Bump the npm group with 17 updates by dependabot[bot] · Pull Request #1315 · basecamp/trix

dependabot · 2026-05-16T05:55:47Z

Bumps the npm group with 17 updates:

Package	From	To
dompurify	`3.4.2`	`3.4.3`
@babel/core	`7.23.9`	`7.29.0`
@babel/preset-env	`7.23.9`	`7.29.5`
@rollup/plugin-babel	`5.3.1`	`7.0.0`
@rollup/plugin-commonjs	`22.0.2`	`29.0.2`
@rollup/plugin-json	`4.1.0`	`6.1.0`
@rollup/plugin-node-resolve	`13.3.0`	`16.0.3`
@web/dev-server	`0.1.38`	`0.4.6`
chokidar	`4.0.3`	`5.0.0`
concurrently	`7.6.0`	`9.2.1`
eslint	`7.32.0`	`10.3.0`
idiomorph	`0.7.3`	`0.7.4`
qunit	`2.19.1`	`2.25.0`
rollup	`2.80.0`	`4.60.3`
sass	`1.93.2`	`1.99.0`
svgo	`2.8.2`	`4.0.1`
webdriverio	`7.34.0`	`9.27.1`

Updates dompurify from 3.4.2 to 3.4.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.3

Fixed an issue with handling of nested Shadow DOM trees, thanks @fishjojo1

Fixed the template regexes to be more robust against ReDoS attacks, thanks @aleung27

Updated the node iteration code to catch more Shadow DOM related issues

Updated Playwright and added Node 26 to test matrix

Updated existing workflows, fuzzer, release signing, etc., added more tests

Bumped several dependencies where possible

Commits

520edb0 release: 3.4.3 (#1352)
See full diff in compare view

Updates @babel/core from 7.23.9 to 7.29.0

Release notes

Sourced from @babel/core's releases.

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

babel-generator, babel-runtime-corejs3

#17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

David (@simbahax)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

@magic-akari

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

... (truncated)

Commits

aa8394e v7.29.0
ad0d03f [7.x backport] feat: Allow specifying startLine in code frame (#17739)
d7f4008 v7.28.6
e130225 Polish(standalone): improve message on invalid preset/plugin (#17606)
99dcba5 chore: enable some ts-eslint rules (#17592)
c92c491 Improve Unicode handling in code-frame tokenizer (#17589)
d725e39 Add BABEL_7_TO_8_DANGEROUSLY_DISABLE_VERSION_CHECK (#17569)
c1b55f6 Use eslint.config.mts (#17573)
61647ae v7.28.5
42cb285 Improve @babel/core types (#17404)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @babel/core since your current version.

Updates @babel/preset-env from 7.23.9 to 7.29.5

Release notes

Sourced from @babel/preset-env's releases.

v7.29.5 (2026-05-05)

🏠 Internal

babel-preset-env

Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

babel-plugin-transform-modules-systemjs

#17974 [7.x backport]fix(systemjs): improve module string name support (@JLHwung)

Committers: 1

Huáng Jùnliàng (@JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

babel-parser

#17923 Support flow extends bound (@JLHwung)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#17931 fix(decorators): replace super within all removed static elements (@JLHwung)

babel-register

#17915 Fix thread synchronization issues in @babel/register (@liuxingbaoyu)

babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

#17788 Add bugfix plugin for Safari array rest destructuring bug (@JLHwung)

💅 Polish

babel-parser

#17782 Improve trailing comma comment handling (@JLHwung)

📝 Documentation

#17847 Replace npmjs.com links with npmx.dev (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-transform-json-modules

#17818 Load async Wasm and JSON imports in parallel (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.29.2 (2026-03-16)

👓 Spec Compliance

babel-parser

... (truncated)

Commits

3cd910d v7.29.5
3d399f8 [7.x backport]docs(preset-env): update CONTRIBUTING.md (#17976)
183db7b v7.29.3
268f246 Add bugfix plugin for Safari array rest destructuring bug (#17788)
f8524d8 Update compat data (#17686)
37d5595 v7.29.2
1c0a08d [7.x backport] fix: Properly handle await in finally (#17805)
061bf95 [7.x backport] preset-env include/exclude should accept bugfix plugins (#17789)
aa8394e v7.29.0
0053db6 Update polyfill packages (#17727)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @babel/preset-env since your current version.

Updates @rollup/plugin-babel from 5.3.1 to 7.0.0

Changelog

Sourced from @rollup/plugin-babel's changelog.

v7.0.0

2026-03-05

Breaking Changes

babel!: improve filtering capability & performance (#1954)

v6.1.0

2025-10-13

Features

feat: allow excluding manual chunks when transforming generated code (#1906)

v6.0.4

2023-10-05

Bugfixes

fix: ensure rollup 4 compatibility #1595

v6.0.3

2022-11-25

Updates

docs: small typo in babel plugin readme #1355

v6.0.2

2022-10-21

Updates

chore: update rollup dependencies (3038271)

v6.0.1

Skipped for repo rebase

v6.0.0

2022-10-08

Breaking Changes

... (truncated)

Commits

45c6d80 chore(release): babel v5.3.1
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @rollup/plugin-babel since your current version.

Updates @rollup/plugin-commonjs from 22.0.2 to 29.0.2

Changelog

Sourced from @rollup/plugin-commonjs's changelog.

v29.0.2

2026-03-06

Bugfixes

commonjs: conditional exports (#1952)

v29.0.1

2026-03-05

Bugfixes

commonjs: correctly replaces shorthand "global" property in object (#1957)

v29.0.0

2025-10-30

Breaking Changes

feat!: revert #1909 and add requireNodeBuiltins option (#1937)

v28.0.9

2025-10-24

Bugfixes

fix: handle node: builtins with strictRequires: auto (#1930)

v28.0.8

2025-10-16

Bugfixes

fix: guard moduleSideEffects for wrapped externals (#1914)

v28.0.7

2025-10-14

Bugfixes

fix: avoid hoisting dynamically required node: builtins under strictRequires (#1909)

v28.0.6

... (truncated)

Commits

2de0d62 chore(release): commonjs v29.0.2
ab65325 fix(commonjs): conditional exports (#1952)
7d22981 chore(repo): add rollup-plugin keyword in package.json (#1955)
a79ae55 chore(release): commonjs v29.0.1
bb41cfd chore(release): commonjs v29.0.1
14ae186 fix(commonjs): correctly replaces shorthand "global" property in object (#1957)
c8e78c8 chore(release): commonjs v29.0.0
d2b14ed feat(commonjs)!: revert #1909 and add requireNodeBuiltins option (#1937)
b079b59 chore(release): commonjs v28.0.9
0881496 fix(commonjs): handle node: builtins with strictRequires: auto (#1930)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @rollup/plugin-commonjs since your current version.

Updates @rollup/plugin-json from 4.1.0 to 6.1.0

Changelog

Sourced from @rollup/plugin-json's changelog.

v6.1.0

2023-12-12

Features

feat: add includeArbitraryNames option (#1641)

v6.0.1

2023-10-05

Bugfixes

fix: ensure rollup 4 compatibility #1595

v6.0.0

2022-12-17

Breaking Changes

fix: log more robustly when JSON parsing fails #1361

v5.0.2

2022-11-27

Updates

docs: correct minimatch to picomatch #1332

v5.0.1

2022-10-21

Updates

chore: update rollup dependencies (3038271)

v5.0.0

2022-10-10

Breaking Changes

fix: prepare for Rollup 3 #1291

Updates

... (truncated)

Commits

8205497 chore(repo): automatically publish packages (#940)
81781a8 chore(repo): fix the prepublishOnly scripts for most plugins
fba0a6b chore(repo): remove circle ci, add validate workflow, update deps (#867)
0150c55 chore(repo): Add "directory" to package.json repository fields. (#826)
621768b feat(commonjs)!: return the namespace by default when requiring ESM (#507)
678125b chore(json): update dependencies
See full diff in compare view

Updates @rollup/plugin-node-resolve from 13.3.0 to 16.0.3

Changelog

Sourced from @rollup/plugin-node-resolve's changelog.

v16.0.3

2025-10-13

Bugfixes

fix: resolve bare targets of package "imports" using export maps; avoid fileURLToPath(null) (#1908)

v16.0.2

2025-10-04

Bugfixes

fix: error thrown with empty entry (#1893)

v16.0.1

2025-03-11

Bugfixes

fix: add ignoreSideEffectsForRoot to exported interface (#1841)

v16.0.0

2024-12-15

Breaking Changes

feat!: set development or production condition (#1823)

v15.3.1

2024-12-15

Updates

refactor: replace test with includes (#1787)

v15.3.0

2024-09-23

Features

feat: allow preferBuiltins to be a function (#1694)

v15.2.4

... (truncated)

Commits

764910a chore(release): node-resolve v16.0.3
3569720 fix(node-resolve): resolve bare targets of package "imports" using export map...
516ed1d chore(release): node-resolve v16.0.2
7ad5057 fix(node-resolve): error thrown with empty entry (#1893)
e1a5ef9 chore(release): node-resolve v16.0.1
d455fff fix(node-resolve): add ignoreSideEffectsForRoot to exported interface (#1841)
d64f8d6 chore(release): node-resolve v16.0.0
ebd0969 feat(node-resolve)!: set development or production condition (#1823)
f89ca92 chore(release): node-resolve v15.3.1
4cfc1c3 refactor(pluginutils,node-resolve): replace test with includes (#1787)
Additional commits viewable in compare view

Updates @web/dev-server from 0.1.38 to 0.4.6

Release notes

Sourced from @web/dev-server's releases.

@web/dev-server@0.4.6

Patch Changes

39ff6ffb: replace ip dependency due to security bug CVE-2024-29415

@web/dev-server-import-maps@0.2.1

Patch Changes

fix: update @web/dev-server-core

@web/dev-server@0.4.5

Patch Changes

fix: update @web/dev-server-core

@web/dev-server-hmr@0.4.1

Patch Changes

fix: update @web/dev-server-core

@web/dev-server@0.4.4

Patch Changes

d2dbb7b1: fix: sb windows path

Changelog

Sourced from @web/dev-server's changelog.

0.4.6

Patch Changes

39ff6ffb: replace ip dependency due to security bug CVE-2024-29415

0.4.5

Patch Changes

fix: update @web/dev-server-core

0.4.4

Patch Changes

d2dbb7b1: fix: sb windows path

0.4.3

Patch Changes

e657791f: Vulnerability fix in ip package. For more info, see:

GHSA-78xj-cgh5-2h22

indutny/node-ip#136

0.4.2

Patch Changes

649edc2b: Add option to modify chokidar watchOptions with @web/dev-server

Updated dependencies [649edc2b]

@web/dev-server-core@0.7.1

0.4.1

Patch Changes

e31de569: Update @web/dev-server-rollup to latest version

0.4.0

Minor Changes

c185cbaa: Set minimum node version to 18

Patch Changes

... (truncated)

Commits

50adf1c Version Packages
39ff6ff fix: replace ip dependency due to security bug CVE-2024-29415
03f3c6f Version Packages
553d0c7 Version Packages
9dd1013 Update puppeteer to version 22.0.0
5b00600 Version Packages
e657791 fix: remove vulnerability by updating ip package
6a1ed05 Version Packages
fa46b6c feat: Add option to modify chokidar watchOptions with @web/dev-server
90e4472 ci: use workspaces to run node tests
Additional commits viewable in compare view

Updates chokidar from 4.0.3 to 5.0.0

Release notes

Sourced from chokidar's releases.

5.0.0

Make the package ESM-only. Reduces on-disk package size from ~150kb to ~80kb

Increase minimum node.js version to v20.19. The versions starting from it support loading esm files from cjs

fix: Make types more precise paulmillr/chokidar#1424

perf: re-use double slash regex paulmillr/chokidar#1435

Update readdirp to ESM-only v5

Lots of minor improvements in tests

Increase security of NPM releases. Switch to token-less Trusted Publishing, with help of jsbt

Switch compilation mode to isolatedDeclaration-based typescript for simplified auto-generated docs

New Contributors

@mhkeller made their first contribution in paulmillr/chokidar#1426

@btea made their first contribution in paulmillr/chokidar#1432

Full Changelog: paulmillr/chokidar@4.0.3...5.0.0

Commits

c0c8d20 Release 5.0.0.
b211cec Remove src from npm
8742246 Upgrade dev deps, jsbt, ci files. Upgrade readdirp to v5.
de5a34c Merge pull request #1442 from paulmillr/flaky-buns
c08a6c4 fix: throttle based on dir + target
0c55ab3 test: wait for explicit calls in directory test
ce81be5 perf: re-use double slash regex (#1435)
7d9c1ed Merge pull request #1433 from paulmillr/super-matrices
3915541 Merge pull request #1430 from paulmillr/esm-only
9308bed chore: use Nodejs 24 in CI (#1432)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for chokidar since your current version.

Updates concurrently from 7.6.0 to 9.2.1

Release notes

Sourced from concurrently's releases.

v9.2.1

What's Changed

chore: update eslint-plugin-simple-import-sort from v10 to v12 by @noritaka1166 in open-cli-tools/concurrently#551

chore: update eslint-config-prettier from v9 to v10 by @noritaka1166 in open-cli-tools/concurrently#552

Remove lodash by @gustavohenke in open-cli-tools/concurrently#555

chore: update coveralls-next from v4 to v5 by @noritaka1166 in open-cli-tools/concurrently#557

Replace jest with vitest by @gustavohenke in open-cli-tools/concurrently#554

Upgrade to pnpm v10 by @paescuj in open-cli-tools/concurrently#558

chore: remove unused eslint-plugin-jest by @noritaka1166 in open-cli-tools/concurrently#559

Minor dependency updates by @paescuj in open-cli-tools/concurrently#560

Migrate to ESLint v9 by @paescuj in open-cli-tools/concurrently#561

Update shell-quote to 1.8.3 by @paescuj in open-cli-tools/concurrently#562

Full coverage by @paescuj in open-cli-tools/concurrently#563

Update GH actions/workflows, enable NPM provenance by @paescuj in open-cli-tools/concurrently#564

Full Changelog: open-cli-tools/concurrently@v9.2.0...v9.2.1

v9.2.0

What's Changed

Bump esbuild from 0.23.1 to 0.25.0 in the npm_and_yarn group by @dependabot in open-cli-tools/concurrently#528

fix: don't throw when there are no commands by @gustavohenke in open-cli-tools/concurrently#532

docs: nicer quotes by @IsaacLeeWebDev in open-cli-tools/concurrently#537

Add --kill-timeout by @gustavohenke in open-cli-tools/concurrently#540

docs: fix typo by @ldeveber in open-cli-tools/concurrently#542

fix: correct typos in comments and documentation by @noritaka1166 in open-cli-tools/concurrently#544

refactor: use startsWith & simplify boolean expression by @noritaka1166 in open-cli-tools/concurrently#543

refactor: use optional chaining by @noritaka1166 in open-cli-tools/concurrently#545

Handle SIGPIPEs by @gustavohenke in open-cli-tools/concurrently#547

refactor: fix map and reduce as return values are not used by @noritaka1166 in open-cli-tools/concurrently#546

docs: fix typos in docs by @noritaka1166 in open-cli-tools/concurrently#548

chore: update jest from v29 to v30 by @noritaka1166 in open-cli-tools/concurrently#549

chore: update @types/jest from v29 to v30 by @noritaka1166 in open-cli-tools/concurrently#550

New Contributors

@IsaacLeeWebDev made their first contribution in open-cli-tools/concurrently#537

@ldeveber made their first contribution in open-cli-tools/concurrently#542

@noritaka1166 made their first contribution in open-cli-tools/concurrently#544

Full Changelog: open-cli-tools/concurrently@v9.1.2...v9.2.0

v9.1.2

What's Changed

Add ability to have custom logger by @mwood23 in open-cli-tools/concurrently#522

New Contributors

@mwood23 made their first contribution in open-cli-tools/concurrently#522

Full Changelog: open-cli-tools/concurrently@v9.1.1...v9.1.2

... (truncated)

Commits

414cd01 9.2.1
0dfedb0 Update GH actions/workflows, enable npm provenance (#564)
ee81511 Remove obsolete tsdk config
09d3d7b Full coverage (#563)
8cfc6a6 Update shell-quote to 1.8.3 (#562)
4c403f8 Migrate to ESLint v9 (#561)
8bfcaf7 Minor dependency updates (#560)
389fec4 Enable watch mode & coverage for unit tests by default
7993ce6 chore: remove unused eslint-plugin-jest (#559)
58300f4 Remove obsolete .npmrc file
Additional commits viewable in compare view

Updates eslint from 7.32.0 to 10.3.0

Release notes

Sourced from eslint's releases.

v10.3.0

Features

379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)

6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)

7f47937 docs: Update README (GitHub Actions Bot)

Chores

d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)

3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)

22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818) (Josh Goldberg ✨)

88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815) (dependabot[bot])

97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811) (renovate[bot])

2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#20810) (renovate[bot])

77add7f chore: add initial ecosystem plugin tests workflow (#19643) (Josh Goldberg ✨)

4023b55 test: Add unit tests for SuppressionsService.prune() (#20797) (kuldeep kumar)

54080da test: add unit tests for ForkContext (#20778) (kuldeep kumar)

f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#20765) (kuldeep kumar)

a7f0b94 chore: update dependency prettier to v3.8.3 (#20782) (renovate[bot])

7bf93d9 chore: update TypeScript to v6 (#20677) (sethamus)

b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#20781) (dependabot[bot])

2b252be test: add unit tests for IdGenerator (#20775) (kuldeep kumar)

v10.2.1

Bug Fixes

14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)

84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)

af764af fix: clarify language and processor validation errors (#20729) (Pixel998)

e251b89 fix: update eslint (#20715) (renovate[bot])

Documentation

ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768) (Amaresh S M)

57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767) (Amaresh S M)

c1621b9 docs: fix typos in code-path-analyzer.js (#20700) (Ayush Shukla)

1418d52 docs: Update README (GitHub Actions Bot)

39771e6 docs: Update README (GitHub Actions Bot)

71e0469 docs: fix incomplete JSDoc param description in no-shadow rule (#20728) (kuldeep kumar)

22119ce docs: clarify scope of for-direction rule with dead code examples (#20723) (Amaresh S M)

8f3fb77 docs: document meta.docs.dialects (#20718) (Pixel998)

Chores

7ddfea9 chore: update dependency prettier to v3.8.2 (#20770) (renovate[bot])

fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763) (dependabot[bot])

7246f92 test: add tests for SuppressionsService.load() error handling (#20734) (kuldeep kumar)

4f34b1e chore: update pnpm/action-setup action to v5 (#20762) (renovate[bot])

... (truncated)

Commits

7889204 10.3.0
5b69b4f Build: changelog update for 10.3.0
d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826)
b6ae5cf fix: handle unavailable require cache (#20812)
3ffb14e chore: clean up typos in comments and JSDoc (#20821)
6fb3685 fix: rule suggestions cause continuation in class body (#20787)
22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818)
88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815)
379571a feat: add suggestions for no-unused-private-class-members (#20773)
97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by eslintbot, a new releaser for eslint since your current version.

Updates idiomorph from 0.7.3 to 0.7.4

Release notesDescription has been truncated

Bumps the npm group with 17 updates: | Package | From | To | | --- | --- | --- | | [dompurify](https://github.com/cure53/DOMPurify) | `3.4.2` | `3.4.3` | | [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.23.9` | `7.29.0` | | [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.23.9` | `7.29.5` | | [@rollup/plugin-babel](https://github.com/rollup/plugins/tree/HEAD/packages/babel) | `5.3.1` | `7.0.0` | | [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) | `22.0.2` | `29.0.2` | | [@rollup/plugin-json](https://github.com/rollup/plugins/tree/HEAD/packages/json) | `4.1.0` | `6.1.0` | | [@rollup/plugin-node-resolve](https://github.com/rollup/plugins/tree/HEAD/packages/node-resolve) | `13.3.0` | `16.0.3` | | [@web/dev-server](https://github.com/modernweb-dev/web/tree/HEAD/packages/dev-server) | `0.1.38` | `0.4.6` | | [chokidar](https://github.com/paulmillr/chokidar) | `4.0.3` | `5.0.0` | | [concurrently](https://github.com/open-cli-tools/concurrently) | `7.6.0` | `9.2.1` | | [eslint](https://github.com/eslint/eslint) | `7.32.0` | `10.3.0` | | [idiomorph](https://github.com/bigskysoftware/idiomorph) | `0.7.3` | `0.7.4` | | [qunit](https://github.com/qunitjs/qunit) | `2.19.1` | `2.25.0` | | [rollup](https://github.com/rollup/rollup) | `2.80.0` | `4.60.3` | | [sass](https://github.com/sass/dart-sass) | `1.93.2` | `1.99.0` | | [svgo](https://github.com/svg/svgo) | `2.8.2` | `4.0.1` | | [webdriverio](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/webdriverio) | `7.34.0` | `9.27.1` | Updates `dompurify` from 3.4.2 to 3.4.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.4.2...3.4.3) Updates `@babel/core` from 7.23.9 to 7.29.0 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-core) Updates `@babel/preset-env` from 7.23.9 to 7.29.5 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.5/packages/babel-preset-env) Updates `@rollup/plugin-babel` from 5.3.1 to 7.0.0 - [Changelog](https://github.com/rollup/plugins/blob/master/packages/babel/CHANGELOG.md) - [Commits](https://github.com/rollup/plugins/commits/url-v7.0.0/packages/babel) Updates `@rollup/plugin-commonjs` from 22.0.2 to 29.0.2 - [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md) - [Commits](https://github.com/rollup/plugins/commits/commonjs-v29.0.2/packages/commonjs) Updates `@rollup/plugin-json` from 4.1.0 to 6.1.0 - [Changelog](https://github.com/rollup/plugins/blob/master/packages/json/CHANGELOG.md) - [Commits](https://github.com/rollup/plugins/commits/url-v6.1.0/packages/json) Updates `@rollup/plugin-node-resolve` from 13.3.0 to 16.0.3 - [Changelog](https://github.com/rollup/plugins/blob/master/packages/node-resolve/CHANGELOG.md) - [Commits](https://github.com/rollup/plugins/commits/node-resolve-v16.0.3/packages/node-resolve) Updates `@web/dev-server` from 0.1.38 to 0.4.6 - [Release notes](https://github.com/modernweb-dev/web/releases) - [Changelog](https://github.com/modernweb-dev/web/blob/master/packages/dev-server/CHANGELOG.md) - [Commits](https://github.com/modernweb-dev/web/commits/@web/dev-server@0.4.6/packages/dev-server) Updates `chokidar` from 4.0.3 to 5.0.0 - [Release notes](https://github.com/paulmillr/chokidar/releases) - [Commits](paulmillr/chokidar@4.0.3...5.0.0) Updates `concurrently` from 7.6.0 to 9.2.1 - [Release notes](https://github.com/open-cli-tools/concurrently/releases) - [Commits](open-cli-tools/concurrently@v7.6.0...v9.2.1) Updates `eslint` from 7.32.0 to 10.3.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v7.32.0...v10.3.0) Updates `idiomorph` from 0.7.3 to 0.7.4 - [Release notes](https://github.com/bigskysoftware/idiomorph/releases) - [Changelog](https://github.com/bigskysoftware/idiomorph/blob/main/CHANGELOG.md) - [Commits](bigskysoftware/idiomorph@v0.7.3...v0.7.4) Updates `qunit` from 2.19.1 to 2.25.0 - [Release notes](https://github.com/qunitjs/qunit/releases) - [Changelog](https://github.com/qunitjs/qunit/blob/main/History.md) - [Commits](qunitjs/qunit@2.19.1...2.25.0) Updates `rollup` from 2.80.0 to 4.60.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.80.0...v4.60.3) Updates `sass` from 1.93.2 to 1.99.0 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.93.2...1.99.0) Updates `svgo` from 2.8.2 to 4.0.1 - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v2.8.2...v4.0.1) Updates `webdriverio` from 7.34.0 to 9.27.1 - [Release notes](https://github.com/webdriverio/webdriverio/releases) - [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md) - [Commits](https://github.com/webdriverio/webdriverio/commits/v9.27.1/packages/webdriverio) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@babel/core" dependency-version: 7.29.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@babel/preset-env" dependency-version: 7.29.5 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@rollup/plugin-babel" dependency-version: 7.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: "@rollup/plugin-commonjs" dependency-version: 29.0.2 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: "@rollup/plugin-json" dependency-version: 6.1.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: "@rollup/plugin-node-resolve" dependency-version: 16.0.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: "@web/dev-server" dependency-version: 0.4.6 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: chokidar dependency-version: 5.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: concurrently dependency-version: 9.2.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: eslint dependency-version: 10.3.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: idiomorph dependency-version: 0.7.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: qunit dependency-version: 2.25.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: rollup dependency-version: 4.60.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: sass dependency-version: 1.99.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: svgo dependency-version: 4.0.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm - dependency-name: webdriverio dependency-version: 9.27.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 16, 2026

Copilot AI review requested due to automatic review settings May 16, 2026 05:55

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 16, 2026

Copilot AI reviewed May 16, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm group with 17 updates#1315

Bump the npm group with 17 updates#1315
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-4228a08b10

dependabot Bot commented on behalf of github May 16, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 16, 2026

DOMPurify 3.4.3

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

🏃‍♀️ Performance

Committers: 6

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.29.5 (2026-05-05)

🏠 Internal

v7.29.4 (2026-05-05)

🐛 Bug Fix

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏃‍♀️ Performance

Committers: 4

v7.29.2 (2026-03-16)

👓 Spec Compliance

v7.0.0

Breaking Changes

v6.1.0

Features

v6.0.4

Bugfixes

v6.0.3

Updates

v6.0.2

Updates

v6.0.1

v6.0.0

Breaking Changes

v29.0.2

Bugfixes

v29.0.1

Bugfixes

v29.0.0

Breaking Changes

v28.0.9

Bugfixes

v28.0.8

Bugfixes

v28.0.7

Bugfixes

v28.0.6

v6.1.0

Features

v6.0.1

Bugfixes

v6.0.0

Breaking Changes

v5.0.2

Updates

v5.0.1

Updates

v5.0.0

Breaking Changes

Updates

v16.0.3

Bugfixes

v16.0.2

Bugfixes

v16.0.1

Bugfixes

v16.0.0

Breaking Changes

v15.3.1

Updates

v15.3.0

Features

v15.2.4

@​web/dev-server@​0.4.6

Patch Changes

`@web/dev-server@0`.4.6

`@web/dev-server-import-maps@0`.2.1

`@web/dev-server@0`.4.5

`@web/dev-server-hmr@0`.4.1

`@web/dev-server@0`.4.4