Skip to content

chore(deps-dev): bump the dev-dependencies group with 6 updates#114

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/dev-dependencies-b81bad436b
Closed

chore(deps-dev): bump the dev-dependencies group with 6 updates#114
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/dev-dependencies-b81bad436b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 7, 2026
edited
Loading

Bumps the dev-dependencies group with 6 updates:

Package From To
@cyclonedx/cdxgen 12.3.0 12.3.3
@typescript-eslint/eslint-plugin 8.59.1 8.59.2
@typescript-eslint/parser 8.59.1 8.59.2
eslint 10.2.1 10.3.0
globals 17.5.0 17.6.0
vite 8.0.10 8.0.11

Updates @cyclonedx/cdxgen from 12.3.0 to 12.3.3

Release notes

Sourced from @​cyclonedx/cdxgen's releases.

Release v12.3.3

This release includes security fixes and some features.

What's Changed

🤖 AI-auto Changes

Full Changelog: cdxgen/cdxgen@v12.3.2...v12.3.3

Release v12.3.2

What's Changed

🤖 AI-auto Changes

Full Changelog: cdxgen/cdxgen@v12.3.1...v12.3.2

Release v12.3.1

cdxgen can now identify the MCP configurations and skills used in your project. It can also predict supply-chain attacks against your cargo dependencies.

What's Changed

🤖 AI-auto Changes

Full Changelog: cdxgen/cdxgen@v12.3.0...v12.3.1

Commits
  • cb5a2f2 Fix Docker registry auth: prevent credential leaks by enforcing host matching...
  • b1e1798 types
  • 6633128 Add BOM audit rules for disabled setup caches with remote npm/PyPI sources (#...
  • aecf1af Populate evidence.identity.tools for externally identified components (#3960)
  • cda94f0 Refactor staged rootfs dockertests into CI helpers and fix staged `all-layers...
  • b3fd4df Ignore vendored Composer and jar artifacts in mixed npm source scans (#3955)
  • b024b8b Support staged rootfs inputs for remote/offline OBOM generation (#3956)
  • 387a63c Harden Dependency-Track submission host enforcement and redact secret-bearing...
  • 976f449 Add collider.lock support to C/C++ BOM generation (#3959)
  • c703be5 Trim non-runtime files from published npm artifacts, image context, and SEA b...
  • Additional commits viewable in compare view

Updates @typescript-eslint/eslint-plugin from 8.59.1 to 8.59.2

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

  • eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
  • eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
  • rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.59.2 (2026-05-04)

🩹 Fixes

  • eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
  • eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits
  • 2ec35f1 chore(release): publish 8.59.2
  • ec3ef25 test: make no-useless-empty-export tests fully static (#12260)
  • 60d0a51 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
  • 5c53da2 fix(eslint-plugin): [no-deprecated] object destructuring values should be tre...
  • 80c28a1 fix(eslint-plugin): [no-unsafe-type-assertion] handle crash on recursive temp...
  • b7b2670 test: make no-this-alias tests fully static (#12258)
  • See full diff in compare view

Updates @typescript-eslint/parser from 8.59.1 to 8.59.2

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

  • eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
  • eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
  • rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.59.2 (2026-05-04)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates eslint from 10.2.1 to 10.3.0

Release notes

Sourced from eslint's releases.

v10.3.0

Features

  • 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

  • b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

  • 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
  • 7f47937 docs: Update README (GitHub Actions Bot)

Chores

  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)
  • 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818) (Josh Goldberg ✨)
  • 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815) (dependabot[bot])
  • 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811) (renovate[bot])
  • 2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#20810) (renovate[bot])
  • 77add7f chore: add initial ecosystem plugin tests workflow (#19643) (Josh Goldberg ✨)
  • 4023b55 test: Add unit tests for SuppressionsService.prune() (#20797) (kuldeep kumar)
  • 54080da test: add unit tests for ForkContext (#20778) (kuldeep kumar)
  • f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#20765) (kuldeep kumar)
  • a7f0b94 chore: update dependency prettier to v3.8.3 (#20782) (renovate[bot])
  • 7bf93d9 chore: update TypeScript to v6 (#20677) (sethamus)
  • b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#20781) (dependabot[bot])
  • 2b252be test: add unit tests for IdGenerator (#20775) (kuldeep kumar)
Commits
  • 7889204 10.3.0
  • 5b69b4f Build: changelog update for 10.3.0
  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826)
  • b6ae5cf fix: handle unavailable require cache (#20812)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#20821)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#20787)
  • 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818)
  • 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815)
  • 379571a feat: add suggestions for no-unused-private-class-members (#20773)
  • 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811)
  • Additional commits viewable in compare view

Updates globals from 17.5.0 to 17.6.0

Release notes

Sourced from globals's releases.

v17.6.0

  • Update globals (2026-05-01) (#343) 00a4dd9

sindresorhus/globals@v17.5.0...v17.6.0

Commits

Updates vite from 8.0.10 to 8.0.11

Release notes

Sourced from vite's releases.

v8.0.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.11 (2026-05-07)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22334) (672c962)
  • deps: update all non-major dependencies (#22382) (5c0cfcb)
  • glob: align hmr matcher options with glob enumeration (#22306) (30028f9)
  • make separate object instance for each environment (#22276) (7c2aa3b)

Documentation

Miscellaneous Chores

  • deps: update dependency tsdown to ^0.21.10 (#22333) (3b51e05)
  • deps: update rolldown-related dependencies (#22383) (555ff36)
  • deps: update transitive packages to fix npm audit alerts (#22316) (86aee62)

Code Refactoring

Tests

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the dev-dependencies group with 6 updates
a1e95fe 
Bumps the dev-dependencies group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@cyclonedx/cdxgen](https://github.com/cdxgen/cdxgen) | `12.3.0` | `12.3.3` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.59.1` | `8.59.2` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.59.1` | `8.59.2` |
| [eslint](https://github.com/eslint/eslint) | `10.2.1` | `10.3.0` |
| [globals](https://github.com/sindresorhus/globals) | `17.5.0` | `17.6.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.10` | `8.0.11` |


Updates `@cyclonedx/cdxgen` from 12.3.0 to 12.3.3
- [Release notes](https://github.com/cdxgen/cdxgen/releases)
- [Commits](cdxgen/cdxgen@v12.3.0...v12.3.3)

Updates `@typescript-eslint/eslint-plugin` from 8.59.1 to 8.59.2
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.2/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.59.1 to 8.59.2
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.2/packages/parser)

Updates `eslint` from 10.2.1 to 10.3.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.2.1...v10.3.0)

Updates `globals` from 17.5.0 to 17.6.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.5.0...v17.6.0)

Updates `vite` from 8.0.10 to 8.0.11
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.11/packages/vite)

---
updated-dependencies:
- dependency-name: "@cyclonedx/cdxgen"
  dependency-version: 12.3.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.59.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.59.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: eslint
  dependency-version: 10.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: globals
  dependency-version: 17.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: vite
  dependency-version: 8.0.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 7, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 7, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​typescript-eslint/​parser@​8.59.1 ⏵ 8.59.21001007198100
Updated@​typescript-eslint/​eslint-plugin@​8.59.1 ⏵ 8.59.299 +110080 +198100
Updatedvite@​8.0.10 ⏵ 8.0.119810082 +199 +2100
Updatedglobals@​17.5.0 ⏵ 17.6.0100 +110086 +195100
Updated@​cyclonedx/​cdxgen@​12.3.0 ⏵ 12.3.386 -1210010099 +1100
Updatedeslint@​10.2.1 ⏵ 10.3.089 +110010096100

View full report

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 14, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 14, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-b81bad436b branch May 14, 2026 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants