Skip to content

build(deps): bump the npm-deps group with 7 updates#6217

Merged
FlowCryptRobot merged 1 commit intomasterfrom
dependabot/npm_and_yarn/npm-deps-e379b24ad9
May 3, 2026
Merged

build(deps): bump the npm-deps group with 7 updates#6217
FlowCryptRobot merged 1 commit intomasterfrom
dependabot/npm_and_yarn/npm-deps-e379b24ad9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 3, 2026

Bumps the npm-deps group with 7 updates:

Package From To
dompurify 3.4.1 3.4.2
squire-rte 2.4.2 2.4.3
ava 7.0.0 8.0.0
eslint 10.2.1 10.3.0
eslint-plugin-no-only-tests 3.3.0 3.4.0
stylelint 17.9.1 17.10.0
undici-types 8.1.0 8.2.0

Updates dompurify from 3.4.1 to 3.4.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.2

  • Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
  • Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
  • Updated existing workflows, fuzzer, release signing, etc., added more tests
  • Bumped several dependencies where possible
Commits

Updates squire-rte from 2.4.2 to 2.4.3

Changelog

Sourced from squire-rte's changelog.

[2.4.3] - 2026-04-30

Fixed

  • Fixed pasting from OneNote would not choose the correct type from the clipboard.
  • Image resizer now captures keyboard shortcuts so they don't bubble up to trigger other shortcuts when it is focused.
  • Fixed BR was being added to root element when modifying blocks on empty document.
Commits

Updates ava from 7.0.0 to 8.0.0

Release notes

Sourced from ava's releases.

v8.0.0

Breaking Changes

AVA now expects Node.js 22.20, 24.12 or newer.

Internally AVA is now fully ESM. This is possible now that Node.js supports loading ES modules using require() calls and simplifies AVA's types and internals.

If you use AVA from a CommonJS project you'll have to update your imports:

-const test = require('ava');
+const {default: test} = require('ava');

We expect an increasing number of projects to be ESM only. As per the above, CommonJS is still supported, but we don't expect cjs extensions to be used. The default file extensions are now js and mjs. Specify extensions: ['cjs', 'js', 'mjs'] for AVA to run test files with the cjs extension.

All test files (and those loaded through AVA's require config) are now loaded via import(). Use customization hooks for transpilation. The object form of the extensions configuration is no longer supported.

If you use AVA with @​ava/typescript you must upgrade that package to v7.

New Features

There's two new test modifiers courtesy of @​sindresorhus: test.skipIf() to skip a test based on a runtime condition. test.runIf() is the inverse: the test only runs when the condition is true.

test.skipIf(process.platform === 'win32')('not on Windows', t => {
	t.pass();
});
test.runIf(process.platform === 'linux')('Linux only', t => {
t.pass();
});

These work with other modifiers like .serial and .failing:

test.serial.skipIf(process.platform === 'win32')('serial, not on Windows', t => {
	t.pass();
});
test.failing.skipIf(process.platform === 'win32')('expected failure, not on Windows', t => {
t.fail();
});

Other Changes

  • Watch mode now ignores changes to *.tsbuildinfo files
  • TAP reporter is more defensive when restoring the original error name, thanks to @​ninper00 in avajs/ava#3415

... (truncated)

Commits
  • fe31286 v8.0.0
  • 7bdbabb Improve error when throwsAsync/notThrowsAsync is not awaited (#3436)
  • a304990 Full ESM internals; bias away from CJS; require @​ava/typescript@​7
  • d012c64 Update release process documentation (#3435)
  • 2cea71e CI tweaks (#3438)
  • 27e9c84 Remove Node.js 20 support; update dependencies prior to release (#3432)
  • 012fa15 Run all release steps using Launchpad app (#3434)
  • e805506 Watch mode refinements (#3433)
  • d1bb28b Add descriptions for teardown, runIf, skipIf, and todo functions in type defi...
  • 8801c7a Add test.skipIf() and test.runIf()
  • Additional commits viewable in compare view

Updates eslint from 10.2.1 to 10.3.0

Release notes

Sourced from eslint's releases.

v10.3.0

Features

  • 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

  • b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

  • 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
  • 7f47937 docs: Update README (GitHub Actions Bot)

Chores

  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)
  • 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818) (Josh Goldberg ✨)
  • 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815) (dependabot[bot])
  • 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811) (renovate[bot])
  • 2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#20810) (renovate[bot])
  • 77add7f chore: add initial ecosystem plugin tests workflow (#19643) (Josh Goldberg ✨)
  • 4023b55 test: Add unit tests for SuppressionsService.prune() (#20797) (kuldeep kumar)
  • 54080da test: add unit tests for ForkContext (#20778) (kuldeep kumar)
  • f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#20765) (kuldeep kumar)
  • a7f0b94 chore: update dependency prettier to v3.8.3 (#20782) (renovate[bot])
  • 7bf93d9 chore: update TypeScript to v6 (#20677) (sethamus)
  • b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#20781) (dependabot[bot])
  • 2b252be test: add unit tests for IdGenerator (#20775) (kuldeep kumar)
Commits
  • 7889204 10.3.0
  • 5b69b4f Build: changelog update for 10.3.0
  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826)
  • b6ae5cf fix: handle unavailable require cache (#20812)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#20821)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#20787)
  • 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818)
  • 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815)
  • 379571a feat: add suggestions for no-unused-private-class-members (#20773)
  • 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811)
  • Additional commits viewable in compare view

Updates eslint-plugin-no-only-tests from 3.3.0 to 3.4.0

Release notes

Sourced from eslint-plugin-no-only-tests's releases.

v3.4.0

What's Changed

New Contributors

Full Changelog: levibuzolic/eslint-plugin-no-only-tests@v3.3.0...v3.4.0

Changelog

Sourced from eslint-plugin-no-only-tests's changelog.

v3.4.0

Added

  • Add CLI E2E coverage for both ESLint and Oxlint, including --fix verification and config-specific assertions
  • Add a package-contents check to ensure test assets are never published

Changed

  • Optimize Oxlint usage by adopting Oxlint's performance-focused createOnce entrypoint while preserving ESLint compatibility

Internal

  • Switch repository tooling from Yarn to Bun
  • Replace Biome/Prettier usage with Oxlint and Oxfmt
  • Update GitHub Actions to use Bun and a modern Node test matrix
  • Move test infrastructure into a dedicated test/ directory
  • Tighten package metadata and improve JSDoc/type coverage

v3.0.0

Added

  • Block scope matchers can accept a trailing * to optionally match blocks by prefix #35

Breaking

  • Block matchers no longer match prefixes of blocks by default, can now be configured via options #35

v2.6.0

  • Disable auto fixing by default, allow it to be optionally enabled. #26

v2.5.0

v2.4.0

  • Add support for defining 2 levels deep in blocks (ie. ava.default)

v2.3.1

  • Bump js-yaml from 3.13.0 to 3.13.1 due to security vulnerability - #11

v2.3.0

  • Allow test block names to be specified in options - #10

v2.2.0

... (truncated)

Commits
  • 2279c51 Merge pull request #62 from levibuzolic/levi/fix-github-release-action
  • e234e55 Use Publish environment for npm release
  • d304af4 Fix npm release auth
  • 435b3a2 Merge pull request #61 from levibuzolic/fix-release-script
  • 968e9d9 Switch release workflow to published events
  • a0edb1a Merge pull request #60 from levibuzolic/fix-release-script
  • 42ca3d8 Remove npm registry auth from publish workflow
  • b7051fc Merge pull request #59 from levibuzolic/fix-release-script
  • 36e23a2 Update GitHub Actions for npm trusted publishing
  • 17f7389 Fix release script
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-plugin-no-only-tests since your current version.


Updates stylelint from 17.9.1 to 17.10.0

Release notes

Sourced from stylelint's releases.

17.10.0

It adds 3 rules and fixes 4 bugs. You can use the *-layout-mappings rules to enforce logical or physical properties, units and keywords.

  • Added: selector-no-invalid rule (#9232) (@​jeddy3).
  • Added: unit-layout-mappings rule (#9229) (@​jeddy3).
  • Added: value-keyword-layout-mappings rule (#9233) (@​jeddy3).
  • Fixed: inconsistent error messages when module is not found (#9260) (@​ybiquitous).
  • Fixed: property-layout-mappings false negatives for property names in declaration values (#9222) (@​jeddy3).
  • Fixed: property-layout-mappings false positives for @page properties (#9223) (@​jeddy3).
  • Fixed: selector-pseudo-class-no-unknown false positives for nested webkit-scrollbar part (#9259) (@​rkdfx).
Changelog

Sourced from stylelint's changelog.

17.10.0 - 2026-05-03

It adds 3 rules and fixes 4 bugs. You can use the *-layout-mappings rules to enforce logical or physical properties, units and keywords.

  • Added: selector-no-invalid rule (#9232) (@​jeddy3).
  • Added: unit-layout-mappings rule (#9229) (@​jeddy3).
  • Added: value-keyword-layout-mappings rule (#9233) (@​jeddy3).
  • Fixed: inconsistent error messages when module is not found (#9260) (@​ybiquitous).
  • Fixed: property-layout-mappings false negatives for property names in declaration values (#9222) (@​jeddy3).
  • Fixed: property-layout-mappings false positives for @page properties (#9223) (@​jeddy3).
  • Fixed: selector-pseudo-class-no-unknown false positives for nested webkit-scrollbar part (#9259) (@​rkdfx).
Commits
  • b04c024 Release 17.10.0 (#9261)
  • 7a38078 Fix selector-pseudo-class-no-unknown false positives for nested `webkit-scr...
  • b25cd12 Add value-keyword-layout-mappings rule (#9233)
  • da89ffe Fix inconsistent error messages when module is not found (#9260)
  • 04a958d Add unit-layout-mappings rule (#9229)
  • 53da23e Bump postcss from 8.5.9 to 8.5.13 (#9249)
  • 3993951 Fix property-layout-mappings false negatives for property names in declarat...
  • 89b3f0d Bump typescript from 6.0.2 to 6.0.3 in the typescript group (#9257)
  • 6e5e4da Bump eslint from 10.2.0 to 10.2.1 in the eslint group (#9255)
  • 1540320 Bump @​changesets/cli from 2.30.0 to 2.31.0 in the changesets group (#9254)
  • Additional commits viewable in compare view

Updates undici-types from 8.1.0 to 8.2.0

Release notes

Sourced from undici-types's releases.

v8.2.0

What's Changed

... (truncated)

Commits
  • bf684f7 Bumped v8.2.0 (#5152)
  • 0ca054a fix: replace stale pool clients under connection limit (#5145)
  • 7af90e9 perf: avoid redundant scans in BalancedPool dispatcher selection (#5146)
  • abb9d06 fix: validate H2CClient maxConcurrentStreams option (#5143)
  • 72a7591 perf(http2): avoid cloning headers when removing status (#5127)
  • 96fd5e9 fix(cache): allow streamed entries at maxEntrySize limit (#5129)
  • f41e53f perf: use byteLength property for binary body chunks (#5126)
  • bec4961 chore(deps): add lockfile (#5139)
  • 86f1242 perf(http2): reduce writeH2 per-request callback allocations (#5138)
  • cad3f70 perf(client): parse h1 content-length statelessly (#5124)
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
ava [>= 6.0.a, < 6.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the npm-deps group with 7 updates
0f60d00 
Bumps the npm-deps group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.4.1` | `3.4.2` |
| [squire-rte](https://github.com/neilj/Squire) | `2.4.2` | `2.4.3` |
| [ava](https://github.com/avajs/ava) | `7.0.0` | `8.0.0` |
| [eslint](https://github.com/eslint/eslint) | `10.2.1` | `10.3.0` |
| [eslint-plugin-no-only-tests](https://github.com/levibuzolic/eslint-plugin-no-only-tests) | `3.3.0` | `3.4.0` |
| [stylelint](https://github.com/stylelint/stylelint) | `17.9.1` | `17.10.0` |
| [undici-types](https://github.com/nodejs/undici) | `8.1.0` | `8.2.0` |


Updates `dompurify` from 3.4.1 to 3.4.2
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.1...3.4.2)

Updates `squire-rte` from 2.4.2 to 2.4.3
- [Changelog](https://github.com/fastmail/Squire/blob/master/CHANGELOG.md)
- [Commits](https://github.com/neilj/Squire/commits)

Updates `ava` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/avajs/ava/releases)
- [Commits](avajs/ava@v7.0.0...v8.0.0)

Updates `eslint` from 10.2.1 to 10.3.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.2.1...v10.3.0)

Updates `eslint-plugin-no-only-tests` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/levibuzolic/eslint-plugin-no-only-tests/releases)
- [Changelog](https://github.com/levibuzolic/eslint-plugin-no-only-tests/blob/main/CHANGELOG.md)
- [Commits](levibuzolic/eslint-plugin-no-only-tests@v3.3.0...v3.4.0)

Updates `stylelint` from 17.9.1 to 17.10.0
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](stylelint/stylelint@17.9.1...17.10.0)

Updates `undici-types` from 8.1.0 to 8.2.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v8.1.0...v8.2.0)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: squire-rte
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: ava
  dependency-version: 8.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-deps
- dependency-name: eslint
  dependency-version: 10.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: eslint-plugin-no-only-tests
  dependency-version: 3.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: stylelint
  dependency-version: 17.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: undici-types
  dependency-version: 8.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 3, 2026
@dependabot dependabot Bot requested a review from sosnovsky as a code owner May 3, 2026 22:04
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 3, 2026
@FlowCryptRobot FlowCryptRobot enabled auto-merge (squash) May 3, 2026 22:04
@FlowCryptRobot FlowCryptRobot merged commit 5e9172f into master May 3, 2026
11 checks passed
@FlowCryptRobot FlowCryptRobot deleted the dependabot/npm_and_yarn/npm-deps-e379b24ad9 branch May 3, 2026 22:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FlowCryptRobot FlowCryptRobot FlowCryptRobot approved these changes

@sosnovsky sosnovsky Awaiting requested review from sosnovsky sosnovsky is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FlowCryptRobot