.

8.8.2 — Leaking Valve

Fixes potential cmd injection via kill() method for Windows platform. #1337 #1339. Affects the versions range 8.7.1...8.8.1.

8.8.1 — Turbo Flush

We keep improving the projects internal infra to bring more stability, safety and performance for artifacts.

Featfixes

  • Applied flags filtration for CLI-driven deps install #1308
  • Added kill() event logging #1312
  • Set SIGTERM as kill() fallback signal #1313
  • Allowed stdio() arg be an array #1311
const p = $({halt: true})`cmd`
p.stdio([stream, 'ignore', 'pipe'])

Enhancements

8.8.0 — Pressure Tested

This release enhances the coherence between the ProcessPromise and the Streams API, eliminating the need for certain script-level workarounds.

✨ New Features

unpipe() — Selectively stop piping

You can now call .unpipe() to stop data transfer from a source to a destination without closing any of the pair. #1302

</tr></table>

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Oct 20 '25 14:10 dependabot[bot]