Bump dexie from 4.4.2 to 4.4.3 in the prod-dependencies group

[dependabot]

Bumps the prod-dependencies group with 1 update: dexie.

Updates dexie from 4.4.2 to 4.4.3

Release notes

Sourced from dexie's releases.

Dexie v4.4.3

This is a maintenance release with bug fixes and a configuration API improvement.

Related Package Releases

Package	Version
dexie	4.4.3
dexie-cloud-addon	4.4.13

Bug Fixes

dexie@4.4.3

• fix: delByKeyPath() creates empty intermediate objects on missing path — Dexie.delByKeyPath(obj, "foo.bar") on an object without foo would create {foo: {}} as a side effect instead of doing nothing. This caused a real-world bug in dexie-cloud-addon where clearing a dotted key from a changeSpec (e.g. claims.sub) would leave {claims: {}} in the spec, which then overwrote the inline primary key with undefined, resulting in: DataError: Evaluating the object store's key path did not yield a value. Fixed in setByKeyPath to bail out early when value is undefined and the intermediate path doesn't exist. (#2303)

• fix: Collection.sortBy() mutates frozen array in immutable cache mode — calling .sortBy() on a table when using immutable cache mode could throw TypeError: Cannot assign to read only property because Array.sort() was called on a frozen array. Fixed by sorting on a copy instead. (#2294)

dexie-cloud-addon@4.4.12

• rename: maxStringLength → largeStringThreshold — the string offloading option is renamed for clarity. The old name is kept as a backward-compatible alias. (#2290)

• fix: blob writebacks routed through BlobSavingQueue to avoid PSD context loss — after an async native fetch (blob download), Dexie's PSD zone is no longer active, causing table.mutate() to crash with Cannot read properties of undefined (reading 'table'). This surfaced as [dexie-cloud:blobResolve] Failed to resolve BlobRefs. Fixed by always routing blob writebacks through BlobSavingQueue.saveBlobs(), which opens a proper Dexie rw-transaction in a fresh JS task. Fixes lazy blob mode crash when using Dexie hooks with dexie-cloud-addon. (#2302)

• fix: eager blob downloader could starve RAM — the eager downloader triggered blobResolveMiddleware which resolved all pending blobs into memory at once. Fixed by downloading blobs in chunks with a query limit, so memory usage stays bounded regardless of how many blobs are pending. (#2302)

• fix: in-flight blob downloads are now deduplicated — if a blob is requested after download starts but before it is persisted, the existing download promise is reused instead of starting a new download. (#2302)

• fix: use cache: no-store for blob fetch requests — avoids the browser caching raw blob responses and double-storing them. (#2302)

dexie-cloud-addon@4.4.13

• fix: DataError when applying server-side $logins update — when a user received a server update for the $logins table, dexie-cloud-addon tried to clear claims.sub from the changeSpec using delByKeyPath. Due to the bug above, this left {claims: {}} in the spec, overwriting the inline primary key with undefined and causing DataError: Evaluating the object store's key path did not yield a value. Fixed by guarding against empty changeSpec objects after key deletion. (#2304)

Other Changes

• dexie-observable and dexie-syncable README updated to mark them as legacy/unmaintained, with a recommendation to use dexie-cloud-addon for sync. (#2298)

Commits

• 30134f6 Trigger new dev build
• 9dd614d DataError after updating a user in dexie cloud when that user got an update f...
• 0919742 Trigger dev build
• 2710301 Fix delByKeyPath so that it does not create empty object when keyPath is dott...
• a024831 dexie-cloud-addon@4.4.12
• 988ec9c Merge pull request #2302 from dexie/liz/fix-blobsave-hooks-psd-context
• b74758f Use cache: no-store to avoid double storing blobs
• ed59f5c Implify one bit more
• f0bb943 Simplified the loop in eagerBlobDownloader by requesting keys first.
• d2c3ef0 Bugfix: eager blob downloader would trigger blobResolveMiddleware and resolve...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions