chore: bump the dev-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the dev-dependencies group with 10 updates in the / directory:

Package	From	To
@changesets/changelog-github	0.5.2	0.6.0
@changesets/cli	2.29.8	2.30.0
@types/node	20.19.30	25.5.0
c8	10.1.3	11.0.0
eslint	9.39.2	10.1.0
eslint-plugin-security	3.0.1	4.0.0
lint-staged	15.5.2	16.4.0
lockfile-lint	4.14.1	5.0.0
neostandard	0.11.9	0.13.0
typescript	5.9.3	6.0.2

Updates @changesets/changelog-github from 0.5.2 to 0.6.0

Release notes

Sourced from @​changesets/changelog-github's releases.

@​changesets/changelog-github@​0.6.0

Minor Changes

• #1850 fd0bc2e Thanks @​mixelburg! - Linkify issue references in changelog entries.

Patch Changes

• #1810 27fd8f4 Thanks @​hirasso! - Replace deprecated String.prototype.trimRight with String.prototype.trimEnd

• Updated dependencies [d4b8ad8, e462d89]:

  • @​changesets/get-github-info@​0.8.0

Commits

• 3ab4d89 Version Packages (#1817)
• 1772598 Fix changelog entry insertion when no package title is present in the `CHANGE...
• 6df3a5e Allow versioned private packages to depend on skipped packages without requir...
• 2a73025 Fix confusing 'Question-2' prompt label when using external editor (#1857)
• 667fe5a Support ESM for custom changelog and commit options (#1774)
• e462d89 Add scopes automatically in the GitHub new token link in the printed error me...
• 503fcaa Support absolute paths in status output flag (#1776)
• d4b8ad8 Improve error messages when fetching from GitHub api (#1781)
• ece0376 Improve baseBranch docs (#1778)
• 0e8e01e Allow Changesets to be executed from non-root directories (#1806)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​changesets/changelog-github since your current version.

Updates @changesets/cli from 2.29.8 to 2.30.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.30.0

Minor Changes

• #1840 057cca2 Thanks @​wotan-allfather! - Add --since flag to add command

  The add command now supports a --since flag that allows you to specify which branch, tag, or git ref to use when detecting changed packages. This is useful for gitflow workflows where you have multiple target branches and the baseBranch config option doesn't cover all use cases.

  Example: changeset add --since=develop

  If not provided, the command falls back to the baseBranch value in your .changeset/config.json.

• #1845 2b4a66a Thanks @​Andarist! - Delegate OTP prompting to the package manager instead of handling it in-process. This allows Changesets to use the package manager's native web auth support.

• #1774 667fe5a Thanks @​bluwy! - Support importing custom commit option ES module. Previously, it used require() which only worked for CJS modules, however now it uses import() which supports both CJS and ES modules.

• #1839 73b1809 Thanks @​leochiu-a! - Add a --message (-m) flag to changeset add (and default changeset) so the changeset summary can be provided from the command line. When --message is present, the summary prompt is skipped while the final confirmation step is kept.

• #1806 0e8e01e Thanks @​luisadame! - Changeset CLI can now be run from the nested directories in the project, where the .changeset directory has to be found in one of the parent directories

Patch Changes

• #1849 9dc3230 Thanks @​Andarist! - Compute the terminal's size lazily to avoid spurious stderr output in non-interactive mode

• #1857 2a73025 Thanks @​mixelburg! - Fix confusing prompt labels when entering changeset summary after external editor fallback

• #1842 6df3a5e Thanks @​RodrigoHamuy! - Allow private packages to depend on skipped packages without requiring them to also be skipped. Private packages are not published to npm, so it is safe for them to have dependencies on ignored or unversioned packages.

• #1776 503fcaa Thanks @​bluwy! - Support absolute paths in changeset status --output <path>

• Updated dependencies [667fe5a, 1772598, b6f4c74, 6df3a5e, 6df3a5e, 27fd8f4]:

  • @​changesets/apply-release-plan@​7.1.0
  • @​changesets/config@​3.1.3
  • @​changesets/get-release-plan@​4.0.15
  • @​changesets/read@​0.6.7

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​changesets/cli since your current version.

Updates @types/node from 20.19.30 to 25.5.0

Commits

• See full diff in compare view

Updates c8 from 10.1.3 to 11.0.0

Release notes

Sourced from c8's releases.

v11.0.0

11.0.0 (2026-02-22)

⚠ BREAKING CHANGES

• deps: transitive deps require 20 || >=22

Bug Fixes

• deps: pull newer minimatch addressing CVE-2026-26996 (#576) (678eeca)

Changelog

Sourced from c8's changelog.

11.0.0 (2026-02-22)

⚠ BREAKING CHANGES

• deps: transitive deps require 20 || >=22

Bug Fixes

• deps: pull newer minimatch addressing CVE-2026-26996 (#576) (678eeca)

Commits

• ce78df4 chore(main): release 11.0.0 (#577)
• 678eeca fix(deps)!: pull newer minimatch addressing CVE-2026-26996 (#576)
• ec4c5e4 chore: .editorconfig to avoid unintended mods to .snap files (#556)
• See full diff in compare view

Updates eslint from 9.39.2 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
• 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

• 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
• e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

• b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
• 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
• 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
• 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
• e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
• 7f10d84 docs: Update README (GitHub Actions Bot)
• aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
• a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652) (renovate[bot])
• cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649) (renovate[bot])
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])
• dbb4c95 chore: remove trunk (#20478) (sethamus)
• c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)
• c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])
• 07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)
• 079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)
• 5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)
• f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])

v10.0.3

Bug Fixes

• e511b58 fix: update eslint (#20595) (renovate[bot])
• f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)
• ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

• 9fc31b0 docs: Update README (GitHub Actions Bot)
• 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)
• 23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)
• 80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)
• 9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)
• e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

• ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)

... (truncated)

Commits

• 8351ec7 10.1.0
• 3270bc1 Build: changelog update for 10.1.0
• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652)
• cc43f79 chore: update dependency c8 to v11 (#20650)
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649)
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646)
• dbb4c95 chore: remove trunk (#20478)
• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638)
• Additional commits viewable in compare view

Updates eslint-plugin-security from 3.0.1 to 4.0.0

Release notes

Sourced from eslint-plugin-security's releases.

eslint-plugin-security: v4.0.0

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
• switch the recommended config to flat (#118)

Features

• add config recommended-legacy (#132) (13d3f2f)
• Add meta object documentation for all rules (#79) (fb1d9ef)
• detect-bidi-characters rule (#95) (4294d29)
• detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
• extend detect non literal fs filename (#92) (08ba476)
• improve detect-child-process rule (#108) (64ae529)
• non-literal-require: support template literals (#81) (208019b)
• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
• switch the recommended config to flat (#118) (e20a366)

Bug Fixes

• Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
• add name to recommended flat config (#161) (aa1c8c5)
• Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
• Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
• detect-child-process: false positive for destructuring with exec (#102) (657921a)
• detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
• Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
• Ensure everything works with ESLint v9 (#145) (ac50ab4)
• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
• generate provenance statement for release (#168) (eb3ee9c)
• Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
• release-please config (#189) (2443d10)

Changelog

Sourced from eslint-plugin-security's changelog.

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
• switch the recommended config to flat (#118)

Features

• add config recommended-legacy (#132) (13d3f2f)
• Add meta object documentation for all rules (#79) (fb1d9ef)
• detect-bidi-characters rule (#95) (4294d29)
• detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
• extend detect non literal fs filename (#92) (08ba476)
• improve detect-child-process rule (#108) (64ae529)
• non-literal-require: support template literals (#81) (208019b)
• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
• switch the recommended config to flat (#118) (e20a366)

Bug Fixes

• Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
• add name to recommended flat config (#161) (aa1c8c5)
• Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
• Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
• detect-child-process: false positive for destructuring with exec (#102) (657921a)
• detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
• Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
• Ensure everything works with ESLint v9 (#145) (ac50ab4)
• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
• generate provenance statement for release (#168) (eb3ee9c)
• Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
• release-please config (#189) (2443d10)

Commits

• 4b734af chore: release 4.0.0 🚀 (#192)
• 2443d10 fix: release-please config (#189)
• ee73862 chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#187)
• ca182d1 chore(deps): bump serialize-javascript and mocha (#184)
• 7f9ee77 fix: Add ESLint 10 compatibility for context.sourceCode API change (#186)
• 99032c3 ci: trusted publishing (#180)
• 5e096f2 ci(ci): add node 24 to test matrix (#176)
• e060aeb ci: migrate to manifest config (#173)
• fc0af81 chore(.eslint-doc-generatorrc): add missing 'use strict' directive (#170)
• f6a29ef chore(package): explicitly declare js module type (#171)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-security since your current version.

Updates lint-staged from 15.5.2 to 16.4.0

Release notes

Sourced from lint-staged's releases.

v16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

v16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

v16.2.7

Patch Changes

• #1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

v16.2.6

Patch Changes

• #1693 33d4502 Thanks @​Adrian-Baran-GY! - Fix problems with --continue-on-error option, where tasks might have still been killed (SIGINT) when one of them failed.

v16.2.5

Patch Changes

• #1687 9e02d9d Thanks @​iiroj! - Fix unhandled promise rejection when spawning tasks (instead of the tasks themselves failing). Previously when a task failed to spawn, lint-staged also failed and the backup stash might not have been automatically restored.

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

16.2.7

Patch Changes

• #1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

16.2.6

... (truncated)

Commits

• 445f9dd chore(changeset): release
• d91be60 docs: update readme to use picomatch
• b392a9f refactor: extract matchFiles and add unit tests
• 687fc90 refactor: replace micromatch with picomatch
• 26dadf9 chore(changeset): release
• 9d6e827 build(deps): update dependencies
• 8aea986 chore(changeset): release
• 0109e8d fix: strip Git CRLF warning from output
• dfd6a7a chore(changeset): release
• 2adaf6c fix(Windows): do not spawn tasks as detached since it opens a cmd window on ...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lint-staged since your current version.

Updates lockfile-lint from 4.14.1 to 5.0.0

Release notes

Sourced from lockfile-lint's releases.

lockfile-lint@5.0.0

Major Changes

• 00f595c7b9cad499b86cbc33c3e6492c3b131849 Thanks @​lirantal! - feat: support loading of ESM cosmiconfig files

Changelog

Sourced from lockfile-lint's changelog.

5.0.0

Major Changes

• 00f595c7b9cad499b86cbc33c3e6492c3b131849 Thanks @​lirantal! - feat: support loading of ESM cosmiconfig files

Commits

• 09dabb4 build: update for provenance release
• 3d62d47 chore: new release (#209)
• f65c7b2 feat: add ESM configuration file support (#208)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lockfile-lint since your current version.

Updates neostandard from 0.11.9 to 0.13.0

Release notes

Sourced from neostandard's releases.

v0.13.0

0.13.0 (2026-02-26)

⚠ BREAKING CHANGES

• Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#339)
• eslint-plugin-import-x is no longer included by default. Projects relying on import-x rules will need to manually install and configure eslint-plugin-import-x. See the "Adding back import checking" section in the README for migration instructions. As an alternative, we recommend using TypeScript's compiler (tsc --noEmit) for import validation, which provides more comprehensive checking.
• update dependency globals to v17 (#335)

🌟 Features

• deps: update dependency globals to ^17.2.0 (#347) (66d504e)
• deps: update dependency typescript-eslint to ^8.54.0 (#348) (2cdd443)
• deps: update dependency typescript-eslint to ^8.56.0 (#357) (fe4ba92)
• remove eslint-plugin-import-x and related dependencies (#330) (248de35)
• Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#339) (ba575f3)
• update dependency globals to v17 (#335) (a856b81)

🩹 Fixes

• deps: update dependency eslint-plugin-n to ^17.23.2 (#303) (76d50ed)
• deps: update dependency find-up to v8 (#324) (d95b6e3)
• deps: update dependency globals to ^17.3.0 (#351) (94ab3ce)
• deps: update dependency peowly to ^1.3.3 (#356) (b873608)
• deps: update dependency typescript-eslint to ^8.53.1 (#322) (6beb36b)

🧹 Chores

• properly apply filter (#336) (bd1ad55)

v0.12.2

0.12.2 (2025-07-04)

🩹 Fixes

• deps: update dependency eslint-plugin-n to ^17.20.0 (

[dependabot]

Labels

The following labels could not be found: automerge. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.