Skip to content

deps(deps): bump the major group with 7 updates#129

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/major-c00a61f8ff
Closed

deps(deps): bump the major group with 7 updates#129
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/major-c00a61f8ff

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the major group with 7 updates:

Package From To
puppeteer 24.42.0 25.3.0
undici 7.25.0 8.7.0
webtorrent 2.8.5 3.0.16
@types/node 25.6.0 26.1.1
@vitejs/plugin-react 5.1.4 6.0.3
eslint 9.39.2 10.7.0
typescript 5.9.3 7.0.2

Updates puppeteer from 24.42.0 to 25.3.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v25.3.0

25.3.0 (2026-07-01)

🎉 Features

  • support installing extensions for browser contexts (#15164) (118d84d)

🛠️ Fixes

📄 Documentation

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.5 to 3.0.6

puppeteer: v25.3.0

25.3.0 (2026-07-01)

♻️ Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.5 to 3.0.6
      • puppeteer-core bumped from 25.2.1 to 25.3.0

puppeteer-core: v25.2.1

25.2.1 (2026-06-24)

🛠️ Fixes

... (truncated)

Changelog

Sourced from puppeteer's changelog.

25.3.0 (2026-07-01)

♻️ Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 3.0.5 to 3.0.6

🎉 Features

  • support installing extensions for browser contexts (#15164) (118d84d)

🛠️ Fixes

📄 Documentation

25.2.1 (2026-06-24)

♻️ Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 25.2.0 to 25.2.1

🛠️ Fixes

... (truncated)

Commits
  • 58d9b02 chore: release main (#15165)
  • d382a21 fix: roll to Firefox 152.0.4 (#15195)
  • 2356a15 fix: handle swaps without a timer (#15198)
  • 537232e chore(webmcp): Clean unnecessary Protocol interfaces (#15199)
  • ab74e6a docs: fix the typos on documentation (#15167)
  • 9560bcf chore(deps-dev): bump the dev-dependencies group across 1 directory with 20 u...
  • 04a9587 refactor: extract zip archives with yauzl instead of CLI tools (#15085)
  • 54143a6 chore: fix the typos on the code test and API documentation (#15169)
  • 55787d5 fix: normalize duplicate set-cookie headers using newline (#15173)
  • 118d84d feat: support installing extensions for browser contexts (#15164)
  • Additional commits viewable in compare view

Updates undici from 7.25.0 to 8.7.0

Release notes

Sourced from undici's releases.

v8.7.0

What's Changed

New Contributors

Full Changelog: nodejs/undici@v8.6.0...v8.7.0

v8.6.0

What's Changed

... (truncated)

Commits
  • cb4c2f1 Bumped v8.7.0 (#5501)
  • a8d1a95 fix: auto-detect HTTP proxy tunneling (#5116)
  • cb30e58 fix: add static buildDispatch method to RedirectHandler type definition (#5442)
  • 0c08579 fix(h2): requeue request on GOAWAY'd session instead of crashing (#5453)
  • e5b3364 fix(h2): guard onResponse against a 'response' event delivered after completi...
  • c0007f4 docs: add reproduction guide and update bug report template (#5451)
  • e529cab fix: ignore an unparseable Set-Cookie Expires attribute (#5488)
  • 754742c fix(h2): destroy the stream on abort instead of relying on close() (#5462)
  • db34f5f fix(readable): ignore late consume chunks (#5375)
  • 4ea05a8 fix: reject non-ascii octets in validateCookiePath (#5452)
  • Additional commits viewable in compare view

Updates webtorrent from 2.8.5 to 3.0.16

Release notes

Sourced from webtorrent's releases.

v3.0.16

3.0.16 (2026-05-29)

Bug Fixes

v3.0.15

3.0.15 (2026-05-29)

Bug Fixes

v3.0.14

3.0.14 (2026-05-28)

Bug Fixes

v3.0.13

3.0.13 (2026-05-27)

Bug Fixes

  • deps: update dependency bittorrent-protocol to ^5.0.6 (#3061) (f64f8a0)

v3.0.12

3.0.12 (2026-05-27)

Bug Fixes

v3.0.11

3.0.11 (2026-05-27)

Bug Fixes

v3.0.10

3.0.10 (2026-05-26)

... (truncated)

Changelog

Sourced from webtorrent's changelog.

3.0.16 (2026-05-29)

Bug Fixes

3.0.15 (2026-05-29)

Bug Fixes

3.0.14 (2026-05-28)

Bug Fixes

3.0.13 (2026-05-27)

Bug Fixes

  • deps: update dependency bittorrent-protocol to ^5.0.6 (#3061) (f64f8a0)

3.0.12 (2026-05-27)

Bug Fixes

3.0.11 (2026-05-27)

Bug Fixes

3.0.10 (2026-05-26)

Bug Fixes

  • deps: update dependency torrent-piece to ^4.0.1 (#3059) (f734c27)

3.0.9 (2026-05-26)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for webtorrent since your current version.


Updates @types/node from 25.6.0 to 26.1.1

Commits

Updates @vitejs/plugin-react from 5.1.4 to 6.0.3

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@6.0.3

No release notes provided.

plugin-react@6.0.2

Allow all options in reactCompilerPreset (#1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

plugin-react@6.0.1

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

plugin-react@6.0.0

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:

 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})

For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:

 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [
</tr></table>

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.3 (2026-06-23)

6.0.2 (2026-05-14)

Allow all options in reactCompilerPreset (#1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

6.0.1 (2026-03-13)

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

6.0.0 (2026-03-12)

6.0.0-beta.0 (2026-03-03)

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:

 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})

For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:

 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
</tr></table> 

... (truncated)

Commits
  • 640fd35 release: plugin-react@6.0.3
  • 889efb0 fix(deps): update all non-major dependencies (#1249)
  • 6c57dd4 fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...
  • 3cc33a7 fix(deps): update react-related dependencies (#1245)
  • c0f7c7f docs: mention the Biome rule in the "Consistent components exports" section (...
  • cd80f0f fix(deps): update all non-major dependencies (#1241)
  • e38acca fix(deps): update all non-major dependencies (#1227)
  • 9a9bb26 perf(react): improve react compiler preset so that slightly more modules are ...
  • 6535b55 release: plugin-react@6.0.2
  • bf0e43b feat(react): whitelist debugging-options (#1189)
  • Additional commits viewable in compare view

Updates eslint from 9.39.2 to 10.7.0

Release notes

Sourced from eslint's releases.

v10.7.0

Features

  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)
  • 557fde8 feat: support computed Number.parseInt member access in radix rule (#21041) (Pixel)
  • 0b4a73b feat: add suggestions to no-compare-neg-zero (#21034) (den$)
  • 96cdd42 feat: report invalid signed numeric radix values in radix rule (#21030) (Pixel)

Bug Fixes

  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069) (Pixel)
  • 0d7d70c fix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)
  • 75ec753 fix: handle static template literals in eqeqeq rule (#21058) (Pixel)
  • b717a22 fix: prevent eqeqeq null option from reporting non-equality operators (#21057) (Pixel)
  • e35b05f fix: avoid no-invalid-regexp false positive for shadowed RegExp (#21051) (Pixel)
  • a3172b6 fix: avoid no-control-regex false positive for shadowed RegExp (#21050) (Pixel)
  • d1f637e fix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)
  • 8859baf fix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)
  • a9e5961 fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)
  • 8a240a7 fix: avoid false positives in radix rule for spread arguments (#21044) (Pixel)

Documentation

  • c30d808 docs: Update README (GitHub Actions Bot)
  • 5139800 docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)
  • 04174cb docs: Update README (GitHub Actions Bot)
  • 026e130 docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)
  • 9d42fef docs: Update README (GitHub Actions Bot)
  • b230159 docs: Update README (GitHub Actions Bot)
  • 0129972 docs: correct **/.js glob to **/*.js in config files guide (#21036) (EduardF1)

Chores

  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])
  • 81a4774 chore: updates for v9.39.5 release (Jenkins)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071) (Francesco Trotta)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067) (lumir)
  • 833ec10 chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])
  • 7ea106d chore: update ecosystem plugins (#21059) (ESLint Bot)
  • 8fb550e chore: add prettier update commit to .git-blame-ignore-revs (#21056) (lumir)
  • e4e1166 chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])
  • 0493f53 chore: update prettier to v3.9.0 (#21054) (Pixel)
  • 1056a99 chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])
  • 4d4155d ci: run ecosystem tests on pull requests (#21027) (sethamus)
  • 993539f chore: update dependency @​eslint/json to ^2.0.1 (#21042) (renovate[bot])
  • 53f8b69 test: add error locations to no-constant-binary-expression (#21039) (lumir)
  • 5ab71d5 refactor: clean up radix rule internals (#21015) (Pixel)
  • a80a9a4 chore: update ecosystem plugins (#21035) (ESLint Bot)
  • 7c9a029 ci: add Node.js 26 to CI (#20847) (lumir)

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)

... (truncated)

Commits
  • fabd99b 10.7.0
  • 37c5e75 Build: changelog update for 10.7.0
  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076)
  • 81a4774 chore: updates for v9.39.5 release
  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071)
  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032)
  • c30d808 docs: Update README
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067)
  • Additional commits viewable in compare view

Updates typescript from 5.9.3 to 7.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the major group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [puppeteer](https://github.com/puppeteer/puppeteer) | `24.42.0` | `25.3.0` |
| [undici](https://github.com/nodejs/undici) | `7.25.0` | `8.7.0` |
| [webtorrent](https://github.com/webtorrent/webtorrent) | `2.8.5` | `3.0.16` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.0` | `26.1.1` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `5.1.4` | `6.0.3` |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.7.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `7.0.2` |


Updates `puppeteer` from 24.42.0 to 25.3.0
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](puppeteer/puppeteer@puppeteer-v24.42.0...puppeteer-v25.3.0)

Updates `undici` from 7.25.0 to 8.7.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.25.0...v8.7.0)

Updates `webtorrent` from 2.8.5 to 3.0.16
- [Release notes](https://github.com/webtorrent/webtorrent/releases)
- [Changelog](https://github.com/webtorrent/webtorrent/blob/master/CHANGELOG.md)
- [Commits](webtorrent/webtorrent@v2.8.5...v3.0.16)

Updates `@types/node` from 25.6.0 to 26.1.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitejs/plugin-react` from 5.1.4 to 6.0.3
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react)

Updates `eslint` from 9.39.2 to 10.7.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v10.7.0)

Updates `typescript` from 5.9.3 to 7.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: puppeteer
  dependency-version: 25.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: undici
  dependency-version: 8.7.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: webtorrent
  dependency-version: 3.0.16
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@types/node"
  dependency-version: 26.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: eslint
  dependency-version: 10.7.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

Copy link
Copy Markdown

vu1nz Security Review

0 finding(s) in PR #?

No security issues found.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​types/​node@​26.1.11001008196100
Addedtypescript@​7.0.29410089100100
Addedwebtorrent@​3.0.1689100100100100
Addedpuppeteer@​25.3.0921009496100
Added@​vitejs/​plugin-react@​6.0.310010010093100
Addedundici@​8.7.09710010097100
Addedeslint@​10.7.09810010097100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Publisher changed: npm @typescript/typescript-aix-ppc64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-aix-ppc64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-aix-ppc64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-aix-ppc64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-aix-ppc64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-aix-ppc64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-darwin-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-darwin-arm64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-darwin-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-darwin-arm64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-darwin-arm64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-darwin-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-darwin-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-darwin-x64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-darwin-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-darwin-x64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-darwin-x64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-darwin-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-freebsd-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-freebsd-arm64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-freebsd-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-freebsd-arm64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-freebsd-arm64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-freebsd-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-freebsd-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-freebsd-x64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-freebsd-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-freebsd-x64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-freebsd-x64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-freebsd-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-arm is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-arm@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-arm@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-linux-arm under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-arm@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-arm@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-arm64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-linux-arm64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-arm64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-loong64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-loong64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-loong64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-linux-loong64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-loong64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-loong64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-mips64el is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-mips64el@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-mips64el@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-linux-mips64el under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-mips64el@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-mips64el@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-ppc64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-ppc64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-ppc64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-linux-ppc64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-ppc64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-ppc64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-riscv64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-riscv64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-riscv64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-linux-riscv64 under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-riscv64@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-riscv64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-s390x is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-s390x@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-s390x@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm @typescript/typescript-linux-s390x under unrecognized license

License: unrecognized license - This license was not allowed or given any lesser classification by the applicable policy (package/NOTICE.txt)

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-s390x@7.0.2

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-s390x@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yamlnpm/typescript@7.0.2npm/@typescript/typescript-linux-x64@7.0.2

ℹ Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 19 more rows in the dashboard

View full report

@ralyodio ralyodio closed this Jul 14, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/major-c00a61f8ff branch July 14, 2026 06:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant