deps: bump diff from 8.0.2 to 8.0.4

[dependabot]

Bumps diff from 8.0.2 to 8.0.4.

Changelog

Sourced from diff's changelog.

8.0.4

• #667 - fix another bug in diffWords when used with an Intl.Segmenter. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), diffWords would previously crash. Now this case is handled correctly.

8.0.3

• #631 - fix support for using an Intl.Segmenter with diffWords. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).
• #635 - small tweaks to tokenization behaviour of diffWords when used without an Intl.Segmenter. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (× and ÷) are now treated as punctuation instead of as letters / word characters.
• #641 - the format of file headers in createPatch etc. patches can now be customised somewhat. It now takes a headerOptions option that can be used to disable the file headers entirely, or omit the Index: line and/or the underline. In particular, this was motivated by a request to make jsdiff patches compatible with react-diff-view, which they now are if produced with headerOptions: FILE_HEADERS_ONLY.
• #647 and #649 - fix denial-of-service vulnerabilities in parsePatch whereby adversarial input could cause a memory-leaking infinite loop, typically crashing the calling process. Also fixed ReDOS vulnerabilities whereby adversarially-crafted patch headers could take cubic time to parse. Now, parsePatch should reliably take linear time. (Handling of headers that include the line break characters \r, \u2028, or \u2029 in non-trailing positions is also now more reasonable as side effect of the fix.)

Commits

• dd2f994 8.0.4 release (#678)
• 3cc4384 Update docs on releasing to reflect migration to yarn berry (#677)
• 6fc2aa6 yarn up '*' && yarn up -R '**' (#676)
• af7393a yarn up '*' && yarn up -R '**' (#670)
• 4b5d180 Fix another bug in diffWords's "intlSegmenter" mode (#667)
• 10da50c yarn up '*' && yarn up -R '**' (#666)
• 8dc164b Migrate from Yarn Classic to Yarn Berry (#662)
• 750fbd6 yarn upgrade --latest (#661)
• abe2bde Add release notes for undocumented releases (#658)
• 13576bf 8.0.3 release (#652)
• Additional commits viewable in compare view

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
string-is	Ready	Preview, Comment	Apr 10, 2026 9:05pm

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.19%. Comparing base (0eea53c) to head (01860da).
⚠️ Report is 20 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2025   +/-   ##
=======================================
  Coverage   83.19%   83.19%           
=======================================
  Files         197      197           
  Lines        1988     1988           
  Branches      467      467           
=======================================
  Hits         1654     1654           
  Misses        326      326           
  Partials        8        8           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.