chore(deps): bump the npm-dependencies group across 1 directory with 26 updates

[dependabot]

Bumps the npm-dependencies group with 26 updates in the / directory:

Package	From	To
@apidevtools/json-schema-ref-parser	15.3.5	15.3.6
axios	1.16.0	1.18.0
envalid	8.1.1	8.2.0
express-rate-limit	8.4.1	8.5.2
fs-extra	11.3.4	11.3.5
morgan	1.10.1	1.11.0
semver	7.7.4	7.8.4
yaml	2.8.4	2.9.0
@babel/core	7.29.0	7.29.7
@babel/preset-env	7.29.3	7.29.7
@babel/preset-typescript	7.28.5	7.29.7
@eslint/compat	2.0.5	2.1.0
@types/node	24.12.2	24.13.2
@typescript-eslint/eslint-plugin	8.59.2	8.61.0
@typescript-eslint/parser	8.59.2	8.61.0
babel-jest	30.3.0	30.4.1
commitizen	4.3.1	4.3.2
cspell	10.0.0	10.0.1
eslint-import-resolver-typescript	4.4.4	4.4.5
eslint-plugin-prettier	5.5.5	5.5.6
jest	30.3.0	30.4.2
nock	14.0.14	14.0.15
prettier	3.8.3	3.8.4
semantic-release	25.0.3	25.0.5
ts-jest	29.4.9	29.4.11
tsx	4.21.0	4.22.4

Updates @apidevtools/json-schema-ref-parser from 15.3.5 to 15.3.6

Release notes

Sourced from @​apidevtools/json-schema-ref-parser's releases.

v15.3.6

15.3.6 (2026-06-11)

Bug Fixes

• block unsafe pointer set tokens (a786bc6)
• harden safe URL resolver (dea50b0)

Commits

• 5b1aee5 chore: migrate to pnpm
• dea50b0 fix: harden safe URL resolver
• a786bc6 fix: block unsafe pointer set tokens
• See full diff in compare view

Updates axios from 1.16.0 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

• Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

• URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

• Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

• Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

• Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

• Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​drori12 (#10984)
• @​eyupcanakman (#10899)
• @​Adi-Beker (#10995)

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

• Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

• URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

• Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

• Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

• Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

• Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​drori12 (#10984)
• @​eyupcanakman (#10899)
• @​Adi-Beker (#10995)

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Commits

• 2d06f96 chore(release): prepare release 1.18.0 (#11003)
• 32fc489 fix: malformed http urls (#11000)
• b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
• fe964f9 docs: mark proxy config as Node.js only (#10995)
• 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
• fae9d4e docs: clarify package update PR policy (#10992)
• 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
• a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
• 614f455 docs: publish v1.17.0 release notes (#10988)
• 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
• Additional commits viewable in compare view

Updates envalid from 8.1.1 to 8.2.0

Release notes

Sourced from envalid's releases.

v8.2.0

• Added testDefault in cb67a44. Thanks @​garlab!
• Updated various devDependencies

Note: the next release will likely be v9.0 which will include the removal of the testOnly util. Use the new testDefault instead!

Commits

• 784385f 8.2.0
• 9d5e5fb Update devDependencies, use npm run in hooks for compatibility
• 9d292bc Replace yarn.lock with bun.lock
• cb67a44 feat: add testDefault spec attribute (#249)
• 7ca06e5 Bump glob from 10.4.5 to 10.5.0 (#242)
• See full diff in compare view

Updates express-rate-limit from 8.4.1 to 8.5.2

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

v8.5.1

You can view the changelog here.

v8.5.0

You can view the changelog here.

Commits

• 9774693 8.5.2
• 0e94cc0 v8.5.2 changelog
• 9a583c5 feat: simplify IPv6 key generation (#633)
• 4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
• 3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
• 18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
• dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
• 486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
• 50cc3f6 8.5.1
• 92c8e3e chore: bump ip-address library to latest (#626)
• Additional commits viewable in compare view

Updates fs-extra from 11.3.4 to 11.3.5

Changelog

Sourced from fs-extra's changelog.

11.3.5 / 2026-05-06

• Fix ensureLink*/ensureSymlink* identical file detection on Windows (#1068)
• Fix error handling in timestamp preservation code (#1065, #1069)
• Fix potential file descriptor leak on error in synchronous timestamp preservation code (#1066)

Commits

• 8a88f58 11.3.5
• 81a1311 Mirror all utimesMillis() tests for utimesMillisSync() (#1070)
• b7ab7f8 Properly handle close errors in utimesMillis*() (#1069)
• 1c248ed Fix file descriptor leak in utimesMillisSync (#1066)
• a4000d6 Ensure all usages of areIdentical receive bigint stats (#1068)
• 1e9c57d Fix error handling in utimesMillis (#1065)
• See full diff in compare view

Updates morgan from 1.10.1 to 1.11.0

Release notes

Sourced from morgan's releases.

1.11.0

What's Changed

• feat: add :pid token by @​ganesh3367 in expressjs/morgan#329

Security Fix:

• Escape control characters in :remote-user token to prevent log injection
  • Fixes CVE-2026-5078 GHSA-4vj7-5mj6-jm8m

New Contributors

• @​inigomarquinez made their first contribution in expressjs/morgan#291
• @​jonchurch made their first contribution in expressjs/morgan#299
• @​bjohansebas made their first contribution in expressjs/morgan#301
• @​UlisesGascon made their first contribution in expressjs/morgan#300
• @​ctcpip made their first contribution in expressjs/morgan#319
• @​ganesh3367 made their first contribution in expressjs/morgan#329

Full Changelog: expressjs/morgan@1.10.0...1.11.0

Changelog

Sourced from morgan's changelog.

1.11.0 / 2026-06-02

• add :pid token

Security Fix:

• Escape control characters in :remote-user token to prevent log injection
  • Fixes CVE-2026-5078 GHSA-4vj7-5mj6-jm8m

Commits

• e0e6f17 Release 1.11.0 (#350)
• b3f5d9b Merge commit from fork
• 203c758 build(deps): bump github/codeql-action from 4.32.4 to 4.35.2 (#346)
• 002bc81 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#347)
• 561b0d7 build(deps): bump actions/upload-artifact from 5.0.0 to 7.0.0 (#338)
• 2db705e build(deps): bump github/codeql-action from 3.29.7 to 4.32.4 (#337)
• a373c5f build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.3 (#327)
• c8e72fa build(deps): bump actions/checkout from 4.1.1 to 6.0.1 (#324)
• 023300e build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 (#307)
• 9d8d6c0 build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (#306)
• Additional commits viewable in compare view

Updates semver from 7.7.4 to 7.8.4

Release notes

Sourced from semver's releases.

v7.8.4

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

v7.8.3

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

v7.8.2

7.8.2 (2026-06-04)

Bug Fixes

• bea6028 #870 increment dotted prerelease identifiers (#870) (@​liuzemei, @​SheldonNeo)

v7.8.1

7.8.1 (2026-05-21)

Bug Fixes

• 17aa702 #869 strip build metadata before comparator trimming (#869) (@​owlstronaut)
• 5f3ca13 #867 handle prerelease bounds in subset (#867) (@​puneetdixit200, Puneet Dixit)

v7.8.0

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@​ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@​abhu85, @​claude)

Chores

• 9542e09 #860 template-oss-apply (@​owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@​dependabot[bot], @​npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.8.4 (2026-06-09)

Bug Fixes

• e583226 #874 reject numeric segments after x-ranges (@​pupuking723)

7.8.3 (2026-06-08)

Bug Fixes

• 046da7f #872 align caret includePrerelease lower bounds (#872) (@​wayyoungboy)

Chores

• 3485dda #866 bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866) (@​dependabot[bot])

7.8.2 (2026-06-04)

Bug Fixes

• bea6028 #870 increment dotted prerelease identifiers (#870) (@​liuzemei, @​SheldonNeo)

7.8.1 (2026-05-21)

Bug Fixes

• 17aa702 #869 strip build metadata before comparator trimming (#869) (@​owlstronaut)
• 5f3ca13 #867 handle prerelease bounds in subset (#867) (@​puneetdixit200, Puneet Dixit)

7.8.0 (2026-05-08)

Features

• 0d0a0a2 #855 Add truncate function (#855) (@​pjohnmeyer, @​owlstronaut)

Bug Fixes

• 3905343 #859 Warn when defaulting to --inc=patch in CLI (@​pjohnmeyer)

Documentation

• c368af6 #853 fix typos in documentation (#853) (@​ankitkumar572005)
• 37776c3 #846 fix BNF grammar to distinguish prerelease from build identifiers (#846) (@​abhu85, @​claude)

Chores

• 9542e09 #860 template-oss-apply (@​owlstronaut)
• 937bc2c #860 template-oss-apply@5.0.0 (@​owlstronaut)
• 6946fef #852 bump @​npmcli/template-oss from 4.29.0 to 4.30.0 (#852) (@​dependabot[bot], @​npm-cli-bot)

Commits

• 8640bd6 chore: release 7.8.4 (#875)
• e583226 fix: reject numeric segments after x-ranges
• 6b77aa8 chore: release 7.8.3 (#873)
• 3485dda chore: bump @​npmcli/eslint-config from 6.0.1 to 7.0.0 (#866)
• 046da7f fix: align caret includePrerelease lower bounds (#872)
• efafcf8 chore: release 7.8.2 (#871)
• bea6028 fix: increment dotted prerelease identifiers (#870)
• 7641608 chore: release 7.8.1 (#868)
• 17aa702 fix: strip build metadata before comparator trimming (#869)
• 5f3ca13 fix: handle prerelease bounds in subset (#867)
• Additional commits viewable in compare view

Updates yaml from 2.8.4 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

• fix: Avoid calling Array.prototype.push.apply() with large source array
• fix(lexer): Avoid recursive calls that may exhaust the call stack

Commits

• ddb21b0 2.9.0
• 167365b docs: Clarify that not all errors can be avoided
• 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
• 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
• See full diff in compare view

Updates @babel/core from 7.29.0 to 7.29.7

Release notes

Sourced from @​babel/core's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• 4fba754 v7.29.7
• 04ea6b2 v7.29.6
• 99f498a [7.x packport]Improve input source map handling (#18001)
• feba0a3 Preserve original identifier names from input sourcemaps (#17992) (#17998)
• See full diff in compare view

Updates @babel/preset-env from 7.29.3 to 7.29.7

Release notes

Sourced from @​babel/preset-env's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

Commits

• 4fba754 v7.29.7
• 3cd910d v7.29.5
• 3d399f8 [7.x backport]docs(preset-env): update CONTRIBUTING.md (#17976)
• See full diff in compare view

Updates @babel/preset-typescript from 7.28.5 to 7.29.7

Release notes

Sourced from @​babel/preset-typescript's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

• babel-generator
  • #18014 Catchup source map position in preserveFormat (@​nicolo-ribaudo)
• babel-core
  • #18001 [7.x packport]Improve input source map handling (@​JLHwung)
• babel-core, babel-generator
  • #17998 Preserve original identifier names from input sourcemaps (#17992) (@​Andarist)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Mateusz Burzyński (@​Andarist)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.29.5 (2026-05-05)

🏠 Internal

• babel-preset-env
  • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

• babel-plugin-transform-modules-systemjs
  • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

• Huáng Jùnliàng (@​JLHwung)

v7.29.3 (2026-04-30)

👓 Spec Compliance

• babel-parser
  • #17923 Support flow extends bound (@​JLHwung)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
• babel-register
  • #17915 Fix thread synchronization issues in @babel/register (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env
  • #17788 Add bugfix plugin for Safari array rest destructuring bug (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• 4fba754 v7.29.7
• f3a2226 [babel 7] Delete Babel 8 fixtures (#17729)
• See full diff in compare view

Updates @eslint/compat from 2.0.5 to 2.1.0

Release notes

Sourced from @​eslint/compat's releases.

compat: v2.1.0

2.1.0 (2026-05-08)

Features

• Add new includeIgnoreFile() to config-helpers (#430) (9b51352)

migrate-config: v2.1.0

2.1.0 (2026-05-08)

Features

• Add new includeIgnoreFile() to config-helpers (#430) (9b51352)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/config-helpers bumped from ^0.5.5 to ^0.6.0

migrate-config: v2.0.7

2.0.7 (2026-05-01)

Bug Fixes

• update espree to the latest (#437) (a8ff72f)

migrate-config: v2.0.6

2.0.6 (2026-04-08)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/compat bumped from ^2.0.4 to ^2.0.5
  • devDependencies
    • @​eslint/core bumped from ^1.2.0 to ^1.2.1

Changelog

Sourced from @​eslint/compat's changelog.

2.1.0 (2026-05-08)

Features

• Add new includeIgnoreFile() to config-helpers (#430) (9b51352)

Commits

• b894953 chore: release main (#446)
• 334038d docs: Update README sponsors
• 9b51352 feat: Add new ...

  Description has been truncated