Skip to content

Bump the npm-minor group across 1 directory with 5 updates#3864

Closed
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/npm-minor-a0ce2bf7d4
Closed

Bump the npm-minor group across 1 directory with 5 updates#3864
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/npm-minor-a0ce2bf7d4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Bumps the npm-minor group with 5 updates in the / directory:

Package From To
@types/node 20.19.9 20.19.39
eslint 9.39.2 9.39.4
nock 14.0.12 14.0.13
typescript 6.0.2 6.0.3
typescript-eslint 8.58.2 8.59.0

Updates @types/node from 20.19.9 to 20.19.39

Commits

Updates eslint from 9.39.2 to 9.39.4

Release notes

Sourced from eslint's releases.

v9.39.4

Bug Fixes

  • f18f6c8 fix: update dependency minimatch to ^3.1.5 (#20564) (Milos Djermanovic)
  • a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#20554) (Milos Djermanovic)
  • 234d005 fix: minimatch security vulnerability patch for v9.x (#20549) (Andrej Beles)
  • b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#20538) (루밀LuMir)

Documentation

  • 4675152 docs: add deprecation notice partial (#20520) (Milos Djermanovic)

Chores

  • b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#20596) (Francesco Trotta)
  • 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
  • 1d16c2f ci: pin Node.js 25.6.1 (#20563) (Milos Djermanovic)

v9.39.3

Bug Fixes

  • 791bf8d fix: restore TypeScript 4.0 compatibility in types (#20504) (sethamus)

Chores

  • 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#20529) (Milos Djermanovic)
  • 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
  • af498c6 chore: ignore /docs/v9.x in link checker (#20453) (Milos Djermanovic)
Commits

Updates nock from 14.0.12 to 14.0.13

Release notes

Sourced from nock's releases.

v14.0.13

14.0.13 (2026-04-20)

Bug Fixes

  • types: align Definition with runtime; add rawHeaders, drop headers (#2955) (07fbfab)
Commits
  • 07fbfab fix(types): align Definition with runtime; add rawHeaders, drop headers (#2955)
  • fe2c3ea chore(deps-dev): bump lodash-es from 4.17.23 to 4.18.1 (#2961)
  • ee49b4f chore(deps-dev): bump flatted from 3.2.5 to 3.4.2
  • 11bf183 chore(deps-dev): bump undici from 6.23.0 to 6.24.1 (#2954)
  • 6b80154 chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#2960)
  • 4cbf6cc chore(deps): bump tar and npm (#2952)
  • See full diff in compare view

Updates typescript from 6.0.2 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • See full diff in compare view

Updates typescript-eslint from 8.58.2 to 8.59.0

Release notes

Sourced from typescript-eslint's releases.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

  • eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

  • Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.59.0 (2026-04-20)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
@types/node [>= 25.a, < 26]
@types/node [>= 24.a, < 25]
@types/node [>= 22.a, < 23]
eslint [>= 10.a, < 11]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm-minor group across 1 directory with 5 updates
5a5dbc3 
Bumps the npm-minor group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.9` | `20.19.39` |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `9.39.4` |
| [nock](https://github.com/nock/nock) | `14.0.12` | `14.0.13` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.2` | `6.0.3` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.58.2` | `8.59.0` |



Updates `@types/node` from 20.19.9 to 20.19.39
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.39.2 to 9.39.4
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v9.39.4)

Updates `nock` from 14.0.12 to 14.0.13
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](nock/nock@v14.0.12...v14.0.13)

Updates `typescript` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v6.0.2...v6.0.3)

Updates `typescript-eslint` from 8.58.2 to 8.59.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 20.19.39
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: eslint
  dependency-version: 9.39.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: nock
  dependency-version: 14.0.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: typescript-eslint
  dependency-version: 8.59.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the Rebuild Re-transpile JS & re-generate workflows label Apr 30, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 30, 2026 12:55
@dependabot dependabot Bot added the Rebuild Re-transpile JS & re-generate workflows label Apr 30, 2026
@github-actions github-actions Bot added size/XS Should be very easy to review and removed Rebuild Re-transpile JS & re-generate workflows labels Apr 30, 2026
@github-actions github-actions Bot added size/S Should be easy to review and removed size/XS Should be very easy to review labels Apr 30, 2026
@henrymercer henrymercer requested a review from mbg April 30, 2026 15:09
@henrymercer henrymercer enabled auto-merge April 30, 2026 15:42
mbg
mbg reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@mbg mbg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed elsewhere, I think it would be better to honour the intent of the assertions in config-utils.test.ts and replace them with satisfies to get TS to check that the objects we specify match what we expect for a UserConfig to avoid typos causing us headaches. It's unfortunate that the test macro doesn't enforce this already (which would be a better fix) as we are likely to have the same issue in other places / it will keep coming up.

Comment thread src/feature-flags.ts
Comment on lines 387 to 388
// Narrow the type to FeatureConfig to avoid type errors. To avoid unsafe use of `as`, we
// check that the required properties exist using `satisfies`.
Copy link
Copy Markdown
Member

@mbg mbg Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this comment be changed now?

Comment thread src/config-utils.test.ts
codeScanningConfig: {
packs: ["some-custom-pack@1.0.0"],
} as UserConfig,
},
Copy link
Copy Markdown
Member

@mbg mbg May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that the intention with these type casts was to ensure that the objects satisfy the UserConfig interface and so should have been e.g. satisfies UserConfig. It's probably better for us to fix this (by changing as to satisfies) rather than removing this entirely.

Comment thread src/init-action-post-helper.test.ts
sarifID: "42",
statusReport: { raw_upload_size_bytes: 20, zipped_upload_size_bytes: 10 },
} as uploadLib.UploadResult);
});
Copy link
Copy Markdown
Member

@mbg mbg May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This correctly checks the type without as or satisfies, so removing this is OK.

Comment thread src/workflow.test.ts
},
},
} as Workflow,
},
Copy link
Copy Markdown
Member

@mbg mbg May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also fine.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 6, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 6, 2026
auto-merge was automatically disabled May 6, 2026 17:59

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-minor-a0ce2bf7d4 branch May 6, 2026 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mbg mbg mbg left review comments

Assignees

No one assigned

Labels

size/S Should be easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mbg @YANZAAN @henrymercer