chore(deps): update dependency js-toml to v1.1.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
js-toml	1.0.3 → 1.1.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

sunnyadn/js-toml (js-toml)

v1.1.2

Compare Source

Security

• Fix silent acceptance of duplicate keys whose prior value is a falsy primitive (false, 0, 0.0, -0.0, nan, "") (GHSA-m34p-749j-x6m6, CWE-697). The interpreter used a truthy existence check (if (object[key])) instead of key in object, so a later table, dotted-key sub-table, or array-of-tables sharing the same name silently overwrote the falsy value instead of raising a duplicate-key error. Reported by @​CosmicCrusader23.

Fixed

• Reject array-of-tables headers ([[a.b]]) that descend into a statically-defined array. getOrCreateArray lacked the immutability guard that createTable had, so such input either threw an uncaught TypeError or silently mutated the static array instead of raising SyntaxParseError.

v1.1.1

Compare Source

Security

• Fix CPU exhaustion via O(n²) BigInt construction on radix-prefixed integer literals (GHSA-wp3c-266w-4qfq, CWE-400, CWE-407). The 0x / 0o / 0b integer parser previously used a hand-written BigInt accumulator loop that ran in O(n²) in the literal length, allowing a single ~500 kB literal to block the event loop for tens of seconds. Switched to the native BigInt(prefixedString) constructor (O(n)) and capped radix-prefixed literals at 1000 digits. Reported by @​tonghuaroot.

v1.1.0

Compare Source

Added

• TOML serialization via dump() function with support for all TOML v1.0.0 value types
• DumpOptions for controlling newline style, undefined handling, and key quoting

Changed

• Upgraded Chevrotain to v12
• Migrated ESLint to flat configuration

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for paragon-openedx-v23 ready!

Name	Link
🔨 Latest commit	5b4a5ef
🔍 Latest deploy log	https://app.netlify.com/projects/paragon-openedx-v23/deploys/6a261150ea8c1b000877dbe3
😎 Deploy Preview	https://deploy-preview-4256--paragon-openedx-v23.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.40%. Comparing base (9340b9c) to head (5b4a5ef).
⚠️ Report is 4 commits behind head on release-23.x.

Additional details and impacted files

@@              Coverage Diff              @@
##           release-23.x    #4256   +/-   ##
=============================================
  Coverage         94.40%   94.40%           
=============================================
  Files               242      242           
  Lines              4309     4309           
  Branches            981      981           
=============================================
  Hits               4068     4068           
  Misses              237      237           
  Partials              4        4           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.