Skip to content

Bump eslint from 9.39.2 to 10.6.0#630

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-10.5.0
Open

Bump eslint from 9.39.2 to 10.6.0#630
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-10.5.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown

Bumps eslint from 9.39.2 to 10.6.0.

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)

v10.5.0

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

... (truncated)

Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code npm labels Jun 15, 2026
@github-actions github-actions Bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jun 15, 2026
@codacy-production

codacy-production Bot commented Jun 15, 2026

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
Low adoption: npm node-exports-info

Location: Package overview

From: package-lock.jsonnpm/eslint-plugin-github@6.0.0npm/node-exports-info@1.6.2

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-exports-info@1.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm @typescript-eslint/eslint-plugin

URLs: https://typescript-eslint.io/rules/no-empty-object-type, https://github.com/typescript-eslint/typescript-eslint/pull/8977, https://typescript-eslint.io/rules/no-require-imports, https://github.com/typescript-eslint/typescript-eslint/pull/8334, https://eslint.org/docs/latest/rules/no-loss-of-precision, https://github.com/typescript-eslint/typescript-eslint/pull/8832, https://perfectionist.dev, https://perfectionist.dev/rules/sort-intersection-types, https://perfectionist.dev/rules/sort-union-types, https://github.com/typescript-eslint/typescript-eslint/pull/9253, https://typescript-eslint.io/rules/consistent-type-definitions, https://github.com/typescript-eslint/typescript-eslint/pull/6229, https://typescript-eslint.io/rules/, https://typescript-eslint.io/rules/ban-ts-comment, https://github.com/typescript-eslint/typescript-eslint/pull/9081

Location: Package overview

From: package-lock.jsonnpm/@typescript-eslint/eslint-plugin@8.62.1

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.62.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm @typescript-eslint/typescript-estree

URLs: https://tseslint.com/key-property-deprecated., https://tseslint.com/are-project-references-supported, https://tseslint.com/none-of-those-tsconfigs-include-this-file, https://tseslint.com/allowdefaultproject-glob-too-wide, https://github.com/typescript-eslint/typescript-eslint/issues/new/choose., https://tseslint.com/parser-tsconfigrootdir

Location: Package overview

From: package-lock.jsonnpm/eslint-plugin-jest@29.15.3npm/@typescript-eslint/parser@8.62.1npm/@typescript-eslint/eslint-plugin@8.62.1npm/eslint-plugin-github@6.0.0npm/@typescript-eslint/typescript-estree@8.62.1

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/typescript-estree@8.62.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm axe-core

URLs: https://github.com/zloirock/core-js/blob/v3.48.0/LICENSE, https://github.com/zloirock/core-js, https://dequeuniversity.com/rules/, axe.ping, https://github.com/dequelabs/axe-core/blob/master/doc/context.md, http://www.w3.org/2000/svg

Location: Package overview

From: package-lock.jsonnpm/eslint-plugin-github@6.0.0npm/axe-core@4.12.1

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/axe-core@4.12.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Debug access: npm eslint-module-utils in module module

Module: module

Location: Package overview

From: package-lock.jsonnpm/eslint-plugin-github@6.0.0npm/eslint-module-utils@2.14.0

ℹ Read more on: This package | This alert | What is debug access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Removing the use of debug will reduce the risk of any reflection and dynamic code execution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-module-utils@2.14.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Dynamic module loading: npm eslint-module-utils

Location: Package overview

From: package-lock.jsonnpm/eslint-plugin-github@6.0.0npm/eslint-module-utils@2.14.0

ℹ Read more on: This package | This alert | What is dynamic require?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-module-utils@2.14.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Filesystem access: npm eslint-module-utils with module fs

Module: fs

Location: Package overview

From: package-lock.jsonnpm/eslint-plugin-github@6.0.0npm/eslint-module-utils@2.14.0

ℹ Read more on: This package | This alert | What is filesystem access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-module-utils@2.14.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm eslint-plugin-import

URLs: https://github.com/import-js/eslint-plugin-import, https://github.com/import-js/eslint-plugin-import/issues/3079, https://github.com/import-js/eslint-plugin-import/issues/2866

Location: Package overview

From: package-lock.jsonnpm/eslint-plugin-github@6.0.0npm/eslint-plugin-import@2.32.0

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-import@2.32.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm eslint

URLs: https://eslint.org/docs/latest/use/migrating-to-7.0.0#deprecate-node-rules, https://github.com/eslint-community/eslint-plugin-n, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/callback-return.md, https://eslint.org/docs/latest/rules/callback-return, https://eslint.org/docs/latest/rules/constructor-super, https://eslint.org/docs/latest/rules/default-case-last, https://eslint.org/docs/latest/rules/accessor-pairs, https://eslint.org/blog/2023/10/deprecating-formatting-rules/, https://eslint.style/guide/migration, https://eslint.style, https://eslint.style/rules/array-bracket-newline, https://eslint.org/docs/latest/rules/array-bracket-newline, https://eslint.org/docs/latest/rules/camelcase, Identifier.property, https://eslint.org/docs/latest/integrate/nodejs-api#customizing-ruletester, https://eslint.org/docs/latest/extend/custom-rules#options-schemas, https://eslint.org/docs/latest/rules/block-scoped-var, https://eslint.org/docs/latest/rules/default-case, https://eslint.org/docs/latest/rules/default-param-last, https://eslint.style/rules/block-spacing, https://eslint.org/docs/latest/rules/block-spacing, https://eslint.org/docs/latest/rules/capitalized-comments, https://eslint.style/rules/comma-spacing, https://eslint.org/docs/latest/rules/comma-spacing, https://eslint.style/rules/dot-location, https://eslint.org/docs/latest/rules/dot-location, https://eslint.org/docs/latest/rules/complexity, https://eslint.org/docs/latest/rules/array-callback-return, https://eslint.org/docs/latest/rules/arrow-body-style, https://eslint.style/rules/array-bracket-spacing, https://eslint.org/docs/latest/rules/array-bracket-spacing, https://eslint.style/rules/brace-style, https://eslint.org/docs/latest/rules/brace-style, https://eslint.style/rules/function-call-spacing, https://eslint.org/docs/latest/rules/func-call-spacing, https://eslint.org/docs/latest/rules/func-style, https://eslint.style/rules/array-element-newline, https://eslint.org/docs/latest/rules/array-element-newline, https://eslint.org/docs/latest/rules/class-methods-use-this, https://eslint.org/docs/latest/rules/for-direction, https://eslint.style/rules/arrow-parens, https://eslint.org/docs/latest/rules/arrow-parens, https://eslint.org/docs/latest/rules/consistent-this, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/global-require.md, https://eslint.org/docs/latest/rules/global-require, https://eslint.org/docs/latest/rules/guard-for-in, https://eslint.org/blog/2020/07/eslint-v7.5.0-released/#deprecating-id-blacklist, https://eslint.org/docs/rules/id-denylist, https://eslint.org/docs/latest/rules/id-blacklist, https://eslint.style/rules/comma-style, https://eslint.org/docs/latest/rules/comma-style, https://eslint.org/docs/latest/rules/curly, https://eslint.org/docs/latest/rules/eqeqeq, https://eslint.org/docs/latest/rules/indent-legacy, https://eslint.style/rules/indent, https://eslint.style/rules/eol-last, https://eslint.org/docs/latest/rules/eol-last, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/handle-callback-err.md, https://eslint.org/docs/latest/rules/handle-callback-err, https://eslint.style/rules/arrow-spacing, https://eslint.org/docs/latest/rules/arrow-spacing, https://eslint.style/rules/comma-dangle, https://eslint.org/docs/latest/rules/comma-dangle, https://eslint.org/docs/latest/rules/id-match, https://eslint.org/docs/latest/rules/dot-notation, https://eslint.org/docs/latest/rules/func-name-matching, https://eslint.org/docs/latest/rules/getter-return, https://eslint.org/docs/latest/rules/id-length, https://eslint.org/docs/latest/rules/consistent-return, https://eslint.org/docs/latest/rules/grouped-accessor-pairs, https://eslint.style/rules/function-call-argument-newline, https://eslint.org/docs/latest/rules/function-call-argument-newline, https://eslint.style/rules/generator-star-spacing, https://eslint.org/docs/latest/rules/generator-star-spacing, https://eslint.org/docs/latest/rules/init-declarations, https://eslint.style/rules/implicit-arrow-linebreak, https://eslint.org/docs/latest/rules/implicit-arrow-linebreak, https://eslint.style/rules/jsx-quotes, https://eslint.org/docs/latest/rules/jsx-quotes, https://eslint.style/rules/linebreak-style, https://eslint.org/docs/latest/rules/linebreak-style, https://eslint.org/docs/latest/rules/lines-around-directive, https://eslint.org/blog/2017/06/eslint-v4.0.0-released/, https://eslint.org/docs/latest/rules/padding-line-between-statements#examples, https://eslint.style/rules/padding-line-between-statements, https://eslint.org/docs/latest/rules/max-lines, https://eslint.org/docs/latest/rules/no-class-assign, https://eslint.style/rules/function-paren-newline, https://eslint.org/docs/latest/rules/function-paren-newline, https://eslint.org/docs/latest/rules/indent, https://eslint.style/rules/max-len, https://eslint.org/docs/latest/rules/max-len, https://eslint.org/docs/latest/rules/no-bitwise, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-deprecated-api.md, https://eslint.org/docs/latest/rules/no-buffer-constructor, https://eslint.org/docs/latest/rules/no-case-declarations, https://eslint.style/rules/lines-around-comment, https://eslint.org/docs/latest/rules/lines-around-comment, https://eslint.org/docs/latest/rules/no-alert, https://eslint.org/docs/latest/rules/no-catch-shadow, https://eslint.org/blog/2018/07/eslint-v5.1.0-released/, https://eslint.org/docs/rules/no-shadow, https://eslint.org/docs/latest/rules/max-params, https://eslint.org/docs/latest/rules/max-depth, https://eslint.org/docs/latest/rules/new-cap, https://eslint.org/docs/latest/rules/max-statements, https://eslint.org/docs/latest/rules/logical-assignment-operators, https://eslint.org/docs/latest/rules/no-await-in-loop, https://eslint.org/docs/latest/rules/no-debugger, https://eslint.style/rules/max-statements-per-line, https://eslint.org/docs/latest/rules/max-statements-per-line, https://eslint.style/rules/multiline-comment-style, https://eslint.org/docs/latest/rules/multiline-comment-style, https://eslint.org/docs/latest/rules/newline-after-var, https://eslint.style/rules/newline-per-chained-call, https://eslint.org/docs/latest/rules/newline-per-chained-call, https://eslint.org/docs/latest/rules/no-array-constructor, https://eslint.org/docs/latest/rules/no-constant-condition, https://eslint.style/rules/key-spacing, https://eslint.org/docs/latest/rules/key-spacing, https://eslint.style/rules/keyword-spacing, https://eslint.org/docs/latest/rules/keyword-spacing, https://eslint.org/docs/latest/rules/max-classes-per-file, https://eslint.org/docs/latest/rules/newline-before-return, https://eslint.org/docs/latest/rules/no-async-promise-executor, https://eslint.org/docs/latest/rules/no-caller, https://eslint.org/docs/latest/rules/max-nested-callbacks, https://eslint.style/rules/new-parens, https://eslint.org/docs/latest/rules/new-parens, https://eslint.style/rules/no-confusing-arrow, https://eslint.org/docs/latest/rules/no-confusing-arrow, https://eslint.org/docs/latest/rules/no-control-regex, https://eslint.org/docs/latest/rules/max-lines-per-function, https://eslint.style/rules/lines-between-class-members, https://eslint.org/docs/latest/rules/lines-between-class-members, https://eslint.org/docs/latest/rules/no-continue, https://eslint.org/docs/latest/rules/no-const-assign, https://eslint.org/docs/latest/rules/no-constant-binary-expression, https://eslint.org/docs/latest/rules/no-constructor-return, https://eslint.org/docs/latest/rules/no-cond-assign, https://eslint.org/docs/latest/rules/no-console, https://eslint.org/docs/latest/rules/no-extend-native, https://eslint.org/docs/latest/rules/no-inline-comments, https://eslint.org/docs/latest/rules/no-implied-eval, https://eslint.style/rules/no-extra-parens, https://eslint.org/docs/latest/rules/no-extra-parens, https://eslint.org/docs/latest/rules/no-delete-var, https://eslint.org/docs/latest/rules/no-div-regex, https://eslint.org/docs/latest/rules/no-empty, https://eslint.org/docs/latest/rules/no-ex-assign, https://eslint.org/docs/latest/rules/no-extra-label, https://eslint.org/docs/latest/rules/no-extra-boolean-cast, https://eslint.org/docs/latest/rules/no-fallthrough, https://eslint.org/docs/latest/rules/no-eq-null, https://eslint.org/docs/latest/rules/no-implicit-globals, https://eslint.org/docs/latest/rules/no-duplicate-case, https://eslint.org/docs/latest/rules/no-inner-declarations, https://eslint.org/docs/latest/rules/no-else-return, https://eslint.style/rules/no-extra-semi, https://eslint.org/docs/latest/rules/no-extra-semi, https://eslint.org/docs/latest/rules/no-import-assign, https://eslint.org/docs/latest/rules/no-loop-func, https://eslint.org/docs/latest/rules/no-dupe-keys, https://eslint.org/docs/latest/rules/no-empty-pattern, https://eslint.org/docs/latest/rules/no-eval, https://eslint.style/rules/no-floating-decimal, https://eslint.org/docs/latest/rules/no-floating-decimal, https://eslint.org/docs/latest/rules/no-func-assign, https://eslint.style/rules/no-multi-spaces, https://eslint.org/docs/latest/rules/no-multi-spaces, https://eslint.style/rules/no-mixed-spaces-and-tabs, https://eslint.org/docs/latest/rules/no-mixed-spaces-and-tabs, https://eslint.org/docs/latest/rules/no-multi-assign, https://eslint.org/docs/latest/rules/no-dupe-args, https://eslint.org/docs/latest/rules/no-dupe-else-if, https://eslint.org/docs/latest/rules/no-empty-character-class, https://eslint.org/docs/latest/rules/no-empty-function, https://eslint.org/docs/latest/rules/no-implicit-coercion, https://eslint.org/docs/latest/rules/no-invalid-regexp, https://eslint.org/docs/latest/rules/no-invalid-this, https://eslint.org/docs/latest/rules/no-irregular-whitespace, https://eslint.org/docs/latest/rules/no-labels, https://eslint.org/docs/latest/rules/no-lonely-if, https://eslint.org/docs/latest/rules/no-multi-str, https://eslint.org/docs/latest/rules/no-duplicate-imports, https://eslint.org/docs/latest/rules/no-empty-static-block, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-mixed-requires.md, https://eslint.org/docs/latest/rules/no-mixed-requires, https://eslint.org/docs/latest/rules/no-dupe-class-members, https://eslint.org/docs/latest/rules/no-magic-numbers, https://eslint.org/docs/latest/rules/no-loss-of-precision, https://eslint.org/docs/latest/rules/no-negated-condition, https://eslint.org/docs/latest/rules/no-octal, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-process-exit.md, https://eslint.org/docs/latest/rules/no-process-exit, https://eslint.org/docs/latest/rules/no-iterator, https://eslint.org/docs/latest/rules/no-lone-blocks, https://eslint.org/docs/latest/rules/no-label-var, https://eslint.style/rules/no-mixed-operators, https://eslint.org/docs/latest/rules/no-mixed-operators, https://eslint.org/docs/latest/rules/no-proto, https://eslint.org/docs/latest/rules/no-restricted-exports, https://eslint.org/docs/latest/rules/no-misleading-character-class, https://eslint.org/docs/latest/rules/no-native-reassign, https://eslint.org/blog/2016/08/eslint-v3.3.0-released/#deprecated-rules, https://eslint.org/docs/rules/no-global-assign, https://eslint.org/docs/latest/rules/no-new, https://eslint.org/docs/latest/rules/no-nonoctal-decimal-escape, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-path-concat.md, https://eslint.org/docs/latest/rules/no-path-concat, https://eslint.org/docs/latest/rules/no-shadow-restricted-names, https://eslint.org/docs/latest/rules/no-return-assign, https://eslint.org/docs/latest/rules/no-self-assign, https://eslint.org/docs/latest/rules/no-obj-calls, https://eslint.org/docs/latest/rules/no-regex-spaces, https://eslint.org/docs/latest/rules/no-sequences, https://eslint.org/docs/latest/rules/no-nested-ternary, https://eslint.org/docs/latest/rules/no-new-symbol, https://eslint.org/docs/latest/use/migrate-to-9.0.0#eslint-recommended, https://eslint.org/docs/latest/rules/no-new-native-nonconstructor, https://eslint.org/docs/latest/rules/no-octal-escape, https://eslint.org/docs/latest/rules/no-param-reassign, https://eslint.org/docs/latest/rules/no-plusplus, https://eslint.style/rules/no-multiple-empty-lines, https://eslint.org/docs/latest/rules/no-multiple-empty-lines, https://eslint.org/docs/latest/rules/no-restricted-syntax, https://eslint.org/docs/latest/rules/no-script-url, https://eslint.org/docs/latest/rules/no-new-object, https://eslint.org/blog/2023/09/eslint-v8.50.0-released/, https://eslint.org/docs/rules/no-object-constructor, https://eslint.org/docs/latest/rules/no-new-wrappers, https://eslint.org/docs/latest/rules/no-prototype-builtins, https://eslint.org/docs/latest/rules/no-setter-return, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-restricted-require.md, https://eslint.org/docs/latest/rules/no-restricted-modules, https://eslint.org/docs/latest/rules/no-restricted-properties, https://eslint.org/docs/latest/rules/no-restricted-imports, https://eslint.org/docs/latest/rules/no-negated-in-lhs, https://eslint.org/docs/rules/no-unsafe-negation, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-process-env.md, https://eslint.org/docs/latest/rules/no-process-env, https://eslint.org/docs/latest/rules/no-spaced-func, https://eslint.org/docs/latest/rules/no-new-func, https://eslint.org/docs/latest/rules/no-redeclare, https://eslint.org/docs/latest/rules/no-restricted-globals, https://eslint.org/docs/latest/rules/no-promise-executor-return, https://eslint.org/docs/latest/rules/no-self-compare, https://eslint.org/docs/latest/rules/no-return-await, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-sync.md, https://eslint.org/docs/latest/rules/no-sync, https://eslint.org/docs/latest/rules/no-template-curly-in-string, https://eslint.org/docs/latest/rules/no-ternary, https://eslint.org/docs/latest/rules/no-undef, https://eslint.org/docs/latest/rules/no-undefined, https://eslint.org/docs/latest/rules/no-underscore-dangle, https://eslint.org/docs/latest/rules/no-shadow, https://eslint.org/docs/latest/rules/no-unused-expressions, https://eslint.org/docs/latest/rules/no-useless-assignment, https://eslint.org/docs/latest/rules/no-useless-concat, https://eslint.style/rules/no-tabs, https://eslint.org/docs/latest/rules/no-tabs, https://eslint.org/docs/latest/rules/no-this-before-super, https://eslint.org/docs/latest/rules/no-undef-init, https://eslint.org/docs/latest/rules/no-unneeded-ternary, https://eslint.org/docs/latest/rules/no-unreachable-loop, https://eslint.org/docs/latest/rules/no-unused-private-class-members, https://eslint.org/docs/latest/rules/no-unassigned-vars, https://eslint.style/rules/object-curly-newline, https://eslint.org/docs/latest/rules/object-curly-newline, https://eslint.org/docs/latest/rules/no-useless-backreference, https://eslint.org/docs/latest/rules/no-useless-return, https://eslint.org/docs/latest/rules/no-unsafe-optional-chaining, https://eslint.style/rules/nonblock-statement-body-position, https://eslint.org/docs/latest/rules/nonblock-statement-body-position, https://eslint.org/docs/latest/rules/no-sparse-arrays, https://eslint.org/docs/latest/rules/no-useless-call, https://eslint.org/docs/latest/rules/no-useless-computed-key, https://eslint.org/docs/latest/rules/no-useless-constructor, https://eslint.org/docs/latest/rules/no-unmodified-loop-condition, https://eslint.org/docs/latest/rules/no-warning-comments, https://eslint.org/docs/latest/rules/no-void, https://eslint.org/docs/latest/rules/no-throw-literal, https://eslint.style/rules/no-trailing-spaces, https://eslint.org/docs/latest/rules/no-trailing-spaces, https://eslint.org/docs/latest/rules/no-unreachable, https://eslint.org/docs/latest/rules/no-unsafe-negation, https://eslint.org/docs/latest/rules/no-unused-labels, https://eslint.org/docs/latest/rules/no-unused-vars, https://eslint.style/rules/no-whitespace-before-property, https://eslint.org/docs/latest/rules/no-whitespace-before-property, https://eslint.org/docs/latest/rules/no-use-before-define, https://eslint.org/docs/latest/rules/no-useless-catch, https://eslint.org/docs/latest/rules/no-useless-escape, https://eslint.org/docs/latest/rules/no-with, https://eslint.style/rules/object-property-newline, https://eslint.org/docs/latest/rules/object-property-newline, https://eslint.org/docs/latest/rules/require-atomic-updates, https://eslint.org/docs/latest/rules/radix, https://eslint.org/docs/latest/rules/prefer-regex-literals, https://eslint.org/docs/latest/rules/require-unicode-regexp, https://eslint.org/docs/latest/rules/prefer-rest-params, https://eslint.org/docs/latest/rules/no-useless-rename, https://eslint.org/docs/latest/rules/no-var, https://eslint.org/docs/latest/rules/prefer-exponentiation-operator, https://eslint.style/rules/object-curly-spacing, https://eslint.org/docs/latest/rules/object-curly-spacing, https://eslint.org/docs/latest/rules/one-var, https://eslint.style/rules/padded-blocks, https://eslint.org/docs/latest/rules/padded-blocks, https://eslint.style/rules/one-var-declaration-per-line, https://eslint.org/docs/latest/rules/one-var-declaration-per-line, https://eslint.org/docs/latest/rules/prefer-reflect, Function.prototype.call, https://eslint.org/docs/latest/rules/prefer-numeric-literals, https://eslint.org/docs/latest/rules/require-await, https://eslint.org/docs/latest/rules/prefer-spread, https://eslint.org/docs/latest/rules/padding-line-between-statements, https://eslint.org/docs/latest/rules/prefer-const, https://eslint.org/docs/latest/rules/prefer-object-spread, https://eslint.org/docs/latest/rules/prefer-named-capture-group, https://eslint.style/rules/semi-spacing, https://eslint.org/docs/latest/rules/semi-spacing, https://eslint.org/docs/latest/rules/sort-vars, https://eslint.org/docs/latest/rules/operator-assignment, https://eslint.org/docs/latest/rules/prefer-object-has-own, https://eslint.org/docs/latest/rules/prefer-promise-reject-errors, https://eslint.org/docs/latest/rules/require-yield, https://eslint.style/rules/space-before-blocks, https://eslint.org/docs/latest/rules/space-before-blocks, https://eslint.style/rules/rest-spread-spacing, https://eslint.org/docs/latest/rules/rest-spread-spacing, https://eslint.org/docs/latest/rules/object-shorthand, https://eslint.style/rules/operator-linebreak, https://eslint.org/docs/latest/rules/operator-linebreak, https://eslint.org/docs/latest/rules/prefer-arrow-callback, https://eslint.org/docs/latest/rules/prefer-destructuring, https://eslint.org/docs/latest/rules/prefer-template, https://eslint.style/rules/quotes, https://eslint.org/docs/latest/rules/quotes, https://eslint.org/docs/latest/rules/preserve-caught-error, https://eslint.org/docs/latest/rules/sort-imports, https://eslint.style/rules/space-infix-ops, https://eslint.org/docs/latest/rules/space-infix-ops, https://eslint.style/rules/switch-colon-spacing, https://eslint.org/docs/latest/rules/switch-colon-spacing, https://eslint.style/rules/template-curly-spacing, https://eslint.org/docs/latest/rules/template-curly-spacing, https://eslint.style/rules/semi, https://eslint.org/docs/latest/rules/semi, https://eslint.style/rules/template-tag-spacing, https://eslint.org/docs/latest/rules/template-tag-spacing, https://eslint.style/rules/semi-style, https://eslint.org/docs/latest/rules/semi-style, https://eslint.style/rules/space-before-function-paren, https://eslint.org/docs/latest/rules/space-before-function-paren, https://eslint.style/rules/space-in-parens, https://eslint.org/docs/latest/rules/space-in-parens, https://eslint.style/rules/space-unary-ops, https://eslint.org/docs/latest/rules/space-unary-ops, https://eslint.org/docs/latest/rules/symbol-description, https://eslint.org/docs/latest/rules/yoda, https://eslint.org/docs/latest/rules/use-isnan, https://eslint.org/docs/latest/rules/sort-keys, https://eslint.org/docs/latest/rules/vars-on-top, https://eslint.org/docs/latest/rules/valid-typeof, https://eslint.style/rules/wrap-iife, https://eslint.org/docs/latest/rules/wrap-iife, https://eslint.style/rules/yield-star-spacing, https://eslint.org/docs/latest/rules/yield-star-spacing, https://eslint.org/docs/latest/use/configure/migration-guide#ignore-files, https://eslint.org/docs/latest/rules/unicode-bom, https://eslint.org/docs/latest/rules/no-compare-neg-zero, https://eslint.org/docs/latest/use/configure/ignore, https://eslint.org/docs/latest/use/configure/configuration-files#specify-files-with-arbitrary-extensions, https://eslint.org/chat/help, https://eslint.org/docs/latest/use/configure/migration-guide#import-plugins-and-custom-parsers, https://eslint.org/docs/latest/use/configure/migration-guide#use-eslintrc-configs-in-flat-config, https://eslint.org/docs/latest/extend/custom-parsers#meta-data-in-custom-parsers, https://eslint.org/docs/latest/rules/func-names, https://eslint.org/docs/latest/use/configure/rules#use-configuration-files, https://eslint.org/docs/latest/use/configure/migration-guide, https://eslint.org/docs/latest/use/troubleshooting., https://eslint.org/docs/latest/rules/id-denylist, https://eslint.org/chat, https://eslint.org/docs/latest/use/configure/rules, https://eslint.style/rules/computed-property-spacing, https://eslint.org/docs/latest/rules/computed-property-spacing, https://eslint.org/docs/latest/rules/no-extra-bind, https://eslint.org/docs/latest/rules/no-unexpected-multiline, https://eslint.org/docs/latest/rules/no-object-constructor, https://eslint.org/docs/latest/rules/no-unsafe-finally, https://eslint.org/docs/latest/use/configure/migration-guide#configure-language-options, https://eslint.org/docs/latest/use/configure/migration-guide#predefined-and-shareable-configs, https://eslint.org/docs/latest/use/configure/migration-guide#linter-options, https://eslint.org/docs/latest/use/configure/migration-guide#glob-based-configs, https://eslint.org/docs/latest/use/configure/migration-guide#custom-parsers, https://eslint.style/rules/multiline-ternary, https://eslint.org/docs/latest/rules/multiline-ternary, https://eslint.style/rules/line-comment-position, https://eslint.org/docs/latest/rules/line-comment-position, https://eslint.style/rules/quote-props, https://eslint.org/docs/latest/rules/quote-props, https://eslint.style/rules/wrap-regex, https://eslint.org/docs/latest/rules/wrap-regex, https://eslint.style/rules/spaced-comment, https://eslint.org/docs/latest/rules/spaced-comment, https://eslint.org/docs/latest/rules/no-global-assign, https://eslint.org/docs/latest/rules/strict, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-new-require.md, https://eslint.org/docs/latest/rules/no-new-require

Location: Package overview

From: package-lock.jsonnpm/eslint@10.6.0

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint@10.6.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm object.entries with array.prototype.map

URLs: array.prototype.map

Location: Package overview

From: package-lock.jsonnpm/eslint-plugin-github@6.0.0npm/object.entries@1.1.9

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/object.entries@1.1.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm resolve is 85.0% likely to have a medium risk anomaly

Notes: This manifest uses a non-registry, relative-path dependency ('resolve': '../../../') which is a significant supply-chain risk because it allows arbitrary local code to be pulled in and executed without registry protections. Combined with the 'lerna bootstrap' postinstall script (which can trigger other lifecycle scripts across the monorepo), this setup increases the chance of untrusted code execution and other malicious behavior. Inspect the target of the relative path, all bootstrap-linked packages, and any lifecycle scripts before running npm install in an untrusted environment.

Confidence: 0.85

Severity: 0.80

From: package-lock.jsonnpm/eslint-plugin-github@6.0.0npm/resolve@2.0.0-next.7

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/resolve@2.0.0-next.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@guibranco guibranco enabled auto-merge (squash) June 15, 2026 08:23
@gstraccini gstraccini Bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Jun 15, 2026
@gstraccini gstraccini Bot added the 🤖 bot Automated processes or integrations label Jun 15, 2026

@guibranco guibranco left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@guibranco

Copy link
Copy Markdown
Owner

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-10.5.0 branch 4 times, most recently from 8a4562f to 15d7fa5 Compare June 15, 2026 09:04
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-10.5.0 branch 2 times, most recently from fe7874e to 33e052d Compare June 22, 2026 08:55
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Author

A newer version of eslint exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@guibranco

Copy link
Copy Markdown
Owner

@dependabot recreate

@dependabot dependabot Bot changed the title Bump eslint from 9.39.2 to 10.5.0 Bump eslint from 9.39.2 to 10.6.0 Jul 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-10.5.0 branch from 6752f54 to 4be6b21 Compare July 2, 2026 16:35
@socket-security

socket-security Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​typescript-eslint/​parser@​8.39.0 ⏵ 8.62.19910071 +198100
Updated@​typescript-eslint/​eslint-plugin@​8.39.0 ⏵ 8.62.188 -1010080 +198100
Updatedeslint@​10.5.0 ⏵ 10.6.098 +110010096100

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-10.5.0 branch 3 times, most recently from 6cf312a to 62d233f Compare July 3, 2026 01:59
Bumps [eslint](https://github.com/eslint/eslint) from 9.39.2 to 10.6.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v10.6.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.5.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-10.5.0 branch from 62d233f to bbed466 Compare July 3, 2026 04:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code npm size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant