Skip to content

chore(deps): Bump eslint-plugin-sonarjs from 4.0.3 to 4.1.0 in the dev-dependencies group across 1 directory#544

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-b9e590ed4e
Closed

chore(deps): Bump eslint-plugin-sonarjs from 4.0.3 to 4.1.0 in the dev-dependencies group across 1 directory#544
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-b9e590ed4e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 1 update in the / directory: eslint-plugin-sonarjs.

Updates eslint-plugin-sonarjs from 4.0.3 to 4.1.0

Commits

@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 22, 2026
@nullvariant-mimi

nullvariant-mimi Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

🐰 Mimi's Validation Report ✅

All checks are looking good! Great job! 🎉

⏳ Some checks are still running. I will keep watching!


バリデーターを通してくださいね

This report was carefully prepared by nullvariant-mimi[bot]

@nullvariant-luna

nullvariant-luna Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

👧 Luna's Exploration Report 📦

No new dependencies added. Just version bumps! Nothing to explore here... 😴


Botに418返そうよ!

This report was curiously compiled by nullvariant-luna[bot]

@nullvariant-blaze

nullvariant-blaze Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

🐗 Blaze's Release Review 📦

No version bump. Just dependency changes... boring. Wake me up when it's deploy time! 😤


よっしゃ!デプロイしまくるぞ!

This review was ENTHUSIASTICALLY filed by nullvariant-blaze[bot]

@socket-security

socket-security Bot commented Jun 22, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedeslint-plugin-sonarjs@​4.0.3 ⏵ 4.1.01001001009470

View full report

@nullvariant-ciel

nullvariant-ciel Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

🕊️ Ciel's Mediation ☀️

*~~ gliding on a gentle breeze ~~ How serene!*

3 zoo members have reviewed this PR.

Zoo Member Status
🐰 Mimi Commented
👧 Luna Commented
🐗 Blaze Commented

☀️ The zoo is in harmony. Everything looks peaceful from up here.


まあまあ、ほどほどに。

This mediation was peacefully delivered by nullvariant-ciel[bot]

@github-actions

Copy link
Copy Markdown
Contributor

VEX Assessment: not_affected

This dependency update modifies devDependencies only.

  • Status: not_affected
  • Justification: vulnerable_code_not_in_execute_path
  • Impact: Zero production dependencies. No third-party code is included in the published VSIX.

Any CVEs in updated devDependencies do not affect end users. The VEX document will be automatically updated by the weekly VEX Auto-Update workflow.

🤖 Automated VEX assessment

@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/eslint-plugin-sonarjs ^4.1.0 UnknownUnknown
npm/eslint-plugin-sonarjs 4.1.0 🟢 5.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Token-Permissions🟢 3detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging🟢 10packaging workflow detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/semver 7.8.5 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 7Found 14/18 approved changesets -- score normalized to 7
Maintained🟢 1017 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool detected but not run on all commits

Scanned Files

  • extensions/git-id-switcher/package.json
  • package-lock.json

Bumps the dev-dependencies group with 1 update in the / directory: [eslint-plugin-sonarjs](https://github.com/SonarSource/SonarJS).


Updates `eslint-plugin-sonarjs` from 4.0.3 to 4.1.0
- [Release notes](https://github.com/SonarSource/SonarJS/releases)
- [Commits](https://github.com/SonarSource/SonarJS/commits)

---
updated-dependencies:
- dependency-name: eslint-plugin-sonarjs
  dependency-version: 4.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): Bump eslint-plugin-sonarjs from 4.0.3 to 4.1.0 in the dev-dependencies group chore(deps): Bump eslint-plugin-sonarjs from 4.0.3 to 4.1.0 in the dev-dependencies group across 1 directory Jun 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-b9e590ed4e branch from f0a0515 to da87917 Compare June 22, 2026 13:22
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Looks like eslint-plugin-sonarjs is updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-b9e590ed4e branch June 29, 2026 06:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants