Skip to content

build(deps-dev): Bump the eslint group across 1 directory with 5 updates#3529

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-npm_and_yarn-eslint-47b7f80a9f
Closed

build(deps-dev): Bump the eslint group across 1 directory with 5 updates#3529
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-npm_and_yarn-eslint-47b7f80a9f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the eslint group with 5 updates in the / directory:

Package From To
eslint 9.39.2 10.6.0
eslint-plugin-no-only-tests 3.3.0 3.4.0
eslint-plugin-react-hooks 7.0.1 7.1.1
eslint-plugin-security 3.0.1 4.0.1
eslint-plugin-storybook 10.2.0 10.4.6

Updates eslint from 9.39.2 to 10.6.0

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)

v10.5.0

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

... (truncated)

Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

Updates eslint-plugin-no-only-tests from 3.3.0 to 3.4.0

Release notes

Sourced from eslint-plugin-no-only-tests's releases.

v3.4.0

What's Changed

New Contributors

Full Changelog: levibuzolic/eslint-plugin-no-only-tests@v3.3.0...v3.4.0

Changelog

Sourced from eslint-plugin-no-only-tests's changelog.

v3.4.0

Added

  • Add CLI E2E coverage for both ESLint and Oxlint, including --fix verification and config-specific assertions
  • Add a package-contents check to ensure test assets are never published

Changed

  • Optimize Oxlint usage by adopting Oxlint's performance-focused createOnce entrypoint while preserving ESLint compatibility

Internal

  • Switch repository tooling from Yarn to Bun
  • Replace Biome/Prettier usage with Oxlint and Oxfmt
  • Update GitHub Actions to use Bun and a modern Node test matrix
  • Move test infrastructure into a dedicated test/ directory
  • Tighten package metadata and improve JSDoc/type coverage

v3.0.0

Added

  • Block scope matchers can accept a trailing * to optionally match blocks by prefix #35

Breaking

  • Block matchers no longer match prefixes of blocks by default, can now be configured via options #35

v2.6.0

  • Disable auto fixing by default, allow it to be optionally enabled. #26

v2.5.0

v2.4.0

  • Add support for defining 2 levels deep in blocks (ie. ava.default)

v2.3.1

  • Bump js-yaml from 3.13.0 to 3.13.1 due to security vulnerability - #11

v2.3.0

  • Allow test block names to be specified in options - #10

v2.2.0

... (truncated)

Commits
  • 2279c51 Merge pull request #62 from levibuzolic/levi/fix-github-release-action
  • e234e55 Use Publish environment for npm release
  • d304af4 Fix npm release auth
  • 435b3a2 Merge pull request #61 from levibuzolic/fix-release-script
  • 968e9d9 Switch release workflow to published events
  • a0edb1a Merge pull request #60 from levibuzolic/fix-release-script
  • 42ca3d8 Remove npm registry auth from publish workflow
  • b7051fc Merge pull request #59 from levibuzolic/fix-release-script
  • 36e23a2 Update GitHub Actions for npm trusted publishing
  • 17f7389 Fix release script
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-plugin-no-only-tests since your current version.


Updates eslint-plugin-react-hooks from 7.0.1 to 7.1.1

Release notes

Sourced from eslint-plugin-react-hooks's releases.

eslint-plugin-react-hooks@7.1.1 (April 17, 2026)

Note: 7.1.0 accidentally removed the component-hook-factories rule, causing errors for users who referenced it in their ESLint config. This is now fixed.

  • Add deprecated no-op component-hook-factories rule for backwards compatibility. (@​mofeiZ in #36307)

eslint-plugin-react-hooks@7.1.0 (April 16, 2026)

This release adds ESLint v10 support, improves performance by skipping compilation for non-React files, and includes compiler lint improvements including better set-state-in-effect detection, improved ref validation, and more helpful error reporting.

Changelog

Sourced from eslint-plugin-react-hooks's changelog.

7.1.1

Note: 7.1.0 accidentally removed the component-hook-factories rule, causing errors for users who referenced it in their ESLint config. This is now fixed.

  • Add deprecated no-op component-hook-factories rule for backwards compatibility. (@​mofeiZ in #36307)

7.1.0

This release adds ESLint v10 support, improves performance by skipping compilation for non-React files, and includes compiler lint improvements including better set-state-in-effect detection, improved ref validation, and more helpful error reporting.

Commits

Updates eslint-plugin-security from 3.0.1 to 4.0.1

Release notes

Sourced from eslint-plugin-security's releases.

eslint-plugin-security: v4.0.1

4.0.1 (2026-06-12)

Bug Fixes

  • treat import.meta.dirname and import.meta.filename as static (#200) (74c97bb)

eslint-plugin-security: v4.0.0

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
  • switch the recommended config to flat (#118)

Features

  • add config recommended-legacy (#132) (13d3f2f)
  • Add meta object documentation for all rules (#79) (fb1d9ef)
  • detect-bidi-characters rule (#95) (4294d29)
  • detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
  • extend detect non literal fs filename (#92) (08ba476)
  • improve detect-child-process rule (#108) (64ae529)
  • non-literal-require: support template literals (#81) (208019b)
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
  • switch the recommended config to flat (#118) (e20a366)

Bug Fixes

  • Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
  • add name to recommended flat config (#161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
  • Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
  • generate provenance statement for release (#168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
  • release-please config (#189) (2443d10)
Changelog

Sourced from eslint-plugin-security's changelog.

4.0.1 (2026-06-12)

Bug Fixes

  • treat import.meta.dirname and import.meta.filename as static (#200) (74c97bb)

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
  • switch the recommended config to flat (#118)

Features

  • add config recommended-legacy (#132) (13d3f2f)
  • Add meta object documentation for all rules (#79) (fb1d9ef)
  • detect-bidi-characters rule (#95) (4294d29)
  • detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
  • extend detect non literal fs filename (#92) (08ba476)
  • improve detect-child-process rule (#108) (64ae529)
  • non-literal-require: support template literals (#81) (208019b)
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
  • switch the recommended config to flat (#118) (e20a366)

Bug Fixes

  • Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
  • add name to recommended flat config (#161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
  • Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
  • generate provenance statement for release (#168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
  • release-please config (#189) (2443d10)
Commits
  • cb8645c chore: release 4.0.1 🚀 (#204)
  • 74c97bb fix: treat import.meta.dirname and import.meta.filename as static (#200)
  • 0b45f82 chore(deps-dev): bump shell-quote from 1.7.4 to 1.8.4 (#202)
  • 954149a chore(deps-dev): bump handlebars from 4.7.7 to 4.7.9 (#198)
  • d5012b6 chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 (#197)
  • b53d8b4 chore(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#196)
  • 7876750 chore(deps): bump minimatch (#194)
  • 4b734af chore: release 4.0.0 🚀 (#192)
  • 2443d10 fix: release-please config (#189)
  • ee73862 chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#187)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-plugin-security since your current version.


Updates eslint-plugin-storybook from 10.2.0 to 10.4.6

Release notes

Sourced from eslint-plugin-storybook's releases.

v10.4.6

10.4.6

v10.4.5

10.4.5

v10.4.4

10.4.4

  • Telemetry: Add timeout to event-log POST to prevent build hang - #35085, thanks @​badams!

v10.4.3

10.4.3

v10.4.2

10.4.2

v10.4.1

10.4.1

v10.4.0

10.4.0

AI-assisted setup, change-aware review, and stronger framework support

Storybook 10.4 contains hundreds of fixes and improvements including:

... (truncated)

Changelog

Sourced from eslint-plugin-storybook's changelog.

10.4.6

10.4.5

10.4.4

  • Telemetry: Add timeout to event-log POST to prevent build hang - #35085, thanks @​badams!

10.4.3

10.4.2

10.4.1

10.4.0

AI-assisted setup, change-aware review, and stronger framework support

Storybook 10.4 contains hundreds of fixes and improvements including:

  • 🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding
  • 🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes
  • 🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar
  • ⚛️ TanStack React: New @storybook/tanstack-react framework with routing and server function support
  • 🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server
  • 📱 React Native: Zero config RN project initialization
  • 🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic

... (truncated)

Commits
  • 5496a42 Bump version from "10.4.5" to "10.4.6" [skip ci]
  • 48e7b20 Bump version from "10.4.4" to "10.4.5" [skip ci]
  • 5adebe7 Bump version from "10.4.3" to "10.4.4" [skip ci]
  • 624e618 Bump version from "10.4.2" to "10.4.3" [skip ci]
  • 298dea2 Bump version from "10.4.1" to "10.4.2" [skip ci]
  • cc19ae1 Bump version from "10.4.0" to "10.4.1" [skip ci]
  • f8c16d1 Bump version from "10.4.0-beta.0" to "10.4.0" [skip ci]
  • e02da0b Bump version from "10.4.0-alpha.19" to "10.4.0-beta.0" [skip ci]
  • 429fb3e Bump version from "10.4.0-alpha.18" to "10.4.0-alpha.19" [skip ci]
  • 488dd08 Bump version from "10.4.0-alpha.17" to "10.4.0-alpha.18" [skip ci]
  • Additional commits viewable in compare view

@dependabot dependabot Bot added type: automerge PR will be merged automatically i.e., by a bot or action type: dependencies Maintaining 3rd-party dependencies labels Jul 6, 2026
@dependabot dependabot Bot changed the title build(deps-dev): Bump the eslint group with 5 updates build(deps-dev): Bump the eslint group across 1 directory with 5 updates Jul 6, 2026
@dependabot dependabot Bot force-pushed the dependabot-npm_and_yarn-eslint-47b7f80a9f branch from 46ee3f8 to 77fb2be Compare July 6, 2026 05:59
Bumps the eslint group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.6.0` |
| [eslint-plugin-no-only-tests](https://github.com/levibuzolic/eslint-plugin-no-only-tests) | `3.3.0` | `3.4.0` |
| [eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks) | `7.0.1` | `7.1.1` |
| [eslint-plugin-security](https://github.com/eslint-community/eslint-plugin-security) | `3.0.1` | `4.0.1` |
| [eslint-plugin-storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/lib/eslint-plugin) | `10.2.0` | `10.4.6` |



Updates `eslint` from 9.39.2 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v10.6.0)

Updates `eslint-plugin-no-only-tests` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/levibuzolic/eslint-plugin-no-only-tests/releases)
- [Changelog](https://github.com/levibuzolic/eslint-plugin-no-only-tests/blob/main/CHANGELOG.md)
- [Commits](levibuzolic/eslint-plugin-no-only-tests@v3.3.0...v3.4.0)

Updates `eslint-plugin-react-hooks` from 7.0.1 to 7.1.1
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/eslint-plugin-react-hooks@7.1.1/packages/eslint-plugin-react-hooks)

Updates `eslint-plugin-security` from 3.0.1 to 4.0.1
- [Release notes](https://github.com/eslint-community/eslint-plugin-security/releases)
- [Changelog](https://github.com/eslint-community/eslint-plugin-security/blob/main/CHANGELOG.md)
- [Commits](eslint-community/eslint-plugin-security@v3.0.1...eslint-plugin-security-v4.0.1)

Updates `eslint-plugin-storybook` from 10.2.0 to 10.4.6
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.4.6/code/lib/eslint-plugin)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: eslint
- dependency-name: eslint-plugin-no-only-tests
  dependency-version: 3.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint-plugin-react-hooks
  dependency-version: 7.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint-plugin-security
  dependency-version: 4.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: eslint
- dependency-name: eslint-plugin-storybook
  dependency-version: 10.4.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot-npm_and_yarn-eslint-47b7f80a9f branch from 77fb2be to 6a7ccbb Compare July 6, 2026 06:06
@brandonlenz

Copy link
Copy Markdown
Contributor

#3494

@brandonlenz brandonlenz closed this Jul 7, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot-npm_and_yarn-eslint-47b7f80a9f branch July 7, 2026 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

type: automerge PR will be merged automatically i.e., by a bot or action type: dependencies Maintaining 3rd-party dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant