Skip to content

chore(deps): Bump eslint-plugin-unicorn from 65.0.1 to 67.0.0#539

Merged
nullvariant merged 7 commits into
mainfrom
dependabot/npm_and_yarn/eslint-plugin-unicorn-66.0.0
Jun 29, 2026
Merged

chore(deps): Bump eslint-plugin-unicorn from 65.0.1 to 67.0.0#539
nullvariant merged 7 commits into
mainfrom
dependabot/npm_and_yarn/eslint-plugin-unicorn-66.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps eslint-plugin-unicorn from 65.0.1 to 67.0.0.

Release notes

Sourced from eslint-plugin-unicorn's releases.

v67.0.0

New rules

Improvements

  • no-unreadable-new-expression: Remove from recommended preset (#3285) c9f452e8
  • comment-content: Remove from recommended preset (#3269) 21cce8b7
  • comment-content: Add checkUniformCase option (#3269) 21cce8b7
  • consistent-class-member-order: Group static methods with other static members (#3239) 8f4de024
  • consistent-class-member-order: Improve error message (#3264) 47f9f21e
  • dom-node-dataset: Flag .dataset assigned to a variable with preferAttributes (#3268) 79198cc5
  • no-array-reduce: Suggest Math.sumPrecise() for sum reduces (#3261) 081936dc
  • no-return-array-push: Disallow using push() and unshift() return values (#3244) d9ea7abf
  • no-unreadable-array-destructuring: Disallow property targets (#3245) 8b503594
  • no-unreadable-object-destructuring: Disallow property targets (#3245) 8b503594
  • no-useless-fallback-in-spread: Add checkTernary option (#3284) b2496fca
  • prefer-logical-operator-over-ternary: Improve nullish ternary detection (#3240) 4014a1ec
  • prefer-minimal-ternary: Add checkComputedMemberAccess option (#3241) cf4c014f
  • prefer-scoped-selector: Only apply to combined selectors (#3263) d715bad9
  • prefer-scoped-selector: Report partially-scoped selector lists (#3259) cf88cddb
  • prefer-type-literal-last: Keep null and undefined last (#3281) f6a9dce6
  • no-array-callback-reference: Harden the rule (#3230) dcc0cf87
  • no-declarations-before-early-exit: Harden side-effect detection (#3238) 1bad677e
  • no-declarations-before-early-exit: Ignore React hook calls (#3280) de47dcec
  • comment-content: Skip non-prose comments (#3236) 9c85b1f5
  • no-empty-file: Don't report non-empty files parsed by a plain-text parser (#3270) 3b8b9a42
  • no-unsafe-property-key: Don't flag unique symbol keys (#3278) 3fa567e7
  • no-unsafe-property-key: Ignore template literal types (#3247) b8d96020

sindresorhus/eslint-plugin-unicorn@v66.0.0...v67.0.0

... (truncated)

Commits
  • 9071c96 67.0.0
  • c9f452e no-unreadable-new-expression: Remove from recommended preset (#3285)
  • b2496fc no-useless-fallback-in-spread: Add checkTernary option (#3284)
  • 3c76922 Add no-useless-coercion rule (#3283)
  • f6a9dce prefer-type-literal-last: Keep null and undefined last (#3281)
  • 337a5a5 no-return-array-push: Improve docs
  • de47dce no-declarations-before-early-exit: Ignore React hook calls (#3280)
  • a2fd9d1 prefer-minimal-ternary: Add more tests (#3279)
  • 3fa567e no-unsafe-property-key: Don't flag unique symbol keys (#3278)
  • 5fd7d25 Add no-useless-continue rule (#3276)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 15, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@socket-security

socket-security Bot commented Jun 15, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedeslint-plugin-unicorn@​65.0.1 ⏵ 67.0.099100100 +195100

View full report

@nullvariant-mimi

nullvariant-mimi Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🐰 Mimi's Validation Report ✅

All checks are looking good! Great job! 🎉

⏳ Some checks are still running. I will keep watching!


バリデーターを通してくださいね

This report was carefully prepared by nullvariant-mimi[bot]

@nullvariant-blaze

nullvariant-blaze Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🐗 Blaze's Release Review 📦

No version bump. Just dependency changes... boring. Wake me up when it's deploy time! 😤


よっしゃ!デプロイしまくるぞ!

This review was ENTHUSIASTICALLY filed by nullvariant-blaze[bot]

@nullvariant-luna

nullvariant-luna Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

👧 Luna's Exploration Report 📦

No new dependencies added. Just version bumps! Nothing to explore here... 😴


Botに418返そうよ!

This report was curiously compiled by nullvariant-luna[bot]

@github-actions

Copy link
Copy Markdown
Contributor

VEX Assessment: not_affected

This dependency update modifies devDependencies only.

  • Status: not_affected
  • Justification: vulnerable_code_not_in_execute_path
  • Impact: Zero production dependencies. No third-party code is included in the published VSIX.

Any CVEs in updated devDependencies do not affect end users. The VEX document will be automatically updated by the weekly VEX Auto-Update workflow.

🤖 Automated VEX assessment

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/eslint-plugin-unicorn ^67.0.0 UnknownUnknown
npm/eslint-plugin-unicorn 67.0.0 🟢 4.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/semver 7.8.4 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 8Found 14/17 approved changesets -- score normalized to 8
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 9SAST tool detected but not run on all commits

Scanned Files

  • extensions/git-id-switcher/package.json
  • package-lock.json

@nullvariant-ciel

nullvariant-ciel Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🕊️ Ciel's Mediation 🌤️

*~~ floating down from the clouds ~~ The zoo seems a bit noisy today...*

4 zoo members have reviewed this PR.

Zoo Member Status
🦥 Slow Commented
🐰 Mimi Commented
👧 Luna Commented
🐗 Blaze Commented

⚖️ The zoo has mixed opinions. Some are concerned, some are fine with it. Please review each comment carefully and make the final call.


まあまあ、ほどほどに。

This mediation was peacefully delivered by nullvariant-ciel[bot]

@nullvariant

Copy link
Copy Markdown
Owner

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@nullvariant

Copy link
Copy Markdown
Owner

@dependabot recreate

Bumps [eslint-plugin-unicorn](https://github.com/sindresorhus/eslint-plugin-unicorn) from 65.0.1 to 67.0.0.
- [Release notes](https://github.com/sindresorhus/eslint-plugin-unicorn/releases)
- [Commits](sindresorhus/eslint-plugin-unicorn@v65.0.1...v67.0.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-unicorn
  dependency-version: 66.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): Bump eslint-plugin-unicorn from 65.0.1 to 66.0.0 chore(deps): Bump eslint-plugin-unicorn from 65.0.1 to 67.0.0 Jun 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-plugin-unicorn-66.0.0 branch from 7cc6dc0 to 44c9aee Compare June 18, 2026 02:15
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

A newer version of eslint-plugin-unicorn exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Apply the safe autofixes from eslint-plugin-unicorn 67 and configure the new rules so the dependency update can pass CI.

Rules that conflict with VS Code extension initialization patterns are disabled, while the remaining v67 findings are downgraded to warnings for follow-up cleanup.

Local verification:

- npm run lint --workspace git-id-switcher -- --no-cache

- npm run compile --workspace git-id-switcher

- npm run test --workspace git-id-switcher

Signed-off-by: Null;Variant <null@nullvariant.com>

🖥️ IDE: [Zed](https://zed.dev/)

Co-authored-by: GPT-5.5 <codex@openai.com>
Model-Raw: gpt-5.5
@nullvariant

Copy link
Copy Markdown
Owner

Added a follow-up commit to unblock the eslint-plugin-unicorn 67 upgrade.\n\nSummary:\n- Applied safe ESLint autofixes from the unicorn 67 rule set.\n- Disabled the v67 rules that conflict with the VS Code extension initialization pattern.\n- Downgraded the remaining v67 findings to warnings so the dependency update can pass CI while keeping follow-up cleanup visible.\n- Reverted the unsafe autofix that converted the test-only _resetForTest API into a private class field.\n\nLocal verification:\n- npm run lint --workspace git-id-switcher -- --no-cache\n- npm run compile --workspace git-id-switcher\n- npm run test --workspace git-id-switcher

@nullvariant-slow

nullvariant-slow Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

🦥 Slow's Code Review 😩

...yawn... Do I really have to review this?

⚠️ TOO LONG... I can barely keep my eyes open reading these:

File Lines

| extensions/git-id-switcher/src/commands/handlers.ts | 513 |
| extensions/git-id-switcher/src/core/submodule.ts | 546 |
| extensions/git-id-switcher/src/identity/identity.ts | 827 |
| extensions/git-id-switcher/src/security/binaryResolver.ts | 483 |
| extensions/git-id-switcher/src/security/commandAllowlist.ts | 377 |
| extensions/git-id-switcher/src/security/pathUtils.ts | 549 |
| extensions/git-id-switcher/src/security/pathValidator.ts | 383 |
| extensions/git-id-switcher/src/security/securityLogger.ts | 569 |
| extensions/git-id-switcher/src/ssh/sshAgent.ts | 749 |
| extensions/git-id-switcher/src/test/binaryResolver.test.ts | 1183 |
| extensions/git-id-switcher/src/test/combinedFlagValidation.test.ts | 992 |
| extensions/git-id-switcher/src/test/e2e/deleteIdentityPicker.test.ts | 343 |
| extensions/git-id-switcher/src/test/e2e/handlers.test.ts | 840 |
| extensions/git-id-switcher/src/test/e2e/identity.test.ts | 1501 |
| extensions/git-id-switcher/src/test/e2e/identityManager.test.ts | 3855 |
| extensions/git-id-switcher/src/test/e2e/identityPicker.test.ts | 975 |
| extensions/git-id-switcher/src/test/e2e/statusBar.test.ts | 583 |
| extensions/git-id-switcher/src/test/extensionLogger.test.ts | 384 |
| extensions/git-id-switcher/src/test/fileLogWriter.test.ts | 862 |
| extensions/git-id-switcher/src/test/getSafeStack.test.ts | 462 |
| extensions/git-id-switcher/src/test/htmlTemplates.test.ts | 1672 |
| extensions/git-id-switcher/src/test/pathSanitizer.test.ts | 1097 |
| extensions/git-id-switcher/src/test/pathSecurity.test.ts | 1137 |
| extensions/git-id-switcher/src/test/pathUtils.test.ts | 1231 |
| extensions/git-id-switcher/src/test/secureExec.test.ts | 1387 |
| extensions/git-id-switcher/src/test/securityLogger.test.ts | 1840 |
| extensions/git-id-switcher/src/test/sensitiveDataDetector.test.ts | 1742 |
| extensions/git-id-switcher/src/test/sshKeyFile.test.ts | 348 |
| extensions/git-id-switcher/src/test/submodule.test.ts | 1270 |
| extensions/git-id-switcher/src/test/syncChecker.test.ts | 585 |
| extensions/git-id-switcher/src/test/validation.fuzz.test.ts | 547 |
| extensions/git-id-switcher/src/test/validation.test.ts | 871 |
| extensions/git-id-switcher/src/test/validatorsCommon.test.ts | 495 |
| extensions/git-id-switcher/src/test/workspaceTrust.test.ts | 680 |
| extensions/git-id-switcher/src/ui/documentationInternal.ts | 505 |
| extensions/git-id-switcher/src/ui/documentationPublic.ts | 394 |
| extensions/git-id-switcher/src/ui/identityAddForm.ts | 331 |
| extensions/git-id-switcher/src/ui/identityFormUtils.ts | 416 |
| extensions/git-id-switcher/src/ui/identityPicker.ts | 496 |
| extensions/git-id-switcher/src/validators/common.ts | 499 |

Split it up... reading long files is exhausting.


働きたくないでござる

This review was reluctantly filed by nullvariant-slow[bot]

nullvariant-justice[bot]
nullvariant-justice Bot previously approved these changes Jun 29, 2026

@nullvariant-justice nullvariant-justice Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚖️ Justice grants passage. CI checks passed — this code meets the garden's standards.

Remove trailing whitespace reported by pre-commit.ci after the unicorn 67 lint update.

Signed-off-by: Null;Variant <null@nullvariant.com>

🖥️ IDE: [Zed](https://zed.dev/)

Co-authored-by: GPT-5.5 <codex@openai.com>
Model-Raw: gpt-5.5
nullvariant-justice[bot]
nullvariant-justice Bot previously approved these changes Jun 29, 2026

@nullvariant-justice nullvariant-justice Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚖️ Justice grants passage. CI checks passed — this code meets the garden's standards.

@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Add focused tests for the private commit hash validator so SonarQube and Codecov can account for the short-hash and non-hex rejection branches.

Local verification:

- npm run lint --workspace git-id-switcher -- --no-cache

- npm run compile --workspace git-id-switcher

- npm run test:coverage --workspace git-id-switcher

Signed-off-by: Null;Variant <null@nullvariant.com>

🖥️ IDE: [Zed](https://zed.dev/)

Co-authored-by: GPT-5.5 <codex@openai.com>
Model-Raw: gpt-5.5
@nullvariant

Copy link
Copy Markdown
Owner

Added a focused coverage follow-up for the submodule commit hash validator. Summary: exposed the private commit hash validator through test-only exports, and added tests for the valid, short-hash, and non-hex branches reported by SonarQube/Codecov. Local verification: npm run lint --workspace git-id-switcher -- --no-cache; npm run compile --workspace git-id-switcher; npm run test:coverage --workspace git-id-switcher.

nullvariant-justice[bot]
nullvariant-justice Bot previously approved these changes Jun 29, 2026

@nullvariant-justice nullvariant-justice Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚖️ Justice grants passage. CI checks passed — this code meets the garden's standards.

Add focused tests for branch suffix parsing and workspace validation fallback handling so the submodule coverage report no longer has uncovered lines or branches in src/core/submodule.ts.

Local verification:

- npm run lint --workspace git-id-switcher -- --no-cache

- npm run compile --workspace git-id-switcher

- npm run test:coverage --workspace git-id-switcher

Signed-off-by: Null;Variant <null@nullvariant.com>

🖥️ IDE: [Zed](https://zed.dev/)

Co-authored-by: GPT-5.5 <codex@openai.com>
Model-Raw: gpt-5.5
@nullvariant

Copy link
Copy Markdown
Owner

Added a second focused coverage follow-up for the remaining SonarQube lines in src/core/submodule.ts. Summary: covered branch suffix early-return paths, moved workspace validation failure reason selection into a private helper, and covered both the provided-reason and fallback-reason branches. Local verification: npm run lint --workspace git-id-switcher -- --no-cache; npm run compile --workspace git-id-switcher; npm run test:coverage --workspace git-id-switcher. The generated lcov report now shows src/core/submodule.ts with no uncovered lines or branches (LF=546/LH=546, BRF=85/BRH=85).

@sonarqubecloud

Copy link
Copy Markdown

@nullvariant nullvariant merged commit 5aaae05 into main Jun 29, 2026
44 checks passed
@nullvariant nullvariant deleted the dependabot/npm_and_yarn/eslint-plugin-unicorn-66.0.0 branch June 29, 2026 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant