Skip to content

Bump the npm group with 4 updates#2113

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm-2162dba2c8
Mar 25, 2026
Merged

Bump the npm group with 4 updates#2113
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm-2162dba2c8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 25, 2026

Bumps the npm group with 4 updates: eslint, pnpm, brace-expansion and electron-to-chromium.

Updates eslint from 9.39.4 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

  • ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
  • 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

  • 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
  • e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

  • b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
  • 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
  • 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
  • 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
  • e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
  • 7f10d84 docs: Update README (GitHub Actions Bot)
  • aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
  • a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

  • a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)
  • 1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)
  • c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652) (renovate[bot])
  • cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])
  • 2ce4635 chore: update dependency @​eslint/json to v1 (#20649) (renovate[bot])
  • f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])
  • dbb4c95 chore: remove trunk (#20478) (sethamus)
  • c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)
  • c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])
  • 07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)
  • 079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)
  • 5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)
  • f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])

v10.0.3

Bug Fixes

  • e511b58 fix: update eslint (#20595) (renovate[bot])
  • f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)
  • ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

  • 9fc31b0 docs: Update README (GitHub Actions Bot)
  • 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)
  • 23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)
  • 80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)
  • 9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)
  • e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

  • ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)

... (truncated)

Commits

Updates pnpm from 10.32.1 to 10.33.0

Release notes

Sourced from pnpm's releases.

pnpm 10.33

Minor Changes

  • Added a new dedupePeers setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (name@version) instead of full dep paths, eliminating nested suffixes like (foo@1.0.0(bar@2.0.0)). This dramatically reduces the number of package instances in projects with many recursive peer dependencies #11070.

Patch Changes

  • Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior.

  • When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.

  • Fixed intermittent failures when multiple pnpm dlx calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates enableGlobalVirtualStore through the install pipeline.

  • Fixed handling of non-string version selectors in hoistPeers, preventing invalid peer dependency specifiers.

  • Improve the non-interactive modules purge error hint to include the confirmModulesPurge=false workaround.

    When pnpm needs to recreate node_modules but no TTY is available, the error now suggests either setting CI=true or disabling the purge confirmation prompt via confirmModulesPurge=false.

    Adds a regression test for the non-TTY flow.

  • Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for --filter contexts where the command runs in a different package directory.

  • When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions.

  • Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.33.0

Minor Changes

  • Added a new dedupePeers setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (name@version) instead of full dep paths, eliminating nested suffixes like (foo@1.0.0(bar@2.0.0)). This dramatically reduces the number of package instances in projects with many recursive peer dependencies #11070.

Patch Changes

  • Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior.

  • When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.

  • Fixed intermittent failures when multiple pnpm dlx calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates enableGlobalVirtualStore through the install pipeline.

  • Fixed handling of non-string version selectors in hoistPeers, preventing invalid peer dependency specifiers.

  • Improve the non-interactive modules purge error hint to include the confirmModulesPurge=false workaround.

    When pnpm needs to recreate node_modules but no TTY is available, the error now suggests either setting CI=true or disabling the purge confirmation prompt via confirmModulesPurge=false.

    Adds a regression test for the non-TTY flow.

  • Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for --filter contexts where the command runs in a different package directory.

  • When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions.

  • Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

Commits
  • be07631 chore(release): 10.33.0
  • cb17c44 fix(dlx): fix race conditions in parallel dlx calls sharing
  • See full diff in compare view

Updates brace-expansion from 5.0.4 to 5.0.5

Commits

Updates electron-to-chromium from 1.5.322 to 1.5.325

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for electron-to-chromium since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm group with 4 updates
ff1482f 
Bumps the npm group with 4 updates: [eslint](https://github.com/eslint/eslint), [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [electron-to-chromium](https://github.com/Kilian/electron-to-chromium).


Updates `eslint` from 9.39.4 to 10.1.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.4...v10.1.0)

Updates `pnpm` from 10.32.1 to 10.33.0
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/v10.33.0/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.33.0/pnpm)

Updates `brace-expansion` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v5.0.4...v5.0.5)

Updates `electron-to-chromium` from 1.5.322 to 1.5.325
- [Changelog](https://github.com/Kilian/electron-to-chromium/blob/main/CHANGELOG.md)
- [Commits](Kilian/electron-to-chromium@v1.5.322...v1.5.325)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: pnpm
  dependency-version: 10.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: brace-expansion
  dependency-version: 5.0.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: electron-to-chromium
  dependency-version: 1.5.325
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 25, 2026
@github-actions github-actions bot enabled auto-merge (squash) March 25, 2026 14:33
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 25, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
github-oauth-example Error Error Mar 25, 2026 2:33pm

@github-actions github-actions bot merged commit 86b654b into main Mar 25, 2026
5 of 6 checks passed
@github-actions github-actions bot deleted the dependabot/npm_and_yarn/npm-2162dba2c8 branch March 25, 2026 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@poad poad

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@poad