build(deps): bump @bytecodealliance/jco from 1.11.1 to 1.23.1 in /spec/fixtures/components/js_app

[dependabot]

Bumps @bytecodealliance/jco from 1.11.1 to 1.23.1.

Release notes

Sourced from @​bytecodealliance/jco's releases.

jco-v1.23.1

[1.23.1] - 2026-06-15

🧪 Testing

• (jco) add regression test for storage len budgets during lift by @​vados-cosmonic

jco-v1.23.0

[1.23.0] - 2026-06-11

🚜 Refactor

• (jco) stream tests, add debug config hint by @​vados-cosmonic

🧪 Testing

• (jco) re-enable test, make tests in p3/async.js concurrent by @​vados-cosmonic in #1624

• (jco) add f64 to tests, re-enable all by @​vados-cosmonic

• (jco) re-enable variant f32 flattening test by @​vados-cosmonic

• (jco) remove unused tests by @​vados-cosmonic

• (jco) reduce binary sizes by @​vados-cosmonic

⚙️ Miscellaneous Tasks

• (jco) lint, remove invalid uses of checkStreamValues by @​vados-cosmonic

• (jco) update hello-stdout component by @​vados-cosmonic

• (jco) add minify hints by @​vados-cosmonic

jco-v1.22.0

[1.22.0] - 2026-06-10

🧪 Testing

• (jco) add test for host fn using future by @​vados-cosmonic

• (jco) add retry to udp-sample-application test by @​vados-cosmonic in #1603

• (jco) allow retry for post return async sleep by @​vados-cosmonic

• (jco) add retry for http outbound content length test by @​vados-cosmonic

• (jco) increase allowed time for post return async sleep by @​vados-cosmonic

• (jco) re-enable yield tests by @​vados-cosmonic

... (truncated)

Commits

• a602928 release: jco v1.23.1
• 5a6f7aa release: js-component-bindgen v2.0.1
• 3495883 fix(bindgen): storage len accounting when lifting lists
• b6347cb test(jco): add regression test for storage len budgets during lift
• 817292d refactor(ci): replace taiki-e/install-action with cached version
• 3ab7f05 refactor(ci): install webidl2wit explicitly
• c8e4974 chore(deps): bump taiki-e/install-action from 2.81.1 to 2.81.7
• 912e962 sec(ci): avoid persisting credentials after checkout
• 82b89f2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3
• 7fe2fa0 chore(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​bytecodealliance/jco since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Medium Risk
Large jco jump affects the fixture WASM build path (jco componentize); verify the js_app build/spec still pass, though scope is limited to test fixtures.

Overview
Bumps @bytecodealliance/jco from 1.11.1 to 1.23.1 in spec/fixtures/components/js_app (package.json and package-lock.json).

The lockfile refresh pulls in a newer jco toolchain used by the fixture’s jco componentize build step, including updated nested componentize-js, wizer, binaryen, preview2/preview3 shims, and new oxc-parser / platform bindings. @bytecodealliance/componentize-js at the top level stays ^0.18.2; only the direct jco range changes.

^{Reviewed by Cursor Bugbot for commit 0140125. Bugbot is set up for automated code reviews on this repo. Configure here.}