chore(deps-dev): bump the dev-dependencies group across 1 directory with 13 updates by dependabot[bot] · Pull Request #59 · yasserstudio/gpc

dependabot · 2026-05-15T16:17:22Z

Bumps the dev-dependencies group with 13 updates in the / directory:

Package	From	To
@changesets/cli	`2.30.0`	`2.31.0`
@vitest/coverage-v8	`4.1.4`	`4.1.7`
esbuild	`0.27.7`	`0.28.0`
eslint	`10.2.0`	`10.4.1`
prettier	`3.8.2`	`3.8.3`
tsx	`4.21.0`	`4.22.3`
turbo	`2.9.6`	`2.9.16`
typescript	`5.9.3`	`6.0.3`
typescript-eslint	`8.58.1`	`8.60.0`
vite	`7.3.3`	`8.0.14`
vitest	`4.1.4`	`4.1.7`
@types/node	`25.6.0`	`25.9.1`
vue	`3.5.32`	`3.5.35`

Updates @changesets/cli from 2.30.0 to 2.31.0

Release notes

Sourced from @changesets/cli's releases.

@changesets/cli@2.31.0

Minor Changes

#1889 96ca062 Thanks @mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

#1873 42943b7 Thanks @mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

d2121dc Thanks @Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

#1888 036fdd4 Thanks @mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

#1903 5c4731f Thanks @Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

#1867 f61e716 Thanks @Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

@changesets/assemble-release-plan@6.0.10

@changesets/get-dependents-graph@2.1.4

@changesets/apply-release-plan@7.1.1

@changesets/get-release-plan@4.0.16

@changesets/config@3.1.4

Commits

9cce6db Version Packages (#1897)
d2121dc Fix npm auth for path-based registries during publish by preserving configure...
036fdd4 Fix several changeset version issues with workspace protocol dependencies (...
5c4731f Gracefully handle stale npm info data leading to duplicate publish attempts...
96ca062 Error on unsupported flags for individual CLI commands (#1889)
42943b7 fix(cli): respond to --help on all subcommands (#1873)
f61e716 Improved detection for published state of prerelease-only packages without ...
See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.4 to 4.1.7

Release notes

Sourced from @vitest/coverage-v8's releases.

v4.1.7

   🐞 Bug Fixes

runner: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by @hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

browser: Provide project reference in ToMatchScreenshotResolvePath - by @macarie and @sheremet-va in vitest-dev/vitest#10138 (31882)

Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options - by @hi-ogawa, Codex and @sheremet-va in vitest-dev/vitest#10196 (2847d)

browser: Simplify orchestrator otel carrier - by @hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

Stringify diff objects only once - by @sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

a09d472 chore: release v4.1.7
a8fd24c chore: release v4.1.6
e399846 chore: release v4.1.5
See full diff in compare view

Updates esbuild from 0.27.7 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0
Add support for with { type: 'text' } imports (#4435)

The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:
import string from './example.txt' with { type: 'text' }
console.log(string)
Add integrity checks to fallback download path (#4343)

Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

Update the Go compiler from 1.25.7 to 1.26.1

This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

It now uses the new garbage collector that comes with Go 1.26.

The Go compiler is now more aggressive with allocating memory on the stack.

The executable format that the Go linker uses has undergone several changes.

The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

You can read the Go 1.26 release notes for more information.

Changelog

Sourced from esbuild's changelog.

0.28.0
Add support for with { type: 'text' } imports (#4435)

The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:
import string from './example.txt' with { type: 'text' }
console.log(string)
Add integrity checks to fallback download path (#4343)

Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

Update the Go compiler from 1.25.7 to 1.26.1

This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

It now uses the new garbage collector that comes with Go 1.26.

The Go compiler is now more aggressive with allocating memory on the stack.

The executable format that the Go linker uses has undergone several changes.

The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

You can read the Go 1.26 release notes for more information.

Commits

6a794df publish 0.28.0 to npm
64ee0ea fix #4435: support with { type: text } imports
ef65aee fix sort order in snapshots_packagejson.txt
1a26a8e try to fix test-old-ts, also shuffle CI tasks
556ce6c use '' instead of null to omit build hashes
8e675a8 ci: allow missing binary hashes for tests
7067763 Reapply "update go 1.25.7 => 1.26.1"
39473a9 fix #4343: integrity check for binary download
See full diff in compare view

Updates eslint from 10.2.0 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)

d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)

f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)

c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)

27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)

305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)

49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)

9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)

c91b041 docs: Update README (GitHub Actions Bot)

e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)

f78838b test: add CodePath type coverage (#20904) (Pixel998)

1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)

002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)

64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)

6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)

b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])

a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)

b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)

507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)

92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)

df32108 chore: add @eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)

327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)

f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)

0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

v10.4.0

Features

1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)

450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)

6799431 fix: update dependency @eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])

f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)

db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)

9084664 docs: Update README (GitHub Actions Bot)

9cc7387 docs: Update README (GitHub Actions Bot)

3d7b548 docs: Update README (GitHub Actions Bot)

191ec3c docs: Update README (GitHub Actions Bot)

... (truncated)

Commits

4a3d15a 10.4.1
43e7e2b Build: changelog update for 10.4.1
e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
b0e466b test: add data property to invalid tests cases for rules (#20924)
d4ce898 fix: propagate failures from delegated commands (#20917)
f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
f78838b test: add CodePath type coverage (#20904)
61b0add docs: remove deprecated rule from related rules of max-params (#20921)
1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
002942c ci: declare contents:read on update-readme workflow (#20919)
Additional commits viewable in compare view

Updates prettier from 3.8.2 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @kovsu)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in `if()` function (#18471 by `@kovsu`)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

Commits

d7108a7 Release 3.8.3
177f908 Prevent trailing comma in SCSS if() function (#18471)
1cd4066 Release @prettier/plugin-oxc@0.1.4
a8700e2 Update oxc-parser to v0.125.0
752157c Fix tests
053fd41 Bump Prettier dependency to 3.8.2
904c636 Clean changelog_unreleased
dc1f7fc Update dependents count
See full diff in compare view

Updates tsx from 4.21.0 to 4.22.3

Release notes

Sourced from tsx's releases.

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

decode typed loader source (dce02fc)

preserve entrypoint with TypeScript preload hooks (68f72f3)

This release is also available on:

npm package (@latest dist-tag)

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

preserve CJS JSON require in ESM hooks (35b700b)

preserve named exports from CommonJS TypeScript (11de737)

support module.exports require(esm) interop (cf8f199)

This release is also available on:

npm package (@latest dist-tag)

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

resolve tsconfig path aliases containing a colon (#780) (6979f28)

This release is also available on:

npm package (@latest dist-tag)

v4.22.0

4.22.0 (2026-05-14)

Features

upgrade esbuild to 0.28 (#789) (b29f6ee)

This release is also available on:

npm package (@latest dist-tag)

... (truncated)

Commits

dce02fc fix: decode typed loader source
68f72f3 fix: preserve entrypoint with TypeScript preload hooks
69455cf test: cover package exports for ambiguous ESM reexports
35b700b fix: preserve CJS JSON require in ESM hooks
ef807db chore: update testing dependencies
3917090 test: document compatibility test taxonomy
de8113f refactor: centralize Node capability facts
c1f62db test: consolidate tsconfig path edge coverage
4e08174 test: consolidate loader hook coverage
674bb30 test: consolidate tsImport commonjs mts coverage
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates turbo from 2.9.6 to 2.9.16

Release notes

Sourced from turbo's releases.

Turborepo v2.9.16

What's Changed

Changelog

release(turborepo): 2.9.15 by @github-actions[bot] in vercel/turborepo#12955

fix: Avoid hanging PTY shutdown by @anthonyshew in vercel/turborepo#12958

fix: Retry npm tlog publish failures by @anthonyshew in vercel/turborepo#12959

release(turborepo): 2.9.16-canary.1 by @anthonyshew in vercel/turborepo#12960

fix: Preserve nested Bun dependency versions by @anthonyshew in vercel/turborepo#12963

Revert "fix: Preserve nested Bun dependency versions" by @anthonyshew in vercel/turborepo#12964

release(turborepo): 2.9.16-canary.2 by @github-actions[bot] in vercel/turborepo#12961

fix: Preserve nested Bun dependency versions by @anthonyshew in vercel/turborepo#12965

fix: Don't delete existing .git when using --no-git flag by @anthonyshew in vercel/turborepo#12968

Full Changelog: vercel/turborepo@v2.9.15...v2.9.16

Turborepo v2.9.16-canary.2

What's Changed

Changelog

release(turborepo): 2.9.15-canary.7 by @github-actions[bot] in vercel/turborepo#12935

fix: Restore a few internal invariant checks by @anthonyshew in vercel/turborepo#12933

fix: Improve profile tracing coverage by @anthonyshew in vercel/turborepo#12936

fix: Use build-scale OTel duration buckets by @anthonyshew in vercel/turborepo#12939

fix: Preserve pnpm injected peer package entries by @anthonyshew in vercel/turborepo#12940

feat: Add heap allocation profiling by @anthonyshew in vercel/turborepo#12943

release(turborepo): 2.9.15-canary.8 by @anthonyshew in vercel/turborepo#12945

docs: Correct attribute presence claims in turborepo-otel by @adityasingh2400 in vercel/turborepo#12932

chore(turbo-codemod): Remove duplicate "in" in transforms path comment by @mvanhorn in vercel/turborepo#12948

chore: Switch Geist font imports to npm geist package by @christopherkindl in vercel/turborepo#12952

fix: Respect root gitignore during prune by @anthonyshew in vercel/turborepo#12953

fix: Harden OTEL endpoint validation by @anthonyshew in vercel/turborepo#12954

release(turborepo): 2.9.15 by @github-actions[bot] in vercel/turborepo#12955

fix: Avoid hanging PTY shutdown by @anthonyshew in vercel/turborepo#12958

fix: Retry npm tlog publish failures by @anthonyshew in vercel/turborepo#12959

release(turborepo): 2.9.16-canary.1 by @anthonyshew in vercel/turborepo#12960

New Contributors

@adityasingh2400 made their first contribution in vercel/turborepo#12932

@mvanhorn made their first contribution in vercel/turborepo#12948

@christopherkindl made their first contribution in vercel/turborepo#12952

Full Changelog: vercel/turborepo@v2.9.15-canary.7...v2.9.16-canary.2

Turborepo v2.9.15

... (truncated)

Commits

5e2d466 publish 2.9.16 to registry
b4aa626 fix: Don't delete existing .git when using --no-git flag (#12968)
7952b46 fix: Preserve nested Bun dependency versions (#12965)
5e5b248 release(turborepo): 2.9.16-canary.2 (#12961)
3b1b6e9 Revert "fix: Preserve nested Bun dependency versions" (#12964)
8d4eaf8 fix: Preserve nested Bun dependency versions (#12963)
2284fa9 release(turborepo): 2.9.16-canary.1 (#12960)
5317f65 fix: Retry npm tlog publish failures (#12959)
52e81bd fix: Avoid hanging PTY shutdown (#12958)
c85d410 release(turborepo): 2.9.15 (#12955)
Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

fixed issues query for TypeScript 6.0.0 (Beta).

fixed issues query for TypeScript 6.0.1 (RC).

fixed issues query for TypeScript 6.0.2 (Stable).

fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

npm

TypeScript 6.0

For release notes, check out the release announcement blog post.

fixed issues query for TypeScript 6.0.0 (Beta).

fixed issues query for TypeScript 6.0.1 (RC).

fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

npm

Commits

050880c Bump version to 6.0.3 and LKG
eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
607a22a Bump version to 6.0.2 and LKG
9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
e175b69 Bump version to 6.0.1-rc and LKG
af4caac Update LKG
8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
Additional commits viewable in compare view

Updates typescript-eslint from 8.58.1 to 8.60.0

Release notes

Sourced from typescript-eslint's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

playground TS version selector is not working (#12326, #12325)

❤️ Thank You

Evyatar Daud @StyleShit

Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.4

8.59.4 (2026-05-18)

🩹 Fixes

eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#12294)

project-service: throw error cause in getParsedConfigFileFromTSServer (#12321)

typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

Evyatar Daud @StyleShit

Kirk Waiblinger @kirkwaiblinger

lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

8.59.3 (2026-05-11)

This was a version bump only, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

8.59.2 (2026-05-04)

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.4 (2026-05-18)

🩹 Fixes

typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

Kirk Waiblinger @kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.3 (2026-05-11)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.2 (2026-05-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.1 (2026-04-27)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our

socket-security · 2026-05-15T16:18:17Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality
esbuild@0.28.0
typescript-eslint@8.60.0
vitest@4.1.7
@vitest/coverage-v8@4.1.7
@types/node@25.9.1
tsx@4.22.3
vite@8.0.14
turbo@2.9.16
typescript@5.9.3 ⏵ 6.0.3	⁺¹	⁺¹
vue@3.5.35
prettier@3.8.3
@changesets/cli@2.31.0
eslint@10.4.1

View full report

socket-security · 2026-05-24T10:22:25Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@typescript-eslint/eslint-plugin` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/typescript-eslint@8.60.0` → `npm/@typescript-eslint/eslint-plugin@8.60.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.60.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `js-yaml` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → `npm/@changesets/cli@2.31.0` → `npm/js-yaml@4.2.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/js-yaml@4.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

…ith 13 updates Bumps the dev-dependencies group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@changesets/cli](https://github.com/changesets/changesets) | `2.30.0` | `2.31.0` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.4` | `4.1.7` | | [esbuild](https://github.com/evanw/esbuild) | `0.27.7` | `0.28.0` | | [eslint](https://github.com/eslint/eslint) | `10.2.0` | `10.4.1` | | [prettier](https://github.com/prettier/prettier) | `3.8.2` | `3.8.3` | | [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.3` | | [turbo](https://github.com/vercel/turborepo) | `2.9.6` | `2.9.16` | | [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.58.1` | `8.60.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.3` | `8.0.14` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.4` | `4.1.7` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.0` | `25.9.1` | | [vue](https://github.com/vuejs/core) | `3.5.32` | `3.5.35` | Updates `@changesets/cli` from 2.30.0 to 2.31.0 - [Release notes](https://github.com/changesets/changesets/releases) - [Commits](https://github.com/changesets/changesets/compare/@changesets/cli@2.30.0...@changesets/cli@2.31.0) Updates `@vitest/coverage-v8` from 4.1.4 to 4.1.7 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/coverage-v8) Updates `esbuild` from 0.27.7 to 0.28.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.7...v0.28.0) Updates `eslint` from 10.2.0 to 10.4.1 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.2.0...v10.4.1) Updates `prettier` from 3.8.2 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.2...3.8.3) Updates `tsx` from 4.21.0 to 4.22.3 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.21.0...v4.22.3) Updates `turbo` from 2.9.6 to 2.9.16 - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.9.6...v2.9.16) Updates `typescript` from 5.9.3 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) Updates `typescript-eslint` from 8.58.1 to 8.60.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/typescript-eslint) Updates `vite` from 7.3.3 to 8.0.14 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.14/packages/vite) Updates `vitest` from 4.1.4 to 4.1.7 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest) Updates `@types/node` from 25.6.0 to 25.9.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `vue` from 3.5.32 to 3.5.35 - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](vuejs/core@v3.5.32...v3.5.35) --- updated-dependencies: - dependency-name: "@changesets/cli" dependency-version: 2.31.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@types/node" dependency-version: 25.8.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: esbuild dependency-version: 0.28.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: eslint dependency-version: 10.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: prettier dependency-version: 3.8.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: tsx dependency-version: 4.22.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: turbo dependency-version: 2.9.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: dev-dependencies - dependency-name: typescript-eslint dependency-version: 8.59.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: vite dependency-version: 8.0.13 dependency-type: direct:development update-type: version-update:semver-major dependency-group: dev-dependencies - dependency-name: vitest dependency-version: 4.1.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: vue dependency-version: 3.5.34 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-07T12:17:16Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot requested a review from yasserstudio as a code owner May 15, 2026 16:17

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 15, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-de16d6cc80 branch from 80fb671 to 726312a Compare May 15, 2026 17:09

dependabot Bot changed the title ~~build(deps-dev): bump the dev-dependencies group across 1 directory with 13 updates~~ chore(deps-dev): bump the dev-dependencies group across 1 directory with 13 updates May 15, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-de16d6cc80 branch 7 times, most recently from d770763 to 45a34e4 Compare May 22, 2026 15:54

dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-de16d6cc80 branch from 45a34e4 to 502c592 Compare May 24, 2026 10:21

dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-de16d6cc80 branch 4 times, most recently from 0aa2984 to 23ed853 Compare May 30, 2026 09:58

dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-de16d6cc80 branch 2 times, most recently from 23fc2a2 to aa42cfc Compare June 6, 2026 15:26

dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-de16d6cc80 branch from aa42cfc to 4abbac3 Compare June 6, 2026 15:30

dependabot Bot closed this Jun 7, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-de16d6cc80 branch June 7, 2026 12:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump the dev-dependencies group across 1 directory with 13 updates#59

chore(deps-dev): bump the dev-dependencies group across 1 directory with 13 updates#59
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-de16d6cc80

dependabot Bot commented on behalf of github May 15, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 15, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented May 24, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jun 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

@​changesets/cli@​2.31.0

Minor Changes

Patch Changes

v4.1.7

🐞 Bug Fixes

View changes on GitHub

v4.1.6

🐞 Bug Fixes

🏎 Performance

View changes on GitHub

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v0.28.0

0.28.0

v10.4.1

Bug Fixes

Documentation

Chores

v10.4.0

Features

Bug Fixes

Documentation

3.8.3

3.8.3

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

v4.22.0

4.22.0 (2026-05-14)

Features

Turborepo v2.9.16

What's Changed

Changelog

Turborepo v2.9.16-canary.2

What's Changed

Changelog

New Contributors

Turborepo v2.9.15

TypeScript 6.0.3

TypeScript 6.0

TypeScript 6.0 Beta

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

🩹 Fixes

❤️ Thank You

v8.59.4

8.59.4 (2026-05-18)

🩹 Fixes

❤️ Thank You

v8.59.3

8.59.3 (2026-05-11)

v8.59.2

8.59.2 (2026-05-04)

8.60.0 (2026-05-25)

8.59.4 (2026-05-18)

🩹 Fixes

❤️ Thank You

8.59.3 (2026-05-11)

8.59.2 (2026-05-04)

8.59.1 (2026-04-27)

Uh oh!

socket-security Bot commented May 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented May 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

dependabot Bot commented on behalf of github May 15, 2026 •

edited

Loading

`@changesets/cli@2`.31.0

SCSS: Prevent trailing comma in `if()` function (#18471 by `@kovsu`)

socket-security Bot commented May 15, 2026 •

edited

Loading

socket-security Bot commented May 24, 2026 •

edited

Loading