Bump zx from 7.2.3 to 8.8.3

[dependabot]

Bumps zx from 7.2.3 to 8.8.3.

Release notes

Sourced from zx's releases.

8.8.3 — Sealing Gasket

Continues #1339 to prevent injections via Proxy input or custom toString() manipulations.

8.8.2 — Leaking Valve

Fixes potential cmd injection via kill() method for Windows platform. #1337 #1339. Affects the versions range 8.7.1...8.8.1.

8.8.1 — Turbo Flush

We keep improving the projects internal infra to bring more stability, safety and performance for artifacts.

Featfixes

• Applied flags filtration for CLI-driven deps install #1308
• Added kill() event logging #1312
• Set SIGTERM as kill() fallback signal #1313
• Allowed stdio() arg be an array #1311

const p = $({halt: true})`cmd`
p.stdio([stream, 'ignore', 'pipe'])

Enhancements

• Added check for zx@lite pkg contents #1317 #1316
• Simplified ProcessPromise[asyncIterator] inners #1307
• Updated deps: chalk 5.6.0, fs-extra 11.3.1, yaml 2.8.1 #1309 #1323 #1326
• Added TS@next to the test matrix #1310
• Optimized internal shell setters #1314
• Refactored build-publish pipelines and scripts #1319 #1320 #1321 #1322 #1324 #1325 #1327

8.8.0 — Pressure Tested

This release enhances the coherence between the ProcessPromise and the Streams API, eliminating the need for certain script-level workarounds.

✨ New Features

unpipe() — Selectively stop piping

You can now call .unpipe() to stop data transfer from a source to a destination without closing any of the pair. #1302

const p1 = $`echo foo && sleep 0.1 && echo bar && sleep 0.1 && echo baz && sleep 0.1 && echo qux`
const p2 = $`echo 1 && sleep 0.15 && echo 2 && sleep 0.1 && echo 3`
const p3 = $`cat`
p1.pipe(p3)
p2.pipe(p3)
setTimeout(() => p1.unpipe(p3), 150)
const { stdout } = await p3
// 'foo\n1\nbar\n2\n3\n'

Many-to-one piping

... (truncated)

Commits

• f1b9ed7 refactor: strengthen kill input check (#1341)
• 6d611de chore: update version to 8.8.2, up dev deps (#1340)
• d9fc297 fix: check kill() input (#1339)
• a1cf179 chore: up deps, apply npm audit fix (#1336)
• 84e484a feat: expose bus api (#1332)
• 72b5604 ci: use nodejs 24 by default (#1330)
• 4dfbaee ci: update actions to checkout@v5, download-artifact@v5 (#1329)
• fd58fde ci: pin upload-pages-artifact to v4.0.0 (#1328)
• 67743df ci: replace direct npm flags with env presets (#1327)
• 3327857 chore: update @​types/node to v24.3.0 (#1326)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)