fix code for nodejs tests
change fix direction to avoid issues with duplicate styles
format issues
swap waitForTimeout for waitForRAF in test that flaked
Add unit tests for new functions
Fix broken test causes by file formatting removing spaced

---------

Co-authored-by: jaj1014 <ajax@pendo.io>
Co-authored-by: jaj1014 <jaj1014@users.noreply.github.com>

This reverts commit 2891c36.

Was just testing this ([source](rrweb-io#1357))

## Summary
Updates stale yarn.lock resolutions to patched versions within their
existing semver ranges, plus fixes a build breakage in rrweb-worker.

**Lockfile refreshes** (no package.json changes):
- **basic-ftp** 5.0.5 -> 5.3.0 (via puppeteer -> proxy-agent -> get-uri)
- **node-forge** 1.3.1 -> 1.4.0 (via vite-plugin-web-extension ->
web-ext-run -> @devicefarmer/adbkit)
- **picomatch** 2.3.1 -> 2.3.2 (via chokidar, micromatch,
@rollup/pluginutils)
- **picomatch** 4.0.2 -> 4.0.4 (via @rollup/pluginutils)
- **flatted** 3.3.2 -> 3.4.2 (via eslint -> flat-cache)

**rrweb-worker build fix**: Replaces `rollup-plugin-typescript2` with
`@rollup/plugin-typescript` — the old plugin can't parse `import type`
syntax with the newer rollup version pulled in by the
`@rollup/plugin-terser` v1 bump.

## Breaking changes
- Lockfile refreshes: none — all within existing semver ranges
- `rollup-plugin-typescript2` -> `@rollup/plugin-typescript`: drop-in
replacement, same rollup plugin API. `@rollup/plugin-typescript` is the
officially maintained plugin. Config options (`tsconfig`, `sourceMap`,
`inlineSourceMap`, `inlineSources`) are compatible. Build verified
passing.

## Dependabot alerts resolved
- [Alert
#249](https://github.com/getsentry/rrweb/security/dependabot/249) (high)
— basic-ftp CRLF injection
- [Alert
#202](https://github.com/getsentry/rrweb/security/dependabot/202)
(critical) — basic-ftp path traversal
- [Alert
#237](https://github.com/getsentry/rrweb/security/dependabot/237) (high)
— node-forge basicConstraints bypass
- [Alert
#236](https://github.com/getsentry/rrweb/security/dependabot/236) (high)
— node-forge Ed25519 signature forgery
- [Alert
#235](https://github.com/getsentry/rrweb/security/dependabot/235) (high)
— node-forge RSA-PKCS signature forgery
- [Alert
#234](https://github.com/getsentry/rrweb/security/dependabot/234) (high)
— node-forge DoS via BigInteger.modInverse
- [Alert
#164](https://github.com/getsentry/rrweb/security/dependabot/164) (high)
— node-forge ASN.1 unbounded recursion
- [Alert
#163](https://github.com/getsentry/rrweb/security/dependabot/163)
(medium) — node-forge ASN.1 OID integer truncation
- [Alert
#162](https://github.com/getsentry/rrweb/security/dependabot/162) (high)
— node-forge ASN.1 desynchronization
- [Alert
#232](https://github.com/getsentry/rrweb/security/dependabot/232)
(medium) — picomatch POSIX class method injection
- [Alert
#230](https://github.com/getsentry/rrweb/security/dependabot/230)
(medium) — picomatch POSIX class method injection (4.x)
- [Alert
#229](https://github.com/getsentry/rrweb/security/dependabot/229) (high)
— picomatch ReDoS via extglob quantifiers
- [Alert
#227](https://github.com/getsentry/rrweb/security/dependabot/227) (high)
— flatted prototype pollution via parse

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>