chore: (deps): bump @exodus/bytes from 1.11.0 to 1.14.0

[dependabot]

Bumps @exodus/bytes from 1.11.0 to 1.14.0.

Release notes

Sourced from @​exodus/bytes's releases.

v1.14.0

• Fix makeBase58check() Typescript types

• Add sideEffects configuration

  Only @exodus/bytes/encoding.js export has side-effects, and those side-effects are internal:

  It is documented to load multi-byte codecs for both this import and future (and previous) /encoding-lite.js imports, even if the current import does not use the provided TextDecoder.

  Both /encoding.js and /encoding-lite.js are designed to return the exact same TextDecoder class and methods, and loading full implementation provides multi-byte encodings support everywhere.

  As /encoding-lite.js can be used as a global polyfill, the setup has to avoid polyfill conflicts if something loads /encoding.js and then something else replaces it with /encoding-lite.js (or vice versa)

  The same mechanism is reused to keep /whatwg.js minimal by default, and only support multi-byte encodings if /encoding.js was imported and loaded them at any point.

  This is not a new change, just documenting the existing behavior and exposing sideEffects configuration so that bundlers can optmize out other imports.

• Further bundle size optimizations

Full Changelog: ExodusOSS/bytes@v1.13.0...v1.14.0

v1.13.0

What's Changed

• Bundle size reductions, especially for browsers

  Under browser module resolution target, we rely on browsers to have a working UTF-8 / UTF-16 / windows-1252 (latin1 subset) TextDecoder implementation that doesn't have bugs when used without streaming and with ignoreBOM: true, and a TextEncoder

  While browsers have bugs even in UTF-8, those bugs are related to streams and/or BOM processing, and that specific combination we use seems to be always robust.

  In previous versions we already used native codepaths for those where possible and operated under the same assumption.

• Disable hex/base64 performance optimization for Firefox >=133 <146

  We used a guarded useragent check for those versions to prefer js fallback instead of native base64 / hex implementations, as native was slow before FF 146 (ref: https://bugzilla.mozilla.org/show_bug.cgi?id=1994067 and linked issues)

  As the usage of FF <146 diminished according to caniuse stats, this check is not worth it anymore.

  This version removes that useragent check.

  Those Firefox versions are still supported by the library, but now the native base64 / hex implementation is always used when available.

  See ExodusOSS/bytes@8cab29a for implementation details.

Full Changelog: ExodusOSS/bytes@v1.12.0...v1.13.0

v1.12.0

• Fix UTF-16 on platforms with present but broken native UTF-16 TextDecoder (e.g. workerd, see cloudflare/workerd#6028)
• Test in CI on workerd, xs and graaljs

Full Changelog: ExodusOSS/bytes@v1.11.0...v1.12.0

Commits

• 9cc2f20 v1.14.0
• 6acaba7 doc: encoding-lite is even smaller now
• 7c6e436 size: drop useless destructuring to make import pure
• 18f4738 types: fix makeBase58check types
• 170c628 size: label more exports as PURE for further bundle size reduction
• 7aa5adc size: don't destructure globalThis for Buffer in /array.js
• 8360705 size: smaller utf16 by moving encodeCharcodes to /platform
• cb9effa size: label Buffer global as pure
• d76e939 feat: add sideEffects configuration
• 7767772 test: increase Firefox timeout to 60s
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: auto-merge, dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

✅ Merged into securite branch for batch processing.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.