Skip to content

chore(deps-dev): bump the dev-dependencies group across 1 directory with 11 updates#236

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/dev-dependencies-d1a066b134
Open

chore(deps-dev): bump the dev-dependencies group across 1 directory with 11 updates#236
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/dev-dependencies-d1a066b134

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 20, 2026

Bumps the dev-dependencies group with 11 updates in the / directory:

Package From To
@matteoh2o1999/github-actions-jest-reporter 4.0.0 4.1.0
@stylistic/eslint-plugin 5.7.1 5.10.0
@types/node 25.2.1 25.6.0
@typescript-eslint/parser 8.54.0 8.58.2
axios 1.13.4 1.15.1
eslint 9.39.2 10.2.1
eslint-plugin-jest 29.12.2 29.15.2
jest 30.2.0 30.3.0
prettier 3.8.1 3.8.3
ts-jest 29.4.6 29.4.9
typescript 5.9.3 6.0.3

Updates @matteoh2o1999/github-actions-jest-reporter from 4.0.0 to 4.1.0

Release notes

Sourced from @​matteoh2o1999/github-actions-jest-reporter's releases.

v4.1.0

What's Changed

... (truncated)

Commits
  • f77dfb1 Bump package version
  • 0c1d5ab chore(deps-dev): bump @​types/node in the dev-dependencies group
  • 96c2478 chore(deps-dev): bump eslint-plugin-jest in the dev-dependencies group
  • 681d57e chore(deps-dev): bump the dev-dependencies group with 3 updates
  • 9562c17 chore(deps-dev): bump @​types/node in the dev-dependencies group
  • 228c032 fix(deps): bump @​actions/core from 2.0.2 to 2.0.3
  • 1cbff36 chore(deps-dev): bump globals in the dev-dependencies group
  • a1b9dc0 chore(deps-dev): bump @​typescript-eslint/parser
  • 5d85fe1 chore(deps-dev): bump the dev-dependencies group with 2 updates
  • 5243846 chore(deps-dev): bump the dev-dependencies group with 2 updates
  • Additional commits viewable in compare view

Updates @stylistic/eslint-plugin from 5.7.1 to 5.10.0

Release notes

Sourced from @​stylistic/eslint-plugin's releases.

v5.10.0

5.10.0 (2026-03-06)

Features

  • list-style: allow 'off' in overrides (#1144) (c43bd4b)
  • padding-line-between-statements: introduce lineMode for selector matcher (#1143) (1ebd6d8)

Build Related

  • deps: bump actions/download-artifact from 7 to 8 (#1153) (78ca032)
  • deps: bump actions/upload-artifact from 6 to 7 (#1154) (01f7b17)

Performance

  • no export all for @​typescript-eslint/utils (#1150) (258f9d8)

v5.9.0

5.9.0 (2026-02-19)

Features

Bug Fixes

  • comma-dangle: check tsx file correctly (#1127) (271da42)
  • comma-dangle: prevent crash when linting non-js files (#1140) (4a96eae)
  • indent: ignore when source code is not ESTree (#1139) (9e7f422)
  • no-extra-parens: don't report jsdoc type assertion by default (#1100) (cfb6296)
  • object-curly-spacing: correctly handle object patterns with type annotations (#1129) (5aaaec6)

Chores

  • lines-around-comment: improve extensibility of allow boundary checks (#1136) (18b961e)
  • no-extra-parens: simplify fixer (#1133) (3504e1f)
  • on-var-declaration-per-line: simplify fixer (#1132) (c827fde)

v5.8.0

5.8.0 (2026-02-09)

... (truncated)

Changelog

Sourced from @​stylistic/eslint-plugin's changelog.

5.10.0 (2026-03-06)

Features

  • list-style: allow 'off' in overrides (#1144) (c43bd4b)
  • padding-line-between-statements: introduce lineMode for selector matcher (#1143) (1ebd6d8)

Build Related

  • deps: bump actions/download-artifact from 7 to 8 (#1153) (78ca032)
  • deps: bump actions/upload-artifact from 6 to 7 (#1154) (01f7b17)

Performance

  • no export all for @​typescript-eslint/utils (#1150) (258f9d8)

5.9.0 (2026-02-19)

Features

Bug Fixes

  • comma-dangle: check tsx file correctly (#1127) (271da42)
  • comma-dangle: prevent crash when linting non-js files (#1140) (4a96eae)
  • indent: ignore when source code is not ESTree (#1139) (9e7f422)
  • no-extra-parens: don't report jsdoc type assertion by default (#1100) (cfb6296)
  • object-curly-spacing: correctly handle object patterns with type annotations (#1129) (5aaaec6)

Chores

  • lines-around-comment: improve extensibility of allow boundary checks (#1136) (18b961e)
  • no-extra-parens: simplify fixer (#1133) (3504e1f)
  • on-var-declaration-per-line: simplify fixer (#1132) (c827fde)

5.8.0 (2026-02-09)

Features

... (truncated)

Commits
  • efbb1bc chore: release v5.10.0 (main) (#1151)
  • 1ebd6d8 feat(padding-line-between-statements): introduce lineMode for selector matc...
  • c43bd4b feat(list-style): allow 'off' in overrides (#1144)
  • 95884fc chore: replace prettier with oxfmt (#1147)
  • 96ce1c7 chore: release v5.9.0 (main) (#1131)
  • 5d99706 feat: support ESLint 10 (#1066)
  • cfb6296 fix(no-extra-parens): don't report jsdoc type assertion by default (#1100)
  • 501e838 feat(no-trailing-spaces): support more file types (#1138)
  • 8f5cc9e feat(padding-line-between-statements): support selector-based statement match...
  • 9e7f422 fix(indent): ignore when source code is not ESTree (#1139)
  • Additional commits viewable in compare view

Updates @types/node from 25.2.1 to 25.6.0

Commits

Updates @typescript-eslint/parser from 8.54.0 to 8.58.2

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.2

8.58.2 (2026-04-13)

🩹 Fixes

  • remove tsbuildinfo cache file from published packages (#12187)
  • eslint-plugin: [no-unnecessary-condition] use assignability checks in checkTypePredicates (#12147)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

🩹 Fixes

  • eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
  • eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
  • eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.2 (2026-04-13)

🩹 Fixes

  • remove tsbuildinfo cache file from published packages (#12187)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.1 (2026-04-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

... (truncated)

Commits

Updates axios from 1.13.4 to 1.15.1

Release notes

Sourced from axios's releases.

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

  • Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
  • CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
  • Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
  • withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
  • maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
  • Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
  • Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

  • AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)
  • Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

  • FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)
  • HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)
  • Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)
  • Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)
  • buildFullPath: Uses strict equality in the base/relative URL check. (#7252)
  • AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)
  • Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)
  • Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

  • Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)
  • Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)
  • Type Refactor: Uses TypeScript utility types to deduplicate literal unions. (#7520)
  • Repo & CI: Adds CODEOWNERS, switches v1.x releases to an ephemeral release branch, and removes orphaned Bower support. (#10739, #10738, #10746)
  • Changelog Backfill: Added missing version entries to the changelog. (#10704)
  • Dependencies: Bumped follow-redirects (1.15.111.16.0) in root and docs, axios (1.14.01.15.0) in docs, and a group of 5 development dependencies. (#10717, #10716, #10684, #10709)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.15.0 — April 7, 2026

This release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.

🔒 Security Fixes

  • Header Injection (CRLF): Rejects any header value containing \r or \n characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw "Invalid character in header content". (#10660)

  • SSRF via no_proxy Bypass: Introduces a shouldBypassProxy helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating no_proxy/NO_PROXY rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (#10661)

🚀 New Features

  • Deno & Bun Runtime Support: Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (#10652)

🐛 Bug Fixes

  • Node.js v22 Compatibility: Replaced deprecated url.parse() calls with the WHATWG URL/URLSearchParams API across examples, sandbox, and tests, eliminating DEP0169 deprecation warnings on Node.js v22+. (#10625)

🔧 Maintenance & Chores

  • CI Security Hardening: Added zizmor GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived NODE_AUTH_TOKEN); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated npm-publish environment; and blocked the sponsor-block workflow from running on forks. (#10618, #10619, #10627, #10637, #10641, #10666)

  • Docs: Clarified HTTP/2 support and the unsupported httpVersion option; added documentation for header case preservation; improved the beforeRedirect example to prevent accidental credential leakage. (#10644, #10654, #10624)

  • Dependencies: Bumped picomatch, handlebars, serialize-javascript, vite (×3), denoland/setup-deno, and 4 additional dev dependencies to latest versions. (#10564, #10565, #10567, #10568, #10572, #10574, #10663, #10664, #10665, #10669, #10670)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.14.0 — March 27, 2026

This release fixes a security vulnerability in the formidable dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.

🔒 Security Fixes

  • Formidable Vulnerability: Upgraded formidable from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (#7533)

... (truncated)

Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates eslint from 9.39.2 to 10.2.1

Release notes

Sourced from eslint's releases.

v10.2.1

Bug Fixes

  • 14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)
  • 84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)
  • af764af fix: clarify language and processor validation errors (#20729) (Pixel998)
  • e251b89 fix: update eslint (#20715) (renovate[bot])

Documentation

  • ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768) (Amaresh S M)
  • 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767) (Amaresh S M)
  • c1621b9 docs: fix typos in code-path-analyzer.js (#20700) (Ayush Shukla)
  • 1418d52 docs: Update README (GitHub Actions Bot)
  • 39771e6 docs: Update README (GitHub Actions Bot)
  • 71e0469 docs: fix incomplete JSDoc param description in no-shadow rule (#20728) (kuldeep kumar)
  • 22119ce docs: clarify scope of for-direction rule with dead code examples (#20723) (Amaresh S M)
  • 8f3fb77 docs: document meta.docs.dialects (#20718) (Pixel998)

Chores

  • 7ddfea9 chore: update dependency prettier to v3.8.2 (<...

    Description has been truncated

@dependabot
chore(deps-dev): bump the dev-dependencies group across 1 directory w…
c262ff9 
…ith 11 updates

Bumps the dev-dependencies group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@matteoh2o1999/github-actions-jest-reporter](https://github.com/MatteoH2O1999/github-actions-jest-reporter) | `4.0.0` | `4.1.0` |
| [@stylistic/eslint-plugin](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin) | `5.7.1` | `5.10.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.2.1` | `25.6.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.54.0` | `8.58.2` |
| [axios](https://github.com/axios/axios) | `1.13.4` | `1.15.1` |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.2.1` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.12.2` | `29.15.2` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.3.0` |
| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.6` | `29.4.9` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |



Updates `@matteoh2o1999/github-actions-jest-reporter` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/MatteoH2O1999/github-actions-jest-reporter/releases)
- [Commits](MatteoH2O1999/github-actions-jest-reporter@v4.0.0...v4.1.0)

Updates `@stylistic/eslint-plugin` from 5.7.1 to 5.10.0
- [Release notes](https://github.com/eslint-stylistic/eslint-stylistic/releases)
- [Changelog](https://github.com/eslint-stylistic/eslint-stylistic/blob/v5.10.0/CHANGELOG.md)
- [Commits](https://github.com/eslint-stylistic/eslint-stylistic/commits/v5.10.0/packages/eslint-plugin)

Updates `@types/node` from 25.2.1 to 25.6.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/parser` from 8.54.0 to 8.58.2
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.2/packages/parser)

Updates `axios` from 1.13.4 to 1.15.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.4...v1.15.1)

Updates `eslint` from 9.39.2 to 10.2.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v10.2.1)

Updates `eslint-plugin-jest` from 29.12.2 to 29.15.2
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](jest-community/eslint-plugin-jest@v29.12.2...v29.15.2)

Updates `jest` from 30.2.0 to 30.3.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest)

Updates `prettier` from 3.8.1 to 3.8.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.1...3.8.3)

Updates `ts-jest` from 29.4.6 to 29.4.9
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.4.6...v29.4.9)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

---
updated-dependencies:
- dependency-name: "@matteoh2o1999/github-actions-jest-reporter"
  dependency-version: 4.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@stylistic/eslint-plugin"
  dependency-version: 5.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.58.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: axios
  dependency-version: 1.15.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: eslint
  dependency-version: 10.2.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: eslint-plugin-jest
  dependency-version: 29.15.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: jest
  dependency-version: 30.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: prettier
  dependency-version: 3.8.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: ts-jest
  dependency-version: 29.4.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@MatteoH2O1999 MatteoH2O1999

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MatteoH2O1999