Skip to content

chore(deps-dev): bump the major-updates group across 1 directory with 7 updates#554

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/major-updates-d906e35e15
Closed

chore(deps-dev): bump the major-updates group across 1 directory with 7 updates#554
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/major-updates-d906e35e15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the major-updates group with 7 updates in the / directory:

Package From To
@commitlint/cli 20.4.2 21.0.2
@commitlint/config-conventional 20.4.2 21.0.2
eslint 9.39.1 10.5.0
eslint-plugin-jsdoc 62.8.0 63.0.2
lint-staged 16.3.1 17.0.7
pnpm 10.30.3 11.6.0
typescript 5.9.3 6.0.3

Updates @commitlint/cli from 20.4.2 to 21.0.2

Release notes

Sourced from @​commitlint/cli's releases.

v21.0.2

21.0.2 (2026-05-29)

Bug Fixes

Chore/CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.1...v21.0.2

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

21.0.2 (2026-05-29)

Bug Fixes

  • disallow same commit hash for --from and --to (#4773) (121005e)

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/cli

21.0.0 (2026-05-08)

BREAKING CHANGES

  • drop node v18 and v20 support
  • Bump engines to >=v22 in all 39 package.json files
  • Update @​types/node to ^22.0.0
  • Update CI matrix to [22, 24]
  • Update Ubuntu baseline job to ubuntu:26.04
  • Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
  • Update pre-commit hook to use --ignore-engines
  • Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/cli

... (truncated)

Commits

Updates @commitlint/config-conventional from 20.4.2 to 21.0.2

Release notes

Sourced from @​commitlint/config-conventional's releases.

v21.0.2

21.0.2 (2026-05-29)

Bug Fixes

Chore/CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.1...v21.0.2

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

21.0.2 (2026-05-29)

Note: Version bump only for package @​commitlint/config-conventional

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/config-conventional

21.0.0 (2026-05-08)

BREAKING CHANGES

  • drop node v18 and v20 support
  • Bump engines to >=v22 in all 39 package.json files
  • Update @​types/node to ^22.0.0
  • Update CI matrix to [22, 24]
  • Update Ubuntu baseline job to ubuntu:26.04
  • Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
  • Update pre-commit hook to use --ignore-engines
  • Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/config-conventional

20.5.0 (2026-03-15)

... (truncated)

Commits

Updates eslint from 9.39.1 to 10.5.0

Release notes

Sourced from eslint's releases.

v10.5.0

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)

Chores

  • b18bf58 chore: update ecosystem plugins (#20959) (ESLint Bot)
  • c2d1444 refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)
  • 243b8c5 chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)
  • 217b2a9 test: add unit tests for ParserService (#20949) (Taejin Kim)
  • 72003e7 test: add location information to error messages in max-statements (#20945) (lumir)
  • 7797c26 refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)
  • 67c46fa chore: update ecosystem plugins (#20938) (ESLint Bot)
  • 95d8c7a chore: update dependency @​eslint/json to v2 (#20934) (renovate[bot])
  • cf9e496 chore: update @​arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)
  • fb6d396 test: run type tests with TypeScript 7 (#20868) (sethamus)

v10.4.1

Bug Fixes

  • e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
  • d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
  • f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
  • c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
  • 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

  • 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
  • 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
  • 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
  • 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
  • c91b041 docs: Update README (GitHub Actions Bot)
  • e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

  • b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
  • f78838b test: add CodePath type coverage (#20904) (Pixel998)
  • 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
  • 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
  • 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)

... (truncated)

Commits

Updates eslint-plugin-jsdoc from 62.8.0 to 63.0.2

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v63.0.2

63.0.2 (2026-06-06)

Bug Fixes

v63.0.1

63.0.1 (2026-06-01)

Bug Fixes

  • empty-tags: preserve start and ending delimiters to avoid erros with single-line tags; fixes #1697 (938a1f0)

v63.0.0

63.0.0 (2026-05-20)

Bug Fixes

  • require-throws: avoid skipping constructors; fixes #1692 (cacb73e)

chore

BREAKING CHANGES

  • Drop Node 20

v62.9.0

62.9.0 (2026-04-01)

Features

  • update jsdoccomment, devDeps. (8569d0c)

v62.8.1

62.8.1 (2026-03-25)

Bug Fixes

  • valid-types: allow required default names; fixes #1675 (bca557b)
Commits
  • 50a7fbc chore: update semver and devDeps.
  • 6041995 docs: fix in output
  • 319e84b fix: allow typedef returns that may be void; fixes #1390 (#1699)
  • 938a1f0 fix(empty-tags): preserve start and ending delimiters to avoid erros with s...
  • 1f857a9 chore: update jsdoccomment, comment-parser, object-deep-merge, semver, devDeps.
  • 3d53b88 docs: fix AST and Selectors links; closes #1691
  • a0b05f5 chore(deps): bump minimatch from 3.0.5 to 10.2.5
  • 5980856 chore: drop Node 26 for now (until Node/yargs/c8 issue fixed)
  • 4a3d194 chore: linting
  • dca8a75 chore: update for pnpm 11
  • Additional commits viewable in compare view

Updates lint-staged from 16.3.1 to 17.0.7

Release notes

Sourced from lint-staged's releases.

v17.0.7

Patch Changes

v17.0.6

Patch Changes

  • #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

  • #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

  • #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

  • #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

v17.0.5

Patch Changes

  • #1792 1f67271 - Correctly set the --max-arg-length default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.

v17.0.4

Patch Changes

  • #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

    • after editing <file> it is staged with git add <file>, and then committed with git commit
    • after editing <file> it is committed with git commit --all without explicit git add
    • after editing <file> it is committed with git commit <pathspec> without explicit git add

    There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

v17.0.3

Patch Changes

  • #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
    • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
    • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

v17.0.2

Patch Changes

v17.0.1

Patch Changes

  • #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

v17.0.0

... (truncated)

Changelog

Sourced from lint-staged's changelog.

17.0.7

Patch Changes

17.0.6

Patch Changes

  • #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

  • #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

  • #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

  • #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

17.0.5

Patch Changes

  • #1792 1f67271 - Correctly set the --max-arg-length default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.

17.0.4

Patch Changes

  • #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

    • after editing <file> it is staged with git add <file>, and then committed with git commit
    • after editing <file> it is committed with git commit --all without explicit git add
    • after editing <file> it is committed with git commit <pathspec> without explicit git add

    There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

17.0.3

Patch Changes

  • #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
    • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
    • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

17.0.2

Patch Changes

17.0.1

... (truncated)

Commits
  • cd11fec Merge pull request #1807 from lint-staged/changeset-release/main
  • 15a8ee0 chore(changeset): release
  • 797bbd9 Merge pull request #1808 from lint-staged/add-stashing-faq
  • 504e307 docs: add FAQ entry on how stashing works
  • eff5cd1 Merge pull request #1806 from lint-staged/update-tinyexec
  • e692e58 build(deps): update tinyexec@^1.2.4
  • a2dd4ea Merge pull request #1805 from lint-staged/update-github-templates
  • c928519 docs: update GitHub templates
  • 094ba56 Merge pull request #1798 from lint-staged/changeset-release/main
  • 88e19fe chore(changeset): release
  • Additional commits viewable in compare view

Updates pnpm from 10.30.3 to 11.6.0

Release notes

Sourced from pnpm's releases.

pnpm 11.6

⚠️ Security fix — environment variables in a project .npmrc (action may be required)

Following GHSA-3qhv-2rgh-x77r, pnpm no longer expands ${ENV_VAR} placeholders that come from a repository-controlled config file, because a malicious repository could otherwise use them to leak your environment secrets (npm tokens, CI job tokens, etc.) to an attacker-controlled registry during install. This applies to:

  • the project/workspace .npmrcregistry, @scope:registry, proxy URLs, URL-scoped keys (//host/…), and credential values (_authToken, _auth, _password, username, tokenHelper, cert, key);
  • registry URLs in pnpm-workspace.yaml.

Environment variables are still expanded in trusted config: your user-level ~/.npmrc, the global config, CLI options, and environment config.

If your authentication broke after upgrading, move the token out of the committed .npmrc:

# Writes to your user/global config, not the repository:
pnpm config set "//registry.npmjs.org/:_authToken" "$NPM_TOKEN"

Or keep the ${NPM_TOKEN} line but put it in your user-level ~/.npmrc instead of the repo. In GitHub Actions, actions/setup-node with registry-url already writes a user-level .npmrc, so NODE_AUTH_TOKEN keeps working. For other CI where editing each pipeline is hard, set PNPM_CONFIG_NPMRC_AUTH_FILE=.npmrc (or NPM_CONFIG_USERCONFIG=.npmrc) in the CI environment to declare the project .npmrc trusted.

See https://pnpm.io/npmrc for full migration details.

Minor Changes

  • pnpm install completes without re-resolving when pnpm-lock.yaml was deleted but node_modules is intact: the up-to-date check now treats the current lockfile (node_modules/.pnpm/lock.yaml) — the record of what the previous install materialized — as the wanted lockfile, verifies the manifests still match it, restores pnpm-lock.yaml from it, and reports "Already up to date". Previously this scenario triggered a full resolution and a re-verification of every locked package against the registry.

  • 615c669: Added support for configuring URL-scoped registry settings through npm_config_//… and pnpm_config_//… environment variables, for example:

    npm_config_//registry.npmjs.org/:_authToken=<token>
pnpm_config_//registry.npmjs.org/:_authToken=<token>

    This provides a file-free way to supply registry authentication. Because the registry a value applies to is encoded in the (trusted) environment variable name, it is host-scoped by construction and cannot be redirected to another registry by repository-controlled config. The environment value is treated as trusted config: it takes precedence over a project/workspace .npmrc but is still overridden by command-line options. When the same key is provided through both prefixes, pnpm_config_ wins.

  • Raised the default network concurrency from min(64, max(cpuCores * 3, 16)) to min(96, max(cpuCores * 3, 64)). Package downloads are I/O-bound, not CPU-bound, so deriving the floor from the core count left machines with few cores (for example 4-vCPU CI runners) downloading only 16 tarballs at a time and unable to saturate a low-latency registry. The networkConcurrency setting still overrides the default.

Patch Changes

  • Improved the warning printed when a project .npmrc uses an environment variable in a registry/proxy URL or in registry credentials. The message now explains why the setting was ignored and how to migrate it to a trusted source — for example by moving the line to the user-level ~/.npmrc or running pnpm config set "<key>" <value> — with a link to https://pnpm.io/npmrc. The pnpm config set example is only suggested when the key has no ${...} placeholder, so the snippet is always safe to copy-paste.
  • Print a "Lockfile passes supply-chain policies (verified 2h ago)" message when lockfile verification is skipped because a cached verdict for the same lockfile content and policy is reused. Previously the cached short-circuit was completely silent, which made it look like the policy gate never ran #12324.
  • Platform-specific optional dependencies are now skipped even when their os/cpu/libc fields are missing from the registry metadata or the lockfile. Some registries strip these fields from the package metadata, which made pnpm download and install the binaries of every platform regardless of supportedArchitectures. The missing platform fields of an optional dependency are now inferred from its name (e.g. @nx/nx-win32-arm64-msvcos: win32, cpu: arm64), so foreign-platform binaries are skipped without even downloading them #11702.

Platinum Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

11.6.0

Minor Changes

  • pnpm install completes without re-resolving when pnpm-lock.yaml was deleted but node_modules is intact: the up-to-date check now treats the current lockfile (node_modules/.pnpm/lock.yaml) — the record of what the previous install materialized — as the wanted lockfile, verifies the manifests still match it, restores pnpm-lock.yaml from it, and reports "Already up to date". Previously this scenario triggered a full resolution and a re-verification of every locked package against the registry.

  • 615c669: Added support for configuring URL-scoped registry settings through npm_config_//… and pnpm_config_//… environment variables, for example:

    npm_config_//registry.npmjs.org/:_authToken=<token>
pnpm_config_//registry.npmjs.org/:_authToken=<token>

    This provides a file-free way to supply registry authentication. Because the registry a value applies to is encoded in the (trusted) environment variable name, it is host-scoped by construction and cannot be redirected to another registry by repository-controlled config. The environment value is treated as trusted config: it takes precedence over a project/workspace .npmrc but is still overridden by command-line options. When the same key is provided through both prefixes, pnpm_config_ wins.

  • Raised the default network concurrency from min(64, max(cpuCores * 3, 16)) to min(96, max(cpuCores * 3, 64)). Package downloads are I/O-bound, not CPU-bound, so deriving the floor from the core count left machines with few cores (for example 4-vCPU CI runners) downloading only 16 tarballs at a time and unable to saturate a low-latency registry. The networkConcurrency setting still overrides the default.

Patch Changes

  • Improved the warning printed when a project .npmrc uses an environment variable in a registry/proxy URL or in registry credentials. The message now explains why the setting was ignored and how to migrate it to a trusted source — for example by moving the line to the user-level ~/.npmrc or running pnpm config set "<key>" <value> — with a link to https://pnpm.io/npmrc. The pnpm config set example is only suggested when the key has no ${...} placeholder, so the snippet is always safe to copy-paste.
  • Print a "Lockfile passes supply-chain policies (verified 2h ago)" message when lockfile verification is skipped because a cached verdict for the same lockfile content and policy is reused. Previously the cached short-circuit was completely silent, which made it look like the policy gate never ran #12324.
  • Platform-specific optional dependencies are now skipped even when their os/cpu/libc fields are missing from the registry metadata or the lockfile. Some registries strip these fields from the package metadata, which made pnpm download and install the binaries of every platform regardless of supportedArchitectures. The missing platform fields of an optional dependency are now inferred from its name (e.g. @nx/nx-win32-arm64-msvcos: win32, cpu: arm64), so foreign-platform binaries are skipped without even downloading them #11702.

11.5.3

Patch Changes

  • Stopped expanding environment variables in repository-controlled registry/proxy request destinations and registry credential values from .npmrc, and in workspace registry URLs from pnpm-workspace.yaml. Move dynamic registry URL and token configuration to trusted user, global, CLI, or environment config.

  • Resolve package-manager bootstrap dependencies with trusted user or CLI registry and network config, and reject package-manager env-lockfile records that do not use registry package paths with integrity-only resolutions before auto-switch execution.

  • Avoid writing packageManagerDependencies to pnpm-lock.yaml when package manager policy is set to onFail: ignore or pmOnFail: ignore #12228.

  • Avoid running dependency-status auto-install when the dependency status is unavailable without a project manifest.

  • Using the $ version reference syntax in overrides (e.g. "react": "$react") now prints a deprecation warning. The syntax still works, but catalogs are the recommended way to keep an overridden version in sync with the rest of the workspace. Reference a catalog entry with the catalog: protocol instead.

  • Fixed pnpm config get globalconfig to return the global config.yaml path again pnpm/pnpm#11962.

  • Fixed bare --color so it does not consume the following CLI flag, allowing command shorthands like --parallel to expand correctly and forms like pnpm --color with current <command> to dispatch the inner command instead of failing with MISSING_WITH_CURRENT_CMD.

  • Fix pnpm install ignoring enableGlobalVirtualStore toggle by including it in the workspace state settings check #12142.

  • Security: pnpm now verifies the npm registry signature of a package-manager binary before spawning it, so a cloned repository cannot make pnpm download and execute an arbitrary native binary.

    This covers two paths that select an executable from repository-controlled input:

    • pacquet install engine — declaring pacquet (or @pnpm/pacquet) in configDependencies opts in to pnpm's Rust install engine. pnpm now verifies that the installed pacquet shim and the host's @pacquet/<platform>-<arch> binary carry a valid npm registry signature for their exact name@version, and refuses to run pacquet (failing the command) if the signature does not verify or cannot be checked. The only graceful fallback to pnpm's own engine is when pacquet has no binary for the current platform.
    • automatic version switch / self-update — the packageManager / devEngines.packageManager field makes pnpm download and run a specific pnpm...

      Description has been truncated

@dependabot dependabot Bot added automated Automated pull requests (e.g., Dependabot) dependencies Pull requests that update a dependency file labels Jun 3, 2026
@dependabot dependabot Bot changed the title chore(deps-dev): bump the major-updates group with 7 updates chore(deps-dev): bump the major-updates group across 1 directory with 7 updates Jun 13, 2026
@dependabot
chore(deps-dev): bump the major-updates group across 1 directory with…
3a38e4e 
… 7 updates

Bumps the major-updates group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.4.2` | `21.0.2` |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.4.2` | `21.0.2` |
| [eslint](https://github.com/eslint/eslint) | `9.39.1` | `10.5.0` |
| [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `62.8.0` | `63.0.2` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.3.1` | `17.0.7` |
| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `10.30.3` | `11.6.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |



Updates `@commitlint/cli` from 20.4.2 to 21.0.2
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.2/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.4.2 to 21.0.2
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.2/@commitlint/config-conventional)

Updates `eslint` from 9.39.1 to 10.5.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.1...v10.5.0)

Updates `eslint-plugin-jsdoc` from 62.8.0 to 63.0.2
- [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases)
- [Commits](gajus/eslint-plugin-jsdoc@v62.8.0...v63.0.2)

Updates `lint-staged` from 16.3.1 to 17.0.7
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.3.1...v17.0.7)

Updates `pnpm` from 10.30.3 to 11.6.0
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/main/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v11.6.0/pnpm)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 21.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 21.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: eslint
  dependency-version: 10.4.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: eslint-plugin-jsdoc
  dependency-version: 63.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: lint-staged
  dependency-version: 17.0.7
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: pnpm
  dependency-version: 11.5.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/major-updates-d906e35e15 branch from d4980ab to 3a38e4e Compare June 13, 2026 14:22
@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 19, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/major-updates-d906e35e15 branch June 19, 2026 22:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mherod mherod

Labels

automated Automated pull requests (e.g., Dependabot) dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mherod