Bump zx from 7.2.3 to 8.3.2

[dependabot]

Bumps zx from 7.2.3 to 8.3.2.

Release notes

Sourced from zx's releases.

8.3.2 – Clogged Drain

Restrics unsafe vals usage on dotenv.stringify #1093 #1094

8.3.1 – Perfect Seal

The release essence: introduced full-featured .env support #461 → #1060 #1052 #1043 #1037 #1032 #1030 #1022

API

envapi is a tiny 100 LOC dotenv-inspired parser and serializer that we've integrated into zx.

import { dotenv, fs } from 'zx'
// parse
const env = dotenv.parse('A=A\nFOO=BAR') // { A: 'A', FOO: 'BAR' }
// serialize
const raw = dotenv.stringify(env) // A=A\nFOO=BAR
await fs.writeFile('.env', raw)
// load
dotenv.load('.env') // { A: 'A', FOO: 'BAR' }
// update the process.env
dotenv.config('.env')
process.env.A // A

CLI

zx --env .env script.mjs
zx --env-file .env script.mjs

QnA

— Why not use dotenv directly?
— 1) Size does matter 2) We'd like to avoid internal vaults.

— Why not load .env by default?
— 1) Explicit is better than implicit 2) Runtime itself (like bun) may provide the feature.

Chore

• Provided stdall piping #1033
• Exposed ProcessPromise fullCmd and unique id #1035
• Simplified internal regexps #1040 #1038
• Removed zx globals from unit tests scope #1039
• Added check if tempfile exists #1041
• Added ts support in markdown #1042
• Enabled CodeQL and OSV scanners #1011
• Configured pre-push git hooks #1044

... (truncated)

Commits

• 5ba714d fix: check user input on dotenv.stringify (#1094)
• 2772b44 ci: update gh pages actions (#1092)
• 81a3940 docs: describe $.defaults and shell setup helpers, mention asyncIterator, a...
• a94559d ci: update osv scanner action (#1090)
• 8b01a81 chore: bump version to 8.4.0, update deps zurk, ps, envapi (#1089)
• 5f40814 test: enable jsr and integration test suites (#1087)
• 3419ab6 fmt
• 48decce Remove v7 docs from website
• 76ea47a Update docs.yml: install @​rollup/rollup-linux-x64-gnu
• 60e0bb1 Update docs.yml
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Dependabot couldn't find a package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.