Skip to content

Build(deps-dev): bump the npm-development group across 1 directory with 12 updates#205

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-development-bdb2bb3f4f
Open

Build(deps-dev): bump the npm-development group across 1 directory with 12 updates#205
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-development-bdb2bb3f4f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-development group with 11 updates in the / directory:

Package From To
@eslint/compat 2.0.5 2.1.0
@rollup/plugin-commonjs 29.0.2 29.0.3
@typescript-eslint/eslint-plugin 8.59.0 8.62.1
eslint-import-resolver-typescript 4.4.4 4.4.5
eslint-plugin-jest 29.15.2 29.15.4
eslint-plugin-prettier 5.5.5 5.5.6
globals 17.5.0 17.7.0
jest 30.3.0 30.4.2
prettier 3.8.3 3.9.4
rollup 4.60.2 4.62.2
ts-jest 29.4.9 29.4.11

Updates @eslint/compat from 2.0.5 to 2.1.0

Release notes

Sourced from @​eslint/compat's releases.

compat: v2.1.0

2.1.0 (2026-05-08)

Features

  • Add new includeIgnoreFile() to config-helpers (#430) (9b51352)

migrate-config: v2.1.0

2.1.0 (2026-05-08)

Features

  • Add new includeIgnoreFile() to config-helpers (#430) (9b51352)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/config-helpers bumped from ^0.5.5 to ^0.6.0

migrate-config: v2.0.7

2.0.7 (2026-05-01)

Bug Fixes

migrate-config: v2.0.6

2.0.6 (2026-04-08)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/compat bumped from ^2.0.4 to ^2.0.5
    • devDependencies
      • @​eslint/core bumped from ^1.2.0 to ^1.2.1
Changelog

Sourced from @​eslint/compat's changelog.

2.1.0 (2026-05-08)

Features

  • Add new includeIgnoreFile() to config-helpers (#430) (9b51352)
Commits

Updates @rollup/plugin-commonjs from 29.0.2 to 29.0.3

Changelog

Sourced from @​rollup/plugin-commonjs's changelog.

v29.0.3

2026-05-29

Bugfixes

Commits

Updates @typescript-eslint/eslint-plugin from 8.59.0 to 8.62.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)

❤️ Thank You

... (truncated)

Commits
  • 3ea32f4 chore(release): publish 8.62.1
  • 4ecca6d fix(eslint-plugin): [no-unnecessary-type-assertion] parenthesize object liter...
  • f3a7ec7 chore(eslint-plugin-internal): [no-dynamic-tests] restrict where noFormat can...
  • 301f350 fix(eslint-plugin): [no-unnecessary-boolean-literal-compare] preserve boolean...
  • ebce2d4 fix(eslint-plugin): [prefer-optional-chain] use suggestion instead of autofix...
  • 54e2857 chore(release): publish 8.62.0
  • 81e4c26 feat: remove redundant package.json "files" (#12444)
  • b784054 chore: use stableTypeOrdering compiler option (#12427)
  • aaad718 chore(release): publish 8.61.1
  • 0cc8f35 fix(eslint-plugin): [no-unnecessary-template-expression] respect ECMAScript l...
  • Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.59.0 to 8.62.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.62.1 (2026-06-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.0 (2026-06-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.1 (2026-06-01)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.0 (2026-05-25)

This was a version bump only for parser to align it with other projects, there were no code changes.

... (truncated)

Commits

Updates eslint-import-resolver-typescript from 4.4.4 to 4.4.5

Release notes

Sourced from eslint-import-resolver-typescript's releases.

v4.4.5

Patch Changes

Changelog

Sourced from eslint-import-resolver-typescript's changelog.

4.4.5

Patch Changes

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-import-resolver-typescript since your current version.


Updates eslint-plugin-jest from 29.15.2 to 29.15.4

Release notes

Sourced from eslint-plugin-jest's releases.

v29.15.4

29.15.4 (2026-06-30)

Bug Fixes

  • no-export: don't report on assignment to locals named module (#1976) (da02c0c)

v29.15.3

29.15.3 (2026-06-26)

Bug Fixes

  • no-export: treat describe blocks as test files (#1978) (70568b0)
Changelog

Sourced from eslint-plugin-jest's changelog.

29.15.4 (2026-06-30)

Bug Fixes

  • no-export: don't report on assignment to locals named module (#1976) (da02c0c)

29.15.3 (2026-06-26)

Bug Fixes

  • no-export: treat describe blocks as test files (#1978) (70568b0)
Commits
  • 4ba9454 chore(release): 29.15.4 [skip ci]
  • da02c0c fix(no-export): don't report on assignment to locals named module (#1976)
  • 2e236cf chore(deps): update danger/danger-js action to v13.0.10 (#1983)
  • b121402 chore(release): 29.15.3 [skip ci]
  • 70568b0 fix(no-export): treat describe blocks as test files (#1978)
  • 4a8fc22 chore: update eslint-plugin-n (#1984)
  • 2dfc6f5 chore(deps): update dependency eslint-plugin-n to v18 (#1964)
  • 4d830d8 chore(deps): update dependency lint-staged to v17 (#1965)
  • d387524 chore(deps): update yarn monorepo (#1961)
  • 08a822a chore(deps): update commitlint monorepo to v21 (#1966)
  • Additional commits viewable in compare view

Updates eslint-plugin-prettier from 5.5.5 to 5.5.6

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.6

Patch Changes

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.6

Patch Changes

Commits

Updates globals from 17.5.0 to 17.7.0

Release notes

Sourced from globals's releases.

v17.7.0

  • Update globals (2026-06-22) (#345) 33b75f9

sindresorhus/globals@v17.6.0...v17.7.0

v17.6.0

  • Update globals (2026-05-01) (#343) 00a4dd9

sindresorhus/globals@v17.5.0...v17.6.0

Commits

Updates jest from 30.3.0 to 30.4.2

Release notes

Sourced from jest's releases.

v30.4.2

Fixes

  • [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#16150)

Full Changelog: jestjs/jest@v30.4.1...v30.4.2

v30.4.1

Features

  • [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

  • [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

Full Changelog: jestjs/jest@v30.4.0...v30.4.1

v30.4.0

Big release! 😀

Main feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work require(esm) module is now supported on Node 24.9+ (still requires --experimental-vm-modules like before).

In addition we now support fake timers for the recently released Temporal API in Node v26.

React 19 is also supported properly in pretty-format, meaning snapshots of React components now work like they should.

Due to all the changes, there might be regressions that snuck in. Please report them!

Full list of changes below

Features

  • [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
  • [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
  • [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
  • [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
  • [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#16133)
  • [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#16128)
  • [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#16128)
  • [@jest/fake-timers] Support faking Temporal.Now.* (#16131)
  • [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#16088)
  • [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#16064)
  • [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)
  • [jest-runtime] Support require() of ES modules on Node v24.9+ (#16074)
  • [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)
  • [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#16062)
  • [jest-util] Add isError helper (#16076)

... (truncated)

Changelog

Sourced from jest's changelog.

30.4.2

Fixes

  • [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#16150)

30.4.1

Features

  • [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

  • [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

30.4.0

Features

  • [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
  • [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
  • [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
  • [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
  • [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#16133)
  • [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#16128)
  • [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#16128)
  • [@jest/fake-timers] Support faking Temporal.Now.* (#16131)
  • [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#16088)
  • [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#16064)
  • [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)
  • [jest-runtime] Support require() of ES modules on Node v24.9+ (#16074)
  • [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)
  • [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#16062)
  • [jest-util] Add isError helper (#16076)
  • [pretty-format] Support React 19 (#16123)

Fixes

  • [expect-utils] Fix toStrictEqual failing on structuredClone results due to cross-realm constructor mismatch (#15959)
  • [@jest/expect-utils] Prevent toMatchObject/subset matching from throwing when encountering exotic iterables (#15952)
  • [fake-timers] Convert Date to milliseconds before passing to @sinonjs/fake-timers (#16029)
  • [jest] Export GlobalConfig and ProjectConfig TypeScript types (#16132)
  • [jest-circus] Prevent crash when asyncError is undefined for non-Error throws (#16003)
  • [jest-circus, jest-jasmine2] Include Error.cause in JSON failureMessages output (#15967)
  • [jest-config] Fix preset path resolution on Windows when the preset uses subpath exports (#15961)
  • [jest-config] Allow collectCoverage and coverageProvider in project config without a validation warning (#16132)
  • [jest-config] Project config validator now emits "is not supported in an individual project configuration" instead of "probably a typing mistake" for known global-only options (#16132)
  • [jest-environment-node] Fix --localstorage-file warning on Node 25+ (#16086)
  • [jest-reporters] Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (#16137)

... (truncated)

Commits

Updates prettier from 3.8.3 to 3.9.4

Release notes

Sourced from prettier's releases.

3.9.4

  • Angular: Format @content(name) -> @content (name) to align with other block syntax (#19499 by @​fisker)

🔗 Changelog

3.9.3

🔗 Changelog

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

3.8.4

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.4

diff

Angular: Format @content(name) -> @content (name) to align with other block syntax (#19499 by @​fisker)

<!-- Input -->
<FancyButton [label]="title">
  @content (icon) {
    <span>Icon!</span>
  }
  @content (description) {
    <span>Description text</span>
  }
  <span>Other children</span>
</FancyButton>
<!-- Prettier 3.9.3 -->
<FancyButton [label]="title">
@​content(icon) {
<span>Icon!</span>
}
@​content(description) {
<span>Description text</span>
}
<span>Other children</span>
</FancyButton>
<!-- Prettier 3.9.4 -->
<FancyButton [label]="title">
@​content (icon) {
<span>Icon!</span>
}
@​content (description) {
<span>Description text</span>
}
<span>Other children</span>
</FancyButton>

3.9.3

diff

Markdown: Fix unexpected removal of characters in liquid syntax (#19489 by @​seiyab)

</tr></table> 

... (truncated)

Commits
  • b693cb2 Release 3.9.4
  • 2e92ac0 Angular: Format @content(name) -> @content (name) to align with other blo...
  • abed2c2 Bump Prettier dependency to 3.9.3
  • 6cfbc00 Clean changelog_unreleased
  • 3732e1d Release 3.9.3
  • a74a7b0 Allow decorators to be used with declare on class fields (#19492)
  • bd9e11a Correct text identification in liquid syntax (#19489)
  • 269eee3 Bump Prettier dependency to 3.9.1
  • ec7ccd1 Clean changelog_unreleased
  • c47654c Release 3.9.1
  • Additional commits viewable in compare view

Updates rollup from 4.60.2 to 4.62.2

Release notes

Sourced from rollup's releases.

v4.62.2

4.62.2

2026-06-19

Bug Fixes

  • Do not add spurious side-effect-free external imports to chunks when using minChunkSize (#6411)

Pull Requests

v4.62.1

4.62.1

2026-06-19

Bug Fixes

  • Preserve multipart file extensions when deconflicting output chunks (#6408)
  • Fix an issue where getLogFilter would match additional logs (#6415)

Pull Requests

v4.62.0

4.62.0

2026-06-13

Features

  • Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

…th 12 updates

Bumps the npm-development group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) | `2.0.5` | `2.1.0` |
| [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) | `29.0.2` | `29.0.3` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.59.0` | `8.62.1` |
| [eslint-import-resolver-typescript](https://github.com/import-js/eslint-import-resolver-typescript) | `4.4.4` | `4.4.5` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.15.2` | `29.15.4` |
| [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) | `5.5.5` | `5.5.6` |
| [globals](https://github.com/sindresorhus/globals) | `17.5.0` | `17.7.0` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.3.0` | `30.4.2` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.9.4` |
| [rollup](https://github.com/rollup/rollup) | `4.60.2` | `4.62.2` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.9` | `29.4.11` |



Updates `@eslint/compat` from 2.0.5 to 2.1.0
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/compat-v2.1.0/packages/compat)

Updates `@rollup/plugin-commonjs` from 29.0.2 to 29.0.3
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v29.0.3/packages/commonjs)

Updates `@typescript-eslint/eslint-plugin` from 8.59.0 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.59.0 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/parser)

Updates `eslint-import-resolver-typescript` from 4.4.4 to 4.4.5
- [Release notes](https://github.com/import-js/eslint-import-resolver-typescript/releases)
- [Changelog](https://github.com/import-js/eslint-import-resolver-typescript/blob/master/CHANGELOG.md)
- [Commits](import-js/eslint-import-resolver-typescript@v4.4.4...v4.4.5)

Updates `eslint-plugin-jest` from 29.15.2 to 29.15.4
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](jest-community/eslint-plugin-jest@v29.15.2...v29.15.4)

Updates `eslint-plugin-prettier` from 5.5.5 to 5.5.6
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/eslint-plugin-prettier@v5.5.5...v5.5.6)

Updates `globals` from 17.5.0 to 17.7.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.5.0...v17.7.0)

Updates `jest` from 30.3.0 to 30.4.2
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.4.2/packages/jest)

Updates `prettier` from 3.8.3 to 3.9.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.3...3.9.4)

Updates `rollup` from 4.60.2 to 4.62.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.60.2...v4.62.2)

Updates `ts-jest` from 29.4.9 to 29.4.11
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.4.9...v29.4.11)

---
updated-dependencies:
- dependency-name: "@eslint/compat"
  dependency-version: 2.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@rollup/plugin-commonjs"
  dependency-version: 29.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint-import-resolver-typescript
  dependency-version: 4.4.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-plugin-jest
  dependency-version: 29.15.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-plugin-prettier
  dependency-version: 5.5.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: jest
  dependency-version: 30.4.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: prettier
  dependency-version: 3.9.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: rollup
  dependency-version: 4.62.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: ts-jest
  dependency-version: 29.4.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependabot Dependabot issues and PRs npm Node.js issues and PRs labels Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 21:24
@dependabot dependabot Bot added dependabot Dependabot issues and PRs npm Node.js issues and PRs labels Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 5 0 0 0.05s
❌ ACTION zizmor 5 1 0 0.37s
✅ JSON jsonlint 5 0 0 0.12s
✅ JSON npm-package-json-lint yes no no 0.55s
✅ JSON prettier 5 0 0 1.21s
✅ JSON v8r 5 0 0 8.91s
✅ MARKDOWN markdownlint 1 0 0 2.34s
✅ REPOSITORY betterleaks yes no no 1.84s
✅ REPOSITORY checkov yes no no 26.88s
✅ REPOSITORY gitleaks yes no no 1.7s
✅ REPOSITORY git_diff yes no no 0.09s
❌ REPOSITORY grype yes 5 no 69.29s
❌ REPOSITORY osv-scanner yes 24 no 3.05s
✅ REPOSITORY secretlint yes no no 1.07s
✅ REPOSITORY syft yes no no 8.29s
✅ REPOSITORY trivy-sbom yes no no 3.55s
✅ REPOSITORY trufflehog yes no no 37.62s
✅ TYPESCRIPT eslint 9 0 0 12.34s
✅ TYPESCRIPT prettier 9 0 0 1.85s
✅ YAML prettier 13 0 0 0.89s
✅ YAML v8r 13 0 0 10.29s
✅ YAML yamllint 13 0 0 0.97s

Detailed Issues

❌ REPOSITORY / grype - 5 errors
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME             INSTALLED  FIXED IN  TYPE  VULNERABILITY        SEVERITY  EPSS         RISK   
undici           6.24.1     6.27.0    npm   GHSA-vxpw-j846-p89q  High      0.6% (42nd)  0.4    
brace-expansion  5.0.5      5.0.6     npm   GHSA-jxxr-4gwj-5jf2  Medium    0.3% (19th)  0.2    
undici           6.24.1     6.27.0    npm   GHSA-p88m-4jfj-68fv  Medium    0.3% (16th)  0.1    
undici           6.24.1     6.27.0    npm   GHSA-g8m3-5g58-fq7m  Low       0.2% (15th)  < 0.1  
undici           6.24.1     6.27.0    npm   GHSA-35p6-xmwp-9g52  Low       0.2% (13th)  < 0.1
[0069] ERROR discovered vulnerabilities at or above the severity threshold
❌ REPOSITORY / osv-scanner - 24 errors
Scanning dir .
Starting filesystem walk for root: /
Scanned package-lock.json file and found 830 packages
End status: 34 dirs visited, 113 inodes visited, 1 Extract calls, 49.886259ms elapsed, 49.886429ms wall time

Total 10 packages affected by 24 known vulnerabilities (0 Critical, 9 High, 9 Medium, 6 Low, 0 Unknown) from 1 ecosystem.
24 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+------------------------+---------+---------------+-------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE                | VERSION | FIXED VERSION | SOURCE            |
+-------------------------------------+------+-----------+------------------------+---------+---------------+-------------------+
| https://osv.dev/GHSA-4x5r-pxfx-6jf8 | 3.2  | npm       | @babel/core (dev)      | 7.28.0  | 7.29.6        | package-lock.json |
| https://osv.dev/GHSA-jxxr-4gwj-5jf2 | 6.5  | npm       | brace-expansion        | 5.0.5   | 5.0.6         | package-lock.json |
| https://osv.dev/GHSA-g7r4-m6w7-qqqr | 2.5  | npm       | esbuild (dev)          | 0.27.4  | 0.28.1        | package-lock.json |
| https://osv.dev/GHSA-45c6-75p6-83cc | 6.1  | npm       | fast-xml-builder (dev) | 1.1.5   | 1.1.6         | package-lock.json |
| https://osv.dev/GHSA-5wm8-gmm8-39j9 | 8.7  | npm       | fast-xml-builder (dev) | 1.1.5   | 1.1.7         | package-lock.json |
| https://osv.dev/GHSA-h67p-54hq-rp68 | 5.3  | npm       | js-yaml (dev)          | 3.14.2  | 3.15.0        | package-lock.json |
| https://osv.dev/GHSA-h67p-54hq-rp68 | 5.3  | npm       | js-yaml (dev)          | 4.1.1   | 4.2.0         | package-lock.json |
| https://osv.dev/GHSA-23c5-xmqv-rm74 | 7.5  | npm       | minimatch (dev)        | 9.0.3   | 9.0.7         | package-lock.json |
| https://osv.dev/GHSA-3ppc-4f35-3m26 | 8.7  | npm       | minimatch (dev)        | 9.0.3   | 9.0.6         | package-lock.json |
| https://osv.dev/GHSA-7r86-cg39-jmmj | 7.5  | npm       | minimatch (dev)        | 9.0.3   | 9.0.7         | package-lock.json |
| https://osv.dev/GHSA-2mjp-6q6p-2qxm | 6.5  | npm       | undici (dev)           | 5.29.0  | 6.24.0        | package-lock.json |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici (dev)           | 5.29.0  | 6.27.0        | package-lock.json |
| https://osv.dev/GHSA-4992-7rv2-5pvq | 4.6  | npm       | undici (dev)           | 5.29.0  | 6.24.0        | package-lock.json |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici (dev)           | 5.29.0  | 6.27.0        | package-lock.json |
| https://osv.dev/GHSA-g9mf-h72j-4rw9 | 5.9  | npm       | undici (dev)           | 5.29.0  | 6.23.0        | package-lock.json |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici (dev)           | 5.29.0  | 6.27.0        | package-lock.json |
| https://osv.dev/GHSA-v9p9-hfj2-hcw8 | 7.5  | npm       | undici (dev)           | 5.29.0  | 6.24.0        | package-lock.json |
| https://osv.dev/GHSA-vrm6-8vpv-qv8q | 7.5  | npm       | undici (dev)           | 5.29.0  | 6.24.0        | package-lock.json |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici (dev)           | 5.29.0  | 6.27.0        | package-lock.json |
| https://osv.dev/GHSA-35p6-xmwp-9g52 | 3.7  | npm       | undici                 | 6.24.1  | 6.27.0        | package-lock.json |
| https://osv.dev/GHSA-g8m3-5g58-fq7m | 3.7  | npm       | undici                 | 6.24.1  | 6.27.0        | package-lock.json |
| https://osv.dev/GHSA-p88m-4jfj-68fv | 5.9  | npm       | undici                 | 6.24.1  | 6.27.0        | package-lock.json |
| https://osv.dev/GHSA-vxpw-j846-p89q | 7.5  | npm       | undici                 | 6.24.1  | 6.27.0        | package-lock.json |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 7.5  | npm       | uuid (dev)             | 8.3.2   | 11.1.1        | package-lock.json |
+-------------------------------------+------+-----------+------------------------+---------+---------------+-------------------+
❌ ACTION / zizmor - 1 error
INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/check-dist.yml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ACTION_ZIZMOR_ERROR_GITHUB_API_UNREACHABLE] Zizmor could not access a repository referenced by a `uses:` clause via the GitHub API (missing token, insufficient scope, or cross-repo private access).
To allow zizmor to authenticate with GITHUB_TOKEN (or a PAT with `Contents: read-only`), whitelist the variable in your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN
If the referenced workflow is in a private repo outside the current one, provide a PAT with cross-repo access instead of the default GITHUB_TOKEN, or run zizmor in offline mode.

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.6.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_BETTERLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,TYPESCRIPT_ES,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependabot Dependabot issues and PRs npm Node.js issues and PRs

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants