build(deps-dev): bump fast-check from 4.7.0 to 4.8.0

[dependabot]

Bumps fast-check from 4.7.0 to 4.8.0.

Release notes

Sourced from fast-check's releases.

New arbitrary to chain in a loop fashion

[Code][Diff]

Features

• (PR#6678) Add chainUntil arbitrary for iterative chaining

Fixes

• (PR#6965) Bug: Restore ability not to use skipLibCheck
• (PR#6877) CI: Lowercase discussion_category_name to "announcements"
• (PR#6878) CI: Scope permissions of clean-caches
• (PR#6880) CI: Add PR-authoring guidance for Claude
• (PR#6887) CI: Delete CLAUDE.md
• (PR#6888) CI: Use tilde ranges for security dependency overrides
• (PR#6891) CI: Disable Renovate updates on pnpm overrides
• (PR#6899) CI: Scope Claude hooks to $CLAUDE_PROJECT_DIR
• (PR#6905) CI: Enable pnpm global virtual store
• (PR#6933) CI: Pin pnpm in npm install commands
• (PR#6932) CI: Grant discussions: write to release jobs
• (PR#6935) CI: Skip PR template check for dubzzz
• (PR#6937) CI: Mirror the repo to tangled
• (PR#6938) CI: Add missing runs-on for tangled
• (PR#6889) Doc: Add release notes for fast-check 4.7.0
• (PR#6900) Doc: Fix broken API reference links
• (PR#6844) Doc: Extract manual setup guide into dedicated page
• (PR#6845) Doc: Add index pages for documentation sections
• (PR#6918) Doc: Fix Documentation link to point to first doc page
• (PR#6939) Doc: Link to Tangled mirror of fast-check
• (PR#6934) Test: Tolerate \p{...} value drift in docs tests
• (PR#6951) Test: Fix poisoning tests for latest Node

---

Changelog

Sourced from fast-check's changelog.

4.8.0

New arbitrary to chain in a loop fashion [Code][Diff]

Features

• (PR#6678) Add chainUntil arbitrary for iterative chaining

Fixes

• (PR#6965) Bug: Restore ability not to use skipLibCheck
• (PR#6877) CI: Lowercase discussion_category_name to "announcements"
• (PR#6878) CI: Scope permissions of clean-caches
• (PR#6880) CI: Add PR-authoring guidance for Claude
• (PR#6887) CI: Delete CLAUDE.md
• (PR#6888) CI: Use tilde ranges for security dependency overrides
• (PR#6891) CI: Disable Renovate updates on pnpm overrides
• (PR#6899) CI: Scope Claude hooks to $CLAUDE_PROJECT_DIR
• (PR#6905) CI: Enable pnpm global virtual store
• (PR#6933) CI: Pin pnpm in npm install commands
• (PR#6932) CI: Grant discussions: write to release jobs
• (PR#6935) CI: Skip PR template check for dubzzz
• (PR#6937) CI: Mirror the repo to tangled
• (PR#6938) CI: Add missing runs-on for tangled
• (PR#6889) Doc: Add release notes for fast-check 4.7.0
• (PR#6900) Doc: Fix broken API reference links
• (PR#6844) Doc: Extract manual setup guide into dedicated page
• (PR#6845) Doc: Add index pages for documentation sections
• (PR#6918) Doc: Fix Documentation link to point to first doc page
• (PR#6939) Doc: Link to Tangled mirror of fast-check
• (PR#6934) Test: Tolerate \p{...} value drift in docs tests
• (PR#6951) Test: Fix poisoning tests for latest Node

---

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Low Risk
Dev-only test dependency bump with no production or test code edits; risk is limited to property-based unit test behavior if upstream introduced subtle breaking changes.

Overview
Bumps the fast-check dev dependency from 4.7.0 to 4.8.0 in injected/package.json, special-pages/package.json, and the root lockfile. No application or test source changes—only version pins and resolved package metadata.

Upstream 4.8.0 adds a chainUntil arbitrary and fixes TypeScript usage without skipLibCheck; existing tests that import fc for property-based checks should behave the same unless you adopt the new API.

^{Reviewed by Cursor Bugbot for commit ebcc741. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

Suggested comment for Cursor review (copy and paste as a new comment):

@cursoragent can you review against the current code and outline potential impacts based on the changelogs of the update?

Can you check the test coverage and ensure that the new code is covered?
Can you think through if this dependency is still needed or if there's better practices used elsewhere.

Can you draft a separate PR with any fixes that might be needed?

Note: GitHub Actions bot cannot trigger Cursor agent directly. Please copy the above comment to invoke the review.

[github-actions]

Build Branch

Branch	pr-releases/dependabot/npm_and_yarn/main/fast-check-4.8.0
Commit	e44d0b23c6
Updated	May 27, 2026 at 11:53:14 AM UTC

Static preview entry points

• Docs: docs/index.html
• Static pages: build/integration/pages/index.html
• Integration pages: injected/integration-test/test-pages/index.html

QR codes (mobile preview)

Entry point	QR code
Docs
Static pages
Integration pages

Integration commands

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#pr-releases/dependabot/npm_and_yarn/main/fast-check-4.8.0

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", branch: "pr-releases/dependabot/npm_and_yarn/main/fast-check-4.8.0")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/dependabot/npm_and_yarn/main/fast-check-4.8.0
git -C submodules/content-scope-scripts checkout origin/pr-releases/dependabot/npm_and_yarn/main/fast-check-4.8.0

Pin to exact commit

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#e44d0b23c664a1b159a8cb2327955d05f58cc181

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", revision: "e44d0b23c664a1b159a8cb2327955d05f58cc181")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/dependabot/npm_and_yarn/main/fast-check-4.8.0
git -C submodules/content-scope-scripts checkout e44d0b23c664a1b159a8cb2327955d05f58cc181

[cursor]

Web Compatibility Assessment

No findings. The changed lines are limited to fast-check devDependency metadata in injected/package.json, special-pages/package.json, and package-lock.json; no injected runtime code, API wrapping/shimming, DOM behavior, platform entry points, or remote config behavior changes.

Security Assessment

No findings. This PR does not touch captured-globals.js, messaging transports, message bridge checks, origin validation, iframe handling, network calls, or any page-world executable code. fast-check@4.8.0 remains a dev-only test dependency with the same declared runtime dependency (pure-rand@^8.0.0) and Node engine as 4.7.0.

Risk Level

Low Risk: dependency-only dev/test update with no runtime bundle surface change.

Recommendations

No code changes requested. Validation performed:

• npm view fast-check@4.7.0 ... / npm view fast-check@4.8.0 ... confirmed unchanged dependency and engine metadata.
• npm diff --diff=fast-check@4.7.0 --diff=fast-check@4.8.0 --diff-name-only confirmed package changes are limited to fast-check package exports/types/docs metadata.
• npm run build --workspace=injected passed.
• npm run test-unit --workspace=injected passed: 929 specs, 0 failures, 16 pending.
• npm run test-unit --workspace=special-pages passed: 104 tests, 0 failures.

  

_{Sent by Cursor Automation: Web compat and sec}

[cursor]

Dependency risk assessment for fast-check 4.7.0 -> 4.8.0: no blocking concerns found.

Evidence reviewed:

• PR diff only changes the fast-check devDependency ranges in injected/package.json and special-pages/package.json, plus the root lockfile entry for node_modules/fast-check.
• Repo usage is test-only: fast-check imports are limited to property-based unit tests under injected/unit-test and special-pages/unit-test; I did not find production imports.
• Upstream v4.8.0 release notes list one new public arbitrary, chainUntil, plus a TypeScript declaration fix for consumers not using skipLibCheck; the remaining listed changes are CI/docs/test maintenance.
• Published package diff adds chainUntil exports/definitions and declaration updates, bumps the package version, and updates package dev tooling metadata; existing APIs used here (fc.assert, property, asyncProperty, anything, string, integer, object, dictionary, etc.) are not called out as changed.
• Supply-chain checks: npm metadata keeps license MIT, repo dubzzz/fast-check, maintainer ndubien, dependency on pure-rand unchanged at ^8.0.0 with the lockfile still resolving pure-rand@8.0.0. fast-check@4.8.0 has an npm registry signature and SLSA provenance attestation; npm audit signatures verified installed registry signatures.
• Validation run with fast-check@4.8.0: after npm ci, npm ls fast-check --workspaces --depth=0 resolved both workspaces to 4.8.0; after building injected artifacts, npm run test-unit --workspace=injected passed (929 specs, 0 failures) and npm run test-unit --workspace=special-pages passed (104 tests, 0 failures).

Notes:

• The first injected unit-test attempt failed because generated bundle artifacts were absent in the fresh workspace, not because of this dependency update; rerunning after npm run build --workspace=injected passed.
• npm audit still reports unrelated existing transitive advisories outside fast-check/pure-rand; I did not treat those as introduced by this PR.
• No separate fix PR was drafted because I did not identify a repo change needed for this dependency update.

  

_{Sent by Cursor Automation: Review dependabot}