chore(deps): bump the npm-minor-patch group with 2 updates

[dependabot]

Bumps the npm-minor-patch group with 2 updates: fuse.js and esbuild.

Updates fuse.js from 7.1.0 to 7.3.0

Release notes

Sourced from fuse.js's releases.

v7.3.0

Features

• Token search — per-term fuzzy matching with IDF scoring (68c1dcf)
• Fuse.match() — static method for single string matching (460eb5b)
• BigInt support for indexing and search (0ae662c)
• removeAt() now returns the removed item (8cec7e2)
• Support keyless string entries in logical queries (8695556)
• getFn null return, escaped pipe in extended search, empty query returns all (d33b735)

Bug Fixes

• Merge overlapping match indices in extended search (06c5e97)
• Inverse patterns now work correctly across multiple keys (9351882)
• Handle quoted tokens with inner spaces and quotes in extended search (c226523)
• Handle non-decomposable diacritics in stripDiacritics (5a01f29)
• Coerce non-string array values to strings during indexing (db0e181)
• Strip getFn from keys in toJSON() for safe serialization (0f2a69b)

Internal

• Full TypeScript rewrite of source code
• Dropped UMD builds and babel preset-env
• Upgraded to Rollup 4, Vitest 2, TypeScript 6, ESLint 9
• Frozen default config to prevent mutation across instances
• Rewrote documentation as standalone markdown files

v7.2.0

Features

• Add Fuse.use() for runtime plugin registration

Performance

• Inline Bitap score computation to reduce object allocation in hot loops
• Batch removeAll for O(n) bulk removes instead of O(n*k)
• Heap-based top-k selection when limit is set
• Cache compiled searcher for repeated queries

Benchmarked on 10k records: 9-14% faster core search, 49x faster bulk remove.

Bug Fixes

• search: Deduplicate and merge overlapping match indices (#735)
• search: Preserve original array indices in nested path traversal (#786)
• types: Correct key type in FuseSortFunctionMatch (#811)
• types: Correct keys type in parseIndex parameter (#794)

Full Changelog: krisk/Fuse@v7.1.0...v7.2.0

Changelog

Sourced from fuse.js's changelog.

7.3.0 (2026-04-04)

Features

• add BigInt support for indexing and search (0ae662c), closes #814
• add static Fuse.match() for single string matching (460eb5b)
• add token search — per-term fuzzy matching with IDF scoring (68c1dcf)
• getFn null return, escaped pipe in extended search, empty query returns all (d33b735), closes #800 #765 #728
• removeAt() now returns the removed item (8cec7e2), closes #675
• search: support keyless string entries in logical queries (8695556), closes #736

Bug Fixes

• index: coerce non-string array values to strings during indexing (db0e181), closes #738
• index: strip getFn from keys in toJSON() for safe serialization (0f2a69b), closes #798
• lint: suppress unused var in toJSON destructure (d63c0e8)
• merge overlapping match indices in extended search (06c5e97)
• search: handle non-decomposable diacritics in stripDiacritics (5a01f29), closes home-assistant/frontend#30399 #816
• search: handle quoted tokens with inner spaces and quotes in extended search (c226523), closes #810
• search: inverse patterns now work correctly across multiple keys (9351882), closes #712

7.2.0 (2026-04-02)

Features

• add Fuse.use() for runtime plugin registration (8546a9b)

Performance

• inline Bitap score computation to reduce object allocation in hot loops (8546a9b)
• batch removeAll for O(n) bulk removes instead of O(n*k) (8546a9b)
• heap-based top-k selection when limit is set (8546a9b)
• cache compiled searcher for repeated queries (8546a9b)

Bug Fixes

• search: deduplicate and merge overlapping match indices (60c393a), closes #735
• search: preserve original array indices in nested path traversal (a1451be), closes #786
• types: correct key type in FuseSortFunctionMatch (fecee16), closes #811
• types: correct keys type in parseIndex parameter (58c7c73), closes #794

Commits

• aae48f5 chore(release): 7.3.0
• d63c0e8 fix(lint): suppress unused var in toJSON destructure
• 44dfdb4 chore: add funding field to package.json
• 65dadf5 docs: add performance guide with benchmark script
• 0ae662c feat: add BigInt support for indexing and search
• 8153c9d docs: fix tsconfig to resolve "no inputs found" error
• 6afb2ed docs: add "When to Use It" section to token search page
• 0e74a9c docs: simplify Getting Started page title
• 80330ed docs: fix sidebar titles and restore subheading expansion
• 6cd0cee docs: remove unused TwitterFollow and Version components
• Additional commits viewable in compare view

Updates esbuild from 0.27.4 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

v0.27.7

• Fix lowering of define semantics for TypeScript parameter properties (#4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  // Old output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  this.x = x;
  __publicField(this, "y", 2);
  }
  x;
  }
  // New output (with --loader=ts --target=es2021)
  class Foo {

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.28.0

• Add support for with { type: 'text' } imports (#4435)

  The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:

  import string from './example.txt' with { type: 'text' }
  console.log(string)

• Add integrity checks to fallback download path (#4343)

  Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

  This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

• Update the Go compiler from 1.25.7 to 1.26.1

  This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

  • It now uses the new garbage collector that comes with Go 1.26.
  • The Go compiler is now more aggressive with allocating memory on the stack.
  • The executable format that the Go linker uses has undergone several changes.
  • The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

  You can read the Go 1.26 release notes for more information.

0.27.7

• Fix lowering of define semantics for TypeScript parameter properties (#4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  // Old output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  this.x = x;
  __publicField(this, "y", 2);
  }
  x;
  }

... (truncated)

Commits

• 6a794df publish 0.28.0 to npm
• 64ee0ea fix #4435: support with { type: text } imports
• ef65aee fix sort order in snapshots_packagejson.txt
• 1a26a8e try to fix test-old-ts, also shuffle CI tasks
• 556ce6c use '' instead of null to omit build hashes
• 8e675a8 ci: allow missing binary hashes for tests
• 7067763 Reapply "update go 1.25.7 => 1.26.1"
• 39473a9 fix #4343: integrity check for binary download
• 2025c9f publish 0.27.7 to npm
• c6b586e fix typo in Makefile for @esbuild/win32-x64
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions