chore(deps-dev): Bump the npm group with 3 updates#71
Conversation
Bumps the npm group with 3 updates: [@langfuse/client](https://github.com/langfuse/langfuse-js/tree/HEAD/packages/client), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser). Updates `@langfuse/client` from 5.5.3 to 5.6.0 - [Release notes](https://github.com/langfuse/langfuse-js/releases) - [Changelog](https://github.com/langfuse/langfuse-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/langfuse/langfuse-js/commits/v5.6.0/packages/client) Updates `@typescript-eslint/eslint-plugin` from 8.61.1 to 8.62.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.61.1 to 8.62.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/parser) --- updated-dependencies: - dependency-name: "@langfuse/client" dependency-version: 5.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.62.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/parser" dependency-version: 8.62.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
LGTM — Dependabot minor/patch bumps to dev-only deps with clean release notes.
Extended reasoning...
Overview
This PR is a Dependabot grouped update touching only package.json and pnpm-lock.yaml. It bumps three devDependencies: @langfuse/client 5.5.3 → 5.6.0 (minor), and @typescript-eslint/eslint-plugin and @typescript-eslint/parser 8.61.1 → 8.62.0 (minor). No source files are modified.
Security risks
Low. All bumps are minor/patch and stay within the same major. The typescript-eslint 8.62.0 release notes describe a non-functional 'remove redundant package.json files' change. @langfuse/client 5.6.0 adds multimodal dataset support and an API spec sync — and it's a devDependency here (used in tests/scripts), not bundled into the shipped action via ncc, so even if behavior changed, runtime blast radius is limited to local CI tooling.
Level of scrutiny
Low. This is a routine, grouped Dependabot bump — exactly the class of change suited for shadow-approval. No production code paths are affected, no API or behavior changes for the action's runtime, and no CODEOWNER-protected logic is touched.
Other factors
No bugs were flagged by the bug hunting system. No prior reviewer comments to address. CI checks will catch any incidental breakage from the typescript-eslint or langfuse client updates.
|
| Experiment | Status | Actions |
|---|---|---|
| Uppercase (py) | ✅ Pass | View GitHub Action Run · View in Langfuse |
| Uppercase (ts) | ✅ Pass | View GitHub Action Run · View in Langfuse |
| Mixed dir (node) | ✅ Pass | View GitHub Action Run · View in Langfuse |
| Mixed dir (python) | ✅ Pass | View GitHub Action Run · View in Langfuse |
| Regression fixture | ❌ Regression | View GitHub Action Run · View in Langfuse |
Details
Bumps the npm group with 3 updates: @langfuse/client, @typescript-eslint/eslint-plugin and @typescript-eslint/parser.
Updates
@langfuse/clientfrom 5.5.3 to 5.6.0Release notes
Sourced from @langfuse/client's releases.
Commits
3f42799chore: release v5.6.0c67225dfeat(datasets): multimodal dataset support (LFE-10288) (#840)Updates
@typescript-eslint/eslint-pluginfrom 8.61.1 to 8.62.0Release notes
Sourced from @typescript-eslint/eslint-plugin's releases.
Changelog
Sourced from @typescript-eslint/eslint-plugin's changelog.
Commits
54e2857chore(release): publish 8.62.081e4c26feat: remove redundant package.json "files" (#12444)b784054chore: usestableTypeOrderingcompiler option (#12427)Updates
@typescript-eslint/parserfrom 8.61.1 to 8.62.0Release notes
Sourced from @typescript-eslint/parser's releases.
Changelog
Sourced from @typescript-eslint/parser's changelog.
Commits
54e2857chore(release): publish 8.62.081e4c26feat: remove redundant package.json "files" (#12444)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions