Skip to content

Bump the npm-dependencies group with 5 updates #752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump the npm-dependencies group with 5 updates #752

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 22, 2025
edited
Loading

Bumps the npm-dependencies group with 5 updates:

Package From To
rollup 4.50.2 4.52.0
@cloudflare/vitest-pool-workers 0.9.2 0.9.3
@eslint/js 9.35.0 9.36.0
eslint 9.35.0 9.36.0
wrangler 4.37.1 4.38.0

Updates rollup from 4.50.2 to 4.52.0

Release notes

Sourced from rollup's releases.

v4.52.0

4.52.0

2025-09-19

Features

  • Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#6087)
  • Add support for x86_64-pc-windows-gnu platform (#6110)

Pull Requests

v4.51.0

4.51.0

2025-09-19

Features

  • Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#6108)

Bug Fixes

  • Improve OpenHarmony build to work in more situations (#6115)

Pull Requests

Changelog

Sourced from rollup's changelog.

4.52.0

2025-09-19

Features

  • Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#6087)
  • Add support for x86_64-pc-windows-gnu platform (#6110)

Pull Requests

4.51.0

2025-09-19

Features

  • Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#6108)

Bug Fixes

  • Improve OpenHarmony build to work in more situations (#6115)

Pull Requests

Commits
  • 2029f63 4.52.0
  • 039ba6b Fix release script for commits without GitHub authors
  • 98f5d35 Automatically remove REPL artefacts label from PRs (#6118)
  • 3f124ba fix: manualChunks and non manualChunks shared dependencies are merged with th...
  • a0bb78c Add support x86_64-pc-windows-gnu (#6110)
  • 1748736 4.51.0
  • e518bde chore(deps): lock file maintenance (#6117)
  • 9265955 Disable local_dynamic_tls for OpenHarmony (#6115)
  • 0b8e19d fix(deps): update rust crate swc_compiler_base to v35 (#6113)
  • b14f803 chore(deps): lock file maintenance minor/patch updates (#6116)
  • Additional commits viewable in compare view

Updates @cloudflare/vitest-pool-workers from 0.9.2 to 0.9.3

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.9.3

Patch Changes

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.9.3

Patch Changes

Commits

Updates @eslint/js from 9.35.0 to 9.36.0

Release notes

Sourced from @​eslint/js's releases.

v9.36.0

Features

  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)

Bug Fixes

  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)

Documentation

  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 91f97c5 docs: Update README (GitHub Actions Bot)

Chores

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
Changelog

Sourced from @​eslint/js's changelog.

v9.36.0 - September 19, 2025

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)
  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • 91f97c5 docs: Update README (GitHub Actions Bot)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
Commits
  • 488cba6 chore: package.json update for @​eslint/js release
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116)
  • See full diff in compare view

Updates eslint from 9.35.0 to 9.36.0

Release notes

Sourced from eslint's releases.

v9.36.0

Features

  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)

Bug Fixes

  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)

Documentation

  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 91f97c5 docs: Update README (GitHub Actions Bot)

Chores

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
Changelog

Sourced from eslint's changelog.

v9.36.0 - September 19, 2025

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)
  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • 91f97c5 docs: Update README (GitHub Actions Bot)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
Commits

Updates wrangler from 4.37.1 to 4.38.0

Release notes

Sourced from wrangler's releases.

[email protected]

Minor Changes

Patch Changes

Changelog

Sourced from wrangler's changelog.

4.38.0

Minor Changes

Patch Changes

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm-dependencies group with 5 updates
fc91997 
Bumps the npm-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [rollup](https://github.com/rollup/rollup) | `4.50.2` | `4.52.0` |
| [@cloudflare/vitest-pool-workers](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vitest-pool-workers) | `0.9.2` | `0.9.3` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.35.0` | `9.36.0` |
| [eslint](https://github.com/eslint/eslint) | `9.35.0` | `9.36.0` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.37.1` | `4.38.0` |


Updates `rollup` from 4.50.2 to 4.52.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.50.2...v4.52.0)

Updates `@cloudflare/vitest-pool-workers` from 0.9.2 to 0.9.3
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vitest-pool-workers/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/[email protected]/packages/vitest-pool-workers)

Updates `@eslint/js` from 9.35.0 to 9.36.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.36.0/packages/js)

Updates `eslint` from 9.35.0 to 9.36.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v9.35.0...v9.36.0)

Updates `wrangler` from 4.37.1 to 4.38.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/wrangler/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/[email protected]/packages/wrangler)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@cloudflare/vitest-pool-workers"
  dependency-version: 0.9.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: wrangler
  dependency-version: 4.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 22, 2025
@dependabot dependabot bot requested a review from jbampton as a code owner September 22, 2025 02:23
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 22, 2025
@github-actions github-actions bot added root and removed dependencies Pull requests that update a dependency file labels Sep 22, 2025
@deepsource-io deepsource.io
Copy link

deepsource-io bot commented Sep 22, 2025
edited
Loading

Here's the code health analysis summary for commits 4edd459..fc91997. View details on DeepSource ↗.

Analysis Summary

AnalyzerStatusSummaryLink
DeepSource Python LogoPython✅ SuccessView Check ↗
DeepSource Secrets LogoSecrets✅ SuccessView Check ↗
DeepSource Shell LogoShell✅ SuccessView Check ↗
DeepSource Docker LogoDocker✅ SuccessView Check ↗
DeepSource JavaScript LogoJavaScript✅ SuccessView Check ↗
💡 If you’re a repository administrator, you can configure the quality gates from the settings.

@socket-security Socket Security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​cloudflare/​vitest-pool-workers@​0.9.2 ⏵ 0.9.399 +110078 +1100100
Updated@​eslint/​js@​9.35.0 ⏵ 9.36.01001009196100
Updatedeslint@​9.35.0 ⏵ 9.36.097 +110010096100

View full report

@socket-security Socket Security
Copy link

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Medium
@rollup/[email protected] is an Unpopular package.

Location: Package overview

From: package-lock.jsonnpm/@rollup/[email protected]

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@rollup/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

Deploying brisbanesocialchess with  Cloudflare Pages  Cloudflare Pages

Latest commit: fc91997
Status: ✅  Deploy successful!
Preview URL: https://c0521932.brisbanesocialchess.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-npm-u22w.brisbanesocialchess.pages.dev

View logs

@michal-duszak michal-duszak added low-priority dependencies Pull requests that update a dependency file chore labels Sep 22, 2025
@michal-duszak michal-duszak added this to the September milestone Sep 22, 2025
@michal-duszak
Copy link

/gemini review

@jbampton jbampton added this to Chess Sep 22, 2025
@jbampton jbampton moved this to In Progress in Chess Sep 22, 2025
gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 22, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates five npm dependencies, including rollup, wrangler, and eslint. The changes are confined to the package-lock.json file, reflecting the updated resolved versions of these packages and their transitive dependencies. I have reviewed the release notes for the updated packages, and they consist of new features, bug fixes, and minor improvements that should not introduce any breaking changes for this project. The updates are safe to merge.

@jbampton jbampton self-assigned this Sep 23, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 24, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Sep 24, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm-dependencies-2a4c8dc5d6 branch September 24, 2025 02:23
@github-project-automation github-project-automation bot moved this from In Progress to Done in Chess Sep 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbampton jbampton Awaiting requested review from jbampton jbampton is a code owner

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@jbampton jbampton

Labels
chore dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code low-priority root
Projects
Chess
Status: Done
Milestone
September
Development

Successfully merging this pull request may close these issues.
2 participants
@michal-duszak @jbampton