Bump the "app-dependencies" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the app-dependencies group with 3 updates: esbuild, sass and sinon.

Updates esbuild from 0.27.1 to 0.27.2

Release notes

Sourced from esbuild's releases.

v0.27.2

• Allow import path specifiers starting with #/ (#4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#4357, #4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  /* Old output (with --target=chrome110) */
  main {
  mask: url(x.png) center/5rem no-repeat;
  }
  /* New output (with --target=chrome110) */
  main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#4176, #4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }
  // Old output (with --minify)
  switch(x){case 0:foo();break;case 1:default:bar()}
  // New output (with --minify)

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.2

• Allow import path specifiers starting with #/ (#4361)

  Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

  This change was contributed by @​hybrist.

• Automatically add the -webkit-mask prefix (#4357, #4358)

  This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

  /* Original code */
  main {
    mask: url(x.png) center/5rem no-repeat
  }
  /* Old output (with --target=chrome110) */
  main {
  mask: url(x.png) center/5rem no-repeat;
  }
  /* New output (with --target=chrome110) */
  main {
  -webkit-mask: url(x.png) center/5rem no-repeat;
  mask: url(x.png) center/5rem no-repeat;
  }

  This change was contributed by @​BPJEnnova.

• Additional minification of switch statements (#4176, #4359)

  This release contains additional minification patterns for reducing switch statements. Here is an example:

  // Original code
  switch (x) {
    case 0:
      foo()
      break
    case 1:
    default:
      bar()
  }
  // Old output (with --minify)
  switch(x){case 0:foo();break;case 1:default:bar()}

... (truncated)

Commits

• cd83297 publish 0.27.2 to npm
• 2759721 additional tests for switch with break
• fd2b4b3 update release notes
• c8d93a7 fix #4357: -webkit- prefix for mask shorthand (#4358)
• 92ff12c compat table: update @types/node
• a35eceb compat table: fix a type error with the new types
• f598984 fix make compat-table to install dependencies
• f7f6df0 release notes for #4361
• 6f8ec15 fix: allow subpath imports that start with #/ (#4361)
• f7ae61f minify some switch statements to if-else statement
• Additional commits viewable in compare view

Updates sass from 1.96.0 to 1.97.1

Release notes

Sourced from sass's releases.

Dart Sass 1.97.1

To install Sass 1.97.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fix a bug with the new CSS-style if() syntax where values would be evaluated even if their conditions didn't match.

See the full changelog for changes in earlier releases.

Dart Sass 1.97.0

To install Sass 1.97.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Add support for the display-p3-linear color space.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.97.1

• Fix a bug with the new CSS-style if() syntax where values would be evaluated even if their conditions didn't match.

1.97.0

• Add support for the display-p3-linear color space.

Commits

• 62ec662 Use pwsh instead of powershell (#2710)
• b2f2532 Don't evaluate if() values if the condition doesn't match (#2707)
• 0c7083a Add support for the display-p3-linear color space (#2703)
• See full diff in compare view

Updates sinon from 21.0.0 to 21.0.1

Changelog

Sourced from sinon's changelog.

21.0.1

• 456a65c2 Update dependencies - except @​sinonjs/samsam (#2669) (Carl-Erik Kopseng)
• f04f3eb1 Fix issue 2618 - Remove browserify in favor of esbuild (#2661) (Artur Parkhisenko)
• 48b69df2 fix(docs): remove assert.failException from documentation (#2666) (Steffen Schroeder)
• 13b27ccc Fix sandbox restore not handling stubbed functions (#2667) (thamion)
• ae9e09ac Update compatibility target to ES2023 (Carl-Erik Kopseng)

  Updated compatibility target from ES2017 to ES2023 and clarified the note on breaking changes.

• 26055043 Improve error message for immutable descriptors (#2664) (Stuart Dotson)
• 80fa9a5b Also mirror the calledOnceWith assertion (#2660) (Benedikt Meurer)

Released by Carl-Erik Kopseng on 2025-12-19.

Commits

• a8bebe0 21.0.1
• 456a65c Update dependencies - except @​sinonjs/samsam (#2669)
• f04f3eb Fix issue 2618 - Remove browserify in favor of esbuild (#2661)
• 48b69df fix(docs): remove assert.failException from documentation (#2666)
• 13b27cc Fix sandbox restore not handling stubbed functions (#2667)
• ae9e09a Update compatibility target to ES2023
• 2605504 Improve error message for immutable descriptors (#2664)
• 6d48f12 Update text to emphasise that the target is moving
• 3d852ae Remember to quit on first error
• 43c88c9 Add some output
• Additional commits viewable in compare view

Bumps the app-dependencies group with 1 update: debug.

Updates debug from 1.11.0 to 1.11.1

Release notes

Sourced from debug's releases.

v1.11.1

What's Changed

• command
  • b path: path_pattern is accepted in ruby/debug@1139d78
• fix
  • catch any exception on singletonclass by @​ko1 in ruby/debug#1163
  • use Kernel.__callee__ by @​ko1 in ruby/debug#1164
  • FileUtils is needed by @​ko1 in ruby/debug#1168
• catch up Ruby 4.0
  • Update imemo_mask to match ruby's by @​byroot in ruby/debug#1151
  • backtrace changes ruby/debug@24f95d6
• remote
  • fix(DAP): Return unverified breakpoints instead of unsuccessful response by @​dmlambo in ruby/debug#1161
• misc
  • omit on older version by @​ko1 in ruby/debug#1167

New Contributors

• @​byroot made their first contribution in ruby/debug#1151
• @​dmlambo made their first contribution in ruby/debug#1161

Full Changelog: ruby/debug@v1.11.0...v1.11.1

Commits

• bad4d38 v1.11.1
• 88d762c FileUtils is needed
• 553373a omit on older version
• c1c1c8e use Kernel.__callee__
• 24f95d6 catch up 4.0.0 backtrace change
• bc97d33 add a test for b path: ...
• 1139d78 support b path: path_expr
• 06342cd catch any exception on singletonclass
• 2791573 fix(DAP): Return unverified breakpoints instead of unsuccessful response
• 14c8a54 Update imemo_mask to match ruby's
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions