Skip to content

Bump the npm group with 3 updates#2169

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-a0ddc40cd4
Apr 27, 2026
Merged

Bump the npm group with 3 updates#2169
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-a0ddc40cd4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm group with 3 updates: eslint, @humanfs/core and @humanfs/node.

Updates eslint from 10.2.0 to 10.2.1

Release notes

Sourced from eslint's releases.

v10.2.1

Bug Fixes

  • 14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)
  • 84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)
  • af764af fix: clarify language and processor validation errors (#20729) (Pixel998)
  • e251b89 fix: update eslint (#20715) (renovate[bot])

Documentation

  • ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768) (Amaresh S M)
  • 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767) (Amaresh S M)
  • c1621b9 docs: fix typos in code-path-analyzer.js (#20700) (Ayush Shukla)
  • 1418d52 docs: Update README (GitHub Actions Bot)
  • 39771e6 docs: Update README (GitHub Actions Bot)
  • 71e0469 docs: fix incomplete JSDoc param description in no-shadow rule (#20728) (kuldeep kumar)
  • 22119ce docs: clarify scope of for-direction rule with dead code examples (#20723) (Amaresh S M)
  • 8f3fb77 docs: document meta.docs.dialects (#20718) (Pixel998)

Chores

  • 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770) (renovate[bot])
  • fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763) (dependabot[bot])
  • 7246f92 test: add tests for SuppressionsService.load() error handling (#20734) (kuldeep kumar)
  • 4f34b1e chore: update pnpm/action-setup action to v5 (#20762) (renovate[bot])
  • 51080eb test: processor service (#20731) (kuldeep kumar)
  • e7e1889 chore: remove stale babel-eslint10 fixture and test (#20727) (kuldeep kumar)
  • 4e1a87c test: remove redundant async/await in flat config array tests (#20722) (Pixel998)
  • 066eabb test: add rule metadata coverage for languages and docs.dialects (#20717) (Pixel998)
Commits

Updates @humanfs/core from 0.19.1 to 0.19.2

Release notes

Sourced from @​humanfs/core's releases.

memory: v0.19.2

0.19.2 (2024-06-13)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​humanfs/core bumped from ^0.18.1 to ^0.18.2

core: v0.19.2

0.19.2 (2026-04-17)

Bug Fixes

  • Include type dependencies at runtime (956ce7a), closes #145
Commits

Updates @humanfs/node from 0.16.7 to 0.16.8

Release notes

Sourced from @​humanfs/node's releases.

node: v0.16.8

0.16.8 (2026-04-17)

Bug Fixes

  • Include type dependencies at runtime (956ce7a), closes #145

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​humanfs/core bumped from ^0.19.1 to ^0.19.2
Changelog

Sourced from @​humanfs/node's changelog.

0.16.8 (2026-04-17)

Bug Fixes

  • Ensure symlinks are copied as symlinks in copy() and copyAll() (22bbaa44)
  • Include type dependencies at runtime (956ce7a), closes #145

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​humanfs/core bumped from ^0.19.1 to ^0.19.2
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm group with 3 updates
572da7d 
Bumps the npm group with 3 updates: [eslint](https://github.com/eslint/eslint), [@humanfs/core](https://github.com/humanwhocodes/humanfs) and [@humanfs/node](https://github.com/humanwhocodes/humanfs/tree/HEAD/packages/node).


Updates `eslint` from 10.2.0 to 10.2.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.2.0...v10.2.1)

Updates `@humanfs/core` from 0.19.1 to 0.19.2
- [Release notes](https://github.com/humanwhocodes/humanfs/releases)
- [Commits](humanwhocodes/humanfs@core-v0.19.1...core-v0.19.2)

Updates `@humanfs/node` from 0.16.7 to 0.16.8
- [Release notes](https://github.com/humanwhocodes/humanfs/releases)
- [Changelog](https://github.com/humanwhocodes/humanfs/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/humanwhocodes/humanfs/commits/node-v0.16.8/packages/node)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@humanfs/core"
  dependency-version: 0.19.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@humanfs/node"
  dependency-version: 0.16.8
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 27, 2026
@github-actions github-actions Bot enabled auto-merge (squash) April 27, 2026 01:44
@github-actions

github-actions Bot commented Apr 27, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@humanfs/core 0.19.2 UnknownUnknown
npm/@humanfs/node 0.16.8 UnknownUnknown
npm/@humanfs/types 0.15.0 UnknownUnknown
npm/eslint 10.2.1 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 6Found 17/25 approved changesets -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits

Scanned Files

  • pnpm-lock.yaml

@github-actions github-actions Bot merged commit d6bc323 into main Apr 27, 2026
4 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/npm-a0ddc40cd4 branch April 27, 2026 01:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@poad poad

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@poad