Bump zx from 8.8.1 to 8.8.4

[dependabot]

Bumps zx from 8.8.1 to 8.8.4.

Release notes

Sourced from zx's releases.

8.8.4 — Flange Coupling

It's time. This release updates zx internals to make the ps API and related methods ProcessPromise.kill(), kill() work on Windows systems without wmic. #1344 webpod/ps#15

1. WMIC will be missing in Windows 11 25H2 (kernel >= 26000)
2. The windows-latest label in GitHub Actions will migrate from Windows Server 2022 to Windows Server 2025 beginning September 2, 2025 and finishing by September 30, 2025.

https://github.blog/changelog/2025-07-31-github-actions-new-apis-and-windows-latest-migration-notice/#windows-latest-image-label-migration

8.8.3 — Sealing Gasket

Continues #1339 to prevent injections via Proxy input or custom toString() manipulations.

8.8.2 — Leaking Valve

Fixes potential cmd injection via kill() method for Windows platform. #1337 #1339. Affects the versions range 8.7.1...8.8.1.

Commits

• bfa8e6a ci: update zizmor to v1.14.0 (#1346)
• e560fe1 chore: v8.8.4 (#1345)
• 4894841 feat: update ps utils to support Windows kernel >= 26000 (#1344)
• bf1d703 ci: fix tag extractor (#1342)
• f1b9ed7 refactor: strengthen kill input check (#1341)
• 6d611de chore: update version to 8.8.2, up dev deps (#1340)
• d9fc297 fix: check kill() input (#1339)
• a1cf179 chore: up deps, apply npm audit fix (#1336)
• 84e484a feat: expose bus api (#1332)
• 72b5604 ci: use nodejs 24 by default (#1330)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.14%. Comparing base (a5e9d6a) to head (fdadf2e).

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #13851   +/-   ##
=======================================
  Coverage   98.14%   98.14%           
=======================================
  Files         265      265           
  Lines       10636    10636           
  Branches     3259     3259           
=======================================
  Hits        10439    10439           
  Misses        184      184           
  Partials       13       13           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.