build(deps): bump fsevents from 1.2.7 to 1.2.13

[dependabot]

Bumps fsevents from 1.2.7 to 1.2.13.

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Commits

• 844a05d Version Bump
• f393f2a Only build fsevents on macOS (#322)
• 6a281a7 [publish binary]
• acc2bce [publish binary]
• f532b6e [publish binary]
• 4c6a1c0 Add node 13 to travis matrix.
• 92e40aa Release 1.2.12.
• 909af26 Release v1.2.11
• 7074adb Release v1.2.10
• 0a052f6 Node.js v12 support for v1.x (#274)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 duplication

Metric	Results
Duplication	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes. Give us feedback}

[codacy-production]

Pull Request Overview

This PR updates the 'fsevents' dependency to v1.2.13, which is intended to remove the 'node-pre-gyp' dependency tree and optimize the build process for macOS.

However, a critical issue was detected in the yarn.lock file: the nan package is resolved to version 2.26.2, which does not exist in the public npm registry (current latest is 2.20.0). This suggests potential lockfile corruption or a dependency confusion security risk. Additionally, the PR is missing updates to package.json, making it impossible to verify the version range requirement. Until the nan resolution is corrected and the package.json file is included or explained, this PR should not be merged.

About this PR

• The 'package.json' file is not included in this diff. It is necessary to confirm if the 'fsevents' version range was explicitly updated or if this was an accidental lockfile-only change.

Test suggestions

• Verify successful installation and build on macOS.
• Verify that installation on non-macOS platforms (Linux/Windows) skips the fsevents build without error.
• Verify application runtime stability on Node.js v12.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify successful installation and build on macOS.
2. Verify that installation on non-macOS platforms (Linux/Windows) skips the fsevents build without error.
3. Verify application runtime stability on Node.js v12.

Low confidence findings

• A large number of transitive dependencies (e.g., needle, tar, npmlog) were removed. Please verify that no other packages in the project relied on these transitively, as this could cause runtime failures elsewhere.
• There are no automated CI updates to verify the new macOS-only build constraints or Node v12 compatibility. Ensure the current CI pipeline covers these scenarios.

---

🗒️ Improve review quality by adding custom instructions

[codacy-production]

_{🔴 HIGH RISK}

The resolved version for nan is set to 2.26.2, which does not exist in the public npm registry. This may indicate a corrupted lockfile or a security risk.

Try running the following prompt in your coding agent:

Regenerate the yarn.lock file using yarn install and verify that the nan package version resolves to a valid release from the official registry.