build(deps-dev): bump the npm group across 1 directory with 2 updates

[dependabot]

Bumps the npm group with 2 updates in the / directory: @napi-rs/cli and oxlint.

Updates @napi-rs/cli from 3.4.1 to 3.5.0

Release notes

Sourced from @​napi-rs/cli's releases.

@​napi-rs/cli@​3.5.0

What's Changed

• perf: replace debug with obug by @​sxzz in napi-rs/napi-rs#3019
• fix(deps): update dependency @​inquirer/prompts to v8 by @​renovate[bot] in napi-rs/napi-rs#3020
• chore(deps): update yarn to v4.12.0 by @​renovate[bot] in napi-rs/napi-rs#3030
• fix(cli): use jsPackageName from cli options by @​U-C-S in napi-rs/napi-rs#3035

New Contributors

• @​Copilot made their first contribution in napi-rs/napi-rs#2990

Full Changelog: https://github.com/napi-rs/napi-rs/compare/napi-v3.5.2...@​napi-rs/cli@​3.5.0

Commits

• 257dde1 chore(release): publish
• 4ca47e1 chore(napi): add back pub NODE_VERSION_* (#3046)
• cf0465f chore(sys): add back non dyn-symbols behavior (#3045)
• 295c6b3 fix(napi): bigInt comparison (#3039)
• 54a9654 fix(napi-derive): add paren for function types (#3044)
• a673471 feat(napi-derive): add tracing feature for debug logging NAPI function calls ...
• 3cca48c chore(deps): lock file maintenance (#3040)
• e0f5993 chore(deps): update dependency tinybench to v6 (#3043)
• 337abca chore(deps): update dependency @​oxc-node/core to ^0.0.35 (#3042)
• e4f5360 feat(napi): add node_api_create_object_with_properties support for enum creat...
• Additional commits viewable in compare view

Updates oxlint from 1.28.0 to 1.31.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Commits

• df24daf release(apps): oxlint v1.31.0 && oxfmt v0.16.0 (#16333)
• 523a30a style(all): apply oxfmt default options (#16091)
• 5877752 ci(lint): enable no-console rule (#16053)
• bf9f469 release(apps): oxlint v1.30.0 && oxfmt v0.15.0 (#16047)
• 2d32954 chore(oxlint): bump min tsgolint pkg version to 0.8.1 (#16040)
• 595867a feat(oxlint): Generate markdownDescription fields for oxlint JSON schema. (#1...
• ef4cc33 release(apps): oxlint v1.29.0 && oxfmt v0.14.0 (#15772)
• 44f656d chore(oxlint): bump min tsgolint pkg version to 0.7.1 (#15775)
• 84de1ca feat(oxlint,oxfmt): Allow comments and also commas for vscode-json-ls (#15612)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[2bndy5]

This should resolve https://github.com/cpp-linter/cpp-linter-rs/security/dependabot/18

[2bndy5]

yarn why js-yaml -R
└─ @cpp-linter/cpp-linter@workspace:bindings/node
   ├─ @napi-rs/cli@npm:3.5.0 [ed41e] (via npm:3.5.0 [ed41e])
   │  └─ js-yaml@npm:4.1.0 (via npm:^4.1.0)
   └─ ava@npm:6.4.1 [ed41e] (via npm:^6.4.1 [ed41e])
      └─ supertap@npm:3.0.1 (via npm:^3.0.1)
         └─ js-yaml@npm:3.14.2 (via npm:^3.14.1)

So apparently, ava (a JS testing harness) uses an old unmaintained dependency called supertap. Both napi-rs/cli and supertap pull in patched versions of js-yaml with the security alert addressed (see js-yaml changelog). I had to manually upgrade js-yaml v4.1.x in the lock file; dependabot failed to do this adequately.

---

also bumped yarn to v4.12.0