chore(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@types/node (source)	24.10.0 → 24.10.9					devDependencies	patch
@typescript-eslint/eslint-plugin (source)	8.46.3 → 8.54.0					devDependencies	minor
@typescript-eslint/parser (source)	8.46.3 → 8.54.0					devDependencies	minor
actions/checkout	v5.0.0 → v6.0.2					action	major
actions/dependency-review-action	v4.8.1 → v4.8.2					action	patch
actions/setup-node	v6.0.0 → v6.2.0					action	minor
eslint (source)	9.39.1 → 9.39.2					devDependencies	patch
github/codeql-action	v4.31.2 → v4.32.0					action	minor
lint-staged	16.2.6 → 16.2.7					devDependencies	patch
prettier (source)	3.6.2 → 3.8.1					devDependencies	minor
rimraf	6.1.0 → 6.1.2					devDependencies	patch
vitest (source)	4.0.7 → 4.0.18					devDependencies	patch

---

Release Notes

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.54.0

Compare Source

🚀 Features

• eslint-plugin-internal: add prefer-tsutils-methods rule (#​11974, #​11625)
• typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#​11965, #​11955)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#​11967, #​11559)
• deps: update dependency prettier to v3.8.0 (#​11991)
• scope-manager: fix catch clause scopes def.name (#​11982)
• eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#​11785)

❤️ Thank You

• Brad Zacher @​bradzacher
• Josh Goldberg
• MinJae @​Ju-MINJAE
• Minyeong Kim @​minyeong981
• overlookmotel
• Yuya Yoshioka @​YuyaYoshioka
• 김현수 @​Kimsoo0119

You can read about our versioning strategy and releases on our website.

v8.53.1

Compare Source

🩹 Fixes

• utils: make RuleCreator root defaultOptions optional (#​11956)
• eslint-plugin: [consistent-indexed-object-style] skip fixer if interface is a default export (#​11951)

❤️ Thank You

• Cameron
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.53.0

Compare Source

🚀 Features

• eslint-plugin: add rule [strict-void-return] (#​9707)
• eslint-plugin: [no-unused-vars] add a fixer to remove unused imports (#​11922)

🩹 Fixes

• eslint-plugin: [no-useless-default-assignment] fix false positive for parameters corresponding to a rest parameter (#​11916)
• eslint-plugin: replace unclear "error typed" with more helpful description (#​11704)
• typescript-estree: forbid invalid extends and implements in interface declaration (#​11935)
• typescript-estree: forbid invalid class implements (#​11934)
• typescript-estree: forbid type-only import with both default and named specifiers (#​11930)

❤️ Thank You

• Brad Zacher @​bradzacher
• fisker Cheung @​fisker
• Josh Goldberg
• Josh Goldberg ✨
• Kirk Waiblinger
• Niki @​phaux
• Nikita
• SungHyun627 @​SungHyun627
• Will Harney @​wjhsf

You can read about our versioning strategy and releases on our website.

v8.52.0

Compare Source

🚀 Features

• eslint-plugin-internal: [no-multiple-lines-of-errors] add rule (#​11899)

🩹 Fixes

• eslint-plugin: [no-base-to-string] detect @​@​toPrimitive and valueOf (#​11901)
• eslint-plugin: [no-useless-default-assignment] handle conditional initializer (#​11908)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

v8.51.0

Compare Source

🚀 Features

• eslint-plugin: add namespace to plugin meta (#​11885)
• eslint-plugin: [no-useless-default-assignment] fix some cases to optional syntax (#​11871)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] handle MemberExpression in final chain position (#​11835)
• eslint-plugin: bump ts-api-utils to 2.2.0 (#​11881)
• eslint-plugin: remove fixable from no-dynamic-delete rule (#​11876)
• eslint-plugin: fix crash and false positives in no-useless-default-assignment (#​11845)

❤️ Thank You

• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ulrich Stark
• Yannick Decat @​mho22

You can read about our versioning strategy and releases on our website.

v8.50.1

Compare Source

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] correct handling of undefined vs. void (#​11826)
• eslint-plugin: [method-signature-style] ignore methods that return this (#​11813)

❤️ Thank You

• Josh Goldberg ✨
• Tamashoo @​Tamashoo

You can read about our versioning strategy and releases on our website.

v8.50.0

Compare Source

🚀 Features

• eslint-plugin: [no-useless-default-assignment] add rule (#​11720)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

v8.49.0

Compare Source

🚀 Features

• eslint-plugin: use Intl.Segmenter instead of graphemer (#​11804)

🩹 Fixes

• deps: update dependency prettier to v3.7.2 (#​11820)

❤️ Thank You

• Justin McBride
• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

v8.48.1

Compare Source

🩹 Fixes

• eslint-plugin: [restrict-template-expressions] check base types in allow list (#​11764, #​11759)
• eslint-plugin: honor ignored base types on generic classes (#​11767)
• eslint-plugin: [consistent-type-exports] check value flag before resolving alias (#​11769)

❤️ Thank You

• Josh Goldberg
• OleksandraKordonets
• SangheeSon @​Higangssh
• tao

You can read about our versioning strategy and releases on our website.

v8.48.0

Compare Source

🚀 Features

• eslint-plugin: [no-redundant-type-constituents] use assignability checking for redundancy checks (#​10744)

🩹 Fixes

• typescript-estree: disallow binding patterns in parameter properties (#​11760)
• eslint-plugin: [consistent-generic-constructors] ignore when constructor is typed array (#​10477)

❤️ Thank You

• Dima Barabash @​dbarabashh
• JamesHenry @​JamesHenry
• Josh Goldberg
• mdm317 @​gen-ip-1

You can read about our versioning strategy and releases on our website.

v8.47.0

Compare Source

🚀 Features

• eslint-plugin: [no-unused-private-class-members] new extension rule (#​10913)

❤️ Thank You

• Brad Zacher @​bradzacher

You can read about our versioning strategy and releases on our website.

v8.46.4

Compare Source

🩹 Fixes

• parser: error when both projectService and project are set (#​11333)
• eslint-plugin: handle override modifier in promise-function-async fixer (#​11730)
• eslint-plugin: [no-deprecated] fix double-report on computed literal identifiers (#​11006, #​10958)

❤️ Thank You

• Evgeny Stepanovych @​undsoft
• Kentaro Suzuki @​sushichan044
• Maria Solano @​MariaSolOs

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.54.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.53.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.53.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.52.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.51.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.50.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.50.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.49.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.48.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.48.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.47.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.46.4

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

actions/dependency-review-action (actions/dependency-review-action)

v4.8.2

Compare Source

Minor fixes:

• Fix PURL parsing for scoped packages (#​1008 from @​danielhardej)
• Fix for large summaries (#​1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#​1009 from @​danielhardej)

actions/setup-node (actions/setup-node)

v6.2.0

Compare Source

v6.1.0

Compare Source

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in #​1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in #​1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in #​1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in #​1419

Full Changelog: actions/setup-node@v6...v6.1.0

eslint/eslint (eslint)

v9.39.2

Compare Source

github/codeql-action (github/codeql-action)

v4.32.0

Compare Source

v4.31.11

Compare Source

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #​3409
• Improved error handling throughout the CodeQL Action. #​3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #​3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #​3403

v4.31.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #​3393

See the full CHANGELOG.md for more information.

v4.31.9

Compare Source

v4.31.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #​3354

See the full CHANGELOG.md for more information.

v4.31.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #​3343

See the full CHANGELOG.md for more information.

v4.31.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #​3321

See the full CHANGELOG.md for more information.

v4.31.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #​3288

See the full CHANGELOG.md for more information.

lint-staged/lint-staged (lint-staged)

v16.2.7

Compare Source

Patch Changes

• #​1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

prettier/prettier (prettier)

v3.8.1

Compare Source

v3.8.0

Compare Source

diff

🔗 Release note

v3.7.4

Compare Source

diff

LWC: Avoid quote around interpolations (#​18383 by @​kovsu)

<!-- Input -->
<div foo={bar}>   </div>

<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>

<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#​18393 by @​fisker)

// Input
type Foo = (/** comment */ a | b) | c;

// Prettier 3.7.3
type Foo = /** comment */ (/** comment */ a | b) | c;

// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;

TypeScript: Fix unstable comment print in union type comments (#​18395 by @​fisker)

// Input
type X = (A | B) & (
  // comment
  A | B
);

// Prettier 3.7.3 (first format)
type X = (A | B) &
  (// comment
  A | B);

// Prettier 3.7.3 (second format)
type X = (
  | A
  | B // comment
) &
  (A | B);

// Prettier 3.7.4
type X = (A | B) &
  // comment
  (A | B);

v3.7.3

Compare Source

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#​18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

v3.7.2

Compare Source

diff

JavaScript: Fix string print when switching quotes (#​18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")

// Prettier 3.7.1
console.log('A descriptor\\'s .kind must be "method" or "field".');

// Prettier 3.7.2
console.log('A descriptor\\\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#​18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

// Prettier 3.7.1
const html = /* HTML */ ` <div class=${styles.banner}></div> `;

// Prettier 3.7.2
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;

TypeScript: Fix comment in empty type literal (#​18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};

// Prettier 3.7.1
export type XXX = { // tbd };

// Prettier 3.7.2
export type XXX = {
  // tbd
};

v3.7.1

Compare Source

diff

API: Fix performance regression in doc printer (#​18342 by @​fisker)

Prettier 3.7.1 can be very slow when formatting big files, the regression has been fixed.

v3.7.0

Compare Source

diff

🔗 Release Notes

isaacs/rimraf (rimraf)

v6.1.2

Compare Source

v6.1.1

Compare Source

vitest-dev/vitest (vitest)

v4.0.18

Compare Source

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in #​9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in #​9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in #​9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in #​9472 (22543)

    View changes on GitHub

v4.0.17

Compare Source

   🚀 Features

• Support openTelemetry for browser mode  -  by @​hi-ogawa in #​9180 (1ec3a)
• Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation  -  by @​Copilot, hi-ogawa and @​hi-ogawa in #​9295 (876cb)

   🐞 Bug Fixes

• Improve asymmetric matcher diff readability by unwrapping container matchers  -  by @​Copilot, sheremet-va, hi-ogawa and @​hi-ogawa in #​9330 (b2ec7)
• Improve runner error when importing outside of test context  -  by @​sheremet-va in #​9335 (2dd3d)
• Replace crypto.randomUUID to allow insecure environments (fix #​9…  -  by @​plusgut in #​9339 and #​9 (e6a3f)
• Handle null options in addEventHandler #​9371  -  by @​ThibautMarechal in #​9372 and #​9371 (40841)
• Typo in browser.provider error  -  by @​deammer in #​9394 (4b67f)
• browser:
  • Fix process.env and import.meta.env defines in inline project  -  by @​hi-ogawa in #​9239 (b70c9)
  • Fix upload File instance  -  by @​hi-ogawa in #​9294 (b6778)
  • Fix invalid project token for artifacts assets  -  by @​hi-ogawa in #​9321 (caa7d)
  • Log ErrorEvent.message when unhandled ErrorEvent.error is null  -  by @​hi-ogawa in #​9322 (5d84e)
  • Support fileParallelism on an instance  -  by @​sheremet-va in #​9328 (15006)
• coverage:
  • Remove unnecessary istanbul-lib-source-maps usage  -  by @​AriPerkkio in #​9344 (b0940)
  • Apply patch from istanbuljs/istanbuljs#837  -  by @​AriPerkkio and sapphi-red in #​9413 and #​837 (e05ce)
• fsModuleCache:
  • Don't store importers in cache  -  by @​sheremet-va in #​9422 (75136)
  • Add importers alongside importedModules  -  by @​sheremet-va in #​9423 (59f92)
• mocker:
  • Fix mock transform with class  -  by @​hi-ogawa in #​9421 (d390e)
• pool:
  • Validate environment options when reusing the worker  -  by @​sheremet-va in #​9349 (a8a88)
  • Handle worker start failures gracefully  -  by @​AriPerkkio in #​9337 (200da)
• reporter:
  • Report test module if it failed to run  -  by @​sheremet-va in #​9272 (c7888)
• runner:
  • Respect nested test.only within describe.only  -  by @​Ujjwaljain16 in #​9021 and #​9213 (55d5d)
• typecheck:
  • Improve error message when tsc outputs help text  -  by @​Ujjwaljain16 in #​9214 (7b10a)
• ui:
  • Detect gzip by magic numbers instead of Content-Type header in html reporter  -  by @​Copilot, hi-ogawa and @​hi-ogawa in #​9278 (dd033)
• webdriverio:
  • Fall back to WebDriver Classic #​9244  -  by @​JustasMonkev in #​9373 and #​9244 (c23dd)

    View changes on GitHub

v4.0.16

Compare Source

   🐞 Bug Fixes

• Fix browser mode default testTimeout back to 15 seconds  -  by @​hi-ogawa in #​9167 (da0ad)
• Avoid crashing on process.versions stub  -  by @​AriPerkkio in #​9174 (78cfb)
• Reject calling suite function inside test  -  by @​hi-ogawa in #​9198 (1a259)
• Allow inlining fully dynamic import  -  by [@​

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​typescript-eslint/​parser@​8.46.3 ⏵ 8.54.0
	vitest@​4.0.7 ⏵ 4.0.18	-1		+1
	@​typescript-eslint/​eslint-plugin@​8.46.3 ⏵ 8.54.0			+1
	@​types/​node@​24.10.0 ⏵ 24.10.9	+1		+1
	rimraf@​6.1.0 ⏵ 6.1.2				-3
	lint-staged@​16.2.6 ⏵ 16.2.7				-5
	prettier@​3.6.2 ⏵ 3.8.1	-3		+1
	eslint@​9.39.1 ⏵ 9.39.2	+4			+2

View full report