chore(deps-dev): Bump the npm group with 2 updates#65
Conversation
Bumps the npm group with 2 updates: [eslint](https://github.com/eslint/eslint) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Updates `eslint` from 10.4.1 to 10.5.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.4.1...v10.5.0) Updates `vitest` from 4.1.8 to 4.1.9 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: vitest dependency-version: 4.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
LGTM, routine dev-dep minor bumps for eslint and vitest.
Extended reasoning...
Overview
This PR is a Dependabot group bump of two dev-only dependencies in package.json and pnpm-lock.yaml: eslint 10.4.1 → 10.5.0 and vitest 4.1.8 → 4.1.9. Both are minor/patch level updates within the same major version, with the lockfile churn limited to version bumps and corresponding peer-dependency re-pinning.
Security risks
None meaningful. Both packages are devDependencies used only for linting and testing — they don't ship in the action's bundled dist/ runtime output. The vitest 4.1.9 release notes are bug fixes only; eslint 10.5.0 adds rule-reporting tweaks and a couple of small features, no behavioral changes that would affect runtime code.
Level of scrutiny
Low. Dependabot dependency bumps for dev tooling within a single major version are the canonical low-risk PR. The only failure mode is CI breaking on the new versions, which CI itself will catch.
Other factors
No bugs were flagged by the bug hunting system, no prior reviewer comments to address, and the diff is entirely mechanical (version strings + lockfile re-resolution). Safe to shadow-approve.
|
| Experiment | Status | Actions |
|---|---|---|
| Uppercase (py) | ✅ Pass | View GitHub Action Run · View in Langfuse |
| Uppercase (ts) | ✅ Pass | View GitHub Action Run · View in Langfuse |
| Mixed dir (node) | ✅ Pass | View GitHub Action Run · View in Langfuse |
| Mixed dir (python) | ✅ Pass | View GitHub Action Run · View in Langfuse |
| Regression fixture | ❌ Regression | View GitHub Action Run · View in Langfuse |
Details
Bumps the npm group with 2 updates: eslint and vitest.
Updates
eslintfrom 10.4.1 to 10.5.0Release notes
Sourced from eslint's releases.
Commits
de3b67210.5.0362a518Build: changelog update for 10.5.05ca8c52feat: correct stack tracking in max-nested-callbacks (#20973)b565783feat: report no-with violations at the with keyword (#20971)2ce032ffeat: report max-lines-per-function violations at function head (#20966)732cb3efeat: report max-nested-callbacks violations at function head (#20967)f9c138afeat: report max-depth violations on keywords (#20943)8ae1b5bdocs: Update READMEca7eb90docs: update Node.js prerequisites to include ICU support (#20962)b18bf58chore: update ecosystem plugins (#20959)Updates
vitestfrom 4.1.8 to 4.1.9Release notes
Sourced from vitest's releases.
Commits
a7a61e7chore: release v4.1.9 (#10598)934b0f5fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...7fb2965fix(browser): wait for orchestrator readiness before resolving browser sessio...a518019fix: fiximportOriginalwith optimizer and query import [backport to v4] (#...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions