Skip to content

Bump the npm group with 6 updates#2054

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-8cfa0007e0
Oct 7, 2025
Merged

Bump the npm group with 6 updates#2054
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-8cfa0007e0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Oct 7, 2025

Copy link
Copy Markdown
Contributor

Bumps the npm group with 6 updates:

Package From To
@eslint/js 9.36.0 9.37.0
eslint 9.36.0 9.37.0
@eslint/config-helpers 0.3.1 0.4.0
@eslint/core 0.15.2 0.16.0
@eslint/plugin-kit 0.3.5 0.4.0
caniuse-lite 1.0.30001747 1.0.30001748

Updates @eslint/js from 9.36.0 to 9.37.0

Release notes

Sourced from @​eslint/js's releases.

v9.37.0

Features

  • 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
  • f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

  • a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
  • 09e04fc fix: add missing AST token types (#20172) (Pixel998)
  • 861c6da fix: correct ESLint typings (#20122) (Pixel998)

Documentation

  • b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
  • 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
  • 29ea092 docs: Update README (GitHub Actions Bot)
  • 5c97a04 docs: show availableUntil in deprecated rule banner (#20170) (Pixel998)
  • 90a71bf docs: update README files to add badge and instructions (#20115) (루밀LuMir)
  • 1603ae1 docs: update references from master to main (#20153) (루밀LuMir)

Chores

  • afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
  • abee4ca chore: package.json update for @​eslint/js release (Jenkins)
  • fc9381f chore: fix typos in comments (#20175) (overlookmotel)
  • e1574a2 chore: unpin jiti (#20173) (renovate[bot])
  • e1ac05e refactor: mark ESLint.findConfigFile() as async, add missing docs (#20157) (Pixel998)
  • 347906d chore: update eslint (#20149) (renovate[bot])
  • 0cb5897 test: remove tmp dir created for circular fixes in multithread mode test (#20146) (Milos Djermanovic)
  • bb99566 ci: pin jiti to version 2.5.1 (#20151) (Pixel998)
  • 177f669 perf: improve worker count calculation for "auto" concurrency (#20067) (Francesco Trotta)
  • 448b57b chore: Mark deprecated formatting rules as available until v11.0.0 (#20144) (Milos Djermanovic)
Commits
  • abee4ca chore: package.json update for @​eslint/js release
  • 90a71bf docs: update README files to add badge and instructions (#20115)
  • See full diff in compare view

Updates eslint from 9.36.0 to 9.37.0

Release notes

Sourced from eslint's releases.

v9.37.0

Features

  • 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
  • f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

  • a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
  • 09e04fc fix: add missing AST token types (#20172) (Pixel998)
  • 861c6da fix: correct ESLint typings (#20122) (Pixel998)

Documentation

  • b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
  • 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
  • 29ea092 docs: Update README (GitHub Actions Bot)
  • 5c97a04 docs: show availableUntil in deprecated rule banner (#20170) (Pixel998)
  • 90a71bf docs: update README files to add badge and instructions (#20115) (루밀LuMir)
  • 1603ae1 docs: update references from master to main (#20153) (루밀LuMir)

Chores

  • afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
  • abee4ca chore: package.json update for @​eslint/js release (Jenkins)
  • fc9381f chore: fix typos in comments (#20175) (overlookmotel)
  • e1574a2 chore: unpin jiti (#20173) (renovate[bot])
  • e1ac05e refactor: mark ESLint.findConfigFile() as async, add missing docs (#20157) (Pixel998)
  • 347906d chore: update eslint (#20149) (renovate[bot])
  • 0cb5897 test: remove tmp dir created for circular fixes in multithread mode test (#20146) (Milos Djermanovic)
  • bb99566 ci: pin jiti to version 2.5.1 (#20151) (Pixel998)
  • 177f669 perf: improve worker count calculation for "auto" concurrency (#20067) (Francesco Trotta)
  • 448b57b chore: Mark deprecated formatting rules as available until v11.0.0 (#20144) (Milos Djermanovic)
Commits

Updates @eslint/config-helpers from 0.3.1 to 0.4.0

Release notes

Sourced from @​eslint/config-helpers's releases.

core: v0.4.0

0.4.0 (2024-08-12)

Features

config-helpers: v0.4.0

0.4.0 (2025-09-16)

Features

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

plugin-kit: v0.4.0

0.4.0 (2025-09-16)

Features

  • add support for getLocFromIndex and getIndexFromLoc (#212) (a3588d8)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

plugin-kit: v0.3.5

0.3.5 (2025-08-05)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.1 to ^0.15.2

plugin-kit: v0.3.4

0.3.4 (2025-07-21)

... (truncated)

Changelog

Sourced from @​eslint/config-helpers's changelog.

0.4.0 (2025-09-16)

Features

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0
Commits

Updates @eslint/core from 0.15.2 to 0.16.0

Release notes

Sourced from @​eslint/core's releases.

config-array: v0.16.0

0.16.0 (2024-06-12)

⚠ BREAKING CHANGES

  • treat * as a universal pattern (#50)
  • Remove ConfigArray#isExplicitMatch() (#53)

Features

  • Remove ConfigArray#isExplicitMatch() (#53) (10d8200)

Bug Fixes

  • Add 'main' and 'types' entries to package.json (#48) (16ee1fa)
  • treat * as a universal pattern (#50) (79ad4bc)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/object-schema bumped from ^2.1.3 to ^2.1.4

core: v0.16.0

0.16.0 (2025-09-16)

Features

Bug Fixes

  • remove unsupported nodeType from types (#268) (d800559)
Changelog

Sourced from @​eslint/core's changelog.

0.16.0 (2025-09-16)

Features

Bug Fixes

  • remove unsupported nodeType from types (#268) (d800559)
Commits

Updates @eslint/plugin-kit from 0.3.5 to 0.4.0

Release notes

Sourced from @​eslint/plugin-kit's releases.

core: v0.4.0

0.4.0 (2024-08-12)

Features

config-helpers: v0.4.0

0.4.0 (2025-09-16)

Features

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0

plugin-kit: v0.4.0

0.4.0 (2025-09-16)

Features

  • add support for getLocFromIndex and getIndexFromLoc (#212) (a3588d8)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0
Changelog

Sourced from @​eslint/plugin-kit's changelog.

0.4.0 (2025-09-16)

Features

  • add support for getLocFromIndex and getIndexFromLoc (#212) (a3588d8)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^0.15.2 to ^0.16.0
Commits

Updates caniuse-lite from 1.0.30001747 to 1.0.30001748

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm group with 6 updates
d57b3b5 
Bumps the npm group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.36.0` | `9.37.0` |
| [eslint](https://github.com/eslint/eslint) | `9.36.0` | `9.37.0` |
| [@eslint/config-helpers](https://github.com/eslint/rewrite/tree/HEAD/packages/config-helpers) | `0.3.1` | `0.4.0` |
| [@eslint/core](https://github.com/eslint/rewrite/tree/HEAD/packages/core) | `0.15.2` | `0.16.0` |
| [@eslint/plugin-kit](https://github.com/eslint/rewrite/tree/HEAD/packages/plugin-kit) | `0.3.5` | `0.4.0` |
| [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001747` | `1.0.30001748` |


Updates `@eslint/js` from 9.36.0 to 9.37.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.37.0/packages/js)

Updates `eslint` from 9.36.0 to 9.37.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.36.0...v9.37.0)

Updates `@eslint/config-helpers` from 0.3.1 to 0.4.0
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/config-helpers/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/core-v0.4.0/packages/config-helpers)

Updates `@eslint/core` from 0.15.2 to 0.16.0
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/core/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/core-v0.16.0/packages/core)

Updates `@eslint/plugin-kit` from 0.3.5 to 0.4.0
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/plugin-kit/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/core-v0.4.0/packages/plugin-kit)

Updates `caniuse-lite` from 1.0.30001747 to 1.0.30001748
- [Commits](browserslist/caniuse-lite@1.0.30001747...1.0.30001748)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: eslint
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@eslint/config-helpers"
  dependency-version: 0.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@eslint/core"
  dependency-version: 0.16.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@eslint/plugin-kit"
  dependency-version: 0.4.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: caniuse-lite
  dependency-version: 1.0.30001748
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot assigned poad Oct 7, 2025
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 7, 2025
@github-actions github-actions Bot enabled auto-merge (squash) October 7, 2025 01:22
@github-actions

github-actions Bot commented Oct 7, 2025

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@eslint/js ^9.37.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/eslint ^9.37.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/@eslint/config-helpers 0.4.0 UnknownUnknown
npm/@eslint/js 9.37.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/@eslint/plugin-kit 0.4.0 UnknownUnknown
npm/caniuse-lite 1.0.30001748 🟢 5
Details
CheckScoreReason
Maintained🟢 1017 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Pinned-Dependencies🟢 10all dependencies are pinned
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
npm/eslint 9.37.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • package.json
  • pnpm-lock.yaml

@github-actions github-actions Bot merged commit 2ce63dc into main Oct 7, 2025
5 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/npm-8cfa0007e0 branch October 7, 2025 01:23
@github-actions github-actions Bot mentioned this pull request Feb 22, 2026
Closed
@my-pull-request-auto-merge my-pull-request-auto-merge Bot mentioned this pull request Feb 22, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@poad poad

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@poad