Skip to content

chore(deps-dev): bump eslint from 8.57.1 to 9.38.0#144

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/eslint-9.38.0
Closed

chore(deps-dev): bump eslint from 8.57.1 to 9.38.0#144
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/eslint-9.38.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 20, 2025

Bumps eslint from 8.57.1 to 9.38.0.

Release notes

Sourced from eslint's releases.

v9.38.0

Features

  • ce40f74 feat: update complexity rule to only highlight function header (#20048) (Atul Nair)
  • e37e590 feat: correct no-loss-of-precision false positives with e notation (#20187) (Francesco Trotta)

Bug Fixes

  • 50c3dfd fix: improve type support for isolated dependencies in pnpm (#20201) (Francesco Trotta)
  • a1f06a3 fix: correct SourceCode typings (#20114) (Pixel998)

Documentation

  • 462675a docs: improve web accessibility by hiding non-semantic character (#20205) (루밀LuMir)
  • c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#20203) (루밀LuMir)
  • b39e71a docs: Update README (GitHub Actions Bot)
  • cd39983 docs: move custom-formatters type descriptions to nodejs-api (#20190) (Percy Ma)

Chores

  • d17c795 chore: upgrade @​eslint/js@​9.38.0 (#20221) (Milos Djermanovic)
  • 25d0e33 chore: package.json update for @​eslint/js release (Jenkins)
  • c82b5ef refactor: Use types from @​eslint/core (#20168) (Nicholas C. Zakas)
  • ff31609 ci: add Node.js 25 to ci.yml (#20220) (루밀LuMir)
  • 004577e ci: bump github/codeql-action from 3 to 4 (#20211) (dependabot[bot])
  • eac71fb test: remove use of nodejsScope option of eslint-scope from tests (#20206) (Milos Djermanovic)
  • 4168a18 chore: fix typo in legacy-eslint.js (#20202) (Sweta Tanwar)
  • 205dbd2 chore: fix typos (#20200) (ntnyq)
  • dbb200e chore: use team member's username when name is not available in data (#20194) (Milos Djermanovic)
  • 8962089 chore: mark deprecated rules as available until v11.0.0 (#20184) (Pixel998)

v9.37.0

Features

  • 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
  • f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

  • a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
  • 09e04fc fix: add missing AST token types (#20172) (Pixel998)
  • 861c6da fix: correct ESLint typings (#20122) (Pixel998)

Documentation

  • b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
  • 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
  • 29ea092 docs: Update README (GitHub Actions Bot)
  • 5c97a04 docs: show availableUntil in deprecated rule banner (#20170) (Pixel998)
  • 90a71bf docs: update README files to add badge and instructions (#20115) (루밀LuMir)
  • 1603ae1 docs: update references from master to main (#20153) (루밀LuMir)

Chores

  • afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
  • abee4ca chore: package.json update for @​eslint/js release (Jenkins)
  • fc9381f chore: fix typos in comments (#20175) (overlookmotel)
  • e1574a2 chore: unpin jiti (#20173) (renovate[bot])

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump eslint from 8.57.1 to 9.38.0
d137520 
Bumps [eslint](https://github.com/eslint/eslint) from 8.57.1 to 9.38.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v8.57.1...v9.38.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Oct 20, 2025
@dependabot dependabot bot mentioned this pull request Oct 20, 2025
Closed
@coderabbitai
Copy link

coderabbitai bot commented Oct 20, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security
Copy link

socket-security bot commented Oct 20, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedeslint@​9.38.09710010096100

View full report

@socket-security
Copy link

socket-security bot commented Oct 20, 2025

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
safer-buffer@2.1.2 has Obfuscated code.

Confidence: 0.94

Location: Package overview

From: ?npm/@rc-component/np@1.0.4npm/safer-buffer@2.1.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 3, 2025

Superseded by #145.

@dependabot dependabot bot closed this Nov 3, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/eslint-9.38.0 branch November 3, 2025 23:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants