Skip to content

Update all non-major dependencies#154

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

Update all non-major dependencies#154
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented May 1, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@types/node (source) 24.12.224.13.3 age confidence
@typescript-eslint/eslint-plugin (source) 8.59.18.63.0 age confidence
@typescript-eslint/parser (source) 8.59.18.63.0 age confidence
cspell (source) 10.0.010.0.1 age confidence
eslint (source) 10.2.110.6.0 age confidence
fs-extra 11.3.411.3.6 age confidence
prettier (source) 3.8.33.9.4 age confidence

Release Notes

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.63.0

Compare Source

🚀 Features
  • eslint-plugin: [no-misused-promises] detect async usage of a sync dispose usage (#​12426)
🩹 Fixes
  • eslint-plugin: [no-base-to-string] don't flag a shadowed String() call (#​12492)
  • eslint-plugin: [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (#​12491, #​12485)
  • eslint-plugin: [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (#​12447, #​12446)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#​12443, #​12418)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#​12365)
  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#​12328)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

Compare Source

🚀 Features
  • remove redundant package.json "files" (#​12444)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#​12388)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#​12413)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#​12394, #​12393)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#​12281)
  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#​12396, #​10577)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

Compare Source

🚀 Features
  • ast-spec: change type of UnaryExpression.prefix to always true (#​12372)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#​12182)
  • eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#​12352)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

Compare Source

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.4

Compare Source

🩹 Fixes
  • eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#​12294)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

Compare Source

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

Compare Source

🩹 Fixes
  • eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#​12292)
  • eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#​12150)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.63.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

Compare Source

🚀 Features
  • remove redundant package.json "files" (#​12444)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.4

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

streetsidesoftware/cspell (cspell)

v10.0.1

Compare Source

Fixes
fix(cli): ignore closed readline after stdin (#​8862)
fix(cli): ignore closed readline after stdin (#​8862)
eslint/eslint (eslint)

v10.6.0

Compare Source

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#​20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#​20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#​20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#​21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#​21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#​21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#​21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#​21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#​21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#​21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#​20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#​20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#​20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#​20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#​20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#​20983) (lumir)

Chores

v10.5.0

Compare Source

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#​20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#​20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#​20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#​20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#​20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#​20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#​20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#​20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#​20926) (sethamus)

Chores

v10.4.1

Compare Source

Bug Fixes

  • e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#​20930) (Francesco Trotta)
  • d4ce898 fix: propagate failures from delegated commands (#​20917) (Minh Vu)
  • f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#​20916) (kuldeep kumar)
  • c5bc78b fix: false positive for reference in finally block (#​20655) (Tanuj Kanti)
  • 27538c0 fix: add missing CodePath and CodePathSegment types (#​20853) (Pixel998)

Documentation

  • 61b0add docs: remove deprecated rule from related rules of max-params (#​20921) (Tanuj Kanti)
  • 305d5b9 docs: remove deprecated rules from related rules section (#​20911) (Tanuj Kanti)
  • 49b0202 docs: fix display: none of ad (#​20901) (Tanuj Kanti)
  • 9067f94 docs: switch build to Node.js 24 (#​20893) (Milos Djermanovic)
  • c91b041 docs: Update README (GitHub Actions Bot)
  • e349265 docs: clarify semver strings in rule deprecation objects (#​20885) (Milos Djermanovic)

Chores

v10.4.0

Compare Source

Features

  • 1a45ec5 feat: check sequence expressions in for-direction (#​20701) (kuldeep kumar)
  • 450040b feat: add includeIgnoreFile() to eslint/config (#​20735) (Kirk Waiblinger)

Bug Fixes

Documentation

  • 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#​20869) (Pavel)
  • db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#​20865) (Kirk Waiblinger)
  • 9084664 docs: Update README (GitHub Actions Bot)
  • 9cc7387 docs: Update README (GitHub Actions Bot)
  • 3d7b548 docs: Update README (GitHub Actions Bot)
  • 191ec3c docs: Update README (GitHub Actions Bot)

Chores

  • 6616856 chore: upgrade knip to v6 (#​20875) (Pixel998)
  • d13b084 ci: ensure auto-created PRs run CI (#​20860) (lumir)
  • e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#​20862) (dependabot[bot])
  • d84393d test: add unit tests for SuppressionsService.applySuppressions() (#​20863) (kuldeep kumar)
  • 24db8cb test: add tests for SuppressionsService.save() (#​20802) (kuldeep kumar)
  • 2ef0549 chore: update ecosystem plugins (#​20857) (github-actions[bot])
  • a429791 ci: remove eslint-webpack-plugin types integration test (#​20668) (Milos Djermanovic)
  • 9e37386 chore: replace recast with range approach in code-sample-minimizer (#​20682) (Copilot)
  • 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#​20845) (Francesco Trotta)
  • 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#​20716) (Pixel998)
  • 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#​20800) (xbinaryx)
  • f1dfbc9 chore: update ecosystem plugins (#​20836) (github-actions[bot])
  • c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#​20843) (dependabot[bot])
  • 5b817d6 test: add unit tests for lib/shared/ast-utils (#​20838) (kuldeep kumar)
  • 1c13ae3 test: add unit tests for lib/shared/severity (#​20835) (kuldeep kumar)

v10.3.0

Compare Source

Features

  • 379571a feat: add suggestions for no-unused-private-class-members (#​20773) (sethamus)

Bug Fixes

  • b6ae5cf fix: handle unavailable require cache (#​20812) (Simon Podlipsky)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#​20787) (Milos Djermanovic)

Documentation

  • 32cc7ab docs: fix typos in docs and comments (#​20809) (Tanuj Kanti)
  • 7f47937 docs: Update README (GitHub Actions Bot)

Chores

  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#​20826) (Francesco Trotta)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#​20821) (Pixel998)
  • 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#​20818) (Josh Goldberg ✨)
  • 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#​20815) (dependabot[bot])
  • 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#​20811) (renovate[bot])
  • 2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#​20810) (renovate[bot])
  • 77add7f chore: add initial ecosystem plugin tests workflow (#​19643) (Josh Goldberg ✨)
  • 4023b55 test: Add unit tests for SuppressionsService.prune() (#​20797) (kuldeep kumar)
  • 54080da test: add unit tests for ForkContext (#​20778) (kuldeep kumar)
  • f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#​20765) (kuldeep kumar)
  • a7f0b94 chore: update dependency prettier to v3.8.3 (#​20782) (renovate[bot])
  • 7bf93d9 chore: update TypeScript to v6 (#​20677) (sethamus)
  • b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#​20781) (dependabot[bot])
  • 2b252be test: add unit tests for IdGenerator (#​20775) (kuldeep kumar)
jprichardson/node-fs-extra (fs-extra)

v11.3.6

Compare Source

v11.3.5

Compare Source

  • Fix ensureLink*/ensureSymlink* identical file detection on Windows (#​1068)
  • Fix error handling in timestamp preservation code (#​1065, #​1069)
  • Fix potential file descriptor leak on error in synchronous timestamp preservation code (#​1066)
prettier/prettier (prettier)

v3.9.4

Compare Source

v3.9.3

Compare Source

v3.9.2

Compare Source

v3.9.1

Compare Source

v3.9.0

Compare Source

diff

🔗 Release Notes

v3.8.5

Compare Source

v3.8.4

Compare Source

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#​17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a

  - b

- c

  - d

<!-- Prettier 3.8.3 -->
- a
  - b
- c
  - d

<!-- Prettier 3.8.4 -->
- a

  - b

- c

  - d

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security

socket-security Bot commented May 1, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​typescript-eslint/​parser@​8.59.1 ⏵ 8.63.01001007198100
Updated@​typescript-eslint/​eslint-plugin@​8.59.1 ⏵ 8.63.09910080 +198100
Updated@​types/​node@​24.12.2 ⏵ 24.13.398 -210081 +196100
Updatedfs-extra@​11.3.4 ⏵ 11.3.6100 +110010090100
Updatedcspell@​10.0.0 ⏵ 10.0.198 +110010090100
Updatedeslint@​10.2.1 ⏵ 10.6.098 +110010095 -1100
Updatedprettier@​3.8.3 ⏵ 3.9.499 +110097 +198100

View full report

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown
Contributor

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
⚠️ ACTION actionlint 4 4 0 0.34s
❌ ACTION zizmor 4 0 1 0 0.31s
✅ COPYPASTE jscpd yes no no 0.41s
✅ JSON jsonlint 5 0 0 0.12s
✅ JSON npm-package-json-lint yes no no 0.58s
✅ JSON prettier 9 0 0 0 0.53s
✅ JSON v8r 9 0 0 11.85s
⚠️ MARKDOWN markdownlint 5 0 2 0 0.75s
✅ MARKDOWN markdown-table-formatter 5 0 0 0 0.23s
✅ REPOSITORY betterleaks yes no no 1.64s
✅ REPOSITORY checkov yes no no 20.67s
✅ REPOSITORY gitleaks yes no no 9.47s
✅ REPOSITORY git_diff yes no no 0.01s
✅ REPOSITORY grype yes no no 53.55s
❌ REPOSITORY osv-scanner yes 16 no 1.71s
✅ REPOSITORY secretlint yes no no 0.83s
✅ REPOSITORY syft yes no no 3.46s
✅ REPOSITORY trivy yes no no 11.77s
✅ REPOSITORY trivy-sbom yes no no 0.5s
✅ REPOSITORY trufflehog yes no no 10.06s
✅ SPELL cspell 34 0 0 3.77s
⚠️ SPELL lychee 19 3 0 0.85s
❌ TYPESCRIPT eslint 9 1 0 0.0s
✅ TYPESCRIPT prettier 9 0 0 0 1.08s
✅ YAML prettier 6 0 0 0 0.47s
✅ YAML v8r 6 0 0 6.76s
✅ YAML yamllint 6 0 0 0.64s

Detailed Issues

❌ TYPESCRIPT / eslint - 1 error
ESLint v10 migration required

Legacy `.eslintrc.json` was found but ESLint v10
dropped support for the .eslintrc.* format.
Migrate to eslint.config.js (flat config):
  https://eslint.org/docs/latest/use/configure/migration-guide

✖ 1 problem (1 error, 0 warnings)
❌ REPOSITORY / osv-scanner - 16 errors
Scanning dir .
Starting filesystem walk for root: /
Scanned yarn.lock file and found 621 packages
End status: 28 dirs visited, 108 inodes visited, 1 Extract calls, 29.364158ms elapsed, 29.364398ms wall time

Total 10 packages affected by 16 known vulnerabilities (0 Critical, 6 High, 8 Medium, 2 Low, 0 Unknown) from 1 ecosystem.
16 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+-------------------+---------+---------------+-----------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE           | VERSION | FIXED VERSION | SOURCE    |
+-------------------------------------+------+-----------+-------------------+---------+---------------+-----------+
| https://osv.dev/GHSA-4x5r-pxfx-6jf8 | 3.2  | npm       | @babel/core       | 7.25.2  | 7.29.6        | yarn.lock |
| https://osv.dev/GHSA-vpq2-c234-7xj6 | 3.3  | npm       | @tootallnate/once | 1.1.2   | 2.0.1         | yarn.lock |
| https://osv.dev/GHSA-f886-m6hf-6m8v | 6.5  | npm       | brace-expansion   | 1.1.12  | 1.1.13        | yarn.lock |
| https://osv.dev/GHSA-h67p-54hq-rp68 | 5.3  | npm       | js-yaml           | 3.14.1  | 3.15.0        | yarn.lock |
| https://osv.dev/GHSA-mh29-5h37-fv8m | 5.3  | npm       | js-yaml           | 3.14.1  | 3.14.2        | yarn.lock |
| https://osv.dev/GHSA-h67p-54hq-rp68 | 5.3  | npm       | js-yaml           | 3.14.2  | 3.15.0        | yarn.lock |
| https://osv.dev/GHSA-f23m-r3pf-42rh | 6.5  | npm       | lodash            | 4.17.23 | 4.18.0        | yarn.lock |
| https://osv.dev/GHSA-r5fr-rjxr-66jc | 8.1  | npm       | lodash            | 4.17.23 | 4.18.0        | yarn.lock |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch         | 2.3.1   | 2.3.2         | yarn.lock |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch         | 2.3.1   | 2.3.2         | yarn.lock |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch         | 4.0.3   | 4.0.4         | yarn.lock |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch         | 4.0.3   | 4.0.4         | yarn.lock |
| https://osv.dev/GHSA-9ppj-qmqm-q256 | 8.2  | npm       | tar               | 7.5.9   | 7.5.11        | yarn.lock |
| https://osv.dev/GHSA-qffp-2rhf-9h96 | 8.2  | npm       | tar               | 7.5.9   | 7.5.10        | yarn.lock |
| https://osv.dev/GHSA-vmf3-w455-68vh | 6.9  | npm       | tar               | 7.5.9   | 7.5.16        | yarn.lock |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 7.5  | npm       | uuid              | 8.3.2   | 11.1.1        | yarn.lock |
+-------------------------------------+------+-----------+-------------------+---------+---------------+-----------+
❌ ACTION / zizmor - 1 error
INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/deploy.yml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ACTION_ZIZMOR_ERROR_GITHUB_API_UNREACHABLE] Zizmor could not access a repository referenced by a `uses:` clause via the GitHub API (missing token, insufficient scope, or cross-repo private access).
To allow zizmor to authenticate with GITHUB_TOKEN (or a PAT with `Contents: read-only`), whitelist the variable in your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN
If the referenced workflow is in a private repo outside the current one, provide a PAT with cross-repo access instead of the default GITHUB_TOKEN, or run zizmor in offline mode.
⚠️ ACTION / actionlint - 4 errors
.github/workflows/deploy.yml:38:11: input "always-auth" is not defined in action "actions/setup-node@v6". available inputs are "architecture", "cache", "cache-dependency-path", "check-latest", "mirror", "mirror-token", "node-version", "node-version-file", "package-manager-cache", "registry-url", "scope", "token" [action]
   |
38 |           always-auth: true
   |           ^~~~~~~~~~~~
.github/workflows/deploy.yml:64:11: input "always-auth" is not defined in action "actions/setup-node@v6". available inputs are "architecture", "cache", "cache-dependency-path", "check-latest", "mirror", "mirror-token", "node-version", "node-version-file", "package-manager-cache", "registry-url", "scope", "token" [action]
   |
64 |           always-auth: true
   |           ^~~~~~~~~~~~
.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:15: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
.github/workflows/github-dependents-info.yml:54:9: shellcheck reported issue in this script: SC2086:info:1:21: Double quote to prevent globbing and word splitting [shellcheck]
   |
54 |         run: sudo chown -R $USER:$USER .
   |         ^~~~
⚠️ SPELL / lychee - 3 errors
📝 Summary
---------------------
🔍 Total...........49
🔗 Unique..........43
✅ Successful......33
⏳ Timeouts.........0
🔀 Redirected......10
👻 Excluded........13
❓ Unknown..........0
🚫 Errors...........3
⛔ Unsupported......3

Errors in README.md
[403] https://npmjs.org/package/node-sarif-builder (at 3:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/node-sarif-builder --[301]--> https://www.npmjs.com/package/node-sarif-builder
[403] https://npmjs.org/package/node-sarif-builder (at 4:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/node-sarif-builder --[301]--> https://www.npmjs.com/package/node-sarif-builder
[403] https://npmjs.org/package/node-sarif-builder (at 5:1) | Rejected status code: 403 Forbidden | Followed 1 redirect. Redirects: https://npmjs.org/package/node-sarif-builder --[301]--> https://www.npmjs.com/package/node-sarif-builder

Hint: Followed 10 redirects. You might want to consider replacing redirecting URLs with the resolved URLs. Use verbose mode (`-v`/`-vv`) to see redirection details.
Hint: You can configure accepted/rejected response codes with `-a` or `--accept`
⚠️ MARKDOWN / markdownlint - 2 errors
.github/ISSUE_TEMPLATE.md:1 error MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "- **I'm submitting a ...**"]
.github/PULL_REQUEST_TEMPLATE.md:1 error MD041/first-line-heading/first-line-h1 First line in a file should be a top-level heading [Context: "- **What kind of change does t..."]

Notices

ESLint v10 flat-config migration required — the following linters fail until you migrate: JAVASCRIPT_ES, JSON_ESLINT_PLUGIN_JSONC, JSX_ESLINT, TSX_ESLINT, TYPESCRIPT_ES. Legacy .eslintrc.json was detected; ESLint v10 dropped support for the .eslintrc.* format. Please migrate to eslint.config.js. See the ESLint migration guide.

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.6.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,COPYPASTE_JSCPD,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_BETTERLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,TYPESCRIPT_ES,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from cefa083 to 36709c1 Compare May 4, 2026 17:57
@renovate renovate Bot changed the title Update dependency eslint to v10.3.0 Update all non-major dependencies May 4, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from d59edbd to 30fef4a Compare May 12, 2026 00:26
@socket-security

socket-security Bot commented May 12, 2026

Copy link
Copy Markdown

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 05c4e15 to bf26d1a Compare May 18, 2026 20:12
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 73b7a88 to 237e574 Compare May 31, 2026 14:24
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 68ae7af to 43184c4 Compare June 8, 2026 22:35
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from b9239ac to 0c0f056 Compare June 16, 2026 00:39
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from af4b167 to ca64a0f Compare June 29, 2026 22:08
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from b99a165 to 1b81951 Compare July 6, 2026 23:34
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 1b81951 to 6628ef3 Compare July 8, 2026 10:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants