chore(deps): update dependency jscpd to v4.2.5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
jscpd	4.2.4 → 4.2.5

---

Release Notes

kucherenko/jscpd (jscpd)

v4.2.5

Compare Source

Bug Fixes

• JSON reporter duplicate token counts — tokens was always reported as 0 in JSON output; now computed from token positions (end.position - start.position) (#​801).
• Gitignore parent-directory walk — .gitignore files in parent directories up to the repo root are now read and combined with scan-directory .gitignore files. Also reads .git/info/exclude and the global core.excludesFile for full parity with Git's ignore resolution (#​741).
• Commander v15 migration — CLI option parsing migrated from direct property access (cli.minTokens, etc.) to the cli.opts() API required by Commander v8+. The --no-gitignore / --gitignore flag handling was rewritten to use Commander's native negation support instead of rawArgs inspection.
• Vitest 4.1.0 — bumped from 3.2.4 to address CVE-2026-47429.
• Commander v15 — bumped from v5 to v15, enabling modern Node.js compatibility.
• Pug 3.0.4, node-sarif-builder 4.1.0, nodemon 3.1.14 — dependency bumps for security and compatibility.

---

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[w3nl]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.