Skip to content

deps(ts): bump eslint from 10.2.1 to 10.4.1 in /frontend#80

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/frontend/eslint-10.4.1
Closed

deps(ts): bump eslint from 10.2.1 to 10.4.1 in /frontend#80
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/frontend/eslint-10.4.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 30, 2026

Copy link
Copy Markdown
Contributor

Bumps eslint from 10.2.1 to 10.4.1.

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

  • e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
  • d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
  • f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
  • c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
  • 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

  • 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
  • 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
  • 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
  • 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
  • c91b041 docs: Update README (GitHub Actions Bot)
  • e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

  • b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
  • f78838b test: add CodePath type coverage (#20904) (Pixel998)
  • 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
  • 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
  • 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
  • 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
  • b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
  • a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
  • b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
  • 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
  • 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
  • df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
  • 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
  • f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
  • 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

v10.4.0

Features

  • 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
  • 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

  • 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
  • 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
  • f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

  • 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
  • db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
  • 9084664 docs: Update README (GitHub Actions Bot)
  • 9cc7387 docs: Update README (GitHub Actions Bot)
  • 3d7b548 docs: Update README (GitHub Actions Bot)
  • 191ec3c docs: Update README (GitHub Actions Bot)

... (truncated)

Commits
  • 4a3d15a 10.4.1
  • 43e7e2b Build: changelog update for 10.4.1
  • e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
  • b0e466b test: add data property to invalid tests cases for rules (#20924)
  • d4ce898 fix: propagate failures from delegated commands (#20917)
  • f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
  • f78838b test: add CodePath type coverage (#20904)
  • 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
  • 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
  • 002942c ci: declare contents:read on update-readme workflow (#20919)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
deps(ts): bump eslint from 10.2.1 to 10.4.1 in /frontend
72c4654 
Bumps [eslint](https://github.com/eslint/eslint) from 10.2.1 to 10.4.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.2.1...v10.4.1)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.4.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 30, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, typescript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@pacphi

pacphi commented May 30, 2026

Copy link
Copy Markdown
Owner

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@pacphi pacphi mentioned this pull request Jun 15, 2026
Merged
@pacphi

pacphi commented Jun 15, 2026

Copy link
Copy Markdown
Owner

Superseded by #81, which consolidates this bump (latest-compatible) along with the other open Dependabot PRs into a single verified branch. Closing in favor of #81.

@pacphi pacphi closed this Jun 15, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/frontend/eslint-10.4.1 branch June 15, 2026 23:21
pacphi added a commit that referenced this pull request Jun 15, 2026
@pacphi
chore(deps): consolidate Dependabot PRs #70#80 + frontend security f…
f07aff7 
…ixes (#81)

* chore(deps): consolidate Dependabot PRs #70#80 + frontend security fixes

Consolidates 11 open Dependabot PRs into one branch as latest-compatible
within each existing major, regenerates both lockfiles once, and patches
5 frontend security advisories surfaced by `pnpm audit`.

Rust (cargo): openssl 0.10.79→0.10.80, reqwest 0.13.3→0.13.4,
http 1.4.0→1.4.1, uuid 1.23.1→1.23.2, sysinfo 0.39.2→0.39.3 (#70,#72,#75,#77,#79)
Docker: rust 1.95→1.96-bookworm (#71)
TS (frontend): react-router(-dom) 7.15.1→7.17.0, typescript-eslint 8.59.3→8.61.1,
@vitejs/plugin-react 6.0.1→6.0.2, eslint 10.2.1→10.5.0 (#73,#74,#76,#78,#80)

Security (pnpm audit): vite→8.0.16 (GHSA-fx2h-pf6j-xcff HIGH, GHSA-v6wh-96g9-6wx3),
js-yaml→4.2.0 (GHSA-h67p-54hq-rp68), brace-expansion→5.0.6 (GHSA-jxxr-4gwj-5jf2),
@babel/core≥7.29.6 (GHSA-4x5r-pxfx-6jf8) via pnpm.overrides.

Docs: bumped Rust toolchain references (1.95→1.96) in maintainer guide and
deployment doc to track the Dockerfile bump.

* chore(frontend): migrate to pnpm 11

Bumps the pinned package manager to pnpm 11.7.0 and updates every reference
following the existing toolchain-bump pattern (manifest, Docker, CI, docs).

- packageManager: pnpm@10.11.0 → pnpm@11.7.0 (CI's `corepack enable pnpm`
  reads this field, so the version propagates to all CI jobs automatically)
- frontend/Dockerfile.frontend: corepack prepare pnpm@11.7.0; COPY the new
  pnpm-workspace.yaml into the dev stage so the frozen install sees overrides
- Move `pnpm.overrides` out of package.json (pnpm 11 no longer reads that
  field) into frontend/pnpm-workspace.yaml, its new home
- Disable pnpm 11's default 24h minimumReleaseAge supply-chain delay
  (minimumReleaseAge: 0) to preserve pnpm 10 install behavior and keep CI
  deterministic on same-day Dependabot bumps
- README.md / maintainer-guide.md: pnpm 10+ → pnpm 11+ prerequisite

Lockfile unchanged — relocating overrides does not alter resolution. Full
frontend gate (frozen install, lint, tsc, prettier, test, build, audit) green
under pnpm 11.7.0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pacphi