chore(deps-dev): bump @djs-core/dev from 5.1.0 to 5.2.3

[dependabot]

Bumps @djs-core/dev from 5.1.0 to 5.2.3.

Release notes

Sourced from @​djs-core/dev's releases.

@​djs-core/dev@​5.2.3

Patch Changes

• 96bc0d0: Security

  • Remove shell: true from spawnSync calls in plugin installer (prevents RCE via crafted plugin names)

  New APIs

  • closeDataStore() — cleanly closes the SQLite database and stops the cleanup interval (useful for shutdown hooks and tests)
  • isUnknownCommandError() exported from utils/discord-errors — typed guard for Discord API error 10063

  Bug fixes

  • isChatInputCommand() replaces deprecated isCommand() — context menu interactions no longer incorrectly hit the slash command handler
  • getInteractionData now returns { data, expired } | null instead of unknown | undefined, distinguishing expired tokens from tokens that were never stored
  • ephemeral: true replaced with flags: MessageFlags.Ephemeral in error replies
  • Duplicate GuildIntegrations and GuildScheduledEvents intents removed from defaults
  • CoreConfig now includes partials and experimental.bundle fields, matching the public Config interface

  Performance

  • DataStore is now lazily initialized — the database and cleanup interval only start on first use
  • CommandHandler resolves routes via Map.get() (O(1)) instead of Array.find() (O(n))

  Refactoring

  • WithCustomId mixin eliminates ~230 lines duplicated across 7 interaction classes
  • buildCommandStructure / routesToEntries extracted to utils/compile-command.ts
  • resolvePlugin() extracted to utils/plugin-resolver.ts
  • StringSelectMenu.addOptions no longer clones the full builder on each call

  dev CLI

  • SIGTERM handled alongside SIGINT for clean Docker/systemd shutdown
  • -p, --path <path> option now correctly captures its value
  • Silent catch blocks now log when DEBUG=true

• e136a99: Add bundle option handling to the build command and improve generated entry safety.

  This change updates the build flow to support bundling user config at build time, copies config.json to the output when appropriate, and tightens runtime assertions in the generated entry file.

• 1d52c96: Refactor dev tooling internals and fix several bugs.

  • Replace 6 near-identical scan* functions with a single generic scanDir<T>, reducing ~300 lines of duplication
  • Extract shared plugin resolution logic into utils/plugin.ts
  • Fix -p/--path option not capturing its value in the dev command
  • Remove unnecessary usePolling from chokidar (caused 300ms delay on Linux)

... (truncated)

Changelog

Sourced from @​djs-core/dev's changelog.

5.2.3

Patch Changes

• 96bc0d0: Security

  • Remove shell: true from spawnSync calls in plugin installer (prevents RCE via crafted plugin names)

  New APIs

  • closeDataStore() — cleanly closes the SQLite database and stops the cleanup interval (useful for shutdown hooks and tests)
  • isUnknownCommandError() exported from utils/discord-errors — typed guard for Discord API error 10063

  Bug fixes

  • isChatInputCommand() replaces deprecated isCommand() — context menu interactions no longer incorrectly hit the slash command handler
  • getInteractionData now returns { data, expired } | null instead of unknown | undefined, distinguishing expired tokens from tokens that were never stored
  • ephemeral: true replaced with flags: MessageFlags.Ephemeral in error replies
  • Duplicate GuildIntegrations and GuildScheduledEvents intents removed from defaults
  • CoreConfig now includes partials and experimental.bundle fields, matching the public Config interface

  Performance

  • DataStore is now lazily initialized — the database and cleanup interval only start on first use
  • CommandHandler resolves routes via Map.get() (O(1)) instead of Array.find() (O(n))

  Refactoring

  • WithCustomId mixin eliminates ~230 lines duplicated across 7 interaction classes
  • buildCommandStructure / routesToEntries extracted to utils/compile-command.ts
  • resolvePlugin() extracted to utils/plugin-resolver.ts
  • StringSelectMenu.addOptions no longer clones the full builder on each call

  dev CLI

  • SIGTERM handled alongside SIGINT for clean Docker/systemd shutdown
  • -p, --path <path> option now correctly captures its value
  • Silent catch blocks now log when DEBUG=true

• e136a99: Add bundle option handling to the build command and improve generated entry safety.

  This change updates the build flow to support bundling user config at build time, copies config.json to the output when appropriate, and tightens runtime assertions in the generated entry file.

• 1d52c96: Refactor dev tooling internals and fix several bugs.

  • Replace 6 near-identical scan* functions with a single generic scanDir<T>, reducing ~300 lines of duplication
  • Extract shared plugin resolution logic into utils/plugin.ts
  • Fix -p/--path option not capturing its value in the dev command

... (truncated)

Commits

• 6de92c7 Version Packages (#43)
• 6f3c94c fix(ci): fix biome, knip, build, and test failures
• c20112b fix(dev/runtime): surface silent errors and improve route depth message
• 2f92956 fix(runtime/dev): improve data store, token entropy, signal handling, and pat...
• 442e0d2 fix(security): remove shell: true from spawnSync calls
• 1d52c96 refactor(dev): deduplicate scan functions and fix dev tooling bugs (#53)
• e136a99 Add config.json bundle option to build process (#42)
• 12ef5f8 Version Packages (#39)
• 7977061 Version Packages (#37)
• a4063d6 chore: remove TypeScript from devDependencies in package & plugin package.json
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #140.