Skip to content

chore: bump the npm-low-risk group with 8 updates #4899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
stephenmathieson merged 1 commit into from
Oct 1, 2025
Merged

chore: bump the npm-low-risk group with 8 updates #4899

stephenmathieson merged 1 commit into from
Oct 1, 2025
+434 −598

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2025

Bumps the npm-low-risk group with 8 updates:

Package From To
@babel/core 7.28.3 7.28.4
@babel/runtime-corejs3 7.28.3 7.28.4
emoji-regex 10.4.0 10.5.0
eslint 9.34.0 9.36.0
globals 16.3.0 16.4.0
lint-staged 16.1.5 16.2.0
mocha 11.7.1 11.7.2
start-server-and-test 2.0.13 2.1.2

Updates @babel/core from 7.28.3 to 7.28.4

Release notes

Sourced from @​babel/core's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

Changelog

Sourced from @​babel/core's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

Commits

Updates @babel/runtime-corejs3 from 7.28.3 to 7.28.4

Release notes

Sourced from @​babel/runtime-corejs3's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

🏠 Internal

Committers: 5

Changelog

Sourced from @​babel/runtime-corejs3's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

Commits

Updates emoji-regex from 10.4.0 to 10.5.0

Commits

Updates eslint from 9.34.0 to 9.36.0

Release notes

Sourced from eslint's releases.

v9.36.0

Features

  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)

Bug Fixes

  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)

Documentation

  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 91f97c5 docs: Update README (GitHub Actions Bot)

Chores

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)

v9.35.0

Features

  • 42761fa feat: implement suggestions for no-empty-function (#20057) (jaymarvelz)
  • 102f444 feat: implement suggestions for no-empty-static-block (#20056) (jaymarvelz)
  • e51ffff feat: add preserve-caught-error rule (#19913) (Amnish Singh Arora)

Bug Fixes

  • 10e7ae2 fix: update uncloneable options error message (#20059) (soda-sorcery)
  • bfa4601 fix: ignore empty switch statements with comments in no-empty rule (#20045) (jaymarvelz)
  • dfd11de fix: add before and after to test case types (#20049) (Francesco Trotta)
  • dabbe95 fix: correct types for no-restricted-imports rule (#20034) (Milos Djermanovic)
  • ea789c7 fix: no-loss-of-precision false positive with uppercase exponent (#20032) (sethamus)

Documentation

  • d265515 docs: improve phrasing - "if" → "even if" from getting-started section (#20074) (jjangga0214)
  • a355a0e docs: invert comparison logic for example in no-var doc page (#20064) (OTonGitHub)
  • 5082fc2 docs: Update README (GitHub Actions Bot)
  • 99cfd7e docs: add missing "the" in rule deprecation docs (#20050) (Josh Goldberg ✨)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.36.0 - September 19, 2025

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)
  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • 91f97c5 docs: Update README (GitHub Actions Bot)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)

v9.35.0 - September 5, 2025

  • da87f2f chore: upgrade @​eslint/js@​9.35.0 (#20077) (Milos Djermanovic)
  • af2a087 chore: package.json update for @​eslint/js release (Jenkins)
  • d265515 docs: improve phrasing - "if" → "even if" from getting-started section (#20074) (jjangga0214)
  • 7055764 test: remove tests/lib/eslint/eslint.config.js (#20065) (Milos Djermanovic)
  • 10e7ae2 fix: update uncloneable options error message (#20059) (soda-sorcery)
  • 42761fa feat: implement suggestions for no-empty-function (#20057) (jaymarvelz)
  • 102f444 feat: implement suggestions for no-empty-static-block (#20056) (jaymarvelz)
  • 84ffb96 chore: update @eslint-community/eslint-utils (#20069) (Francesco Trotta)
  • a355a0e docs: invert comparison logic for example in no-var doc page (#20064) (OTonGitHub)
  • e51ffff feat: add preserve-caught-error rule (#19913) (Amnish Singh Arora)
  • 5082fc2 docs: Update README (GitHub Actions Bot)
  • d5ef939 refactor: remove deprecated context.parserOptions usage across rules (#20060) (sethamus)
  • 1b3881d chore: remove redundant word (#20058) (pxwanglu)
  • 99cfd7e docs: add missing "the" in rule deprecation docs (#20050) (Josh Goldberg ✨)
  • bfa4601 fix: ignore empty switch statements with comments in no-empty rule (#20045) (jaymarvelz)
  • dfd11de fix: add before and after to test case types (#20049) (Francesco Trotta)
  • 6ad8973 docs: update --no-ignore and --ignore-pattern documentation (#20036) (Francesco Trotta)
  • dabbe95 fix: correct types for no-restricted-imports rule (#20034) (Milos Djermanovic)
  • 8033b19 docs: add documentation for --no-config-lookup (#20033) (Francesco Trotta)
  • ea789c7 fix: no-loss-of-precision false positive with uppercase exponent (#20032) (sethamus)
Commits

Updates globals from 16.3.0 to 16.4.0

Release notes

Sourced from globals's releases.

v16.4.0

  • Update globals (#309) 8b8a2d6

sindresorhus/globals@v16.3.0...v16.4.0

Commits

Updates lint-staged from 16.1.5 to 16.2.0

Release notes

Sourced from lint-staged's releases.

v16.2.0

Minor Changes

  • #1615 99eb742 Thanks @​iiroj! - Added a new option --fail-on-changes to make lint-staged exit with code 1 when tasks modify any files, making the precommit hook fail. This is similar to the git diff --exit-code option. Using this flag also implies the --no-revert flag which means any changes made by tasks will be left in the working tree after failing, so that they can be manually staged and the commit tried again.

  • #1611 cd05fd3 Thanks @​rlorenzo! - Added a new option --continue-on-error so that lint-staged will run all tasks to completion even if some of them fail. By default, lint-staded will exit early on the first failure.

  • #1637 82fcc07 Thanks @​iiroj! - Internal lint-staged errors are now thrown and visible in the console output. Previously they were caught with the process exit code set to 1, but not logged. This happens when, for example, there's a syntax error in the lint-staged configuration file.

  • #1647 a5ecc06 Thanks @​iiroj! - Remove debug as a dependency due to recent malware issue; read more at debug-js/debug#1005. Because of this, the DEBUG environment variable is no longer supported — use the --debug to enable debugging

  • #1636 8db2717 Thanks @​iiroj! - Added a new option --hide-unstaged so that lint-staged will hide all unstaged changes to tracked files before running tasks. The changes will be applied back after running the tasks. Note that the combination of flags --hide-unstaged --no-hide-partially-staged isn't meaningful and behaves the same as just --hide-unstaged.

    Thanks to @​ItsNickBarry for the idea and initial implementation in #1552.

  • #1648 7900b3b Thanks @​iiroj! - Remove lilconfig to reduce reliance on third-party dependencies. It was used to find possible config files outside of those tracked in Git, including from the parent directories. This behavior has been moved directly into lint-staged and should work about the same.

Patch Changes

  • #1633 7f9e485 Thanks @​dependabot! - Bumps listr2 from 9.0.3 to 9.0.4.

  • #1626 99d5a9b Thanks @​iiroj! - Due to recent phishing attacks, for example chalk@5.6.1 was released with malware. To avoid lint-staged's users being at risk the direct dependencies are pinned to exact versions, instead of allowing future patch versions with the caret (^) range.

  • #1588 035bbf2 Thanks @​outslept! - Increase performance by listing staged files and searching for configuration concurrently.

  • #1645 deba3ad Thanks @​iiroj! - Remove chalk as a dependency due to recent malware issue; read more at chalk/chalk#656.

    If you are having trouble with ANSI color codes when using lint-staged, you can try setting either FORCE_COLOR=true or NO_COLOR=true env variables.

v16.1.6

Patch Changes

  • #1610 e93578e Thanks @​iiroj! - Try to improve terminating of subprocess of tasks by using SIGKILL, and only calling pidtree when the the main task process has a known pid.
Changelog

Sourced from lint-staged's changelog.

16.2.0

Minor Changes

  • #1615 99eb742 Thanks @​iiroj! - Added a new option --fail-on-changes to make lint-staged exit with code 1 when tasks modify any files, making the precommit hook fail. This is similar to the git diff --exit-code option. Using this flag also implies the --no-revert flag which means any changes made by tasks will be left in the working tree after failing, so that they can be manually staged and the commit tried again.

  • #1611 cd05fd3 Thanks @​rlorenzo! - Added a new option --continue-on-error so that lint-staged will run all tasks to completion even if some of them fail. By default, lint-staded will exit early on the first failure.

  • #1637 82fcc07 Thanks @​iiroj! - Internal lint-staged errors are now thrown and visible in the console output. Previously they were caught with the process exit code set to 1, but not logged. This happens when, for example, there's a syntax error in the lint-staged configuration file.

  • #1647 a5ecc06 Thanks @​iiroj! - Remove debug as a dependency due to recent malware issue; read more at debug-js/debug#1005. Because of this, the DEBUG environment variable is no longer supported — use the --debug to enable debugging

  • #1636 8db2717 Thanks @​iiroj! - Added a new option --hide-unstaged so that lint-staged will hide all unstaged changes to tracked files before running tasks. The changes will be applied back after running the tasks. Note that the combination of flags --hide-unstaged --no-hide-partially-staged isn't meaningful and behaves the same as just --hide-unstaged.

    Thanks to @​ItsNickBarry for the idea and initial implementation in #1552.

  • #1648 7900b3b Thanks @​iiroj! - Remove lilconfig to reduce reliance on third-party dependencies. It was used to find possible config files outside of those tracked in Git, including from the parent directories. This behavior has been moved directly into lint-staged and should work about the same.

Patch Changes

  • #1633 7f9e485 Thanks @​dependabot! - Bumps listr2 from 9.0.3 to 9.0.4.

  • #1626 99d5a9b Thanks @​iiroj! - Due to recent phishing attacks, for example chalk@5.6.1 was released with malware. To avoid lint-staged's users being at risk the direct dependencies are pinned to exact versions, instead of allowing future patch versions with the caret (^) range.

  • #1588 035bbf2 Thanks @​outslept! - Increase performance by listing staged files and searching for configuration concurrently.

  • #1645 deba3ad Thanks @​iiroj! - Remove chalk as a dependency due to recent malware issue; read more at chalk/chalk#656.

    If you are having trouble with ANSI color codes when using lint-staged, you can try setting either FORCE_COLOR=true or NO_COLOR=true env variables.

16.1.6

Patch Changes

  • #1610 e93578e Thanks @​iiroj! - Try to improve terminating of subprocess of tasks by using SIGKILL, and only calling pidtree when the the main task process has a known pid.
Commits
  • 54c9bea chore(changeset): release
  • da1ec1d build(deps-dev): bump eslint-plugin-n from 17.23.0 to 17.23.1
  • 63361a8 feat: flag --fail-on-changes implies --no-revert
  • bcde025 docs: removal of debug is "minor" instead of "patch" level change
  • 7900b3b feat: remove lilconfig as a dependency
  • a5ecc06 feat: remove debug as a dependency
  • 616b2d3 ci: use actions/checkout@v5
  • d6397a5 ci: use @​actions/setup-node@​v5
  • 4499b73 ci: run tests with lowest supported Node.js version 20.17.0
  • b4b69e5 fix: pass either FORCE_COLOR or NO_COLOR to tasks based on detected support
  • Additional commits viewable in compare view

Updates mocha from 11.7.1 to 11.7.2

Release notes

Sourced from mocha's releases.

v11.7.2

11.7.2 (2025-09-01)

🩹 Fixes

  • fail with an informative error message on a file with a broken default import (#5413) (b0e6135)
  • load mjs files correctly (#5429) (a947b9b)

📚 Documentation

🧹 Chores

🤖 Automation

  • deps: bump actions/checkout in the github-actions group (#5419) (03ac2d0)
Changelog

Sourced from mocha's changelog.

11.7.2 (2025-09-01)

🩹 Fixes

  • fail with an informative error message on a file with a broken default import (#5413) (b0e6135)
  • load mjs files correctly (#5429) (a947b9b)

📚 Documentation

🧹 Chores

🤖 Automation

  • deps: bump actions/checkout in the github-actions group (#5419) (03ac2d0)
Commits
  • 5f8e8a8 chore(main): release 11.7.2 (#5398)
  • 3300d21 chore: move callback and object typedefs to a new types.d.ts (#5351)
  • 95f3ca8 docs: migrate assertion libraries wiki link to main docs (#5442)
  • c6c6740 chore: rewrite base path instead of copy-pasting (#5431)
  • b0e6135 fix: fail with an informative error message on a file with a broken default i...
  • 9d12fc2 Fix link buttons in new homepage (#5449)
  • a947b9b fix: load mjs files correctly (#5429)
  • 7071c70 Alphabetize new site nav (#5444)
  • d4912e7 chore: unify caught errors as err (#5439)
  • 02a306c docs: migrate count assertions wiki page to docs (#5438)
  • Additional commits viewable in compare view
<...

Description has been truncated

@dependabot
chore: bump the npm-low-risk group with 8 updates
d57c0f4 
Bumps the npm-low-risk group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.28.3` | `7.28.4` |
| [@babel/runtime-corejs3](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime-corejs3) | `7.28.3` | `7.28.4` |
| [emoji-regex](https://github.com/mathiasbynens/emoji-regex) | `10.4.0` | `10.5.0` |
| [eslint](https://github.com/eslint/eslint) | `9.34.0` | `9.36.0` |
| [globals](https://github.com/sindresorhus/globals) | `16.3.0` | `16.4.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.1.5` | `16.2.0` |
| [mocha](https://github.com/mochajs/mocha) | `11.7.1` | `11.7.2` |
| [start-server-and-test](https://github.com/bahmutov/start-server-and-test) | `2.0.13` | `2.1.2` |


Updates `@babel/core` from 7.28.3 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-core)

Updates `@babel/runtime-corejs3` from 7.28.3 to 7.28.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime-corejs3)

Updates `emoji-regex` from 10.4.0 to 10.5.0
- [Commits](mathiasbynens/emoji-regex@v10.4.0...v10.5.0)

Updates `eslint` from 9.34.0 to 9.36.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v9.34.0...v9.36.0)

Updates `globals` from 16.3.0 to 16.4.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v16.3.0...v16.4.0)

Updates `lint-staged` from 16.1.5 to 16.2.0
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.1.5...v16.2.0)

Updates `mocha` from 11.7.1 to 11.7.2
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](mochajs/mocha@v11.7.1...v11.7.2)

Updates `start-server-and-test` from 2.0.13 to 2.1.2
- [Release notes](https://github.com/bahmutov/start-server-and-test/releases)
- [Commits](bahmutov/start-server-and-test@v2.0.13...v2.1.2)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 7.28.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: "@babel/runtime-corejs3"
  dependency-version: 7.28.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: emoji-regex
  dependency-version: 10.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: eslint
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: globals
  dependency-version: 16.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: lint-staged
  dependency-version: 16.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: mocha
  dependency-version: 11.7.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: start-server-and-test
  dependency-version: 2.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 1, 2025
@dependabot dependabot bot requested a review from a team as a code owner October 1, 2025 12:03
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 1, 2025
@stephenmathieson stephenmathieson merged commit a0e9da4 into develop Oct 1, 2025
23 checks passed
@stephenmathieson stephenmathieson deleted the dependabot/npm_and_yarn/npm-low-risk-6cd28607b5 branch October 1, 2025 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stephenmathieson stephenmathieson stephenmathieson approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stephenmathieson