Skip to content

build(deps): bump the npm-deps group with 10 updates#6242

Merged
FlowCryptRobot merged 4 commits into
masterfrom
dependabot/npm_and_yarn/npm-deps-a1773655a9
Jun 15, 2026
Merged

build(deps): bump the npm-deps group with 10 updates#6242
FlowCryptRobot merged 4 commits into
masterfrom
dependabot/npm_and_yarn/npm-deps-a1773655a9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-deps group with 10 updates:

Package From To
@zxcvbn-ts/core 3.0.4 4.1.1
@zxcvbn-ts/language-common 3.0.4 4.1.1
@zxcvbn-ts/language-en 3.0.2 4.1.0
dompurify 3.4.8 3.4.10
squire-rte 2.4.7 2.4.8
eslint 10.4.1 10.5.0
prettier 3.8.3 3.8.4
typescript-eslint 8.60.1 8.61.0
undici-types 8.4.0 8.4.1
web-ext 10.3.0 10.4.0

Updates @zxcvbn-ts/core from 3.0.4 to 4.1.1

Commits
  • f8a12a6 Publish
  • 5449f15 chore: Test to prevent build type issues (#321)
  • acf40cc fix(common): resolve issue with wrong type generation again (#320)
  • c6fc8a5 Publish
  • 0288760 chore: remove broken changelog
  • 809b7a3 Publish
  • c381ea3 feat: use wordSequences correctly as dictionary
  • e88226d feat: use wordSequences correctly as dictionary
  • 0c84a11 feat: use wordSequences correctly as dictionary
  • 211e2d9 docs: updated
  • Additional commits viewable in compare view

Updates @zxcvbn-ts/language-common from 3.0.4 to 4.1.1

Commits
  • f8a12a6 Publish
  • 5449f15 chore: Test to prevent build type issues (#321)
  • acf40cc fix(common): resolve issue with wrong type generation again (#320)
  • c6fc8a5 Publish
  • 0288760 chore: remove broken changelog
  • 809b7a3 Publish
  • c381ea3 feat: use wordSequences correctly as dictionary
  • e88226d feat: use wordSequences correctly as dictionary
  • 0c84a11 feat: use wordSequences correctly as dictionary
  • 211e2d9 docs: updated
  • Additional commits viewable in compare view

Updates @zxcvbn-ts/language-en from 3.0.2 to 4.1.0

Commits
  • c6fc8a5 Publish
  • 0288760 chore: remove broken changelog
  • 809b7a3 Publish
  • c381ea3 feat: use wordSequences correctly as dictionary
  • e88226d feat: use wordSequences correctly as dictionary
  • 0c84a11 feat: use wordSequences correctly as dictionary
  • 211e2d9 docs: updated
  • f02d892 docs: add fastify example
  • b34d1bf chore: readd ieff, it will be deleted in the 5.x.x
  • 1c0cc99 Publish
  • Additional commits viewable in compare view

Updates dompurify from 3.4.8 to 3.4.10

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.10

  • Refactored codebase for clarity: extracted the public type declarations into types.ts
  • Decomposed the three largest sanitizer functions into focused helpers
  • Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
  • Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
  • Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
  • Reduced CI cost by running the full three-engine browser suite once per PR
  • Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
  • Documented the bench and test:happydom scripts in the README
  • Completed the Attack Classes & Bypass History wiki page
  • Bumped several dependencies where possible

DOMPurify 3.4.9

  • Further improved the handling of Trusted Types config options, thanks @​offset
  • Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
  • Added more test coverage for IN_PLACE and Trusted Types related usage
  • Bumped several dependencies where possible
  • Updated README and wiki with more accurate documentation & attack samples
Commits

Updates squire-rte from 2.4.7 to 2.4.8

Changelog

Sourced from squire-rte's changelog.

[2.4.8] - 2026-06-09

Fixed

  • Infinite loop could be triggered on cut.
  • Cut/copy did not always add to the clipboard.
Commits

Updates eslint from 10.4.1 to 10.5.0

Release notes

Sourced from eslint's releases.

v10.5.0

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)

Chores

  • b18bf58 chore: update ecosystem plugins (#20959) (ESLint Bot)
  • c2d1444 refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)
  • 243b8c5 chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)
  • 217b2a9 test: add unit tests for ParserService (#20949) (Taejin Kim)
  • 72003e7 test: add location information to error messages in max-statements (#20945) (lumir)
  • 7797c26 refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)
  • 67c46fa chore: update ecosystem plugins (#20938) (ESLint Bot)
  • 95d8c7a chore: update dependency @​eslint/json to v2 (#20934) (renovate[bot])
  • cf9e496 chore: update @​arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)
  • fb6d396 test: run type tests with TypeScript 7 (#20868) (sethamus)
Commits

Updates prettier from 3.8.3 to 3.8.4

Release notes

Sourced from prettier's releases.

3.8.4

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.4

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a


b


c

d



<!-- Prettier 3.8.3 -->

a

b


c

d



<!-- Prettier 3.8.4 -->


a

b



c

d
Commits
  • 1c6ba55 Release 3.8.4
  • 4a673dc Fix blank lines between list items and nested sub-lists being removed in Mark...
  • 074aaed Replace main branch in changelog link with tags (#19054)
  • c22a003 Bump Prettier dependency to 3.8.3
  • 07bad1f Clean changelog_unreleased
  • See full diff in compare view

Updates typescript-eslint from 8.60.1 to 8.61.0

Release notes

Sourced from typescript-eslint's releases.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

  • ast-spec: change type of UnaryExpression.prefix to always true (#12372)
  • ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

🩹 Fixes

  • rule-schema-to-typescript-types: respect ECMAScript line terminators (#12374)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.61.0 (2026-06-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates undici-types from 8.4.0 to 8.4.1

Release notes

Sourced from undici-types's releases.

v8.4.1

What's Changed

New Contributors

Full Changelog: nodejs/undici@v8.4.0...v8.4.1

Commits
  • 04ebc71 Bumped v8.4.1 (#5392)
  • 89017ab docs: fix remaining broken links in API documentation (#5342)
  • cae3940 docs: fix multiple inaccuracies in API documentation (#5384)
  • 01e89e9 fix(client): reject pipelined TLS altname errors (#5373)
  • d03fb24 fix: handle paused parser on socket end (issue #5360) (#5389)
  • ee59da3 docs: fix code examples that crash at runtime and other inaccuracies (#5386)
  • 8464ab7 docs: add Getting Started guide (#5371)
  • ba12bb1 fix(dns): skip requests without origin (#5376)
  • c07a438 fix: prevent race condition between onEnd and onTrailers in HTTP/2 client (#5...
  • a8ea6f2 test: avoid localhost lookup in fetch cookies tests (#5363)
  • See full diff in compare view

Updates web-ext from 10.3.0 to 10.4.0

Release notes

Sourced from web-ext's releases.

10.4.0 (2026-06-12)

main changes

Dependency updates, mainly.

dependencies

  • Updated: dependency tmp to 0.2.7 (#3734)
  • Updated: dependency @babel/runtime to 7.29.7 (#3729)
  • Updated: dependency addons-linter to 10.7.0 (#3739)

dev dependencies

  • Updated: dependency @babel/cli to 7.29.7 (#3731)
  • Updated: dependency @babel/core to 7.29.7 (#3733)
  • Updated: dependency @babel/eslint-parser to 7.29.7 (#3730)
  • Updated: dependency @babel/preset-env to 7.29.7 (#3732)
  • Updated: dependency @babel/register to 7.29.7 (#3728)
  • Updated: dependency @commitlint/cli to 21.0.2 (#3737)
  • Updated: dependency @commitlint/config-conventional to 21.0.2 (#3736)
  • Updated: dependency mocha to 11.7.6 (#3726)
  • Updated: dependencies shell-quote and fx-runner (#3738)
Commits
  • 0ad2e8e 10.4.0
  • e3d3180 chore(deps): bump addons-linter to 10.7.0 (#3739)
  • e838620 chore(deps): bump shell-quote and fx-runner (#3738)
  • b0977e7 chore(deps-dev): bump @​commitlint/config-conventional from 21.0.1 to 21.0.2 (...
  • 0f3151c chore(deps-dev): bump @​commitlint/cli from 21.0.1 to 21.0.2 (#3737)
  • 799e35c chore(deps): bump tmp from 0.2.6 to 0.2.7 (#3734)
  • 92b179d chore(deps-dev): bump @​babel/eslint-parser from 7.28.6 to 7.29.7 (#3730)
  • be7b076 chore(deps-dev): bump @​babel/cli from 7.28.6 to 7.29.7 (#3731)
  • 197225a chore(deps-dev): bump @​babel/register from 7.29.3 to 7.29.7 (#3728)
  • 07d6954 chore(deps-dev): bump @​babel/preset-env from 7.29.5 to 7.29.7 (#3732)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the npm-deps group with 10 updates
748a397 
Bumps the npm-deps group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [@zxcvbn-ts/core](https://github.com/zxcvbn-ts/zxcvbn) | `3.0.4` | `4.1.1` |
| [@zxcvbn-ts/language-common](https://github.com/zxcvbn-ts/zxcvbn) | `3.0.4` | `4.1.1` |
| [@zxcvbn-ts/language-en](https://github.com/zxcvbn-ts/zxcvbn) | `3.0.2` | `4.1.0` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.4.8` | `3.4.10` |
| [squire-rte](https://github.com/neilj/Squire) | `2.4.7` | `2.4.8` |
| [eslint](https://github.com/eslint/eslint) | `10.4.1` | `10.5.0` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.8.4` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.60.1` | `8.61.0` |
| [undici-types](https://github.com/nodejs/undici) | `8.4.0` | `8.4.1` |
| [web-ext](https://github.com/mozilla/web-ext) | `10.3.0` | `10.4.0` |


Updates `@zxcvbn-ts/core` from 3.0.4 to 4.1.1
- [Changelog](https://github.com/zxcvbn-ts/zxcvbn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zxcvbn-ts/zxcvbn/compare/@zxcvbn-ts/core@3.0.4...@zxcvbn-ts/core@4.1.1)

Updates `@zxcvbn-ts/language-common` from 3.0.4 to 4.1.1
- [Changelog](https://github.com/zxcvbn-ts/zxcvbn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zxcvbn-ts/zxcvbn/compare/@zxcvbn-ts/language-common@3.0.4...@zxcvbn-ts/language-common@4.1.1)

Updates `@zxcvbn-ts/language-en` from 3.0.2 to 4.1.0
- [Changelog](https://github.com/zxcvbn-ts/zxcvbn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zxcvbn-ts/zxcvbn/compare/@zxcvbn-ts/language-en@3.0.2...@zxcvbn-ts/language-en@4.1.0)

Updates `dompurify` from 3.4.8 to 3.4.10
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.8...3.4.10)

Updates `squire-rte` from 2.4.7 to 2.4.8
- [Changelog](https://github.com/fastmail/Squire/blob/master/CHANGELOG.md)
- [Commits](https://github.com/neilj/Squire/commits)

Updates `eslint` from 10.4.1 to 10.5.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.4.1...v10.5.0)

Updates `prettier` from 3.8.3 to 3.8.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.3...3.8.4)

Updates `typescript-eslint` from 8.60.1 to 8.61.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.0/packages/typescript-eslint)

Updates `undici-types` from 8.4.0 to 8.4.1
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v8.4.0...v8.4.1)

Updates `web-ext` from 10.3.0 to 10.4.0
- [Release notes](https://github.com/mozilla/web-ext/releases)
- [Commits](mozilla/web-ext@10.3.0...10.4.0)

---
updated-dependencies:
- dependency-name: "@zxcvbn-ts/core"
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-deps
- dependency-name: "@zxcvbn-ts/language-common"
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-deps
- dependency-name: "@zxcvbn-ts/language-en"
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-deps
- dependency-name: dompurify
  dependency-version: 3.4.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: squire-rte
  dependency-version: 2.4.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: eslint
  dependency-version: 10.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: prettier
  dependency-version: 3.8.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: typescript-eslint
  dependency-version: 8.61.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: undici-types
  dependency-version: 8.4.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: web-ext
  dependency-version: 10.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 14, 2026
@dependabot dependabot Bot requested a review from sosnovsky as a code owner June 14, 2026 22:04
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 14, 2026
FlowCryptRobot
FlowCryptRobot previously approved these changes Jun 14, 2026
View reviewed changes
@FlowCryptRobot FlowCryptRobot enabled auto-merge (squash) June 14, 2026 22:04
@FlowCryptRobot FlowCryptRobot merged commit b835fe5 into master Jun 15, 2026
12 checks passed
@FlowCryptRobot FlowCryptRobot deleted the dependabot/npm_and_yarn/npm-deps-a1773655a9 branch June 15, 2026 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sosnovsky sosnovsky sosnovsky approved these changes

@FlowCryptRobot FlowCryptRobot FlowCryptRobot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sosnovsky @FlowCryptRobot