Skip to content

build(deps): bump the npm-dependencies group across 1 directory with 10 updates#582

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-6de751eb20
Open

build(deps): bump the npm-dependencies group across 1 directory with 10 updates#582
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-6de751eb20

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-dependencies group with 10 updates in the / directory:

Package From To
@babel/core 7.29.7 8.0.1
fast-xml-parser 5.9.3 5.10.0
js-yaml 4.3.0 5.2.1
tree-sitter-containerfile 0.8.1 0.9.2
web-tree-sitter 0.26.10 0.26.11
@trustify-da/trustify-da-api-model 2.0.10 2.0.11
@types/node 25.9.4 26.1.1
eslint 10.6.0 10.7.0
msw 2.14.6 2.15.0
typescript 6.0.3 7.0.2

Updates @babel/core from 7.29.7 to 8.0.1

Release notes

Sourced from @​babel/core's releases.

v8.0.1 (2026-06-17)

This release includes a breaking change that was in the Babel 8 migration guide's Getting ready section and in the release post, but the actual removal of the feature from the codebase was accidentally not complete.

💥 Breaking Change

  • babel-core, babel-plugin-transform-object-rest-spread, babel-plugin-transform-runtime, babel-preset-env, babel-standalone

Committers: 2

v8.0.0 (2026-06-16)

NOTE: The changelog below is relative to v8.0.0-rc.6. You can find a summary of all the breaking changes shipped in the Babel 8 release line in the migration guide for users and migration guide for plugin developers.

Read the release blog post at http://babeljs.io/blog/2026/06/16/8.0.0!

👓 Spec Compliance

💥 Breaking Change

  • babel-cli, babel-node, babel-plugin-proposal-decorators, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-plugin-transform-modules-commonjs, babel-plugin-transform-object-rest-spread, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-regenerator, babel-preset-env, babel-register
  • babel-plugin-transform-runtime, babel-runtime-corejs3, babel-runtime
  • babel-parser

🐛 Bug Fix

  • babel-generator
  • babel-plugin-transform-modules-systemjs

📝 Documentation

🏠 Internal

🏃‍♀️ Performance

Committers: 6

... (truncated)

Changelog

Sourced from @​babel/core's changelog.

v8.0.1 (2026-06-17)

💥 Breaking Change

  • babel-core, babel-plugin-transform-object-rest-spread, babel-plugin-transform-runtime, babel-preset-env, babel-standalone

v8.0.0 (2026-06-16)

👓 Spec Compliance

💥 Breaking Change

  • babel-cli, babel-node, babel-plugin-proposal-decorators, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-plugin-transform-modules-commonjs, babel-plugin-transform-object-rest-spread, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-regenerator, babel-preset-env, babel-register
  • babel-plugin-transform-runtime, babel-runtime-corejs3, babel-runtime
  • babel-parser

🐛 Bug Fix

  • babel-generator
  • babel-plugin-transform-modules-systemjs

📝 Documentation

🏠 Internal

🏃‍♀️ Performance

v8.0.0-rc.6 (2026-05-25)

🐛 Bug Fix

🏠 Internal

  • babel-core
  • babel-compat-data, babel-register
  • babel-helper-transform-fixture-test-runner, babel-node

... (truncated)

Commits

Updates fast-xml-parser from 5.9.3 to 5.10.0

Release notes

Sourced from fast-xml-parser's releases.

v5.10.0

What's Changed

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.3...v5.10.0

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.10.0 / 2026-07-11

  • upgrade:
    • xml-naming v0.3.0: cache support
    • PEM v1.6.2: sibling bug fix
    • is-unsafe v2.0.0: tree shaking

*5.9.3 / 2026-06-19

  • update strnum

*5.9.2 / 2026-06-17

  • dummy release to test changes in github action

*5.9.1 / 2026-06-17

  • dummy release to test release from github action

*5.9.0 / 2026-06-15

  • update strnum to 2.3.0
    • you can set hex, binary, enotation, infinity, unicode
  • validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.

*5.8.0 / 2026-05-12

  • integrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)
    • This will consider xml-version as well. '1.0' is default
  • update strnum to 2.3.0
    • You can set octal and binary parsing which is bydeault off
  • update fast-xml-builder to 1.2.0
    • can sanitize tag names if found invalid
    • fix format output

5.7.3 / 2006-05-05

  • fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
  • fix stop node expression when ns prefix is removed (found by iruizsalinas)
  • update XML Builder to 1.1.7
  • mark addEntity deprecated

5.7.2 / 2026-04-25

  • allow numerical external entity for backward compatibility
  • fix #705: attributesGroupName working with preserveOrder
  • fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

... (truncated)

Commits

Updates js-yaml from 4.3.0 to 5.2.1

Changelog

Sourced from js-yaml's changelog.

[5.2.1] - 2026-07-02

Fixed

  • Add Map support to !!omap (should work when realMapTag used)

Security

  • Remove quadratic complexity from !!omap addItem. Regression from v5 (usually not critical, because YAML11_SCHEMA is not default anymore).
Commits
  • ac16b42 5.2.1 released
  • 4a864e5 Deps bump
  • 39f3211 !!omap: add Map support and remove quadratic complexity
  • ff17f1e Changelog update
  • 8ed15f1 deps bump
  • 1a562dc Fix changelog link
  • c28ed5e 5.2.0 released
  • 125cd5a Add maxAliases option
  • 3105455 Replace maxMergeSeqLengthoption with maxTotalMergeKeys (more robust)
  • 39d00d6 numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...
  • Additional commits viewable in compare view

Updates tree-sitter-containerfile from 0.8.1 to 0.9.2

Release notes

Sourced from tree-sitter-containerfile's releases.

v0.9.2

What's Changed

Full Changelog: wharflab/tree-sitter-containerfile@v0.9.1...v0.9.2

v0.9.1

Full Changelog: wharflab/tree-sitter-containerfile@v0.9.0...v0.9.1

v0.9.0

What's Changed

Full Changelog: wharflab/tree-sitter-containerfile@v0.8.1...v0.9.0

Commits
  • 1df9124 chore: v0.9.2
  • d06c52d fix(grammar): reject glued instruction keywords (FROMalpine) via scanner word...
  • cfd2634 chore: v0.9.1
  • 39ebc34 fix(grammar): close 13 syntax gaps (CRLF, quoting, expansions, heredocs, imag...
  • 4ff2892 Update dependency node-addon-api to v8.9.0
  • c7fa574 Update dependency eslint to v10.6.0
  • 8fb1f75 Update dependency tree-sitter-cli to v0.26.10
  • 97bd84f Update Rust crate tree-sitter to v0.26.10
  • 3043b21 Update dependency globals to v17.7.0
  • See full diff in compare view

Updates web-tree-sitter from 0.26.10 to 0.26.11

Release notes

Sourced from web-tree-sitter's releases.

v0.26.11

What's Changed

Full Changelog: tree-sitter/tree-sitter@v0.26.10...v0.26.11

Commits

Updates @trustify-da/trustify-da-api-model from 2.0.10 to 2.0.11

Release notes

Sourced from @​trustify-da/trustify-da-api-model's releases.

Release 2.0.11

What's Changed

Full Changelog: guacsec/trustify-da-api-spec@v2.0.10...v2.0.11

Commits
  • d8abad2 build(release): release version 2.0.11
  • ffca6de Merge pull request #115 from ruromero/TC-5018
  • 51f6b6d fix: add format uri to url properties in RemediationInfo and AdvisoryInfo
  • 84cf82d feat: add AdvisoryInfo schema to RemediationInfo
  • c3fd37c Merge pull request #114 from guacsec/release/v2.0.10
  • 8ea47b5 build(release): bump to next development version
  • See full diff in compare view

Updates @types/node from 25.9.4 to 26.1.1

Commits

Updates eslint from 10.6.0 to 10.7.0

Release notes

Sourced from eslint's releases.

v10.7.0

Features

  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)
  • 557fde8 feat: support computed Number.parseInt member access in radix rule (#21041) (Pixel)
  • 0b4a73b feat: add suggestions to no-compare-neg-zero (#21034) (den$)
  • 96cdd42 feat: report invalid signed numeric radix values in radix rule (#21030) (Pixel)

Bug Fixes

  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069) (Pixel)
  • 0d7d70c fix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)
  • 75ec753 fix: handle static template literals in eqeqeq rule (#21058) (Pixel)
  • b717a22 fix: prevent eqeqeq null option from reporting non-equality operators (#21057) (Pixel)
  • e35b05f fix: avoid no-invalid-regexp false positive for shadowed RegExp (#21051) (Pixel)
  • a3172b6 fix: avoid no-control-regex false positive for shadowed RegExp (#21050) (Pixel)
  • d1f637e fix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)
  • 8859baf fix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)
  • a9e5961 fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)
  • 8a240a7 fix: avoid false positives in radix rule for spread arguments (#21044) (Pixel)

Documentation

  • c30d808 docs: Update README (GitHub Actions Bot)
  • 5139800 docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)
  • 04174cb docs: Update README (GitHub Actions Bot)
  • 026e130 docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)
  • 9d42fef docs: Update README (GitHub Actions Bot)
  • b230159 docs: Update README (GitHub Actions Bot)
  • 0129972 docs: correct **/.js glob to **/*.js in config files guide (#21036) (EduardF1)

Chores

  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])
  • 81a4774 chore: updates for v9.39.5 release (Jenkins)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071) (Francesco Trotta)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067) (lumir)
  • 833ec10 chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])
  • 7ea106d chore: update ecosystem plugins (#21059) (ESLint Bot)
  • 8fb550e chore: add prettier update commit to .git-blame-ignore-revs (#21056) (lumir)
  • e4e1166 chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])
  • 0493f53 chore: update prettier to v3.9.0 (#21054) (Pixel)
  • 1056a99 chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])
  • 4d4155d ci: run ecosystem tests on pull requests (#21027) (sethamus)
  • 993539f chore: update dependency @​eslint/json to ^2.0.1 (#21042) (renovate[bot])
  • 53f8b69 test: add error locations to no-constant-binary-expression (#21039) (lumir)
  • 5ab71d5 refactor: clean up radix rule internals (#21015) (Pixel)
  • a80a9a4 chore: update ecosystem plugins (#21035) (ESLint Bot)
  • 7c9a029 ci: add Node.js 26 to CI (#20847) (lumir)
Commits
  • fabd99b 10.7.0
  • 37c5e75 Build: changelog update for 10.7.0
  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076)
  • 81a4774 chore: updates for v9.39.5 release
  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071)
  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032)
  • c30d808 docs: Update README
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067)
  • Additional commits viewable in compare view

Updates msw from 2.14.6 to 2.15.0

Release notes

Sourced from msw's releases.

v2.15.0 (2026-07-08)

Features

  • sse: invoke finalize on response stream end (#2741) (7fae0cc0954b20c739ae8e95a24eefc8a78710e8) @​kettanaito

v2.14.7 (2026-07-07)

Bug Fixes

  • sse: proper logging for concurrent requests (#2762) (5c0ae1c334a0cbe52638bd2949540372be3d46ba) @​kettanaito
Commits
  • 49d9d47 chore(release): v2.15.0
  • ed88583 test(finalize): use expect.poll vs waitFor
  • 7fae0cc feat(sse): invoke finalize on response stream end (#2741)
  • db818ee chore(release): v2.14.7
  • 418854a chore: upgrade @ossjs/release
  • 5c0ae1c fix(sse): proper logging for concurrent requests (#2762)
  • 3016bda test: fix flaky ws.clients.browser.test.ts
  • 0df6d6a test: fix flaky in-flight-request.test.ts
  • ff6836b chore: pin github actions to commit sha, update pnpm (#2761)
  • 8a19d54 chore: improve github actions security (#2747)
  • Additional commits viewable in compare view

Updates typescript from 6.0.3 to 7.0.2

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…10 updates

Bumps the npm-dependencies group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.29.7` | `8.0.1` |
| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.9.3` | `5.10.0` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.3.0` | `5.2.1` |
| [tree-sitter-containerfile](https://github.com/wharflab/tree-sitter-containerfile) | `0.8.1` | `0.9.2` |
| [web-tree-sitter](https://github.com/tree-sitter/tree-sitter/tree/HEAD/lib/binding_web) | `0.26.10` | `0.26.11` |
| [@trustify-da/trustify-da-api-model](https://github.com/guacsec/trustify-da-api-spec) | `2.0.10` | `2.0.11` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.4` | `26.1.1` |
| [eslint](https://github.com/eslint/eslint) | `10.6.0` | `10.7.0` |
| [msw](https://github.com/mswjs/msw) | `2.14.6` | `2.15.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.3` | `7.0.2` |



Updates `@babel/core` from 7.29.7 to 8.0.1
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v8.0.1/packages/babel-core)

Updates `fast-xml-parser` from 5.9.3 to 5.10.0
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v5.9.3...v5.10.0)

Updates `js-yaml` from 4.3.0 to 5.2.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.3.0...5.2.1)

Updates `tree-sitter-containerfile` from 0.8.1 to 0.9.2
- [Release notes](https://github.com/wharflab/tree-sitter-containerfile/releases)
- [Commits](wharflab/tree-sitter-containerfile@v0.8.1...v0.9.2)

Updates `web-tree-sitter` from 0.26.10 to 0.26.11
- [Release notes](https://github.com/tree-sitter/tree-sitter/releases)
- [Commits](https://github.com/tree-sitter/tree-sitter/commits/v0.26.11/lib/binding_web)

Updates `@trustify-da/trustify-da-api-model` from 2.0.10 to 2.0.11
- [Release notes](https://github.com/guacsec/trustify-da-api-spec/releases)
- [Commits](guacsec/trustify-da-api-spec@v2.0.10...v2.0.11)

Updates `@types/node` from 25.9.4 to 26.1.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 10.6.0 to 10.7.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.6.0...v10.7.0)

Updates `msw` from 2.14.6 to 2.15.0
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v2.14.6...v2.15.0)

Updates `typescript` from 6.0.3 to 7.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: fast-xml-parser
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: js-yaml
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: tree-sitter-containerfile
  dependency-version: 0.9.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: web-tree-sitter
  dependency-version: 0.26.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@trustify-da/trustify-da-api-model"
  dependency-version: 2.0.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-version: 26.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 10.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: msw
  dependency-version: 2.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants