build(deps-dev): bump the dependencies group across 1 directory with 8 updates

Open dependabot[bot] opened this issue 6 months ago • 2 comments

Bumps the dependencies group with 8 updates in the / directory:

Package	From	To
@types/node	`22.15.3`	`22.15.19`
@typescript-eslint/eslint-plugin	`8.31.1`	`8.32.1`
@typescript-eslint/parser	`8.31.1`	`8.32.1`
@vscode/test-web	`0.0.68`	`0.0.69`
@vscode/vsce	`3.3.2`	`3.4.1`
eslint-config-prettier	`10.1.2`	`10.1.5`
mocha	`11.1.0`	`11.4.0`
webpack	`5.99.7`	`5.99.8`

Updates @types/node from 22.15.3 to 22.15.19

Commits

See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.31.1 to 8.32.1

Release notes

Sourced from @typescript-eslint/eslint-plugin's releases.

v8.32.1

8.32.1 (2025-05-12)

🩹 Fixes

eslint-plugin: [no-unnecessary-type-conversion] shouldn't have fixable property (#11194)

eslint-plugin: [no-deprecated] support computed member access (#10867)

eslint-plugin: [consistent-indexed-object-style] adjust auto-fixer to generate valid syntax for TSMappedType with no type annotation (#11180)

eslint-plugin: [consistent-indexed-object-style] check for indirect circular types in aliased mapped types (#11177)

❤️ Thank You

Azat S. @azat-io

Dima Barabash @dbarabashh

Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.32.0

8.32.0 (2025-05-05)

🚀 Features

eslint-plugin: [no-unnecessary-type-conversion] add rule (#10182)

eslint-plugin: [only-throw-error] add option allowRethrowing (#11075)

🩹 Fixes

deps: update dependency typedoc to ^0.28.0 (1fef33521)

eslint-plugin: [no-unnecessary-type-parameters] should parenthesize type in suggestion fixer if necessary (#10907)

eslint-plugin: [unified-signatures] exempt this from optional parameter overload check (#11005)

eslint-plugin: [prefer-nullish-coalescing] fix parenthesization bug in suggestion (#11098)

typescript-estree: ensure consistent TSMappedType AST shape (#11086)

typescript-estree: correct TSImportType property name when assert (#11115)

❤️ Thank You

Andy Edwards

Dima Barabash @dbarabashh

Kirk Waiblinger @kirkwaiblinger

mdm317

overlookmotel

Sasha Kondrashov

Yukihiro Hasegawa @y-hsgw

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @typescript-eslint/eslint-plugin's changelog.

8.32.1 (2025-05-12)

🩹 Fixes

eslint-plugin: [consistent-indexed-object-style] check for indirect circular types in aliased mapped types (#11177)

eslint-plugin: [consistent-indexed-object-style] adjust auto-fixer to generate valid syntax for TSMappedType with no type annotation (#11180)

eslint-plugin: [no-deprecated] support computed member access (#10867)

eslint-plugin: [no-unnecessary-type-conversion] shouldn't have fixable property (#11194)

❤️ Thank You

Azat S. @azat-io

Dima Barabash @dbarabashh

Ronen Amiel

You can read about our versioning strategy and releases on our website.

8.32.0 (2025-05-05)

🚀 Features

eslint-plugin: [only-throw-error] add option allowRethrowing (#11075)

eslint-plugin: [no-unnecessary-type-conversion] add rule (#10182)

🩹 Fixes

eslint-plugin: [prefer-nullish-coalescing] fix parenthesization bug in suggestion (#11098)

eslint-plugin: [unified-signatures] exempt this from optional parameter overload check (#11005)

eslint-plugin: [no-unnecessary-type-parameters] should parenthesize type in suggestion fixer if necessary (#10907)

❤️ Thank You

Andy Edwards

Kirk Waiblinger @kirkwaiblinger

mdm317

Sasha Kondrashov

Yukihiro Hasegawa @y-hsgw

You can read about our versioning strategy and releases on our website.

Commits

af077a0 chore(release): publish 8.32.1
f8db925 fix(eslint-plugin): [consistent-indexed-object-style] check for indirect circ...
98c5c4c fix(eslint-plugin): [consistent-indexed-object-style] adjust auto-fixer to ge...
b2be3dc chore: simplify tsconfig setup using configDir (#11136)
523b3ea fix(eslint-plugin): [no-deprecated] support computed member access (#10867)
0d822bd docs: use T[] instead of [T, ...T[]] in rule options (#11129)
aeb7402 chore(ast-spec): finish migrating to vitest (#11126)
a89d5e3 fix(eslint-plugin): [no-unnecessary-type-conversion] shouldn't have fixable p...
7598496 chore: remove now-stub @types/marked package
0cee7ca chore(deps): update dependency ignore to v7 (#11163)
Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.31.1 to 8.32.1

Release notes

Sourced from @typescript-eslint/parser's releases.

v8.32.1

8.32.1 (2025-05-12)

🩹 Fixes

eslint-plugin: [no-unnecessary-type-conversion] shouldn't have fixable property (#11194)

eslint-plugin: [no-deprecated] support computed member access (#10867)

eslint-plugin: [consistent-indexed-object-style] adjust auto-fixer to generate valid syntax for TSMappedType with no type annotation (#11180)

eslint-plugin: [consistent-indexed-object-style] check for indirect circular types in aliased mapped types (#11177)

❤️ Thank You

Azat S. @azat-io

Dima Barabash @dbarabashh

Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.32.0

8.32.0 (2025-05-05)

🚀 Features

eslint-plugin: [no-unnecessary-type-conversion] add rule (#10182)

eslint-plugin: [only-throw-error] add option allowRethrowing (#11075)

🩹 Fixes

deps: update dependency typedoc to ^0.28.0 (1fef33521)

eslint-plugin: [no-unnecessary-type-parameters] should parenthesize type in suggestion fixer if necessary (#10907)

eslint-plugin: [unified-signatures] exempt this from optional parameter overload check (#11005)

eslint-plugin: [prefer-nullish-coalescing] fix parenthesization bug in suggestion (#11098)

typescript-estree: ensure consistent TSMappedType AST shape (#11086)

typescript-estree: correct TSImportType property name when assert (#11115)

❤️ Thank You

Andy Edwards

Dima Barabash @dbarabashh

Kirk Waiblinger @kirkwaiblinger

mdm317

overlookmotel

Sasha Kondrashov

Yukihiro Hasegawa @y-hsgw

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @typescript-eslint/parser's changelog.

8.32.1 (2025-05-12)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.32.0 (2025-05-05)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

af077a0 chore(release): publish 8.32.1
b2be3dc chore: simplify tsconfig setup using configDir (#11136)
aeb7402 chore(ast-spec): finish migrating to vitest (#11126)
819a03f chore(release): publish 8.32.0
172ab8a chore(eslint-plugin): resolve remaining issues from vitest migration (#11100)
a9c9251 chore: revert vitest related changes in tsconfig files (#11124)
See full diff in compare view

Updates @vscode/test-web from 0.0.68 to 0.0.69

Release notes

Sourced from @vscode/test-web's releases.

v0.0.69

Changes:

#159: prepare 0.0.69

#157: Bump koa from 2.16.0 to 2.16.1

This list of changes was auto generated.

Commits

9a7e1e1 prepare 0.0.69 (#159)
aee4fd2 Bump koa from 2.16.0 to 2.16.1 (#157)
See full diff in compare view

Updates @vscode/vsce from 3.3.2 to 3.4.1

Release notes

Sourced from @vscode/vsce's releases.

v3.4.1

Changes:

#1149: Fix false positives in private key scanning

#1148: Clarify unpublish command description

This list of changes was auto generated.

v3.4.1-1

Changes:

#1149: Fix false positives in private key scanning

This list of changes was auto generated.

v3.4.1-0

Changes:

#1148: Clarify unpublish command description

This list of changes was auto generated.

v3.4.0

Changes:

#1145: Allow packaging .env and secrets using command line flags

#1144: Scan for secrets and disallow .env files

#1141: Add language-model-tools tag for MCP extensions

#1138: Proper entry point validation

#1137: Add 'mcp' tag support in TagsProcessor

#1131: Remove deprecated SVG sources from TrustedSVGSources array

#1127: Improve error message for Personal Access Token verification

This list of changes was auto generated.

v3.3.3-6

Changes:

#1145: Allow packaging .env and secrets using command line flags

... (truncated)

Commits

5e2323f Merge pull request #1149 from microsoft/benibenj/latin-junglefowl
649ca03 To many false positives for private key scanning
efd9d4e Merge pull request #1148 from microsoft/benibenj/fellow-xerinae
ff17ac0 :lipstick:
5a44afc Be more clear that unpublish removes the extension
039a33a Merge pull request #1145 from microsoft/benibenj/cultural-elephant
1e78223 Allow packaging .env and secrets using command line flags
468122d Merge pull request #1144 from microsoft/benibenj/fragile-horse
d897fe5 :lipstick:
0ab8a83 Scan for secrets and do not allow .env files
Additional commits viewable in compare view

Updates eslint-config-prettier from 10.1.2 to 10.1.5

Release notes

Sourced from eslint-config-prettier's releases.

v10.1.5

Patch Changes

#332 60fef02 Thanks @JounQin! - chore: add funding field into package.json

Full Changelog: https://github.com/prettier/eslint-config-prettier/compare/v10.1.4...v10.1.5

v10.1.4

Patch Changes

#328 94b4799 Thanks @silvenon! - fix(cli): do not crash on no rules configured

Full Changelog: https://github.com/prettier/eslint-config-prettier/compare/v10.1.3...v10.1.4

v10.1.3

Patch Changes

#325 4e95a1d Thanks @pilikan! - fix: this package is commonjs, align its types correctly

New Contributors

@pilikan made their first contribution in prettier/eslint-config-prettier#325

Full Changelog: https://github.com/prettier/eslint-config-prettier/compare/v10.1.2...v10.1.3

Changelog

Sourced from eslint-config-prettier's changelog.

10.1.5

Patch Changes

#332 60fef02 Thanks @JounQin! - chore: add funding field into package.json

10.1.4

Patch Changes

#328 94b4799 Thanks @silvenon! - fix(cli): do not crash on no rules configured

10.1.3

Patch Changes

#325 4e95a1d Thanks @pilikan! - fix: this package is commonjs, align its types correctly

Commits

4c94893 chore: release eslint-config-prettier (#333)
60fef02 chore: add funding field into package.json (#332)
f55501f chore: release eslint-config-prettier (#329)
50a8a22 chore(deps): update all dependencies (#330)
94b4799 fix(cli): do not crash on no rules configured (#328)
cdc4a5c chore: release eslint-config-prettier (#326)
4e95a1d fix: this package is commonjs, align its types correctly (#325)
See full diff in compare view

Updates mocha from 11.1.0 to 11.4.0

Release notes

Sourced from mocha's releases.

v11.4.0

11.4.0 (2025-05-19)

🌟 Features

bump diff from ^5.2.0 to ^7.0.0 (#5348) (554d6bb)

📚 Documentation

added CHANGELOG.md note around 11.1 yargs-parser update (#5362) (618415d)

v11.3.0

11.3.0 (2025-05-16)

🌟 Features

add option to use posix exit code upon fatal signal (#4989) (91bbf85)

📚 Documentation

Deploy new site alongside old one (#5360) (6c96545)

mention explicit browser support range (#5354) (c514c0b)

update Node.js version requirements for 11.x (#5329) (abf3dd9)

🧹 Chores

remove prerelease setting in release-please config (#5363) (8878f22)

v11.2.2

11.2.2 (2025-04-10)

🩹 Fixes

deps: update chokidar to v4 (#5256) (8af0f1a)

📚 Documentation

add ClientRedirects.astro (#5324) (b88d441)

add example/tests.html to docs-next (#5325) (6ec5762)

v11.2.1

11.2.1 (2025-04-10)

... (truncated)

Changelog

Sourced from mocha's changelog.

11.4.0 (2025-05-19)

🌟 Features

bump diff from ^5.2.0 to ^7.0.0 (#5348) (554d6bb)

📚 Documentation

added CHANGELOG.md note around 11.1 yargs-parser update (#5362) (618415d)

11.3.0 (2025-05-16)

🌟 Features

add option to use posix exit code upon fatal signal (#4989) (91bbf85)

📚 Documentation

Deploy new site alongside old one (#5360) (6c96545)

mention explicit browser support range (#5354) (c514c0b)

update Node.js version requirements for 11.x (#5329) (abf3dd9)

🧹 Chores

remove prerelease setting in release-please config (#5363) (8878f22)

11.2.2 (2025-04-10)

🩹 Fixes

deps: update chokidar to v4 (#5256) (8af0f1a)

📚 Documentation

add ClientRedirects.astro (#5324) (b88d441)

add example/tests.html to docs-next (#5325) (6ec5762)

11.2.1 (2025-04-10)

🩹 Fixes

switch from ansi-colors to picocolors (#5323) (7c08d09)

... (truncated)

Commits

5730dfc chore(main): release 11.4.0 (#5368)
618415d docs: added CHANGELOG.md note around 11.1 yargs-parser update (#5362)
554d6bb fix: bump diff from ^5.2.0 to ^7.0.0 (#5348)
fffe569 chore(main): release 11.3.0 (#5338)
91bbf85 feat: add option to use posix exit code upon fatal signal (#4989)
6c96545 docs: Deploy new site alongside old one (#5360)
8878f22 chore: remove prerelease setting in release-please config (#5363)
c514c0b docs: mention explicit browser support range (#5354)
abf3dd9 docs: update Node.js version requirements for 11.x (#5329)
5cf2b09 chore(main): release 11.2.2 (#5327)
Additional commits viewable in compare view

Updates webpack from 5.99.7 to 5.99.8

Release notes

Sourced from webpack's releases.

v5.99.8

Fixes

Fixed type error with latest @types/node

Fixed typescript types

Commits

a9cbd85 chore(release): 5.99.8
5cc6615 fix: type error with latest @types/node (#19501)
0f42dc5 docs: update examples (#19490)
ebeace3 chore(deps-dev): bump less-loader (#19488)
3f36f91 chore: update comments (#19487)
bc25829 fix: a lot of types (#19486)
ea3ba3d build: refactor scripts and categorizing them
45f0e49 chore: add more benchmark cases (#19481)
56dd6ca chore(deps-dev): bump core-js in the dependencies group (#19482)
5d8f2c9 ci: using codspeed for benchmarks (#19476)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

May 19 '25 19:05 dependabot[bot]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
@typescript-eslint/parser@8.31.1 ⏵ 8.32.1
@typescript-eslint/eslint-plugin@8.31.1 ⏵ 8.32.1	⁺¹	⁺¹
@types/node@22.15.3 ⏵ 22.15.19	⁺¹	⁺¹	⁺¹
eslint-config-prettier@10.1.2 ⏵ 10.1.5	⁺¹
mocha@11.1.0 ⏵ 11.4.0	⁺²	⁺¹	⁺²
@vscode/test-web@0.0.68 ⏵ 0.0.69			⁺⁵
webpack@5.99.7 ⏵ 5.99.8
@vscode/vsce@3.3.2 ⏵ 3.4.1		⁺¹	⁺¹

View full report

May 19 '25 19:05 socket-security[bot]

[!WARNING] Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		`@azu/[email protected]` has a License Policy Violation. License: WTFPL (npm metadata) License: WTFPL (package/LICENSE) License: WTFPL (package/package.json) From: package-lock.json → `npm/@vscode/[email protected]` → `npm/@azu/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@azu/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: CC-BY-4.0 (package/ThirdPartyNotices.txt) From: package-lock.json → `npm/@vscode/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`[email protected]` has a License Policy Violation. License: CC-BY-3.0 (npm metadata) License: CC-BY-3.0 (package/package.json) From: package-lock.json → `npm/@vscode/[email protected]` → `npm/[email protected]` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

May 19 '25 19:05 socket-security[bot]

Looks like these dependencies are updatable in another way, so this is no longer needed.

Jun 23 '25 19:06 dependabot[bot]