Skip to content

Bump the dev-dependencies group across 1 directory with 6 updates#265

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/tools/integration/dev-dependencies-cbf00219a0
Open

Bump the dev-dependencies group across 1 directory with 6 updates#265
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/tools/integration/dev-dependencies-cbf00219a0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2026

Bumps the dev-dependencies group with 6 updates in the /tools/integration directory:

Package From To
@types/node 25.0.10 25.5.2
eslint 9.39.2 10.2.0
lodash 4.17.23 4.18.1
nock 14.0.10 14.0.12
sinon 21.0.1 21.1.0
typescript 5.9.3 6.0.2

Updates @types/node from 25.0.10 to 25.5.2

Commits

Updates eslint from 9.39.2 to 10.2.0

Release notes

Sourced from eslint's releases.

v10.2.0

Features

  • 586ec2f feat: Add meta.languages support to rules (#20571) (Copilot)
  • 14207de feat: add Temporal to no-obj-calls (#20675) (Pixel998)
  • bbb2c93 feat: add Temporal to ES2026 globals (#20672) (Pixel998)

Bug Fixes

  • 542cb3e fix: update first-party dependencies (#20714) (Francesco Trotta)

Documentation

  • a2af743 docs: add language to configuration objects (#20712) (Francesco Trotta)
  • 845f23f docs: Update README (GitHub Actions Bot)
  • 5fbcf59 docs: remove sourceType from ts playground link (#20477) (Tanuj Kanti)
  • 8702a47 docs: Update README (GitHub Actions Bot)
  • ddeaded docs: Update README (GitHub Actions Bot)
  • 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic)
  • eab65c7 docs: update eslint versions in examples (#20664) (루밀LuMir)
  • 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#20660) (Milos Djermanovic)

Chores

  • 8120e30 refactor: extract no unmodified loop condition (#20679) (kuldeep kumar)
  • 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697) (renovate[bot])
  • 01ed3aa test: add unit tests for unicode utilities (#20622) (Manish chaudhary)
  • 811f493 ci: remove --legacy-peer-deps from types integration tests (#20667) (Milos Djermanovic)
  • 6b86fcf chore: update dependency npm-run-all2 to v8 (#20663) (renovate[bot])
  • 632c4f8 chore: add prettier update commit to .git-blame-ignore-revs (#20662) (루밀LuMir)
  • b0b0f21 chore: update dependency eslint-plugin-regexp to ^3.1.0 (#20659) (Milos Djermanovic)
  • 228a2dd chore: update dependency eslint-plugin-eslint-plugin to ^7.3.2 (#20661) (Milos Djermanovic)
  • 3ab4d7e test: Add tests for eslintrc-style keys (#20645) (kuldeep kumar)

v10.1.0

Features

  • ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
  • 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

  • 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
  • e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

  • b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
  • 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
  • 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
  • 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
  • e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
  • 7f10d84 docs: Update README (GitHub Actions Bot)
  • aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
  • a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

... (truncated)

Commits

Updates lodash from 4.17.23 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

  • Add security notice for _.template in threat model and API docs (#6099)
  • Document lower > upper behavior in _.random (#6115)
  • Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

Commits
  • cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
  • 75535f5 chore: prune stale advisory refs (#6170)
  • 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
  • 59be2de release(minor): bump to 4.18.0 (#6161)
  • af63457 fix: broken tests for _.template 879aaa9
  • 1073a76 fix: linting issues
  • 879aaa9 fix: validate imports keys in _.template
  • fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
  • 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
  • b819080 ci: add dist sync validation workflow (#6137)
  • Additional commits viewable in compare view

Updates nock from 14.0.10 to 14.0.12

Release notes

Sourced from nock's releases.

v14.0.12

14.0.12 (2026-04-05)

Bug Fixes

  • prevent crash when query params have conflicting dot-notation keys (#2958) (7ea9933)

v14.0.11

14.0.11 (2026-02-09)

Bug Fixes

Commits
  • 7ea9933 fix: prevent crash when query params have conflicting dot-notation keys (#2958)
  • d00d371 chore(deps): bump picomatch
  • e899c49 chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5
  • 9ad19ea chore(deps): bump qs and @​definitelytyped/dtslint
  • 657d9a1 chore(deps): bump actions/checkout from 5 to 6 (#2933)
  • db0b280 fix: upgrade semantic-release (#2943)
  • bc78af4 Add write permission for contents in CI workflow (#2942)
  • a4cb6b8 fix: restore github actions write permissions (#2941)
  • 113dcac fix: migrate to npm OIDC (#2940)
  • 025db76 fix: update @mswjs/interceptors to fix a memory leak (#2938)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nock since your current version.


Updates sinon from 21.0.1 to 21.1.0

Changelog

Sourced from sinon's changelog.

21.1.0

  • 0a5526c5 updated deps (Carl-Erik Kopseng)
  • 5262204f fix: build artifacts before running bundled tests (Carl-Erik Kopseng)
  • 819bb64b Migration to ECMAScript modules (ESM) (#2683) (Carl-Erik Kopseng)

    This allowed us to finally consume ESM-only dependencies and has broken us free from some CJS shackes. Now produce the same API surface for CJS consumers, as well, by generating ./lib

    • Modern ignores 😁
    • test: add distribution harness
    • test: verify packed cjs and esm entrypoints
    • test: lock distribution api manifest
    • test: smoke test built pkg artifacts
    • docs: require contract tests for package migration
    • test: guard esm migration regressions
    • docs: require contract gate for esm migration
    • build: generate cjs lib from esm source entries
    • refactor: port root api surface to esm
    • build: clean port of root api to esm
    • docs: include implementation plans
    • fix: align lint and smoke tests with esm migration
    • refactor: complete esm port of all core components
    • refactor: finalize esm migration with sandbox and naming fixes
    • fix: finish esm migration stabilization
    • chore: stop tracking generated lib output
    • remove plans
    • prettier
    • linting
    • fix: make distribution tests self-contained
    • fix: build before coverage test bundle
    • refactor: move simple unit tests to src
    • refactor: flatten test and coverage script chains
    • refactor: use parallel mocha for node tests
    • test: restore fake timers cleanup
    • refactor: remove node test runner script
    • remove unneccessary clutter
    • fix: make mocha watch use polling
    • simplify
    • Increase coverage
    • Fix coverage by removing duplicated tests

    These were covering the generated lib/ folder.

    • Move shared util into esm dir
    • fix package dep issues
    • Adjust coverage
    • Upgrade all dependencies

... (truncated)

Commits

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dev-dependencies group across 1 directory with 6 updates
ac12e4e 
Bumps the dev-dependencies group with 6 updates in the /tools/integration directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.10` | `25.5.2` |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `10.2.0` |
| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |
| [nock](https://github.com/nock/nock) | `14.0.10` | `14.0.12` |
| [sinon](https://github.com/sinonjs/sinon) | `21.0.1` | `21.1.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.2` |



Updates `@types/node` from 25.0.10 to 25.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.39.2 to 10.2.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v10.2.0)

Updates `lodash` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

Updates `nock` from 14.0.10 to 14.0.12
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](nock/nock@v14.0.10...v14.0.12)

Updates `sinon` from 21.0.1 to 21.1.0
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](sinonjs/sinon@v21.0.1...v21.1.0)

Updates `typescript` from 5.9.3 to 6.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.2)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: eslint
  dependency-version: 10.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: nock
  dependency-version: 14.0.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: sinon
  dependency-version: 21.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 9, 2026
@dependabot dependabot bot mentioned this pull request Apr 9, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants