Bump the npm-development group across 1 directory with 12 updates

[dependabot]

Bumps the npm-development group with 12 updates in the / directory:

Package	From	To
@rollup/plugin-commonjs	29.0.2	29.0.3
@types/node	25.5.0	25.9.1
@typescript-eslint/eslint-plugin	8.57.1	8.60.1
eslint	10.0.3	10.4.1
eslint-plugin-jest	29.15.0	29.15.2
eslint-plugin-prettier	5.5.5	5.5.6
globals	17.4.0	17.6.0
jest	30.3.0	30.4.2
js-yaml	4.1.1	4.2.0
prettier	3.8.1	3.8.3
rollup	4.59.0	4.61.0
ts-jest	29.4.6	29.4.11

Updates @rollup/plugin-commonjs from 29.0.2 to 29.0.3

Changelog

Sourced from @​rollup/plugin-commonjs's changelog.

v29.0.3

2026-05-29

Bugfixes

• commonjs: make #1868 es5-compatible (#1981)

Commits

• 1e4025b chore(release): commonjs v29.0.3
• 08a5b17 fix(commonjs): make #1868 es5-compatible (#1981)
• 5800bf3 chore(repo): test migration to vitest. phase 4 (#1978)
• See full diff in compare view

Updates @types/node from 25.5.0 to 25.9.1

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.57.1 to 8.60.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.4

8.59.4 (2026-05-18)

🩹 Fixes

• eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#12294)
• project-service: throw error cause in getParsedConfigFileFromTSServer (#12321)
• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Kirk Waiblinger @​kirkwaiblinger

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)
• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.0 (2026-05-25)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.4 (2026-05-18)

🩹 Fixes

• eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#12294)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.3 (2026-05-11)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.2 (2026-05-04)

🩹 Fixes

... (truncated)

Commits

• 4f84a69 chore(release): publish 8.60.1
• 598af56 docs(eslint-plugin): clarify no-redeclare type-value collision not covered by...
• 1849b53 chore: typecheck using tsgo (#12139)
• 5341d59 chore: fix lint issues (#12369)
• f525814 fix(eslint-plugin): [no-shadow] correct rule to match ESLint v10 handling (#1...
• 2df540c chore(eslint-plugin): defer type checks to improve rules performance (#12296)
• 1ab4284 fix(eslint-plugin): respect ECMAScript line terminators in ts-comment rules (...
• 2f49df5 docs: update references to @stylistic/eslint-plugin rules in documentation ...
• f891c29 chore(release): publish 8.60.0
• ca6ca14 chore(release): publish 8.59.4
• Additional commits viewable in compare view

Updates eslint from 10.0.3 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

... (truncated)

Commits

• 4a3d15a 10.4.1
• 43e7e2b Build: changelog update for 10.4.1
• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
• b0e466b test: add data property to invalid tests cases for rules (#20924)
• d4ce898 fix: propagate failures from delegated commands (#20917)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
• f78838b test: add CodePath type coverage (#20904)
• 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
• 002942c ci: declare contents:read on update-readme workflow (#20919)
• Additional commits viewable in compare view

Updates eslint-plugin-jest from 29.15.0 to 29.15.2

Release notes

Sourced from eslint-plugin-jest's releases.

v29.15.2

29.15.2 (2026-04-09)

Bug Fixes

• valid-mock-module-path: don't report virtual mocks (#1946) (a1916d1)

v29.15.1

29.15.1 (2026-03-24)

Bug Fixes

• allow TypeScript@7 in peer dependency (#1949) (0498c1e)

Changelog

Sourced from eslint-plugin-jest's changelog.

29.15.2 (2026-04-09)

Bug Fixes

• valid-mock-module-path: don't report virtual mocks (#1946) (a1916d1)

29.15.1 (2026-03-24)

Bug Fixes

• allow TypeScript@7 in peer dependency (#1949) (0498c1e)

Commits

• f14a941 chore(release): 29.15.2 [skip ci]
• a1916d1 fix(valid-mock-module-path): don't report virtual mocks (#1946)
• 4a52787 chore(deps): lock file maintenance (#1958)
• 285c6f6 ci: don't run smoketest on tannerlinsley/react-table (#1959)
• 1da0928 chore(deps): lock file maintenance (#1956)
• 8532d0e docs(valid-expect): use valid alert syntax (#1954)
• 03405ae chore(deps): update dependency @​schemastore/package to v1 (#1942)
• de0e154 chore(deps): update codecov/codecov-action action to v6 (#1952)
• d50f50c chore: add node v25 to CI (#1950)
• d5192df chore(release): 29.15.1 [skip ci]
• Additional commits viewable in compare view

Updates eslint-plugin-prettier from 5.5.5 to 5.5.6

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.6

Patch Changes

• #791 b5c96a3 Thanks @​JounQin! - chore: bump all (dev)Dependencies

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.6

Patch Changes

• #791 b5c96a3 Thanks @​JounQin! - chore: bump all (dev)Dependencies

Commits

• 4f33ea5 chore: release eslint-plugin-prettier (#792)
• 4745b54 ci: declare workflow-level contents: read on 2 workflows (#790)
• b5c96a3 chore: bump all (dev)Dependencies (#791)
• e867680 chore(deps): update all dependencies (#766)
• e8e2f7f chore: testing eslint v10 (#779)
• ca076d9 chore: update dev dependencies (#780)
• 42e6369 build(deps): Bump the actions group with 2 updates (#778)
• 53ff214 Remove empty NPM_TOKEN from release.yml
• See full diff in compare view

Updates globals from 17.4.0 to 17.6.0

Release notes

Sourced from globals's releases.

v17.6.0

• Update globals (2026-05-01) (#343) 00a4dd9

---

sindresorhus/globals@v17.5.0...v17.6.0

v17.5.0

• Update globals (2026-04-12) (#342) 5d84602

---

sindresorhus/globals@v17.4.0...v17.5.0

Commits

• 6b15870 17.6.0
• 00a4dd9 Update globals (2026-05-01) (#343)
• b8170c8 17.5.0
• 5d84602 Update globals (2026-04-12) (#342)
• 1b727e5 Fix build script for ES globals (#341)
• See full diff in compare view

Updates jest from 30.3.0 to 30.4.2

Release notes

Sourced from jest's releases.

v30.4.2

Fixes

• [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#16150)

Full Changelog: jestjs/jest@v30.4.1...v30.4.2

v30.4.1

Features

• [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

• [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

Full Changelog: jestjs/jest@v30.4.0...v30.4.1

v30.4.0

Big release! 😀

Main feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work require(esm) module is now supported on Node 24.9+ (still requires --experimental-vm-modules like before).

In addition we now support fake timers for the recently released Temporal API in Node v26.

React 19 is also supported properly in pretty-format, meaning snapshots of React components now work like they should.

Due to all the changes, there might be regressions that snuck in. Please report them!

Full list of changes below

Features

• [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
• [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
• [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
• [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
• [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#16133)
• [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#16128)
• [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#16128)
• [@jest/fake-timers] Support faking Temporal.Now.* (#16131)
• [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#16088)
• [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#16064)
• [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)
• [jest-runtime] Support require() of ES modules on Node v24.9+ (#16074)
• [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)
• [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#16062)
• [jest-util] Add isError helper (#16076)

... (truncated)

Changelog

Sourced from jest's changelog.

30.4.2

Fixes

• [jest-runtime] Fix named imports from CJS modules whose module.exports is a function with own-property exports (#16150)

30.4.1

Features

• [jest-config, jest-core, jest-runner, jest-schemas, jest-types] Allow custom runner configuration options via tuple format ['runner-path', {options}] (#16141)

Fixes

• [jest-runtime] Align CJS-from-ESM default export with Node: module.exports is always the ESM default, __esModule unwrapping is no longer applied (#16143)

30.4.0

Features

• [babel-jest] Support collecting coverage from .mts, .cts (and other) files (#15994)
• [jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types] Add --collect-tests flag to discover and list tests without executing them (#16006)
• [jest-config, jest-runner, jest-worker] Add workerGracefulExitTimeout config option to control how long workers are given to exit before being force-killed (#15984)
• [jest-config] Add support for jest.config.mts as a valid configuration file (#16005)
• [jest-config, jest-core, jest-reporters, jest-runner] verbose and silent can now be set per-project; the project-level value overrides the global value for that project's tests (#16133)
• [@jest/fake-timers] Accept Temporal.Duration in jest.advanceTimersByTime() and jest.advanceTimersByTimeAsync() (#16128)
• [@jest/fake-timers] Accept Temporal.Instant and Temporal.ZonedDateTime in jest.setSystemTime() and useFakeTimers({now}) (#16128)
• [@jest/fake-timers] Support faking Temporal.Now.* (#16131)
• [jest-mock] Add clearMocksOnScope(scope) on ModuleMocker for clearing every mock function exposed on a scope object (#16088)
• [jest-resolve] Add canResolveSync() on Resolver so callers can detect when a user-configured resolver only exports an async hook (#16064)
• [jest-runtime] Use synchronous evaluate() for ES modules without top-level await on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (#16062)
• [jest-runtime] Support require() of ES modules on Node v24.9+ (#16074)
• [jest-runtime] Validate TC39 import attributes (with { type: 'json' }) on ESM imports (#16127)
• [@jest/transform] Add canTransformSync(filename) on ScriptTransformer so callers can pick the sync vs async transform path (#16062)
• [jest-util] Add isError helper (#16076)
• [pretty-format] Support React 19 (#16123)

Fixes

• [expect-utils] Fix toStrictEqual failing on structuredClone results due to cross-realm constructor mismatch (#15959)
• [@jest/expect-utils] Prevent toMatchObject/subset matching from throwing when encountering exotic iterables (#15952)
• [fake-timers] Convert Date to milliseconds before passing to @sinonjs/fake-timers (#16029)
• [jest] Export GlobalConfig and ProjectConfig TypeScript types (#16132)
• [jest-circus] Prevent crash when asyncError is undefined for non-Error throws (#16003)
• [jest-circus, jest-jasmine2] Include Error.cause in JSON failureMessages output (#15967)
• [jest-config] Fix preset path resolution on Windows when the preset uses subpath exports (#15961)
• [jest-config] Allow collectCoverage and coverageProvider in project config without a validation warning (#16132)
• [jest-config] Project config validator now emits "is not supported in an individual project configuration" instead of "probably a typing mistake" for known global-only options (#16132)
• [jest-environment-node] Fix --localstorage-file warning on Node 25+ (#16086)
• [jest-reporters] Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (#16137)

... (truncated)

Commits

• 746f2a0 v30.4.2
• b3b4a09 v30.4.1
• 5cbb21e v30.4.0
• db7141a fix: allow collectCoverage and coverageProvider in project config (#16132)
• See full diff in compare view

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280.
• Ensure numbers survive round-trip, #737.
• Fix test coverage for issue #221.
• Fix flow scalar trailing whitespace folding, #307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

Commits

• See full diff in compare view

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates rollup from 4.59.0 to 4.61.0

Release notes

Sourced from rollup's releases.

v4.61.0

4.61.0

2026-06-01

Features

• Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

• #6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@​lukastaegert)
• #6378: fix(deps): update minor/patch updates (@​renovate[bot])
• #6379: chore(deps): update dependency lint-staged to v17 (@​renovate[bot], @​lukastaegert)
• #6380: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6381: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6382: chore(deps): update dependency @​types/node to ^20.19.41 (@​renovate[bot])
• #6386: fix(deps): update minor/patch updates (@​renovate[bot])
• #6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@​renovate[bot])
• #6388: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6389: chore(deps): lock file maintenance (@​renovate[bot])
• #6391: Sort entry modules to make chunk hash names deterministic (@​TrickyPi)
• #6394: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6395: chore(deps): update react monorepo to v19 (@​renovate[bot], @​lukastaegert)
• #6396: fix(deps): update rust crate swc_compiler_base to v57 (@​renovate[bot], @​lukastaegert)
• #6397: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6400: docs: fix broken links (@​jiyujie2006)

v4.60.4

4.60.4

2026-05-14

Bug Fixes

• Improve stability of chunk hashes (#6362)

Pull Requests

• #6362: fix: stabilize chunk assignment across parallel file reads (@​sonukapoor, @​Sonu Kapoor, @​TrickyPi, @​lukastaegert)
• #6370: fix(deps): update minor/patch updates (@​renovate[bot])
• #6371: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6372: chore(deps): update react monorepo to v19 (major) (@​renovate[bot])
• #6373: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6375: Resolve vulnerabilities (@​lukastaegert)

v4.60.2

4.60.2

2026-04-18

... (truncated)

Changelog

Sourced from rollup's changelog.

4.61.0

2026-06-01

Features

• Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

• #6376: Eliminate AWS credential exposure on fork PRs in REPL artefact workflow (@​lukastaegert)
• #6378: fix(deps): update minor/patch updates (@​renovate[bot])
• #6379: chore(deps): update dependency lint-staged to v17 (@​renovate[bot], @​lukastaegert)
• #6380: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6381: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)
• #6382: chore(deps): update dependency @​types/node to ^20.19.41 (@​renovate[bot])
• #6386: fix(deps): update minor/patch updates (@​renovate[bot])
• #6387: chore(deps): update aws-actions/configure-aws-credentials action to v6 (@​renovate[bot])
• #6388: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6389: chore(deps): lock file maintenance (@​renovate[bot])
• #6391: Sort entry modules to make chunk hash names deterministic (@​TrickyPi)
• #6394: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
<...

Description has been truncated

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	5		0	0	0.05s
❌ ACTION	zizmor	5		1	0	0.38s
✅ JSON	jsonlint	23		0	0	0.32s
✅ JSON	npm-package-json-lint	yes		no	no	0.7s
✅ JSON	prettier	23		0	0	1.75s
✅ JSON	v8r	23		0	0	12.66s
✅ MARKDOWN	markdownlint	1		0	0	0.64s
✅ REPOSITORY	checkov	yes		no	no	23.6s
✅ REPOSITORY	gitleaks	yes		no	no	0.48s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	56.3s
❌ REPOSITORY	osv-scanner	yes		13	no	2.0s
✅ REPOSITORY	secretlint	yes		no	no	1.13s
✅ REPOSITORY	syft	yes		no	no	2.87s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.8s
✅ REPOSITORY	trufflehog	yes		no	no	12.97s
✅ TYPESCRIPT	eslint	8		0	0	6.03s
✅ TYPESCRIPT	prettier	8		0	0	0.98s
✅ YAML	prettier	19		0	0	0.75s
✅ YAML	v8r	19		0	0	10.0s
✅ YAML	yamllint	19		0	0	0.84s

Detailed Issues

❌ REPOSITORY / osv-scanner - 13 errors

Scanning dir .
Starting filesystem walk for root: /
Scanned package-lock.json file and found 530 packages
End status: 46 dirs visited, 168 inodes visited, 1 Extract calls, 24.578484ms elapsed, 24.578674ms wall time

Total 8 packages affected by 13 known vulnerabilities (0 Critical, 6 High, 7 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
13 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+-----------------------+---------+---------------+-------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE               | VERSION | FIXED VERSION | SOURCE            |
+-------------------------------------+------+-----------+-----------------------+---------+---------------+-------------------+
| https://osv.dev/GHSA-f886-m6hf-6m8v | 6.5  | npm       | brace-expansion (dev) | 1.1.12  | 1.1.13        | package-lock.json |
| https://osv.dev/GHSA-f886-m6hf-6m8v | 6.5  | npm       | brace-expansion (dev) | 2.0.2   | 2.0.3         | package-lock.json |
| https://osv.dev/GHSA-f886-m6hf-6m8v | 6.5  | npm       | brace-expansion (dev) | 5.0.4   | 5.0.5         | package-lock.json |
| https://osv.dev/GHSA-jxxr-4gwj-5jf2 | 6.5  | npm       | brace-expansion (dev) | 5.0.4   | 5.0.6         | package-lock.json |
| https://osv.dev/GHSA-f23m-r3pf-42rh | 6.5  | npm       | lodash (dev)          | 4.17.23 | 4.18.0        | package-lock.json |
| https://osv.dev/GHSA-r5fr-rjxr-66jc | 8.1  | npm       | lodash (dev)          | 4.17.23 | 4.18.0        | package-lock.json |
| https://osv.dev/GHSA-23c5-xmqv-rm74 | 7.5  | npm       | minimatch (dev)       | 9.0.3   | 9.0.7         | package-lock.json |
| https://osv.dev/GHSA-3ppc-4f35-3m26 | 8.7  | npm       | minimatch (dev)       | 9.0.3   | 9.0.6         | package-lock.json |
| https://osv.dev/GHSA-7r86-cg39-jmmj | 7.5  | npm       | minimatch (dev)       | 9.0.3   | 9.0.7         | package-lock.json |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)       | 2.3.1   | 2.3.2         | package-lock.json |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)       | 2.3.1   | 2.3.2         | package-lock.json |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 7.5  | npm       | uuid (dev)            | 8.3.2   | 11.1.1        | package-lock.json |
| https://osv.dev/GHSA-48c2-rrv3-qjmp | 4.3  | npm       | yaml                  | 2.8.2   | 2.8.3         | package-lock.json |
+-------------------------------------+------+-----------+-----------------------+---------+---------------+-------------------+

❌ ACTION / zizmor - 1 error

INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/check-dist.yml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ZizmorLinter] Zizmor failed to reach the GitHub API.
To allow zizmor to use GITHUB_TOKEN, add the following to your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,TYPESCRIPT_ES,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository