Skip to content

chore(deps-dev): bump the development-dependencies group across 1 directory with 9 updates#773

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/development-dependencies-cfe641fb22
Open

chore(deps-dev): bump the development-dependencies group across 1 directory with 9 updates#773
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/development-dependencies-cfe641fb22

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-dependencies group with 9 updates in the / directory:

Package From To
@changesets/changelog-github 0.6.0 0.7.0
@changesets/cli 2.30.0 2.31.0
@stylistic/stylelint-plugin 5.1.0 5.2.1
@types/node 25.5.2 26.1.0
eslint-plugin-jsdoc 62.9.0 63.0.10
pkg-ok 3.0.0 4.0.0
stylelint 17.6.0 17.14.0
undici 8.0.2 8.5.0
vite 8.0.16 8.1.3

Updates @changesets/changelog-github from 0.6.0 to 0.7.0

Release notes

Sourced from @​changesets/changelog-github's releases.

@​changesets/changelog-github@​0.7.0

Minor Changes

Commits

Updates @changesets/cli from 2.30.0 to 2.31.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.31.0

Minor Changes

  • #1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

  • #1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

  • d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

  • #1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

  • #1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

  • #1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

  • Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

    • @​changesets/assemble-release-plan@​6.0.10
    • @​changesets/get-dependents-graph@​2.1.4
    • @​changesets/apply-release-plan@​7.1.1
    • @​changesets/get-release-plan@​4.0.16
    • @​changesets/config@​3.1.4
Commits
  • 9cce6db Version Packages (#1897)
  • d2121dc Fix npm auth for path-based registries during publish by preserving configure...
  • 036fdd4 Fix several changeset version issues with workspace protocol dependencies (...
  • 5c4731f Gracefully handle stale npm info data leading to duplicate publish attempts...
  • 96ca062 Error on unsupported flags for individual CLI commands (#1889)
  • 42943b7 fix(cli): respond to --help on all subcommands (#1873)
  • f61e716 Improved detection for published state of prerelease-only packages without ...
  • See full diff in compare view

Updates @stylistic/stylelint-plugin from 5.1.0 to 5.2.1

Release notes

Sourced from @​stylistic/stylelint-plugin's releases.

Release v5.2.1

Fixed

  • The protocol in the repository's metadata URL now meets current requirements (#79) (@​BowenMilner).

Release v5.2.0

Added

  • The declaration-block-semicolon-newline-before rule is now autofixable.

Fixed

  • An exception for an empty custom property value has been added to the declaration-block-semicolon-newline-before and declaration-colon-space-after rules: the --custom-prop: ; and --custom-prop:; variants are now considered valid (see #50).
Changelog

Sourced from @​stylistic/stylelint-plugin's changelog.

[5.2.1] — 2026–07–01

Fixed

  • The protocol in the repository's metadata URL now meets current requirements (#79) (@​BowenMilner).

[5.2.0] — 2026–05–20

Added

  • The declaration-block-semicolon-newline-before rule is now autofixable.

Fixed

  • An exception for an empty custom property value has been added to the declaration-block-semicolon-newline-before and declaration-colon-space-after rules: the --custom-prop: ; and --custom-prop:; variants are now considered valid (see #50).
Commits
  • a8d1898 5.2.1
  • fea986e Fix repository metadata URL (#79)
  • 19b1128 5.2.0
  • 555c336 Add Makefile
  • 6734a82 Add more colors to GitHub CI
  • 21caa34 Upgrade pnpm to 11 version
  • b57ac70 Add integration test for empty custom property
  • c9de629 Add an exception to declaration-colon-space-after related to an empty custo...
  • b77b3ca Make declaration-block-semicolon-newline-before rule autofixable
  • 71b2694 Add an exception to declaration-block-semicolon-newline-before related to a...
  • Additional commits viewable in compare view

Updates @types/node from 25.5.2 to 26.1.0

Commits

Updates eslint-plugin-jsdoc from 62.9.0 to 63.0.10

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v63.0.10

63.0.10 (2026-06-27)

Bug Fixes

  • escape-inline-tags: allow scoped packages in declaration references (#1705) (70e0a11)

v63.0.9

63.0.9 (2026-06-26)

Bug Fixes

  • check-template-names, require-template, valid-types: keep commas inside @template default values (0980b71)

v63.0.8

63.0.8 (2026-06-25)

Bug Fixes

  • check-template-names: detect template usage in @augments/@extends/@implements types (208079f)

v63.0.7

63.0.7 (2026-06-21)

Bug Fixes

  • no-undefined-types: predefine Iterable/Iterator types; fixes #1712 (804a13d)

v63.0.6

63.0.6 (2026-06-17)

Bug Fixes

  • iterateAllJsdocs free comments after each file (ebe0d08)

v63.0.5

63.0.5 (2026-06-17)

Bug Fixes

  • no-undefined-types: check descendant scopes for variables; fixes #1704 (a50f71f)

v63.0.4

63.0.4 (2026-06-16)

... (truncated)

Commits
  • 70e0a11 fix(escape-inline-tags): allow scoped packages in declaration references (#1705)
  • ba37859 refactor(valid-types): drop obsolete raw-value workaround for @​template names
  • 5a07314 test: cover parseClosureTemplateTag comma splitting
  • 0980b71 fix(check-template-names, require-template, valid-types): keep commas i...
  • 208079f fix(check-template-names): detect template usage in @augments/@extends/...
  • 804a13d fix(no-undefined-types): predefine Iterable/Iterator types; fixes #1712
  • ebe0d08 fix: iterateAllJsdocs free comments after each file
  • a50f71f fix(no-undefined-types): check descendant scopes for variables; fixes #1704
  • b993425 fix: ensure tsModule check can catch multiple modules
  • d8f4738 fix(no-undefined-types): treat TS module vars as defined; fixes #1701
  • Additional commits viewable in compare view

Updates pkg-ok from 3.0.0 to 4.0.0

Changelog

Sourced from pkg-ok's changelog.

4.0.0

  • Require Node 20, 22, or 24
Commits
  • c4bf4e9 Merge pull request #173 from abraham/copilot/remove-husky-package
  • b5b9ad6 chore: remove husky and pre-commit hook
  • 8ed0ae6 Merge pull request #171 from abraham/abraham-patch-1
  • 65a7813 Initial plan
  • 4ad7c3e npm run format
  • 0ecc782 Add GitHub Actions workflow to publish package
  • 41718cd Merge pull request #170 from abraham/abraham-patch-1
  • cae00cb Bump version from 3.0.0 to 4.0.0
  • b24240c Revise Node.js support in CHANGELOG
  • e420bf1 Merge pull request #168 from abraham/copilot/update-meow-to-v14
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for pkg-ok since your current version.


Updates stylelint from 17.6.0 to 17.14.0

Release notes

Sourced from stylelint's releases.

17.14.0

It fixes 3 bugs, including a false negative one.

  • Fixed: performance of getting module paths (#9354) (@​jeddy3).
  • Fixed: performance by dynamically importing TIMING only on use (#9356) (@​jeddy3).
  • Fixed: function-calc-no-unspaced-operator false negatives for unspaced + and - operators following a * or / operator (#9357) (@​sarathfrancis90).

17.13.0

It fixes 3 bugs, including a false negative one.

  • Fixed: declaration-block-no-duplicate-properties false negatives for interleaved non-consecutive duplicates with ignore: ["consecutive-duplicates(-*)"] (#9324) (@​sarathfrancis90).
  • Fixed: selector-max-type false positives for nested selectors (#9319) (@​romainmenke).
  • Fixed: selector-type-no-unknown false positives for install (#9308) (@​Mouvedia).

17.12.0

It fixes 3 bugs, including a false negative one.

  • Fixed: block-no-empty reported range when using comments (#9294) (@​romainmenke).
  • Fixed: declaration-property-value-no-unknown false negatives for custom properties defined in reference files (#9292) (@​romainmenke).
  • Fixed: value-keyword-layout-mappings false positives for caption-side (#9293) (@​romainmenke).

17.11.1

It fixes 2 bugs.

  • Fixed: node_modules ignore for codeFilename paths containing a dot-prefixed directory (#9282) (@​tuhtah).
  • Fixed: declaration-block-no-redundant-longhand-properties range for contiguous redundant longhand properties (#9273) (@​pamelalozano16).

17.11.0

It adds 2 features, including a loader property to referenceFiles: {} for when the order of appearance in the reference styles matters.

17.10.0

It adds 3 rules and fixes 4 bugs. You can use the *-layout-mappings rules to enforce logical or physical properties, units and keywords.

  • Added: selector-no-invalid rule (#9232) (@​jeddy3).
  • Added: unit-layout-mappings rule (#9229) (@​jeddy3).
  • Added: value-keyword-layout-mappings rule (#9233) (@​jeddy3).
  • Fixed: inconsistent error messages when module is not found (#9260) (@​ybiquitous).
  • Fixed: property-layout-mappings false negatives for property names in declaration values (#9222) (@​jeddy3).
  • Fixed: property-layout-mappings false positives for @page properties (#9223) (@​jeddy3).
  • Fixed: selector-pseudo-class-no-unknown false positives for nested webkit-scrollbar part (#9259) (@​rkdfx).

17.9.1

It fixes 4 bugs. We also documented the messageArgs each rule provides to the message configuration property.

  • Fixed: ConfigurationError regression for custom syntaxes (#9245) (@​jeddy3).
  • Fixed: MD5 hash algorithm to SHA256 for caching (#9241) (@​rkdfx).
  • Fixed: property-no-deprecated autofix for page-break-*: always (#9214) (@​rkdfx).

... (truncated)

Changelog

Sourced from stylelint's changelog.

17.14.0 - 2026-06-25

It fixes 3 bugs, including a false negative one.

  • Fixed: performance of getting module paths (#9354) (@​jeddy3).
  • Fixed: performance by dynamically importing TIMING only on use (#9356) (@​jeddy3).
  • Fixed: function-calc-no-unspaced-operator false negatives for unspaced + and - operators following a * or / operator (#9357) (@​sarathfrancis90).

17.13.0 - 2026-06-06

It fixes 3 bugs, including a false negative one.

  • Fixed: declaration-block-no-duplicate-properties false negatives for interleaved non-consecutive duplicates with ignore: ["consecutive-duplicates(-*)"] (#9324) (@​sarathfrancis90).
  • Fixed: selector-max-type false positives for nested selectors (#9319) (@​romainmenke).
  • Fixed: selector-type-no-unknown false positives for install (#9308) (@​Mouvedia).

17.12.0 - 2026-05-20

It fixes 3 bugs, including a false negative one.

  • Fixed: block-no-empty reported range when using comments (#9294) (@​romainmenke).
  • Fixed: declaration-property-value-no-unknown false negatives for custom properties defined in reference files (#9292) (@​romainmenke).
  • Fixed: value-keyword-layout-mappings false positives for caption-side (#9293) (@​romainmenke).

17.11.1 - 2026-05-14

It fixes 2 bugs.

  • Fixed: node_modules ignore for codeFilename paths containing a dot-prefixed directory (#9282) (@​tuhtah).
  • Fixed: declaration-block-no-redundant-longhand-properties range for contiguous redundant longhand properties (#9273) (@​pamelalozano16).

17.11.0 - 2026-05-05

It adds 2 features, including a loader property to referenceFiles: {} for when the order of appearance in the reference styles matters.

17.10.0 - 2026-05-03

It adds 3 rules and fixes 4 bugs. You can use the *-layout-mappings rules to enforce logical or physical properties, units and keywords.

  • Added: selector-no-invalid rule (#9232) (@​jeddy3).
  • Added: unit-layout-mappings rule (#9229) (@​jeddy3).
  • Added: value-keyword-layout-mappings rule (#9233) (@​jeddy3).
  • Fixed: inconsistent error messages when module is not found (#9260) (@​ybiquitous).
  • Fixed: property-layout-mappings false negatives for property names in declaration values (#9222) (@​jeddy3).
  • Fixed: property-layout-mappings false positives for @page properties (#9223) (@​jeddy3).
  • Fixed: selector-pseudo-class-no-unknown false positives for nested webkit-scrollbar part (#9259) (@​rkdfx).

... (truncated)

Commits
  • f36e170 Release 17.14.0 (#9371)
  • 9334bff Bump actions/checkout from 6.0.3 to 7.0.0 (#9367)
  • f736374 Bump npm-run-all2 from 9.0.1 to 9.0.2 (#9370)
  • 78e1b44 Bump postcss-selector-parser from 7.1.2 to 7.1.4 in the postcss group (#9369)
  • cab5acd Bump eslint from 10.4.1 to 10.5.0 in the eslint group (#9368)
  • 89b95e1 Bump prettier from 3.8.3 to 3.8.4 (#9363)
  • 7ecce94 Bump cosmiconfig from 9.0.1 to 9.0.2 (#9362)
  • fa54191 Bump postcss-selector-parser from 7.1.1 to 7.1.2 in the postcss group (#9361)
  • 8c3cf69 Bump @​csstools/css-syntax-patches-for-csstree from 1.1.4 to 1.1.5 in the csst...
  • c61d3db Fix performance of getting module paths (#9354)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates undici from 8.0.2 to 8.5.0

Release notes

Sourced from undici's releases.

v8.5.0

⚠️ Security Release

This release line addresses 8 security advisories. Most are fixed in v8.5.0; the SOCKS5 pool-reuse issue was fixed earlier in v8.2.0.

Action required: Upgrade to undici 8.5.0 or later.

npm install undici@^8.5.0

Summary

Advisory CVE Severity (CVSS) Fixed in Fix commit
GHSA-vxpw-j846-p89q CVE-2026-12151 High (7.5) 8.5.0 32dbf0b3
GHSA-38rv-x7px-6hhq CVE-2026-9675 High (7.5) 8.5.0 b4c287b3
GHSA-vmh5-mc38-953g CVE-2026-9697 High (7.4) 8.5.0 42d49559
GHSA-hm92-r4w5-c3mj CVE-2026-6734 High (7.5) 8.2.0 a516f870
GHSA-pr7r-676h-xcf6 CVE-2026-9678 Moderate (5.9) 8.5.0 cb105d7c
GHSA-p88m-4jfj-68fv CVE-2026-9679 Moderate (5.9) 8.5.0 5655ea43
GHSA-g8m3-5g58-fq7m CVE-2026-11525 Low (3.7) 8.5.0 5655ea43
GHSA-35p6-xmwp-9g52 CVE-2026-6733 Low (3.7) 8.5.0 6ea54ef8

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770 Fix: 32dbf0b3 websocket: limit the number of fragments in a message (also c5ed7875 handle empty fragments and stream limits)

A malicious WebSocket server can stream a large number of small or empty continuation frames. Undici enforced a limit on cumulative payload size but did not limit the number of fragments per message, leading to unbounded memory growth and denial of service.

  • Affected: applications using new WebSocket(...) or WebSocketStream against untrusted endpoints.
  • Workaround: none — upgrade is required.

WebSocket DoS via cumulative fragment bypass — CVE-2026-9675

GHSA-38rv-x7px-6hhq · CWE-400, CWE-770 Fix: b4c287b3 fix(websocket): enforce max payload size across fragments

Undici validated the size of individual frames but did not track cumulative size across a fragmented message. An attacker could send many small fragments that each pass per-frame validation but collectively exceed the configured limit, causing memory exhaustion. This is a regression introduced in 8.1.0 (the

... (truncated)

Commits
  • a0806e1 Bumped v8.5.0 (#5429)
  • 8a0392c test: detect available python command in wpt runner (#5427)
  • f4045b9 ci: increase Node.js workflow timeout (#5426)
  • 363e44f chore: removed repro-h2-pipelining-default.mjs and lint (#5420)
  • c5ed787 websocket: handle empty fragments and stream limits
  • e114e77 align EventSource with spec (#5418)
  • 6df53c5 fix: preserve h2 queue on out-of-order completion (#5410)
  • 32dbf0b websocket: limit the number of fragments in a message
  • 0d6ecc5 add bodymixin.textStream() (#5416)
  • 42d4955 fix: honor requestTls when proxy is SOCKS5
  • Additional commits viewable in compare view

Updates vite from 8.0.16 to 8.1.3

Release notes

Sourced from vite's releases.

v8.1.3

Please refer to CHANGELOG.md for details.

v8.1.2

Please refer to CHANGELOG.md for details.

v8.1.1

Please refer to CHANGELOG.md for details.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.3 (2026-07-02)

Bug Fixes

8.1.2 (2026-06-30)

Bug Fixes

  • deps: revert es-module-lexer to 2.1.0 (#22827) (0d3bd7c)
  • restore, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (#22757)" (#22825) (efb98cc)
  • revert, "fix: escape ids with multiple null bytes (#22687)" (cccef55)
  • revert, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (#22757)" (cf97711)

8.1.1 (2026-06-30)

Features

  • update dynamic import warning to link to Vite docs (#22823) (62bd7af)

Bug Fixes

  • bundled-dev: avoid stack overflow on import.meta.hot.invalidate() (#22797) (709eb8e)
  • bundled-dev: serve assets emitted during HMR/lazy compile (#22745) (5876b2c)
  • bundledDev: skip plugin transform hooks for rolldown-lazy stub modules (#22778) (8f925e2)
  • css: preserve dollar signs in external @import urls with lightningcss (#22718) (9fa7ab4)
  • css: resolve tsconfig paths in CSS and Sass @​import (#22775) (ef0b891)
  • deps: update all non-major dependencies (#22734) (e635f49)
  • deps: update all non-major dependencies (#22804) (8837400)
  • deps: update rolldown-related dependencies (#22591) (2ce6677)
  • escape ids with multiple null bytes (#22687) (833fc30)
  • hide console window when running 'net use' on Windows (#22698) (92b63f2)
  • ignore bundled config temp dir (#22800) (043a810)
  • invert esbuild.jsxSideEffects when converting to oxc.jsx.pure (#22809) (33895ba)
  • optimize-deps: ignore ERR_CLOSED_SERVER in scanner (#22784) (085a0ab)
  • optimizer: scanner should resolve input from root (#22769) (9722b07)
  • resolve pnpm .modules.yaml from workspace root instead of cwd (#22757) (2531ac7)
  • return sourcemap field from some plugins that were lacking (#22782) (7e18bf8)
  • server: handle malformed URI in indexHtmlMiddleware (#22781) (84f5ccc)

Miscellaneous Chores

Code Refactoring

  • css: remove lightningcss null byte bug workaround (#22822) (2dafd3b)
  • use pre-defined environments variable to avoid duplicate Object.values calls (#22790) (1113acf)

... (truncated)

Commits
  • 578ffb8 release: v8.1.3
  • 7103c3a fix(deps): bump es-module-lexer to 2.3.0 (#22838)
  • 1534d36 fix(css): inject inlined CSS after the shebang line (#22717)
  • c4acd69 fix(ssr): correct stacktrace column position for first line (#22828)
  • 2c53054 fix: preload css for nested dynamic imports (#22759)
  • ba31193 release: v8.1.2
  • 0d3bd7c fix(deps): revert es-module-lexer to 2.1.0 (#22827)
  • efb98cc fix: restore, "fix: resolve pnpm .modules.yaml from workspace root instead of...
  • cf97711 fix: revert, "fix: resolve pnpm .modules.yaml from workspace root instead of ...
  • cccef55 fix: revert, "fix: escape ids with multiple null bytes (#22687)"
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
@changeset-bot

changeset-bot Bot commented Jun 29, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: ce6ca95

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@socket-security

socket-security Bot commented Jun 29, 2026

Copy link
Copy Markdown

@socket-security

socket-security Bot commented Jun 29, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/vite@8.1.3npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm css-tree is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/stylelint@17.14.0npm/css-tree@3.2.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/css-tree@3.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm eslint-plugin-jsdoc is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/eslint-plugin-jsdoc@63.0.10

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jsdoc@63.0.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@fraxken

fraxken commented Jul 7, 2026

Copy link
Copy Markdown
Member

@dependabot please rebase

…ectory with 9 updates

Bumps the development-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@changesets/changelog-github](https://github.com/changesets/changesets) | `0.6.0` | `0.7.0` |
| [@changesets/cli](https://github.com/changesets/changesets) | `2.30.0` | `2.31.0` |
| [@stylistic/stylelint-plugin](https://github.com/stylelint-stylistic/stylelint-stylistic) | `5.1.0` | `5.2.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.2` | `26.1.0` |
| [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `62.9.0` | `63.0.10` |
| [pkg-ok](https://github.com/abraham/pkg-ok) | `3.0.0` | `4.0.0` |
| [stylelint](https://github.com/stylelint/stylelint) | `17.6.0` | `17.14.0` |
| [undici](https://github.com/nodejs/undici) | `8.0.2` | `8.5.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.3` |



Updates `@changesets/changelog-github` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/changesets/changesets/releases)
- [Commits](https://github.com/changesets/changesets/compare/@changesets/changelog-github@0.6.0...@changesets/changelog-github@0.7.0)

Updates `@changesets/cli` from 2.30.0 to 2.31.0
- [Release notes](https://github.com/changesets/changesets/releases)
- [Commits](https://github.com/changesets/changesets/compare/@changesets/cli@2.30.0...@changesets/cli@2.31.0)

Updates `@stylistic/stylelint-plugin` from 5.1.0 to 5.2.1
- [Release notes](https://github.com/stylelint-stylistic/stylelint-stylistic/releases)
- [Changelog](https://github.com/stylelint-stylistic/stylelint-stylistic/blob/main/CHANGELOG.md)
- [Commits](stylelint-stylistic/stylelint-stylistic@v5.1.0...v5.2.1)

Updates `@types/node` from 25.5.2 to 26.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-jsdoc` from 62.9.0 to 63.0.10
- [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases)
- [Commits](gajus/eslint-plugin-jsdoc@v62.9.0...v63.0.10)

Updates `pkg-ok` from 3.0.0 to 4.0.0
- [Release notes](https://github.com/abraham/pkg-ok/releases)
- [Changelog](https://github.com/abraham/pkg-ok/blob/main/CHANGELOG.md)
- [Commits](abraham/pkg-ok@v3.0.0...v4.0.0)

Updates `stylelint` from 17.6.0 to 17.14.0
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](stylelint/stylelint@17.6.0...17.14.0)

Updates `undici` from 8.0.2 to 8.5.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v8.0.2...v8.5.0)

Updates `vite` from 8.0.16 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

---
updated-dependencies:
- dependency-name: "@changesets/changelog-github"
  dependency-version: 0.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@changesets/cli"
  dependency-version: 2.31.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@stylistic/stylelint-plugin"
  dependency-version: 5.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@types/node"
  dependency-version: 26.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: eslint-plugin-jsdoc
  dependency-version: 63.0.7
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: pkg-ok
  dependency-version: 4.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: stylelint
  dependency-version: 17.13.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: undici
  dependency-version: 8.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/development-dependencies-cfe641fb22 branch from 76428ca to ce6ca95 Compare July 7, 2026 08:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant