build(deps): bump the dependencies group across 1 directory with 20 updates

[dependabot]

Bumps the dependencies group with 18 updates in the /server directory:

Package	From	To
@sentry/node	10.38.0	10.53.1
@simplewebauthn/server	13.2.2	13.3.0
better-sqlite3	12.6.2	12.10.0
express-rate-limit	8.2.1	8.5.2
otplib	13.3.0	13.4.0
resend	6.9.2	6.12.3
tsx	4.21.0	4.22.0
uuid	13.0.0	14.0.0
yaml	2.8.2	2.9.0
@eslint/js	9.39.2	10.0.1
@types/node	25.2.3	25.8.0
@types/supertest	6.0.3	7.2.0
@typescript-eslint/eslint-plugin	8.55.0	8.59.3
@vitest/coverage-v8	4.0.18	4.1.6
dotenv	17.3.0	17.4.2
eslint	9.39.2	10.3.0
prettier	3.8.1	3.8.3
typescript	5.9.3	6.0.3

Updates @sentry/node from 10.38.0 to 10.53.1

Release notes

Sourced from @​sentry/node's releases.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

Bundle size 📦

Path	Size
@​sentry/browser	26.22 KB
@​sentry/browser - with treeshaking flags	24.69 KB
@​sentry/browser (incl. Tracing)	43.69 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.62 KB
@​sentry/browser (incl. Tracing, Profiling)	48.56 KB
@​sentry/browser (incl. Tracing, Replay)	82.4 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.99 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.33 KB
@​sentry/browser (incl. Feedback)	43 KB
@​sentry/browser (incl. sendFeedback)	30.92 KB
@​sentry/browser (incl. FeedbackAsync)	35.91 KB
@​sentry/browser (incl. Metrics)	27.27 KB
@​sentry/browser (incl. Logs)	27.42 KB
@​sentry/browser (incl. Metrics & Logs)	28.08 KB
@​sentry/react	27.92 KB
@​sentry/react (incl. Tracing)	45.9 KB
@​sentry/vue	31.01 KB
@​sentry/vue (incl. Tracing)	45.5 KB
@​sentry/svelte	26.24 KB
CDN Bundle	28.55 KB
CDN Bundle (incl. Tracing)	46.04 KB
CDN Bundle (incl. Logs, Metrics)	29.89 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.14 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.3 KB
CDN Bundle (incl. Tracing, Replay)	82.55 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.6 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.23 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.3 KB
CDN Bundle - uncompressed	83.97 KB
CDN Bundle (incl. Tracing) - uncompressed	138.12 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.07 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.5 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.97 KB

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

10.53.0

Important Changes

• feat(core): Add streamGenAiSpans options to stream gen_ai spans (#20785)

  Adds a new streamGenAiSpans option that controls how gen_ai spans are sent to Sentry. When set, the SDK extracts all gen_ai spans out of a transaction and sends them as v2 envelope items.

  Enable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.

  Sentry.init({
    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',
    streamGenAiSpans: true,
  });

Other Changes

• feat(browser): Migrate browser profiling thread data to span attributes (#20800)
• feat(core): Add addConsoleInstrumentationFilter utility (#20790)
• feat(core): Add applicationKey to BuildTimeOptionsBase (#20789)
• feat(core): split exports by browser/server for bundle size (#20435)
• feat(nextjs): Add top-level applicationKey option (#20794)
• feat(node): Support Node 26 (#20710)
• feat(profiling-node): Bump @sentry-internal/node-cpu-profiler to 2.4.0 (#20720)
• fix(cloudflare): avoid flush lock self-wait (#20719)
• fix(hono): Capture transaction name on request for correct culprit (#20801)
• fix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (#20699)
• fix(node-core): Guard against undefined util.getSystemErrorMap (#20660)
• fix(replay): Capture aborted/errored fetch requests in replay network tab (#20722)

... (truncated)

Commits

• cd97408 release: 10.53.1
• 66cfb25 Merge pull request #20838 from getsentry/prepare-release/10.53.1
• df8fd38 meta(changelog): Update changelog for 10.53.1
• 5881009 fix(core): Include subpath type shims in published package (#20835)
• 6a7d179 fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• ad47c3c ref(hono): Consolidate route patching and add clarification comments (#20829)
• 28d6fe5 Merge pull request #20826 from getsentry/master
• 46aca45 Merge branch 'release/10.53.0'
• b5cbc9c chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...
• 05489b8 release: 10.53.0
• Additional commits viewable in compare view

Updates @simplewebauthn/server from 13.2.2 to 13.3.0

Release notes

Sourced from @​simplewebauthn/server's releases.

v13.3.0

• [browser] startRegistration() and startAuthentication() will recognize punycode domains as valid domains when trying to identify why an error occurred (#750)
• [server] A new verifyMDSBlob() helper method has been added to verify and extract metadata statements from FIDO MDS blobs. See the docs here for more info (#752)

v13.2.3

Changes

• [server] Dependencies have been updated to fix a "Cannot get schema" error that may occur when verifying responses after upgrading to v13.2.0+ (#747)

Changelog

Sourced from @​simplewebauthn/server's changelog.

v13.3.0

Changes:

• [browser] startRegistration() and startAuthentication() will recognize punycode domains when trying to identify why an error occurred (#750)
• [server] A new verifyMDSBlob() helper method has been added to verify and extract metadata statements from FIDO MDS blobs. See the docs here for more info (#752)

v13.2.3

Changes

• [server] Dependencies have been updated to fix a "Cannot get schema" error that may occur when verifying responses after upgrading to v13.2.0+ (#747)

Commits

• 48e19ab Update version to 13.3.0
• 6bf921e Export as a helper
• 65e87a9 Rename method to verifyMDSBlob()
• 31d8314 Clean up from mdsBlobs removal
• adf33d3 Remove mdsBlobs argument
• 2a6b4f0 Extract blob verification into new exported helper
• 972713b (Unrelated) Fix a docstring typo
• 8798082 Tweak data staleness warning message
• 08381fe Add test for loading offline MDS blob
• ab8566a Reset metadata cache on initialization
• Additional commits viewable in compare view

Updates better-sqlite3 from 12.6.2 to 12.10.0

Release notes

Sourced from better-sqlite3's releases.

v12.10.0

What's Changed

• Update SQLite to version 3.53.1 by @​JoshuaWise in WiseLibs/better-sqlite3#1467
• Add support for Node.js v26 prebuilds and remove EOL builds (Node.js v20, v23) by @​m4heshd in WiseLibs/better-sqlite3#1468
• Temporarily rollback support for Electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1470
• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

• Enable percentile functions by @​Maxime-J in WiseLibs/better-sqlite3#1447
• Add support for electron v42 prebuilds by @​m4heshd in WiseLibs/better-sqlite3#1466

New Contributors

• @​Maxime-J made their first contribution in WiseLibs/better-sqlite3#1447

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

v12.9.0

What's Changed

• Update SQLite to version 3.53.0 in WiseLibs/better-sqlite3#1464

Full Changelog: WiseLibs/better-sqlite3@v12.8.0...v12.9.0

v12.8.0

What's Changed

• Readme: requires Node.js v20 or later by @​Prinzhorn in WiseLibs/better-sqlite3#1443
• Update SQLite to version 3.51.3 in WiseLibs/better-sqlite3#1460
• fix: use HolderV2() for PropertyCallbackInfo on V8 >= 12.5 by @​tstone-1 in WiseLibs/better-sqlite3#1459

New Contributors

• @​tstone-1 made their first contribution in WiseLibs/better-sqlite3#1459

Why SQLite v3.51.3 instead of v3.52.0

From the SQLite team:

Some important issues have been found with version 3.52.0. In order to give us time to deal with those issues, we plan to withdraw the 3.52.0 release. In its place, we will put up a new 3.51.3 patch release that includes a fix for the recently discovered WAL-reset bug as well as other patches. This will happen probably within about the next twelve hours.

Hence, if you were planning to upgrade to 3.52.0 tomorrow (Friday, 2026-03-14), perhaps it would be better to wait a day or so for 3.51.3.

At some point we will do version 3.52.1 which will hopefully resolve the issues that have arisen with the 3.52.0 release.

... (truncated)

Commits

• d8885f9 12.10.0
• 3f89324 Temporarily rollback support for Electron v42 prebuilds (#1470)
• a640028 Add support for Node.js v26 prebuilds and remove EOL builds (#1468)
• a69f03c Update SQLite to version 3.53.1 (#1467)
• d116f32 12.9.1
• 04d9b65 Add support for electron v42 prebuilds (#1466)
• ef7d940 Enable percentile functions (#1447)
• 4058d24 12.9.0
• f653513 Update SQLite to version 3.53.0 (#1464)
• fe774f5 12.8.0
• Additional commits viewable in compare view

Updates express-rate-limit from 8.2.1 to 8.5.2

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

v8.5.1

You can view the changelog here.

v8.5.0

You can view the changelog here.

v8.4.1

You can view the changelog here.

v8.4.0

You can view the changelog here.

v8.3.2

You can view the changelog here.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

Commits

• 9774693 8.5.2
• 0e94cc0 v8.5.2 changelog
• 9a583c5 feat: simplify IPv6 key generation (#633)
• 4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
• 3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
• 18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
• dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
• 486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
• 50cc3f6 8.5.1
• 92c8e3e chore: bump ip-address library to latest (#626)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for express-rate-limit since your current version.

Updates otplib from 13.3.0 to 13.4.0

Release notes

Sourced from otplib's releases.

v13.4.0

What's Changed

• fix(deps): resolve markdown-it ReDoS vulnerability by @​yeojz in yeojz/otplib#798
• chore(deps-dev): bump the dev-dependencies-minor group with 3 updates by @​dependabot[bot] in yeojz/otplib#800
• chore: update dependabot to monthly cadence by @​yeojz in yeojz/otplib#802
• chore: upgrade dependencies to latest versions by @​Copilot in yeojz/otplib#804
• Upgrade pnpm to 10.30.1 to fix audit endpoint issue by @​Copilot in yeojz/otplib#805
• chore: override minimatch by @​yeojz in yeojz/otplib#806
• docs: improve package READMEs with accurate API context and usage examples by @​yeojz in yeojz/otplib#803
• Fix docs by @​BobTheShoplifter in yeojz/otplib#807
• ci: skip reporting job on fork PRs by @​yeojz in yeojz/otplib#808
• chore: override ajv to fix moderate ReDoS vulnerability by @​yeojz in yeojz/otplib#809
• feat: add IIFE/CDN build support to otplib by @​yeojz in yeojz/otplib#810
• fix: update release titles to use version-prefixed format by @​yeojz in yeojz/otplib#811
• chore: move otplib-cli to packages/ and sync versioning by @​yeojz in yeojz/otplib#812
• docs(totp): add string secrets and authenticator compatibility notes to README by @​yeojz in yeojz/otplib#813
• chore(deps-dev): bump the dev-dependencies-patch group with 5 updates by @​dependabot[bot] in yeojz/otplib#814
• chore(deps): bump the github-actions group with 3 updates by @​dependabot[bot] in yeojz/otplib#816
• chore(deps-dev): bump @​eslint/js from 9.39.2 to 9.39.3 by @​dependabot[bot] in yeojz/otplib#815
• fix: override undici package security alert by @​yeojz in yeojz/otplib#818
• release(packages): v13.4.0 by @​github-actions[bot] in yeojz/otplib#819

New Contributors

• @​BobTheShoplifter made their first contribution in yeojz/otplib#807

Full Changelog: yeojz/otplib@v13.3.0...v13.4.0

Commits

• e5490bb release(packages): v13.4.0 (#819)
• 3352eeb docs(totp): add string secrets and authenticator compatibility notes to READM...
• 9038272 feat: add IIFE/CDN build support to otplib (#810)
• 4fd86b5 chore: update readme tip/important blocks
• 6c9ed1c docs: improve package READMEs with accurate API context and usage examples (#...
• See full diff in compare view

Updates resend from 6.9.2 to 6.12.3

Release notes

Sourced from resend's releases.

v6.12.3

What's Changed

• chore(deps): update pnpm to v10.33.2 by @​renovate[bot] in resend/resend-node#940
• chore(deps): upgrade svix to silence GHSA-w5hq-g745-h8pq by @​ulrichstark in resend/resend-node#942
• fix: correct paylaod into payload typo in contacts overload signatures by @​wesleyramalho in resend/resend-node#902
• chore(deps): update dependency tsdown to v0.21.10 by @​renovate[bot] in resend/resend-node#929
• chore(deps): update dependency @​biomejs/biome to v2.4.14 by @​renovate[bot] in resend/resend-node#943
• chore: add missing suppressed event to resend node sdk interface by @​dielduarte in resend/resend-node#946
• chore: bump sdk version to 6.12.3 by @​dielduarte in resend/resend-node#947

New Contributors

• @​ulrichstark made their first contribution in resend/resend-node#942
• @​wesleyramalho made their first contribution in resend/resend-node#902
• @​dielduarte made their first contribution in resend/resend-node#946

Full Changelog: resend/resend-node@v6.12.2...v6.12.3

v6.12.2

What's Changed

• fix: add new domain statuses by @​rehanvdm in resend/resend-node#936

Full Changelog: resend/resend-node@v6.12.1...v6.12.2

v6.12.1

What's Changed

• chore(deps): update dependency typescript to v6.0.3 by @​renovate[bot] in resend/resend-node#935
• chore(deps): update dependency dotenv to v17.4.2 by @​renovate[bot] in resend/resend-node#927
• chore(deps): update dependency @​biomejs/biome to v2.4.12 by @​renovate[bot] in resend/resend-node#916
• fix(deps): update dependency next to v16.2.4 by @​renovate[bot] in resend/resend-node#911
• feat: add missing domain types: domains can be partially_verified/partially_failed by @​CarolinaMoraes in resend/resend-node#937

Full Changelog: resend/resend-node@v6.12.0...v6.12.1

v6.12.0

What's Changed

• chore(ci): use depot by @​gabrielmfern in resend/resend-node#931
• feat: preview tracking domains in resend/resend-node#932

Full Changelog: resend/resend-node@v6.11.0...v6.12.0

v6.11.0

What's Changed

• chore(ci): migrate from BuildJet to Blacksmith runners by @​lucasfcosta in resend/resend-node#907
• chore(deps): update dependency vitest to v4.1.3 by @​renovate[bot] in resend/resend-node#894
• chore(deps): update dependency @​types/node to v24.12.2 by @​renovate[bot] in resend/resend-node#906
• fix(deps): update dependency svix to v1.90.0 by @​renovate[bot] in resend/resend-node#892

... (truncated)

Commits

• 3f41290 chore: bump sdk version to 6.12.3 (#947)
• 2679c32 chore: add missing suppressed event to resend node sdk interface (#946)
• 08cb7a1 chore(deps): update dependency @​biomejs/biome to v2.4.14 (#943)
• 20741e3 chore(deps): update dependency tsdown to v0.21.10 (#929)
• 4e26bc0 fix: correct paylaod into payload typo in contacts overload signatures (#...
• 9ca7487 chore(deps): upgrade svix to silence GHSA-w5hq-g745-h8pq (#942)
• 6759d31 chore(deps): update pnpm to v10.33.2 (#940)
• b514002 fix: add new domain statuses (#936)
• 1c10dbe feat: add missing domain types: domains can be partially_verified/partially_f...
• 168443a fix(deps): update dependency next to v16.2.4 (#911)
• Additional commits viewable in compare view

Updates tsx from 4.21.0 to 4.22.0

Release notes

Sourced from tsx's releases.

v4.22.0

4.22.0 (2026-05-14)

Features

• upgrade esbuild to 0.28 (#789) (b29f6ee)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.21.1

4.21.1 (2026-05-14)

Bug Fixes

• support Node 20.11/21.2 import.meta paths (acf3d8f)
• support Node.js 24.15.0 (c1d2d45)
• support Node.js 26.1.0 and 25.9.0 (1d7e528)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• b29f6ee feat: upgrade esbuild to 0.28 (#789)
• 0dd17e9 test: cover registerHooks loader composition
• acf3d8f fix: support Node 20.11/21.2 import.meta paths
• 4bbef80 test: cover configDir paths without baseUrl
• dddc5ce test: cover sync-hook watch reruns and cleanup retries
• 09e8f8c test: assert CLI runs without warnings
• 1d7e528 fix: support Node.js 26.1.0 and 25.9.0
• c1d2d45 fix: support Node.js 24.15.0
• d04672d test: update node version feature gates
• abd863f build: bundle get-tsconfig v5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates uuid from 13.0.0 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

• expect crypto to be global everywhere (requires node@20+) (#935)
• drop node@18 support (#934)

Features

• drop node@18 support (#934) (dc4ddb8)

Bug Fixes

• expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
• Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

• rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@20+) (#935)
• drop node@18 support (#934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

Commits

• 7c1ea08 chore(main): release 14.0.0 (#926)
• 3d2c5b0 Merge commit from fork
• f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
• 529ef08 chore: upgrade TypeScript and fixup types (#927)
• 086fd79 chore: update dependencies (#933)
• dc4ddb8 feat!: drop node@18 support (#934)
• 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
• e2879e6 chore: use maintained version of npm-run-all (#930)
• ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
• 0423d49 docs: remove obsolete v1 option notes (#915)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Updates yaml from 2.8.2 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

• fix: Avoid calling Array.prototype.push.apply() with large source array
• fix(lexer): Avoid recursive calls that may exhaust the call stack

v2.8.4

• Disable alias resolution with maxAliasCount:0 (#677)
• Handle invalid unicode escapes (e1a1a77)
• Apply minFractionDigits only to decimal strings (#676)

v2.8.3

• Add trailingComma ToString option for multiline flow formatting (#670)
• Catch stack overflow during node composition (1e84ebb)

Commits

• ddb21b0 2.9.0
• 167365b docs: Clarify that not all errors can be avoided
• 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
• 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
• ccdf743 2.8.4
• f625789 fix: Disable alias resolution with maxAliasCount:0 (#677)
• e1a1a77 fix: Handle invalid unicode escapes
• a163ea0 style: Satify Prettier
• b2a5a6c fix: Apply minFractionDigits only to decimal strings (#676)
• 93c951b chore: Bump JSR version to v2.8.3 (#673)
• Additional commits viewable in compare view

Updates @eslint/js from 9.39.2 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}