chore(deps): bump chokidar from 4.0.3 to 5.0.0

[dependabot]

Bumps chokidar from 4.0.3 to 5.0.0.

Release notes

Sourced from chokidar's releases.

5.0.0

• Make the package ESM-only. Reduces on-disk package size from ~150kb to ~80kb
• Increase minimum node.js version to v20.19. The versions starting from it support loading esm files from cjs
• fix: Make types more precise paulmillr/chokidar#1424
• perf: re-use double slash regex paulmillr/chokidar#1435
• Update readdirp to ESM-only v5
• Lots of minor improvements in tests
• Increase security of NPM releases. Switch to token-less Trusted Publishing, with help of jsbt
• Switch compilation mode to isolatedDeclaration-based typescript for simplified auto-generated docs

New Contributors

• @​mhkeller made their first contribution in paulmillr/chokidar#1426
• @​btea made their first contribution in paulmillr/chokidar#1432

Full Changelog: paulmillr/chokidar@4.0.3...5.0.0

Commits

• c0c8d20 Release 5.0.0.
• b211cec Remove src from npm
• 8742246 Upgrade dev deps, jsbt, ci files. Upgrade readdirp to v5.
• de5a34c Merge pull request #1442 from paulmillr/flaky-buns
• c08a6c4 fix: throttle based on dir + target
• 0c55ab3 test: wait for explicit calls in directory test
• ce81be5 perf: re-use double slash regex (#1435)
• 7d9c1ed Merge pull request #1433 from paulmillr/super-matrices
• 3915541 Merge pull request #1430 from paulmillr/esm-only
• 9308bed chore: use Nodejs 24 in CI (#1432)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for chokidar since your current version.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Findings

• [Blocker] chokidar 5 will break the Electron main-process startup path. package.json:78 upgrades to an ESM-only major, but the main-process build still externalizes chokidar in the "CJS-compatible" dependency list (vite.config.ts:37-45). SkillsManager imports it at module load (src/main/skills/skills-manager.ts:17), and src/main/index.ts:22 eagerly imports SkillsManager, so this can fail before the app window opens.
  Suggested fix:

  "chokidar": "^4.0.1"

Summary

Review mode: initial

• 1 blocker found: chokidar v5 is incompatible with the current Electron main-process bundling strategy (package.json:78, vite.config.ts:37-45).
• Residual risk: I did not find test coverage in src/tests/ for packaged main-process startup or the SkillsManager watcher path.

Testing

• Not run (automation). Suggested coverage: a startup smoke test that exercises the Electron main process with watchStorage: true enabled.

Open Cowork Bot

[github-actions]

[BLOCKER] chokidar 5 is not safe here yet. This repo still externalizes chokidar from the Electron main bundle in a section explicitly reserved for CJS-compatible deps (vite.config.ts:37-45), while SkillsManager imports it at module load (src/main/skills/skills-manager.ts:17) and src/main/index.ts:22 eagerly imports SkillsManager. That makes the ESM-only major bump likely to fail on app startup, not just when the watcher is first used.

Suggested fix:

"chokidar": "^4.0.1"

If you want to adopt v5, first stop externalizing chokidar in vite.config.ts and verify the packaged main-process startup path.