Bump @typescript-eslint/parser from 6.21.0 to 8.59.2

[dependabot]

Bumps @typescript-eslint/parser from 6.21.0 to 8.59.2.

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)
• eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)
• eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)
• eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)
• eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

• anasm266 @​anasm266
• Anshika Jain @​Anshikakalpana
• Ulrich Stark
• yugo innami @​nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.59.2 (2026-05-04)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.1 (2026-04-27)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.0 (2026-04-20)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.2 (2026-04-13)

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#12187)

❤️ Thank You

• Abhijeet Singh @​cseas

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.1 (2026-04-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

... (truncated)

Commits

• 2ec35f1 chore(release): publish 8.59.2
• 5245793 chore(release): publish 8.59.1
• ea9ae4f chore(release): publish 8.59.0
• 90c2803 chore(release): publish 8.58.2
• be6b49a fix: remove tsbuildinfo cache file from published packages (#12187)
• 5311ed3 chore(release): publish 8.58.1
• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• be4d54d chore(release): publish 8.57.2
• c7c38aa chore(release): publish 8.57.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​typescript-eslint/parser since your current version.

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​typescript-eslint/​parser@​6.21.0 ⏵ 8.59.2	+1		+1

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Embedded URLs or IPs: npm @typescript-eslint/project-service URLs: https://github.com/typescript-eslint/typescript-eslint/issues/9905 Location: Package overview From: package-lock.json → npm/@typescript-eslint/parser@8.59.2 → npm/@typescript-eslint/project-service@8.59.2 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/project-service@8.59.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm @typescript-eslint/scope-manager URLs: es2017.date, es2020.date, esnext.date Location: Package overview From: package-lock.json → npm/@typescript-eslint/parser@8.59.2 → npm/@typescript-eslint/scope-manager@8.59.2 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/scope-manager@8.59.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm @typescript-eslint/types URLs: es2017.date, es2020.date, esnext.date Location: Package overview From: package-lock.json → npm/@typescript-eslint/parser@8.59.2 → npm/@typescript-eslint/types@8.59.2 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/types@8.59.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm @typescript-eslint/typescript-estree URLs: https://tseslint.com/allowdefaultproject-glob-too-wide, https://github.com/typescript-eslint/typescript-eslint/issues/6289, https://github.com/typescript-eslint/typescript-eslint/issues/101., https://github.com/typescript-eslint/typescript-eslint/issues/new/choose., https://tseslint.com/are-project-references-supported, https://tseslint.com/none-of-those-tsconfigs-include-this-file, https://github.com/typescript-eslint/typescript-eslint/pull/6615#discussion_r1136489935, https://github.com/typescript-eslint/typescript-eslint/issues/6469, https://tseslint.com/key-property-deprecated., this.foo, https://github.com/typescript-eslint/typescript-eslint/issues/7896 Location: Package overview From: package-lock.json → npm/@typescript-eslint/parser@8.59.2 → npm/@typescript-eslint/typescript-estree@8.59.2 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/typescript-estree@8.59.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm ts-api-utils URLs: https://github.com/JoshuaKGoldberg/ts-api-utils/issues/382, https://github.com/microsoft/TypeScript/pull/50929 Location: Package overview From: package-lock.json → npm/@typescript-eslint/parser@8.59.2 → npm/ts-api-utils@2.5.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ts-api-utils@2.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[guibranco]

Automatically approved by gstraccini[bot]