build(deps-dev): bump @eslint/js from 9.39.2 to 10.0.1#1497
build(deps-dev): bump @eslint/js from 9.39.2 to 10.0.1#1497dependabot[bot] wants to merge 1 commit intodevelopfrom
Conversation
dependabot
bot
added
Changed
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.39.2 to 10.0.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/commits/HEAD/packages/js) --- updated-dependencies: - dependency-name: "@eslint/js" dependency-version: 10.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/eslint/js-10.0.1
branch
from
43a4836 to
c806674
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "@commitlint/config-conventional": "^20.4.1", | ||
| "@eslint/eslintrc": "^3.3.3", | ||
| "@eslint/js": "^9.39.2", | ||
| "@eslint/js": "^10.0.1", |
There was a problem hiding this comment.
Incompatible major version bump without matching eslint upgrade
High Severity
@eslint/js is bumped to ^10.0.1 while eslint remains at ^9.39.2. The v10 package declares a peer dependency on eslint: ^10.0.0. The ESLint config (eslint.config.mjs) imports js.configs.recommended from the top-level @eslint/js v10, but the ESLint v9 engine runs the linting. The v10 recommended config was significantly updated and may reference rules or options unavailable in v9, likely causing lint failures at runtime.
Bumps @eslint/js from 9.39.2 to 10.0.1.
Release notes
Sourced from
@eslint/js's releases.... (truncated)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Medium Risk
Dev-tooling-only change, but it is a major
@eslint/jsupgrade that updates Node engine expectations and introduces a peer dependency oneslint@^10, which could cause lint/config incompatibilities in CI.Overview
Updates the dev dependency
@eslint/jsfrom9.39.2to10.0.1inpackage.jsonand refreshespackage-lock.jsonaccordingly.The lockfile reflects
@eslint/jsv10 metadata changes (new Node engine range and optional peer dependency oneslint@^10) and adds a nested@eslint/js@9.39.2undereslintto satisfyeslint@9’s dependency tree.Written by Cursor Bugbot for commit c806674. This will update automatically on new commits. Configure here.