Skip to content

Bump the npm-development group across 1 directory with 11 updates#25

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-development-02612c57db
Open

Bump the npm-development group across 1 directory with 11 updates#25
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-development-02612c57db

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 12, 2026

Bumps the npm-development group with 8 updates in the / directory:

Package From To
@rollup/plugin-commonjs 29.0.0 29.0.2
@typescript-eslint/eslint-plugin 8.53.1 8.58.1
@vitest/coverage-v8 4.0.18 4.1.4
markdownlint-cli 0.47.0 0.48.0
prettier 3.8.1 3.8.2
rollup 4.56.0 4.60.1
textlint 15.5.1 15.5.4
typedoc 0.28.16 0.28.19

Updates @rollup/plugin-commonjs from 29.0.0 to 29.0.2

Changelog

Sourced from @​rollup/plugin-commonjs's changelog.

v29.0.2

2026-03-06

Bugfixes

  • commonjs: conditional exports (#1952)

v29.0.1

2026-03-05

Bugfixes

  • commonjs: correctly replaces shorthand "global" property in object (#1957)
Commits
  • 2de0d62 chore(release): commonjs v29.0.2
  • ab65325 fix(commonjs): conditional exports (#1952)
  • 7d22981 chore(repo): add rollup-plugin keyword in package.json (#1955)
  • a79ae55 chore(release): commonjs v29.0.1
  • bb41cfd chore(release): commonjs v29.0.1
  • 14ae186 fix(commonjs): correctly replaces shorthand "global" property in object (#1957)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​rollup/plugin-commonjs since your current version.


Updates @typescript-eslint/eslint-plugin from 8.53.1 to 8.58.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

🩹 Fixes

  • eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
  • eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
  • eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
  • eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
  • eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.58.1 (2026-04-08)

🩹 Fixes

  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

🩹 Fixes

  • eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)
  • eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
  • eslint-plugin: crash in no-unnecessary-type-arguments (#12163)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

🩹 Fixes

  • eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#11954)
  • eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#12127)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
  • eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
  • eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
  • eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)

❤️ Thank You

... (truncated)

Commits
  • 5311ed3 chore(release): publish 8.58.1
  • c3f8ed5 fix(eslint-plugin): [no-unused-vars] fix false negative for type predicate pa...
  • e372a66 Revert: feat(eslint-plugin): [no-unnecessary-type-arguments] report inferred ...
  • 4933417 chore(release): publish 8.58.0
  • 5a9bd36 fix(eslint-plugin): [prefer-regexp-exec] avoid fixing unknown RegExp flags (#...
  • edb90eb fix(eslint-plugin): [no-extraneous-class] handle index signatures (#12142)
  • 8cde2d0 feat: support TypeScript 6 (#12124)
  • 1bf86c9 fix(eslint-plugin): crash in no-unnecessary-type-arguments (#12163)
  • e9cc25a docs(eslint-plugin): fix typo (#12155)
  • be4d54d chore(release): publish 8.57.2
  • Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.53.1 to 8.58.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

🩹 Fixes

  • eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
  • eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
  • eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
  • eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
  • eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.1 (2026-04-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

... (truncated)

Commits

Updates @vitest/coverage-v8 from 4.0.18 to 4.1.4

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits

Updates @vitest/ui from 4.0.18 to 4.1.4

Release notes

Sourced from @​vitest/ui's releases.

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits

Updates markdownlint-cli from 0.47.0 to 0.48.0

Release notes

Sourced from markdownlint-cli's releases.

v0.48.0

  • Update all dependencies via Dependabot
Commits
  • e72a3ca Bump version 0.48.0
  • 02c6132 Delete and recreate package-lock.json via "npm install".
  • 800b47c Bump ava from 6.4.1 to 7.0.0
  • e6eb97c Bump minimatch
  • 61da922 Bump tar from 7.5.7 to 7.5.9
  • 3731696 Bump minimatch from 10.2.0 to 10.2.2
  • d60f5af Bump minimatch from 10.1.2 to 10.2.0
  • 587b174 Bump markdown-it from 14.1.0 to 14.1.1
  • c3bfec9 Bump minimatch from 10.1.1 to 10.1.2
  • 1fba958 Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1
  • Additional commits viewable in compare view

Updates prettier from 3.8.1 to 3.8.2

Release notes

Sourced from prettier's releases.

3.8.2

  • Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.1 -->
@​let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.2 -->
@​let fn = (a) => (a ? 1 : 2);
{{ fn(a instanceof b) }}

Commits

Updates rollup from 4.56.0 to 4.60.1

Release notes

Sourced from rollup's releases.

v4.60.1

4.60.1

2026-03-30

Bug Fixes

  • Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

v4.60.0

4.60.0

2026-03-22

Features

  • Support source phase imports as long as they are external (#6279)

Pull Requests

v4.59.1

4.59.1

2026-03-21

Bug Fixes

  • Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.1

2026-03-30

Bug Fixes

  • Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

4.60.0

2026-03-22

Features

  • Support source phase imports as long as they are external (#6279)

Pull Requests

4.59.1

2026-03-21

Bug Fixes

  • Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

... (truncated)

Commits
  • ae871d7 4.60.1
  • 51f8f60 fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274)...
  • ca55406 chore(deps): pin dependency typescript to v5 (#6320)
  • fe50d86 chore(deps): pin dependencies (#6317)
  • 42785ff chore(deps): update minor/patch updates (#6319)
  • 65e82a9 chore(deps): update msys2/setup-msys2 digest to cafece8 (#6318)

@dependabot
Bump the npm-development group across 1 directory with 11 updates
b8899dc 
Bumps the npm-development group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) | `29.0.0` | `29.0.2` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.53.1` | `8.58.1` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.0.18` | `4.1.4` |
| [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | `0.47.0` | `0.48.0` |
| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.2` |
| [rollup](https://github.com/rollup/rollup) | `4.56.0` | `4.60.1` |
| [textlint](https://github.com/textlint/textlint) | `15.5.1` | `15.5.4` |
| [typedoc](https://github.com/TypeStrong/TypeDoc) | `0.28.16` | `0.28.19` |



Updates `@rollup/plugin-commonjs` from 29.0.0 to 29.0.2
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v29.0.2/packages/commonjs)

Updates `@typescript-eslint/eslint-plugin` from 8.53.1 to 8.58.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.53.1 to 8.58.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.1/packages/parser)

Updates `@vitest/coverage-v8` from 4.0.18 to 4.1.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/coverage-v8)

Updates `@vitest/ui` from 4.0.18 to 4.1.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/ui)

Updates `markdownlint-cli` from 0.47.0 to 0.48.0
- [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases)
- [Commits](igorshubovych/markdownlint-cli@v0.47.0...v0.48.0)

Updates `prettier` from 3.8.1 to 3.8.2
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.1...3.8.2)

Updates `rollup` from 4.56.0 to 4.60.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.56.0...v4.60.1)

Updates `textlint` from 15.5.1 to 15.5.4
- [Release notes](https://github.com/textlint/textlint/releases)
- [Commits](textlint/textlint@v15.5.1...v15.5.4)

Updates `typedoc` from 0.28.16 to 0.28.19
- [Release notes](https://github.com/TypeStrong/TypeDoc/releases)
- [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md)
- [Commits](TypeStrong/typedoc@v0.28.16...v0.28.19)

Updates `vitest` from 4.0.18 to 4.1.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/vitest)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-commonjs"
  dependency-version: 29.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.58.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.58.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@vitest/ui"
  dependency-version: 4.1.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: markdownlint-cli
  dependency-version: 0.48.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: prettier
  dependency-version: 3.8.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: rollup
  dependency-version: 4.60.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: textlint
  dependency-version: 15.5.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typedoc
  dependency-version: 0.28.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: vitest
  dependency-version: 4.1.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 12, 2026
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 12, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​rollup/​rollup-linux-x64-gnu@​4.56.0 ⏵ 4.60.11001004197100
Updated@​typescript-eslint/​parser@​8.53.1 ⏵ 8.58.1100 +110071 +198100
Updated@​vitest/​ui@​4.0.18 ⏵ 4.1.49910075 -699 +1100
Updatedtextlint@​15.5.1 ⏵ 15.5.499 +11007696 +2100
Updatedvitest@​4.0.18 ⏵ 4.1.49610079 +199100
Updated@​vitest/​coverage-v8@​4.0.18 ⏵ 4.1.49910079 +1199100
Updated@​typescript-eslint/​eslint-plugin@​8.53.1 ⏵ 8.58.19910080 +198100
Updatedmarkdownlint-cli@​0.47.0 ⏵ 0.48.09910010087 +3100
Updatedrollup@​4.56.0 ⏵ 4.60.188100 +1610098100
Updatedprettier@​3.8.1 ⏵ 3.8.29010097 +195100
Updated@​rollup/​plugin-commonjs@​29.0.0 ⏵ 29.0.297 +110010091100
Updatedtypedoc@​0.28.16 ⏵ 0.28.19100 +11009795 +1100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 12, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm vite is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: package-lock.jsonnpm/vitest@4.1.4npm/vite@8.0.8

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@8.0.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants