build(deps-dev): bump expect from 28.1.3 to 29.6.3

[dependabot]

Bumps expect from 28.1.3 to 29.6.3.

Release notes

Sourced from expect's releases.

v29.6.3

Fixes

• [expect, @jest/expect-utils] ObjectContaining support sumbol as key (#14414)
• [expect] Remove @types/node from dependencies (#14385)
• [jest-core] Use workers in watch mode by default to avoid crashes (#14059 & #14085).
• [jest-reporters] Update istanbul-lib-instrument dependency to v6. (#14401)
• [jest-mock] Revert #13692 as it was a breaking change (#14429)
• [jest-mock] Revert #13866 as it was a breaking change (#14429)
• [jest-mock] Revert #13867 as it was a breaking change (#14429)
• [@jest/reporters] Marks Reporter's hooks as optional (#14433)
• [jest-runtime] Fix dynamic ESM import module bug when loaded module through jest.isolateModulesAsync (#14397)

Chore & Maintenance

• [jest-changed-files, jest-circus, jest-console, @jest/core, @jest/runtime, @jest/transform] Use invariant and notEmpty from jest-util rather than own internal (#14366)

New Contributors

• @​karlnorling made their first contribution in jestjs/jest#14401
• @​vinicinbgs made their first contribution in jestjs/jest#14388
• @​panteleevnikita made their first contribution in jestjs/jest#14433

Full Changelog: jestjs/jest@v29.6.2...v29.6.3

v29.6.2

Fixes

• [jest-circus] Fix snapshot matchers in concurrent tests when nr of tests exceeds maxConcurrency (#14335)
• [@jest/core] When running global setup and teardown, do not try to change the message property of the thrown error object when the message property is unwritable (#14113)
• [jest-snapshot] Move @types/prettier from dependencies to devDependencies (#14328)
• [jest-snapshot] Throw an explicit error if Prettier v3 is used (#14367)
• [jest-reporters] Add "skipped" and "todo" symbols to Github Actions Reporter (#14309)

Chore & Maintenance

• [@jest/core] Use pluralize from jest-util rather than own internal (#14322)

New Contributors

• @​Kloen made their first contribution in jestjs/jest#14328
• @​eryue0220 made their first contribution in jestjs/jest#14322
• @​david-szabo97 made their first contribution in jestjs/jest#14113

Full Changelog: jestjs/jest@v29.6.1...v29.6.2

v29.6.1

Fixes

• [jest-circus] Revert #14110 as it was a breaking change (#14304)

... (truncated)

Changelog

Sourced from expect's changelog.

29.6.3

• [expect, @jest/expect-utils] ObjectContaining support sumbol as key (#14414)
• [expect] Remove @types/node from dependencies (#14385)
• [jest-core] Use workers in watch mode by default to avoid crashes (#14059 & #14085).
• [jest-reporters] Update istanbul-lib-instrument dependency to v6. (#14401)
• [jest-mock] Revert #13692 as it was a breaking change (#14429)
• [jest-mock] Revert #13866 as it was a breaking change (#14429)
• [jest-mock] Revert #13867 as it was a breaking change (#14429)
• [@jest/reporters] Marks Reporter's hooks as optional (#14433)
• [jest-runtime] Fix dynamic ESM import module bug when loaded module through jest.isolateModulesAsync (#14397)

Chore & Maintenance

• [jest-changed-files, jest-circus, jest-console, @jest/core, @jest/runtime, @jest/transform] Use invariant and notEmpty from jest-util rather than own internal (#14366)

29.6.2

Fixes

• [jest-circus] Fix snapshot matchers in concurrent tests when nr of tests exceeds maxConcurrency (#14335)
• [@jest/core] When running global setup and teardown, do not try to change the message property of the thrown error object when the message property is unwritable (#14113)
• [jest-snapshot] Move @types/prettier from dependencies to devDependencies (#14328)
• [jest-snapshot] Throw an explicit error if Prettier v3 is used (#14367)
• [jest-reporters] Add "skipped" and "todo" symbols to Github Actions Reporter (#14309)

Chore & Maintenance

• [@jest/core] Use pluralize from jest-util rather than own internal (#14322)

29.6.1

Fixes

• [jest-circus] Revert #14110 as it was a breaking change (#14304)

29.6.0

Features

• [jest-circus, jest-snapshot] Add support for snapshot matchers in concurrent tests (#14139)
• [jest-cli] Include type definitions to generated config files (#14078)
• [jest-snapshot] Support arrays as property matchers (#14025)
• [jest-core, jest-circus, jest-reporter, jest-runner] Added support for reporting about start individual test cases using jest-circus (#14174)

Fixes

• [jest-circus] Prevent false test failures caused by promise rejections handled asynchronously (#14110)
• [jest-config] Handle frozen config object (#14054)
• [jest-config] Allow coverageDirectory and collectCoverageFrom in project config (#14180)

... (truncated)

Commits

• fb7d95c v29.6.3
• 9c8fdbb fix: symbol key could not be enum (#14414)
• 0cbe04d fix(expect): remove @​types/node from dependencies (#14385)
• 49bacb9 chore: update jest repo organisation in urls (#14413)
• 0fd5b1c v29.6.2
• 1f019af v29.6.1
• c1e5b8a v29.6.0
• 4ecf91c feat: add support for snapshot matchers in concurrent tests (#14139)
• 372d6c5 Revert "feat: add match named snapshot (#14045)"
• ab13484 feat: add match named snapshot (#14045)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

# npm audit report

clean-css  <4.1.11
Regular Expression Denial of Service in clean-css - https://github.com/advisories/GHSA-wxhq-pm8v-cw75
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/clean-css
  jade  >=0.30.0
  Depends on vulnerable versions of clean-css
  Depends on vulnerable versions of constantinople
  Depends on vulnerable versions of transformers
  node_modules/jade

constantinople  <3.1.1
Severity: critical
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople - https://github.com/advisories/GHSA-4vmm-mhcq-4x9j
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/constantinople

semver  <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install nodemon@3.0.1, which is a breaking change
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/builtins/node_modules/semver
node_modules/conventional-changelog-core/node_modules/semver
node_modules/conventional-changelog-writer/node_modules/semver
node_modules/eslint-plugin-import/node_modules/semver
node_modules/eslint-plugin-n/node_modules/semver
node_modules/eslint-plugin-react/node_modules/semver
node_modules/git-semver-tags/node_modules/semver
node_modules/istanbul-lib-instrument/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/meow/node_modules/read-pkg/node_modules/semver
node_modules/meow/node_modules/semver
node_modules/rewire/node_modules/semver
node_modules/semver
node_modules/simple-update-notifier/node_modules/semver
node_modules/standard-version/node_modules/semver
node_modules/superagent/node_modules/semver
node_modules/synp/node_modules/semver
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier
    nodemon  2.0.19 - 2.0.22
    Depends on vulnerable versions of simple-update-notifier
    node_modules/nodemon

taffydb  *
Severity: high
TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6
fix available via `npm audit fix`
node_modules/taffydb
  jsdoc  3.2.0-dev - 3.6.11
  Depends on vulnerable versions of taffydb
  node_modules/jsdoc-api/node_modules/jsdoc
    jsdoc-api  4.0.0 - 7.1.1
    Depends on vulnerable versions of jsdoc
    node_modules/jsdoc-api

uglify-js  <=2.5.0
Severity: critical
Regular Expression Denial of Service in uglify-js - https://github.com/advisories/GHSA-c9f4-xj24-8jqx
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js - https://github.com/advisories/GHSA-34r7-q49f-h37c
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/transformers/node_modules/uglify-js
  transformers  >=2.0.0
  Depends on vulnerable versions of uglify-js
  node_modules/transformers

11 vulnerabilities (1 low, 3 moderate, 4 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

[dependabot]

Superseded by #87.