Bump the npm group with 14 updates #2073

dependabot · 2025-11-04T01:23:37Z

Bumps the npm group with 14 updates:

Package	From	To
@eslint/js	`9.38.0`	`9.39.0`
@vitest/coverage-v8	`4.0.5`	`4.0.6`
eslint	`9.38.0`	`9.39.0`
vitest	`4.0.5`	`4.0.6`
@eslint/core	`0.16.0`	`0.17.0`
@vitest/expect	`4.0.5`	`4.0.6`
@vitest/mocker	`4.0.5`	`4.0.6`
@vitest/pretty-format	`4.0.5`	`4.0.6`
@vitest/runner	`4.0.5`	`4.0.6`
@vitest/snapshot	`4.0.5`	`4.0.6`
@vitest/spy	`4.0.5`	`4.0.6`
@vitest/utils	`4.0.5`	`4.0.6`
baseline-browser-mapping	`2.8.21`	`2.8.23`
caniuse-lite	`1.0.30001751`	`1.0.30001753`

Updates @eslint/js from 9.38.0 to 9.39.0

Release notes

Sourced from @eslint/js's releases.

Commits

2375a6d chore: package.json update for @eslint/js release
9e7fad4 chore: add script to auto-generate eslint:recommended configuration (#20208)
See full diff in compare view

Updates @vitest/coverage-v8 from 4.0.5 to 4.0.6

Release notes

Sourced from @vitest/coverage-v8's releases.

Commits

2e7b2b8 chore: release v4.0.6
e3b7775 fix(coverage): prevent filtering out virtual files before remapping to source...
See full diff in compare view

Updates eslint from 9.38.0 to 9.39.0

Release notes

Sourced from eslint's releases.

Commits

ac3a60d 9.39.0
e79017f Build: changelog update for 9.39.0
dfe3c1b chore: update @eslint/js version to 9.39.0 (#20270)
2375a6d chore: package.json update for @eslint/js release
d3e81e3 docs: Always recommend to include a files property (#20158)
15f5c7c fix: forward traversal step.args to visitors (#20253)
5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167)
cc57d87 feat: update error loc to key in no-dupe-class-members (#20259)
a1f4e52 chore: update @eslint dependencies (#20265)
e86b813 fix: Use more types from @eslint/core (#20257)
Additional commits viewable in compare view

Updates vitest from 4.0.5 to 4.0.6

Release notes

Sourced from vitest's releases.

Commits

2e7b2b8 chore: release v4.0.6
31706df fix: reuse the same environment when isolate and fileParallelism are fals...
10a06d8 fix(happy-dom): properly teardown additional keys (#8888)
197caf2 fix(jsdom): pass down Node.js FormData to Request (#8880)
ca041f5 fix: improve spying types (#8878)
e3b7775 fix(coverage): prevent filtering out virtual files before remapping to source...
7e6c37a fix: do not throw when importing a type from an external package (#8875)
3e19f27 fix: don't merge errors with different diffs for reporting (#8871)
See full diff in compare view

Updates @eslint/core from 0.16.0 to 0.17.0

Release notes

Sourced from @eslint/core's releases.

Changelog

Sourced from @eslint/core's changelog.

Commits

f5ecc7e chore: release main (#303)
5ccde5b feat: export additional core types (#304)
760fb02 docs: Update README sponsors
02bac50 fix: require fix in suggestion objects (#298)
6030cad docs: Update README sponsors
4334e76 docs: fix JSDoc typo (#287)
f1f341d docs: Update README sponsors
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @eslint/core since your current version.

Updates @vitest/expect from 4.0.5 to 4.0.6

Release notes

Sourced from @vitest/expect's releases.

Commits

2e7b2b8 chore: release v4.0.6
See full diff in compare view

Updates @vitest/mocker from 4.0.5 to 4.0.6

Release notes

Sourced from @vitest/mocker's releases.

Commits

2e7b2b8 chore: release v4.0.6
See full diff in compare view

Updates @vitest/pretty-format from 4.0.5 to 4.0.6

Release notes

Sourced from @vitest/pretty-format's releases.

Commits

2e7b2b8 chore: release v4.0.6
See full diff in compare view

Updates @vitest/runner from 4.0.5 to 4.0.6

Release notes

Sourced from @vitest/runner's releases.

Commits

2e7b2b8 chore: release v4.0.6
See full diff in compare view

Updates @vitest/snapshot from 4.0.5 to 4.0.6

Release notes

Sourced from @vitest/snapshot's releases.

Commits

2e7b2b8 chore: release v4.0.6
See full diff in compare view

Updates @vitest/spy from 4.0.5 to 4.0.6

Release notes

Sourced from @vitest/spy's releases.

Commits

2e7b2b8 chore: release v4.0.6
ca041f5 fix: improve spying types (#8878)
See full diff in compare view

Updates @vitest/utils from 4.0.5 to 4.0.6

Release notes

Sourced from @vitest/utils's releases.

Commits

2e7b2b8 chore: release v4.0.6
See full diff in compare view

Updates baseline-browser-mapping from 2.8.21 to 2.8.23

Commits

Bumps the npm group with 14 updates: | Package | From | To | | --- | --- | --- | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.38.0` | `9.39.0` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.0.5` | `4.0.6` | | [eslint](https://github.com/eslint/eslint) | `9.38.0` | `9.39.0` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.5` | `4.0.6` | | [@eslint/core](https://github.com/eslint/rewrite/tree/HEAD/packages/core) | `0.16.0` | `0.17.0` | | [@vitest/expect](https://github.com/vitest-dev/vitest/tree/HEAD/packages/expect) | `4.0.5` | `4.0.6` | | [@vitest/mocker](https://github.com/vitest-dev/vitest/tree/HEAD/packages/mocker) | `4.0.5` | `4.0.6` | | [@vitest/pretty-format](https://github.com/vitest-dev/vitest/tree/HEAD/packages/pretty-format) | `4.0.5` | `4.0.6` | | [@vitest/runner](https://github.com/vitest-dev/vitest/tree/HEAD/packages/runner) | `4.0.5` | `4.0.6` | | [@vitest/snapshot](https://github.com/vitest-dev/vitest/tree/HEAD/packages/snapshot) | `4.0.5` | `4.0.6` | | [@vitest/spy](https://github.com/vitest-dev/vitest/tree/HEAD/packages/spy) | `4.0.5` | `4.0.6` | | [@vitest/utils](https://github.com/vitest-dev/vitest/tree/HEAD/packages/utils) | `4.0.5` | `4.0.6` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.8.21` | `2.8.23` | | [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001751` | `1.0.30001753` | Updates `@eslint/js` from 9.38.0 to 9.39.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/commits/v9.39.0/packages/js) Updates `@vitest/coverage-v8` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/coverage-v8) Updates `eslint` from 9.38.0 to 9.39.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.38.0...v9.39.0) Updates `vitest` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/vitest) Updates `@eslint/core` from 0.16.0 to 0.17.0 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/core/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/core-v0.17.0/packages/core) Updates `@vitest/expect` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/expect) Updates `@vitest/mocker` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/mocker) Updates `@vitest/pretty-format` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/pretty-format) Updates `@vitest/runner` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/runner) Updates `@vitest/snapshot` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/snapshot) Updates `@vitest/spy` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/spy) Updates `@vitest/utils` from 4.0.5 to 4.0.6 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/utils) Updates `baseline-browser-mapping` from 2.8.21 to 2.8.23 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.8.21...v2.8.23) Updates `caniuse-lite` from 1.0.30001751 to 1.0.30001753 - [Commits](browserslist/caniuse-lite@1.0.30001751...1.0.30001753) --- updated-dependencies: - dependency-name: "@eslint/js" dependency-version: 9.39.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@vitest/coverage-v8" dependency-version: 4.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: eslint dependency-version: 9.39.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: vitest dependency-version: 4.0.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@eslint/core" dependency-version: 0.17.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@vitest/expect" dependency-version: 4.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/mocker" dependency-version: 4.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/pretty-format" dependency-version: 4.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/runner" dependency-version: 4.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/snapshot" dependency-version: 4.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/spy" dependency-version: 4.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@vitest/utils" dependency-version: 4.0.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: baseline-browser-mapping dependency-version: 2.8.23 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: caniuse-lite dependency-version: 1.0.30001753 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-11-04T01:23:50Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@eslint/js

^9.39.0

🟢 6.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 22/28 approved changesets -- score normalized to 7
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits

npm/@vitest/coverage-v8

^4.0.6

Unknown

npm/eslint

^9.39.0

🟢 6.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 22/28 approved changesets -- score normalized to 7
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits

npm/vitest

^4.0.6

Unknown

npm/@eslint/js

9.39.0

🟢 6.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 22/28 approved changesets -- score normalized to 7
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits

npm/@vitest/coverage-v8

4.0.6

Unknown

npm/@vitest/expect

4.0.6

Unknown

npm/@vitest/mocker

4.0.6

Unknown

npm/@vitest/pretty-format

4.0.6

Unknown

npm/@vitest/runner

4.0.6

Unknown

npm/@vitest/snapshot

4.0.6

Unknown

npm/@vitest/spy

4.0.6

Unknown

npm/@vitest/utils

4.0.6

Unknown

npm/baseline-browser-mapping

2.8.23

Unknown

npm/caniuse-lite

1.0.30001753

🟢 5

Details

Check	Score	Reason
Maintained	🟢 10	26 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 10	all dependencies are pinned
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/eslint

9.39.0

🟢 6.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 22/28 approved changesets -- score normalized to 7
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits

npm/vitest

4.0.6

Unknown

Scanned Files

package.json
pnpm-lock.yaml

dependabot · 2025-11-04T07:49:01Z

Looks like these dependencies are no longer updatable, so this is no longer needed.

dependabot bot assigned poad Nov 4, 2025

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 4, 2025

github-actions bot approved these changes Nov 4, 2025

View reviewed changes

github-actions bot enabled auto-merge (squash) November 4, 2025 01:23

dependabot bot closed this Nov 4, 2025

auto-merge was automatically disabled November 4, 2025 07:49
Pull request was closed

dependabot bot deleted the dependabot/npm_and_yarn/npm-1f168805c5 branch November 4, 2025 07:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm group with 14 updates #2073

Bump the npm group with 14 updates #2073

Uh oh!

dependabot bot commented on behalf of github Nov 4, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Nov 4, 2025

Uh oh!

dependabot bot commented on behalf of github Nov 4, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the npm group with 14 updates #2073

Bump the npm group with 14 updates #2073

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v9.39.0

Features

Bug Fixes

Documentation

Chores

v4.0.6

🐞 Bug Fixes

v9.39.0

Features

Bug Fixes

Documentation

Chores

v4.0.6

🐞 Bug Fixes

config-array: v0.17.0

0.17.0 (2024-06-26)

⚠ BREAKING CHANGES

Bug Fixes

core: v0.17.0

0.17.0 (2025-10-27)

Features

Bug Fixes

0.17.0 (2025-10-27)

Features

Bug Fixes

v4.0.6

🐞 Bug Fixes

v4.0.6

🐞 Bug Fixes

v4.0.6

🐞 Bug Fixes

v4.0.6

🐞 Bug Fixes

v4.0.6

🐞 Bug Fixes

v4.0.6

🐞 Bug Fixes

v4.0.6

🐞 Bug Fixes

Uh oh!

github-actions bot commented Nov 4, 2025

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

dependabot bot commented on behalf of github Nov 4, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Nov 4, 2025 •

edited

Loading