chore(deps): bundle outstanding dependabot updates

[miru-agents]

Bundles the outstanding Dependabot updates into a single PR.

Included

Source PR	Update
#78	actions-minor group — bumps pinned SHAs for github/codeql-action (init/autobuild/analyze), ruby/setup-ruby, and super-linter/super-linter
#73	esbuild 0.27.4 → 0.28.1 and tsx 4.21.0 → 4.22.4 (lockfile only)

The esbuild/tsx bump was reproduced with npm update esbuild tsx on top of current main (rather than merging the stale Dependabot branch), yielding the same target versions. npm run package rebuilds dist/index.js byte-identically, so no bundled output changed.

Already superseded — not included

• chore(deps-dev): bump the npm-development group across 1 directory with 5 updates #76 (npm-development group: eslint, globals, prettier, rollup, typescript-eslint)
• chore(deps): bump semver from 7.8.0 to 7.8.5 in the npm-production group across 1 directory #65 (npm-production group: semver)

Both were cut from an older base and are already satisfied on main by the previously merged bundle #79 — package.json and package-lock.json already carry the target versions (prettier is even ahead at 3.8.5). These two PRs can be closed as superseded.

Verification

• npm update esbuild tsx → esbuild 0.28.1, tsx 4.22.4
• npm run package → created dist/index.js, working tree clean (no dist drift)

Closes #78
Closes #73

---

Generated by Claude Code

---

^{Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.}

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.