Skip to content

chore: bump the npm-low-risk group with 8 updates #4954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

chore: bump the npm-low-risk group with 8 updates #4954

wants to merge 1 commit into from
+149 −266

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 1, 2025
edited
Loading

Bumps the npm-low-risk group with 8 updates:

Package From To
core-js 3.46.0 3.47.0
eslint 9.38.0 9.39.1
glob 10.4.5 10.5.0
globals 16.4.0 16.5.0
jsdom 27.0.1 27.2.0
lint-staged 16.2.6 16.2.7
mocha 11.7.4 11.7.5
start-server-and-test 2.1.2 2.1.3

Updates core-js from 3.46.0 to 3.47.0

Changelog

Sourced from core-js's changelog.

3.47.0 - 2025.11.18

Commits
  • c1d2c7e v3.47.0
  • 400f00e move JSON.parse source text access to stable ES
  • 2b383e9 move joint iteration to stage 3
  • 21f984c move Iterator sequencing proposal to stable ES
  • 6add4cd add explicit "sideEffects": true to core-js and core-js-bundle packages
  • 0f6c98d update eslint-plugin-unicorn
  • fe04540 fix increasing .size in URLSearchParams.prototype.append polyfill in IE8-
  • See full diff in compare view

Updates eslint from 9.38.0 to 9.39.1

Release notes

Sourced from eslint's releases.

v9.39.1

Bug Fixes

  • 650753e fix: Only pass node to JS lang visitor methods (#20283) (Nicholas C. Zakas)

Documentation

  • 51b51f4 docs: add a section on when to use extends vs cascading (#20268) (Tanuj Kanti)
  • b44d426 docs: Update README (GitHub Actions Bot)

Chores

  • 92db329 chore: update @eslint/js version to 9.39.1 (#20284) (Francesco Trotta)
  • c7ebefc chore: package.json update for @​eslint/js release (Jenkins)
  • 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275) (renovate[bot])
  • d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266) (唯然)
  • 009e507 test: fix version tests for ESLint v10 (#20274) (Milos Djermanovic)

v9.39.0

Features

  • cc57d87 feat: update error loc to key in no-dupe-class-members (#20259) (Tanuj Kanti)
  • 126552f feat: update error location in for-direction and no-dupe-args (#20258) (Tanuj Kanti)
  • 167d097 feat: update complexity rule to highlight only static block header (#20245) (jaymarvelz)

Bug Fixes

  • 15f5c7c fix: forward traversal step.args to visitors (#20253) (jaymarvelz)
  • 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167) (Nitin Kumar)
  • e86b813 fix: Use more types from @​eslint/core (#20257) (Nicholas C. Zakas)
  • 927272d fix: correct Scope typings (#20198) (jaymarvelz)
  • 37f76d9 fix: use AST.Program type for Program node (#20244) (Francesco Trotta)
  • ae07f0b fix: unify timing report for concurrent linting (#20188) (jaymarvelz)
  • b165d47 fix: correct Rule typings (#20199) (jaymarvelz)
  • fb97cda fix: improve error message for missing fix function in suggestions (#20218) (jaymarvelz)

Documentation

  • d3e81e3 docs: Always recommend to include a files property (#20158) (Percy Ma)
  • 0f0385f docs: use consistent naming recommendation (#20250) (Alex M. Spieslechner)
  • a3b1456 docs: Update README (GitHub Actions Bot)
  • cf5f2dd docs: fix correct tag of no-useless-constructor (#20255) (Tanuj Kanti)
  • 10b995c docs: add TS options and examples for nofunc in no-use-before-define (#20249) (Tanuj Kanti)
  • 2584187 docs: remove repetitive word in comment (#20242) (reddaisyy)
  • 637216b docs: update CLI flags migration instructions (#20238) (jaymarvelz)
  • e7cda3b docs: Update README (GitHub Actions Bot)
  • 7b9446f docs: handle empty flags sections on the feature flags page (#20222) (sethamus)

Chores

  • dfe3c1b chore: update @eslint/js version to 9.39.0 (#20270) (Francesco Trotta)
  • 2375a6d chore: package.json update for @​eslint/js release (Jenkins)
  • a1f4e52 chore: update @eslint dependencies (#20265) (Francesco Trotta)
  • c7d3229 chore: update dependency @​eslint/core to ^0.17.0 (#20256) (renovate[bot])
  • 27549bc chore: update fuzz testing to not error if code sample minimizer fails (#20252) (Milos Djermanovic)
  • a1370ee ci: bump actions/setup-node from 5 to 6 (#20230) (dependabot[bot])
  • 9e7fad4 chore: add script to auto-generate eslint:recommended configuration (#20208) (唯然)
Commits
  • e277281 9.39.1
  • 4cdf397 Build: changelog update for 9.39.1
  • 92db329 chore: update @eslint/js version to 9.39.1 (#20284)
  • c7ebefc chore: package.json update for @​eslint/js release
  • 650753e fix: Only pass node to JS lang visitor methods (#20283)
  • 51b51f4 docs: add a section on when to use extends vs cascading (#20268)
  • 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275)
  • d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266)
  • 009e507 test: fix version tests for ESLint v10 (#20274)
  • b44d426 docs: Update README
  • Additional commits viewable in compare view

Updates glob from 10.4.5 to 10.5.0

Commits

Updates globals from 16.4.0 to 16.5.0

Release notes

Sourced from globals's releases.

v16.5.0

  • Update globals (2025-11-01) (#316) 6d441ca
  • Add Vue, Svelte, and Astro globals (#314) ea31521

sindresorhus/globals@v16.4.0...v16.5.0

Commits

Updates jsdom from 27.0.1 to 27.2.0

Release notes

Sourced from jsdom's releases.

Version 27.2.0

  • Added CSSGroupingRule, CSSNestedDeclarations, CSSConditionRule, CSSContainerRule, CSSScopeRule, CSSSupportsRule, CSSLayerBlockRule, and CSSLayerStatementRule to jsdom Windows. (acemir)
  • Improved CSS parsing and CSSOM object APIs via updates to @acemir/cssom. (acemir)
  • Fixed @import-ed stylesheets to be properly exposed to CSSOM, and not to overwrite the sheet created from the <link> or <style> element. (acemir)

Version 27.1.0

  • Improved CSS parsing by switching to @acemir/cssom, including support for nested selectors, nested declarations, layer statements, and improved at-rule validation. (acemir)
  • Fixed some selector cache invalidation issues where changes to attributes were not being picked up. (asamuzaK)
  • Fixed package.json "engines" field to reflect the new minimum Node.js versions needed to run jsdom, as noted in the changelog for v27.0.1.
Changelog

Sourced from jsdom's changelog.

27.2.0

  • Added CSSGroupingRule, CSSNestedDeclarations, CSSConditionRule, CSSContainerRule, CSSScopeRule, CSSSupportsRule, CSSLayerBlockRule, and CSSLayerStatementRule to jsdom Windows. (acemir)
  • Improved CSS parsing and CSSOM object APIs via updates to @acemir/cssom. (acemir)
  • Fixed @import-ed stylesheets to be properly exposed to CSSOM, and not to overwrite the sheet created from the <link> or <style> element. (acemir)

27.1.0

  • Improved CSS parsing by switching to @acemir/cssom, including support for nested selectors, nested declarations, layer statements, and improved at-rule validation. (acemir)
  • Fixed some selector cache invalidation issues where changes to attributes were not being picked up. (asamuzaK)
  • Fixed package.json "engines" field to reflect the new minimum Node.js versions needed to run jsdom, as noted in the changelog for v27.0.1.
Commits
  • b0805a9 Version 27.2.0
  • 3e07e1e Update dependencies and dev dependencies
  • 931aabe Various CSSOM improvements
  • 70741da Add failing tests for border shorthand property parsing
  • b282400 Update @​acemir/cssom dependency
  • adb999a Version 27.1.0
  • 91f40c4 Update dependencies and dev dependencies
  • ebad33c Note more strict minimum version requirement
  • bd02585 Swap rweb-cssom to @​acemir/cssom
  • f15c830 Add failing test for cssText setter
  • Additional commits viewable in compare view

Updates lint-staged from 16.2.6 to 16.2.7

Release notes

Sourced from lint-staged's releases.

v16.2.7

Patch Changes

  • #1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.
Changelog

Sourced from lint-staged's changelog.

16.2.7

Patch Changes

  • #1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.
Commits
  • 0c1b000 chore(changeset): release
  • 595b202 build(deps): update dependencies
  • ef74c8d fix: do display "failed to spawn" message when task fails normally
  • 5cf2a1e style: do not autofix when running lint-staged
  • ba40012 chore: drop npx from commit-msg hook
  • d67de9a chore: fix pre-push hook usage with changeset
  • 8017d1d build(deps): update dependencies
  • 922d7f4 ci: remove dependabot integration, it's not useful
  • 6aeeef1 docs: add PR template
  • a5728b5 docs: add AGENTS.md
  • Additional commits viewable in compare view

Updates mocha from 11.7.4 to 11.7.5

Release notes

Sourced from mocha's releases.

v11.7.5

11.7.5 (2025-11-04)

🩹 Fixes

  • swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

Changelog

Sourced from mocha's changelog.

11.7.5 (2025-11-04)

🩹 Fixes

  • swallow more require errors from *ts files (#5498) (d89dbaf)

🧹 Chores

Commits

Updates start-server-and-test from 2.1.2 to 2.1.3

Release notes

Sourced from start-server-and-test's releases.

v2.1.3

2.1.3 (2025-11-19)

Bug Fixes

  • deps: update dependency wait-on to v9 (#408) (8f1942b)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the npm-low-risk group with 8 updates
4660993 
Bumps the npm-low-risk group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) | `3.46.0` | `3.47.0` |
| [eslint](https://github.com/eslint/eslint) | `9.38.0` | `9.39.1` |
| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |
| [globals](https://github.com/sindresorhus/globals) | `16.4.0` | `16.5.0` |
| [jsdom](https://github.com/jsdom/jsdom) | `27.0.1` | `27.2.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.2.6` | `16.2.7` |
| [mocha](https://github.com/mochajs/mocha) | `11.7.4` | `11.7.5` |
| [start-server-and-test](https://github.com/bahmutov/start-server-and-test) | `2.1.2` | `2.1.3` |


Updates `core-js` from 3.46.0 to 3.47.0
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.47.0/packages/core-js)

Updates `eslint` from 9.38.0 to 9.39.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.38.0...v9.39.1)

Updates `glob` from 10.4.5 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v10.4.5...v10.5.0)

Updates `globals` from 16.4.0 to 16.5.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v16.4.0...v16.5.0)

Updates `jsdom` from 27.0.1 to 27.2.0
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](jsdom/jsdom@27.0.1...27.2.0)

Updates `lint-staged` from 16.2.6 to 16.2.7
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.2.6...v16.2.7)

Updates `mocha` from 11.7.4 to 11.7.5
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/v11.7.5/CHANGELOG.md)
- [Commits](mochajs/mocha@v11.7.4...v11.7.5)

Updates `start-server-and-test` from 2.1.2 to 2.1.3
- [Release notes](https://github.com/bahmutov/start-server-and-test/releases)
- [Commits](bahmutov/start-server-and-test@v2.1.2...v2.1.3)

---
updated-dependencies:
- dependency-name: core-js
  dependency-version: 3.47.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: eslint
  dependency-version: 9.39.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: globals
  dependency-version: 16.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: jsdom
  dependency-version: 27.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-low-risk
- dependency-name: lint-staged
  dependency-version: 16.2.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: mocha
  dependency-version: 11.7.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
- dependency-name: start-server-and-test
  dependency-version: 2.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-low-risk
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 1, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 1, 2025 14:26
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant