Skip to content

build(deps-dev): bump the dev-dependencies group across 1 directory with 10 updates#105

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/dev-dependencies-710906377d
Closed

build(deps-dev): bump the dev-dependencies group across 1 directory with 10 updates#105
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/dev-dependencies-710906377d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 10 updates in the / directory:

Package From To
doctoc 2.4.1 2.5.0
globals 17.6.0 17.7.0
lint-staged 17.0.7 17.0.8
prettier 3.8.4 3.9.1
turbo 2.9.18 2.10.0
typescript-eslint 8.61.1 8.62.0
nock 14.0.15 14.0.16
@vitejs/plugin-react 6.0.2 6.0.3
postcss 8.5.15 8.5.16
vite 8.0.16 8.1.0

Updates doctoc from 2.4.1 to 2.5.0

Release notes

Sourced from doctoc's releases.

v2.5.0

What's Changed

New Contributors

Full Changelog: thlorenz/doctoc@v2.4.1...v2.5.0

Commits
  • 59dcae9 feat: Support frontmatter in docs (#344)
  • be3cacc feat: Add ability for different symbol per level (#353)
  • 9b9c1e5 feat: configurable location to insert new toc (#346)
  • 90be2f8 chore(deps-dev): bump ip-address from 10.1.0 to 10.2.0 (#355)
  • 53e5a6f feat: support header id's in header text (#347)
  • 96ca2b9 chore: refactor recursive search for markdown files (#352)
  • 9965cd0 test: Large file handling (#351)
  • e15a1c7 fix: line endings are set based on file (#339)
  • 6504050 feat: Add toc based on minLines (#345)
  • e1ba3d5 chore: Reduce explicit usage of new lines (#338)
  • Additional commits viewable in compare view

Updates globals from 17.6.0 to 17.7.0

Release notes

Sourced from globals's releases.

v17.7.0

  • Update globals (2026-06-22) (#345) 33b75f9

sindresorhus/globals@v17.6.0...v17.7.0

Commits

Updates lint-staged from 17.0.7 to 17.0.8

Release notes

Sourced from lint-staged's releases.

v17.0.8

Patch Changes

  • #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Changelog

Sourced from lint-staged's changelog.

17.0.8

Patch Changes

  • #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Commits
  • 5f3b8f2 Merge pull request #1812 from lint-staged/changeset-release/main
  • 43a9b8d chore(changeset): release
  • 630e2f6 Merge pull request #1809 from lint-staged/restore-merge-status
  • 179b437 fix: restore Git merge status after creating backup stash
  • 6bae2e2 Merge pull request #1811 from lint-staged/exec-git-ignore-stderr
  • b82a830 ci: run npm audit omitting dev, including prod dependencies
  • 0b19b80 build(deps): update dependencies
  • 3d0b2c0 fix: ignore stderr when doing Git operations
  • See full diff in compare view

Updates prettier from 3.8.4 to 3.9.1

Release notes

Sourced from prettier's releases.

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.1

diff

CLI: Fix ignored file has been cached incorrectly (#19483 by @​kovsu)

Bug details prettier/prettier#18016

3.9.0

diff

🔗 Release Notes

3.8.5

diff

Flow: Support readonly as a variance annotation (#19022 by @​marcoww6)

Flow now accepts readonly as a property variance annotation, equivalent to + (covariant/read-only).

// Input
type T = {
  readonly foo: string,
};
// Prettier 3.8.4
SyntaxError
// Prettier 3.8.5
type T = {
readonly foo: string,
};

Commits

Updates turbo from 2.9.18 to 2.10.0

Release notes

Sourced from turbo's releases.

Turborepo v2.10.0

What's Changed

create-turbo

@​turbo/codemod

eslint

@​turbo/repository

@​turbo/telemetry

Examples

Changelog

... (truncated)

Commits
  • 12fb0d9 publish 2.10.0 to registry
  • a12323b release(turborepo): 2.9.19-canary.10 (#13130)
  • 65175fe fix: Hash selected dependency outputs instead of tasks (#13129)
  • 5ba8917 fix: Improve watch graceful shutdown (#13128)
  • 75ee2cc chore: Update to Rust 1.96.0 (#12974)
  • 6dccf5a fix: Restart deferred hash consumers in watch (#13127)
  • 4ebb50f feat: Add deferred hashing for task inputs (#13125)
  • 517e1a5 docs: Fix stderr debugging guidance (#13122)
  • 0220b35 fix: Respect task inputs when stopping interruptible persistent tasks in watc...
  • 6988692 fix: Add ComSpec and PATHEXT to default Windows env passthrough (#13114)
  • Additional commits viewable in compare view

Updates typescript-eslint from 8.61.1 to 8.62.0

Release notes

Sourced from typescript-eslint's releases.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates nock from 14.0.15 to 14.0.16

Release notes

Sourced from nock's releases.

v14.0.16

14.0.16 (2026-06-26)

Bug Fixes

  • guard against AbortSignal-aborted requests in response handler (#2977) (2d68e8a), closes #2949
Commits

Updates @vitejs/plugin-react from 6.0.2 to 6.0.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.3 (2026-06-23)

Commits
  • 640fd35 release: plugin-react@6.0.3
  • 889efb0 fix(deps): update all non-major dependencies (#1249)
  • 6c57dd4 fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...
  • 3cc33a7 fix(deps): update react-related dependencies (#1245)
  • c0f7c7f docs: mention the Biome rule in the "Consistent components exports" section (...
  • cd80f0f fix(deps): update all non-major dependencies (#1241)
  • e38acca fix(deps): update all non-major dependencies (#1227)
  • 9a9bb26 perf(react): improve react compiler preset so that slightly more modules are ...
  • See full diff in compare view

Updates postcss from 8.5.15 to 8.5.16

Release notes

Sourced from postcss's releases.

8.5.16

Changelog

Sourced from postcss's changelog.

8.5.16

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for postcss since your current version.


Updates vite from 8.0.16 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

Bug Fixes

  • bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
  • cache falsy values in perEnvironmentState (#22715) (0e91e79)
  • glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
  • html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
  • optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
  • resolved build options should be kept as a getter (#22691) (3527191)
  • server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
  • use literal envPrefix queries for Vite Task (#22706) (da72733)
  • warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

8.1.0-beta.0 (2026-06-15)

Features

  • import.meta.glob support caseSensitive option (#21707) (2ad6737)
  • add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
  • build: chunk importmap (#21580) (e180312)
  • css: support lightningcss plugin dependency (#21748) (0b7aaed)
  • deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
  • html: add html.additionalAssetSources option (#21412) (a41404b)
  • integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
  • rename server.hmr options to server.ws options (#21357) (9ce3036)
  • server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
  • track dependencies when loading config with native (#22602) (a7e2da8)
  • types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
  • update rolldown to 1.1.1 (#22593) (8a13d63)
  • wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

  • apply correct fs restrictions for pnpm gvs (#22415) (092320b)
  • css: support external CSS with lightningcss (#18389) (d64a1a5)
  • deps: update all non-major dependencies (#22637) (44bb9d9)
  • deps: update all non-major dependencies (#22681) (f4f0633)
  • html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
  • optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ith 10 updates

Bumps the dev-dependencies group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [doctoc](https://github.com/thlorenz/doctoc) | `2.4.1` | `2.5.0` |
| [globals](https://github.com/sindresorhus/globals) | `17.6.0` | `17.7.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.7` | `17.0.8` |
| [prettier](https://github.com/prettier/prettier) | `3.8.4` | `3.9.1` |
| [turbo](https://github.com/vercel/turborepo) | `2.9.18` | `2.10.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.61.1` | `8.62.0` |
| [nock](https://github.com/nock/nock) | `14.0.15` | `14.0.16` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.2` | `6.0.3` |
| [postcss](https://github.com/postcss/postcss) | `8.5.15` | `8.5.16` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.0` |



Updates `doctoc` from 2.4.1 to 2.5.0
- [Release notes](https://github.com/thlorenz/doctoc/releases)
- [Commits](thlorenz/doctoc@v2.4.1...v2.5.0)

Updates `globals` from 17.6.0 to 17.7.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.6.0...v17.7.0)

Updates `lint-staged` from 17.0.7 to 17.0.8
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v17.0.7...v17.0.8)

Updates `prettier` from 3.8.4 to 3.9.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.1)

Updates `turbo` from 2.9.18 to 2.10.0
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.9.18...v2.10.0)

Updates `typescript-eslint` from 8.61.1 to 8.62.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/typescript-eslint)

Updates `nock` from 14.0.15 to 14.0.16
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](nock/nock@v14.0.15...v14.0.16)

Updates `@vitejs/plugin-react` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react)

Updates `postcss` from 8.5.15 to 8.5.16
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.15...8.5.16)

Updates `vite` from 8.0.16 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

---
updated-dependencies:
- dependency-name: doctoc
  dependency-version: 2.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: lint-staged
  dependency-version: 17.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: prettier
  dependency-version: 3.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: turbo
  dependency-version: 2.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: typescript-eslint
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: nock
  dependency-version: 14.0.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: postcss
  dependency-version: 8.5.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 28, 2026
BODMAT added a commit that referenced this pull request Jul 1, 2026
…pm overrides (#110)

* build(deps): bump dependency groups, concurrently, and actions/checkout v7

Batch the open Dependabot PRs into one commit (#101, #105, #94, #87),
holding prettier at 3.8.4 — 3.9 is days old and its parser upgrades
reformat the repo.

- prod group: google-auth-library, ioredis, mongoose, openai, stripe,
  @tanstack/react-query(+devtools), axios, framer-motion, i18next
- dev group: doctoc, globals, lint-staged, turbo, typescript-eslint,
  nock, @vitejs/plugin-react, postcss, vite
- concurrently 9 -> 10 (dev-only; ESM-only, needs Node >= 22)
- actions/checkout v6 -> v7 across all workflows: blocks pwn-request by
  default; our workflows run on pull_request (not pull_request_target),
  so no behavior impact

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(docker): patch npm-bundled undici to 6.27.0 to clear CVEs

npm bundles undici 6.26.0 even at npm@latest, which Trivy flags in the
api/web/bot images. Our own dependency tree already resolves undici to
7.28.0 (safe), so this only affects npm's bundled copy inside the image.

Mirror the existing brace-expansion patch: install undici@^6.27.0 and
copy it over npm's bundled module. Stays on the v6 line to avoid
breaking npm.

Fixes CVE-2026-12151 (HIGH), CVE-2026-9679 (MEDIUM), CVE-2026-6733 (LOW),
CVE-2026-11525 (LOW).

Co-authored-by: Makar Dzhehur <100146104+dzhhem@users.noreply.github.com>

* fix(deps): drop dead package.json pnpm.overrides, align postcss floor

The pnpm.overrides block in package.json was a stale subset already
superseded by pnpm-workspace.yaml, which pnpm v10 treats as the sole
source — package.json's copy was silently ignored (emitting a warning on
every install). Removing it changes no resolution: the workspace file
already enforces those pins plus esbuild/form-data/@types/express/etc.

Bump the workspace postcss override from ^8.5.10 to ^8.5.15 so dropping
the package.json postcss@<8.5.15 pin does not lower the security floor.

---------

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Makar Dzhehur <100146104+dzhhem@users.noreply.github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 1, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-710906377d branch July 1, 2026 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants