chore(deps): update dependency zx to v8.8.5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
zx (source)	8.8.4 -> 8.8.5

GitHub Vulnerability Alerts

CVE-2025-13437

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./node_modules pointing to /node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function returns the target path instead of the alias (symlink path). The later cleanup routine removes what it received, which deletes the target directory itself. Result: zx can delete an external /node_modules outside the current working directory.

---

Release Notes

google/zx (zx)

v8.8.5: — Temporary Reservoir

Compare Source

This release fixes the issue, when zx flushes external node_modules on linking #​1348 #​1349 #​1355

Also [email protected] arrives here.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Metrics report

At head commit 7f0cf20 and base commit bf85221 at 2025-11-21T19:11:14.052Z

Size

No changes

All size metrics

Export	Size original	Size minified	Size minified and Brotli compressed
tailwind-merge esm	94.90 kB 0%	26.02 kB 0%	6.93 kB 0%
› createTailwindMerge	17.11 kB 0%	4.25 kB 0%	1.62 kB 0%
› extendTailwindMerge	94.19 kB 0%	25.39 kB 0%	6.73 kB 0%
› fromTheme	0.27 kB 0%	0.09 kB 0%	0.08 kB 0%
› getDefaultConfig	74.82 kB 0%	20.24 kB 0%	4.89 kB 0%
› mergeConfigs	2.20 kB 0%	0.80 kB 0%	0.27 kB 0%
› twJoin	1.18 kB 0%	0.24 kB 0%	0.16 kB 0%
› twMerge	91.88 kB 0%	24.54 kB 0%	6.51 kB 0%
› validators	4.51 kB 0%	1.69 kB 0%	0.73 kB 0%
tailwind-merge cjs	95.16 kB 0%	32.26 kB 0%	7.33 kB 0%
tailwind-merge/es5 esm	100.58 kB 0%	28.02 kB 0%	7.17 kB 0%
› createTailwindMerge	19.26 kB 0%	4.86 kB 0%	1.77 kB 0%
› extendTailwindMerge	99.49 kB 0%	27.39 kB 0%	6.88 kB 0%
› fromTheme	0.25 kB 0%	0.11 kB 0%	0.08 kB 0%
› getDefaultConfig	77.30 kB 0%	21.40 kB 0%	4.97 kB 0%
› mergeConfigs	2.45 kB 0%	0.87 kB 0%	0.29 kB 0%
› twJoin	1.21 kB 0%	0.30 kB 0%	0.18 kB 0%
› twMerge	96.59 kB 0%	26.32 kB 0%	6.72 kB 0%
› validators	6.04 kB 0%	2.23 kB 0%	0.76 kB 0%
tailwind-merge/es5 cjs	100.84 kB 0%	34.28 kB 0%	7.54 kB 0%

[codspeed-hq]

CodSpeed Performance Report

Merging #626 will not alter performance

_{Comparing renovate/npm-zx-vulnerability (7f0cf20) with main (bf85221)}

Summary

✅ 7 untouched