Bump the npm_and_yarn group across 2 directories with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: esbuild.
Bumps the npm_and_yarn group with 1 update in the /tests/app directory: multer.

Updates esbuild from 0.25.0 to 0.25.1

Release notes

Sourced from esbuild's releases.

v0.25.1

• Fix incorrect paths in inline source maps (#4070, #4075, #4105)

  This fixes a regression from version 0.25.0 where esbuild didn't correctly resolve relative paths contained within source maps in inline sourceMappingURL data URLs. The paths were incorrectly being passed through as-is instead of being resolved relative to the source file containing the sourceMappingURL comment, which was due to the data URL not being a file URL. This regression has been fixed, and this case now has test coverage.

• Fix invalid generated source maps (#4080, #4082, #4104, #4107)

  This release fixes a regression from version 0.24.1 that could cause esbuild to generate invalid source maps. Specifically under certain conditions, esbuild could generate a mapping with an out-of-bounds source index. It was introduced by code that attempted to improve esbuild's handling of "null" entries in source maps (i.e. mappings with a generated position but no original position). This regression has been fixed.

  This fix was contributed by @​jridgewell.

• Fix a regression with non-file source map paths (#4078)

  The format of paths in source maps that aren't in the file namespace was unintentionally changed in version 0.25.0. Path namespaces is an esbuild-specific concept that is optionally available for plugins to use to distinguish paths from file paths and from paths meant for other plugins. Previously the namespace was prepended to the path joined with a : character, but version 0.25.0 unintentionally failed to prepend the namespace. The previous behavior has been restored.

• Fix a crash with switch optimization (#4088)

  The new code in the previous release to optimize dead code in switch statements accidentally introduced a crash in the edge case where one or more switch case values include a function expression. This is because esbuild now visits the case values first to determine whether any cases are dead code, and then visits the case bodies once the dead code status is known. That triggered some internal asserts that guard against traversing the AST in an unexpected order. This crash has been fixed by changing esbuild to expect the new traversal ordering. Here's an example of affected code:

  switch (x) {
    case '':
      return y.map(z => z.value)
    case y.map(z => z.key).join(','):
      return []
  }

• Update Go from 1.23.5 to 1.23.7 (#4076, #4077)

  This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain reports from vulnerability scanners that detect which version of the Go compiler esbuild uses.

  This PR was contributed by @​MikeWillCook.

Changelog

Sourced from esbuild's changelog.

0.25.1

• Fix incorrect paths in inline source maps (#4070, #4075, #4105)

  This fixes a regression from version 0.25.0 where esbuild didn't correctly resolve relative paths contained within source maps in inline sourceMappingURL data URLs. The paths were incorrectly being passed through as-is instead of being resolved relative to the source file containing the sourceMappingURL comment, which was due to the data URL not being a file URL. This regression has been fixed, and this case now has test coverage.

• Fix invalid generated source maps (#4080, #4082, #4104, #4107)

  This release fixes a regression from version 0.24.1 that could cause esbuild to generate invalid source maps. Specifically under certain conditions, esbuild could generate a mapping with an out-of-bounds source index. It was introduced by code that attempted to improve esbuild's handling of "null" entries in source maps (i.e. mappings with a generated position but no original position). This regression has been fixed.

  This fix was contributed by @​jridgewell.

• Fix a regression with non-file source map paths (#4078)

  The format of paths in source maps that aren't in the file namespace was unintentionally changed in version 0.25.0. Path namespaces is an esbuild-specific concept that is optionally available for plugins to use to distinguish paths from file paths and from paths meant for other plugins. Previously the namespace was prepended to the path joined with a : character, but version 0.25.0 unintentionally failed to prepend the namespace. The previous behavior has been restored.

• Fix a crash with switch optimization (#4088)

  The new code in the previous release to optimize dead code in switch statements accidentally introduced a crash in the edge case where one or more switch case values include a function expression. This is because esbuild now visits the case values first to determine whether any cases are dead code, and then visits the case bodies once the dead code status is known. That triggered some internal asserts that guard against traversing the AST in an unexpected order. This crash has been fixed by changing esbuild to expect the new traversal ordering. Here's an example of affected code:

  switch (x) {
    case '':
      return y.map(z => z.value)
    case y.map(z => z.key).join(','):
      return []
  }

• Update Go from 1.23.5 to 1.23.7 (#4076, #4077)

  This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain reports from vulnerability scanners that detect which version of the Go compiler esbuild uses.

  This PR was contributed by @​MikeWillCook.

Commits

• 6bfc1c1 publish 0.25.1 to npm
• f9b3952 fix #4078: prepend namespaces to source map paths
• ccf3dd7 add "contributed by" in changelog
• 48cd7a9 Update Go from 1.23.5 to 1.23.7 (#4077)
• 1f04fa4 fix absolute windows paths in source maps
• 9ca03f6 also add test case from #4075
• 2f244c0 add test case from #4104
• 1dde994 fix incorrect test names
• 9f008c5 fix #4070: file namespace for sourceMappingURL
• cbd5eb8 release notes and tests for #4082
• Additional commits viewable in compare view

Updates multer from 1.4.4 to 2.0.0

Release notes

Sourced from multer's releases.

v2.0.0

Important

• Breaking change: The minimum supported Node version is now 10.16.0
• Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)
• Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

What's Changed

• 🐛 drain stream. fixes regression in node 18, remove old CI, set minimum node version, fix readme badges, add .npmrc
• fix: handle two busboy error events
• ♻️ fully drain stream
• 🥅 explicitly handle req error
• 🚨 lint:fix
• ⬆️ bump mocha
• docs: include release 2.0.0 details

Changelog

Sourced from multer's changelog.

2.0.0

• Breaking change: The minimum supported Node version is now 10.16.0
• Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)
• Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

1.4.5-lts.2

• Fix out-of-band error event from busboy (#1177)

1.4.5-lts.1

• No changes

1.4.4-lts.1

• Bugfix: Bump busboy to fix CVE-2022-24434 (#1097)
• Breaking: Require Node.js 10.16.0 or later (#1097)

Commits

• 2c8505f 🐛 drain stream. fixes regression in node 18, remove old CI, set minimum node ...
• bde1822 ci: add ci pipeline to lts branch (#1302)
• 8ec534f version: 1.4.5-lts.2
• 502c03d history: 1.4.5-lts.2
• 4ce82b0 test: add test for out-of-band error event
• a4be1d5 Merge pull request #1177 from max-mathieu/fix/unhandled-busboy-error
• 37241f8 Fix out-of-band error event from busboy
• ddb65bd version: 1.4.5-lts.1
• bc5be94 history: 1.4.5-lts.1
• 59c7ef3 version: 1.4.4-lts.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

🧙 Sourcery đã hoàn thành việc xem xét pull request của bạn!

---

Mẹo và lệnh

Tương tác với Sourcery

• Khởi chạy một lượt xem xét mới: Bình luận @sourcery-ai review trên pull request.
• Tiếp tục thảo luận: Trả lời trực tiếp vào các bình luận xem xét của Sourcery.
• Tạo một issue GitHub từ một bình luận xem xét: Yêu cầu Sourcery tạo một
  issue từ một bình luận xem xét bằng cách trả lời nó. Bạn cũng có thể trả lời một
  bình luận xem xét bằng @sourcery-ai issue để tạo một issue từ nó.
• Tạo tiêu đề pull request: Viết @sourcery-ai ở bất kỳ đâu trong
  tiêu đề pull request để tạo tiêu đề bất kỳ lúc nào. Bạn cũng có thể bình luận
  @sourcery-ai title trên pull request để (tái)tạo tiêu đề bất kỳ lúc nào.
• Tạo tóm tắt pull request: Viết @sourcery-ai summary ở bất kỳ đâu trong
  phần thân pull request để tạo bản tóm tắt PR bất kỳ lúc nào chính xác nơi bạn
  muốn. Bạn cũng có thể bình luận @sourcery-ai summary trên pull request để
  (tái)tạo bản tóm tắt bất kỳ lúc nào.
• Tạo hướng dẫn cho người đánh giá: Bình luận @sourcery-ai guide trên pull
  request để (tái)tạo hướng dẫn cho người đánh giá bất kỳ lúc nào.
• Giải quyết tất cả các bình luận của Sourcery: Bình luận @sourcery-ai resolve trên
  pull request để giải quyết tất cả các bình luận của Sourcery. Hữu ích nếu bạn đã
  giải quyết tất cả các bình luận và không muốn thấy chúng nữa.
• Bỏ qua tất cả các đánh giá của Sourcery: Bình luận @sourcery-ai dismiss trên pull
  request để bỏ qua tất cả các đánh giá hiện có của Sourcery. Đặc biệt hữu ích nếu bạn
  muốn bắt đầu lại với một đánh giá mới - đừng quên bình luận
  @sourcery-ai review để kích hoạt một đánh giá mới!

Tùy chỉnh trải nghiệm của bạn

Truy cập dashboard của bạn để:

• Bật hoặc tắt các tính năng đánh giá như bản tóm tắt pull request do Sourcery tạo,
  hướng dẫn cho người đánh giá và các tính năng khác.
• Thay đổi ngôn ngữ đánh giá.
• Thêm, xóa hoặc chỉnh sửa hướng dẫn đánh giá tùy chỉnh.
• Điều chỉnh các cài đặt đánh giá khác.

Nhận trợ giúp

• Liên hệ với nhóm hỗ trợ của chúng tôi nếu có câu hỏi hoặc phản hồi.
• Truy cập tài liệu của chúng tôi để biết các hướng dẫn và thông tin chi tiết.
• Giữ liên lạc với nhóm Sourcery bằng cách theo dõi chúng tôi trên X/Twitter, LinkedIn hoặc GitHub.

Original review guide in English

🧙 Sourcery has finished reviewing your pull request!

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.