Skip to content

chore(deps): bump the npm-dependencies group across 2 directories with 3 updates#2253

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-0671360012
Open

chore(deps): bump the npm-dependencies group across 2 directories with 3 updates#2253
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-0671360012

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-dependencies group with 2 updates in the /docs/docusaurus directory: @typescript-eslint/parser and eslint.
Bumps the npm-dependencies group with 1 update in the /evals/beval directory: @github/copilot.

Updates @typescript-eslint/parser from 8.62.0 to 8.62.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.62.1 (2026-06-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates eslint from 9.39.4 to 10.6.0

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)

v10.5.0

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

... (truncated)

Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

Updates @github/copilot from 1.0.63 to 1.0.67

Release notes

Sourced from @​github/copilot's releases.

1.0.67

2026-06-30

  • Disabling the sandbox for the rest of the session now takes effect immediately, so shell and search commands stop re-prompting to bypass it mid-turn
  • Subagent sessions keep parent tool restrictions
  • Show warnings and errors when host custom agents fail to load
  • Require session limits to be at least 30 AI credits
  • Add Claude Sonnet 5 as a supported model
  • Allow tool calls to continue when hooks time out
  • Ctrl+Q now enqueues the highlighted slash-command argument completion
  • MCP OAuth against Microsoft Entra servers behind a tenant vanity domain (e.g. Copilot Studio) no longer fails to refresh or re-authenticate (AADSTS9010010 / AADSTS90023)
  • Prompt mode exit summary shows a resume hint to continue the session

1.0.66

2026-06-30

  • Use a non-blinking block cursor during interactive sessions, restoring your terminal's default cursor on exit
  • Add support for Claude Opus 4.8 Fast and deprecate Claude Opus 4.6 Fast
  • MCP add/edit form accepts HTTP-style Key: value headers
  • Keep LSP servers from starting twice during startup
  • Avoid blocking commands that contain Windows-style path fragments
  • Let Copilot read output from and stop detached background shell commands
  • Large output handling now respects custom output directories and a disable setting
  • Prevent PR description generation from crashing on empty assistant responses
  • Render the timeline as a compact "highlight reel" with single-line tool and reasoning rows for all users
  • Add @ file and # GitHub ref completions in relay sessions
  • Show the correct session age when filesystem birthtime is missing
  • Prevent duplicate final assistant messages for GPT models
  • Terminal title updates work in more terminals
  • Show a (sandboxed) badge on compact Search timeline entries
  • Git commands work in sandboxed linked worktrees
  • Show the current pull request link as a status-line item
  • Show quota snapshots for WebSocket Responses requests
  • Show accurate Anthropic reasoning token counts
  • Let grep and glob retry blocked searches after sandbox approval
  • Format terminal titles with the session title and GitHub Copilot suffix
  • Skip synchronized output under tmux to avoid mouse pointer flicker
  • Session limits now apply across the current conversation, reset on /clear, and use the sessionLimits option key.
  • Hide excluded built-in agents from agent selection
  • BYOK sessions using Anthropic models no longer hit HTTP 400 errors from adaptive-thinking mismatches — neither from injecting adaptive thinking on models that don't support it, nor from sending standard thinking to models that require adaptive. Thinking-mode selection for dual-mode models is unchanged.
  • Allow skills with the same name from different plugins to coexist
  • Let integrations read and write CLI user settings
  • View LSP server logs in /lsp logs and read_agent
  • Prompt to install gh CLI when it is missing in GitHub repositories
  • Add GitHub attachment variants to prompt rendering
  • Extension toggles preserve the selected mode
  • Return to the prompt after cancelling attached shell commands
  • Keep background git status checks from disrupting concurrent git commands
  • Recover corrupted session history on load
  • Preserve newlines in /after and /every scheduled prompts

... (truncated)

Changelog

Sourced from @​github/copilot's changelog.

1.0.67 - 2026-06-30

  • Disabling the sandbox for the rest of the session now takes effect immediately, so shell and search commands stop re-prompting to bypass it mid-turn
  • Subagent sessions keep parent tool restrictions
  • Show warnings and errors when host custom agents fail to load
  • Require session limits to be at least 30 AI credits
  • Add Claude Sonnet 5 as a supported model
  • Allow tool calls to continue when hooks time out
  • Ctrl+Q now enqueues the highlighted slash-command argument completion
  • MCP OAuth against Microsoft Entra servers behind a tenant vanity domain (e.g. Copilot Studio) no longer fails to refresh or re-authenticate (AADSTS9010010 / AADSTS90023)
  • Prompt mode exit summary shows a resume hint to continue the session

1.0.66 - 2026-06-30

  • Use a non-blinking block cursor during interactive sessions, restoring your terminal's default cursor on exit
  • Add support for Claude Opus 4.8 Fast and deprecate Claude Opus 4.6 Fast
  • MCP add/edit form accepts HTTP-style Key: value headers
  • Keep LSP servers from starting twice during startup
  • Avoid blocking commands that contain Windows-style path fragments
  • Let Copilot read output from and stop detached background shell commands
  • Large output handling now respects custom output directories and a disable setting
  • Prevent PR description generation from crashing on empty assistant responses
  • Render the timeline as a compact "highlight reel" with single-line tool and reasoning rows for all users
  • Add @ file and # GitHub ref completions in relay sessions
  • Show the correct session age when filesystem birthtime is missing
  • Prevent duplicate final assistant messages for GPT models
  • Terminal title updates work in more terminals
  • Show a (sandboxed) badge on compact Search timeline entries
  • Git commands work in sandboxed linked worktrees
  • Show the current pull request link as a status-line item
  • Show quota snapshots for WebSocket Responses requests
  • Show accurate Anthropic reasoning token counts
  • Let grep and glob retry blocked searches after sandbox approval
  • Format terminal titles with the session title and GitHub Copilot suffix
  • Skip synchronized output under tmux to avoid mouse pointer flicker
  • Session limits now apply across the current conversation, reset on /clear, and use the sessionLimits option key.
  • Hide excluded built-in agents from agent selection
  • BYOK sessions using Anthropic models no longer hit HTTP 400 errors from adaptive-thinking mismatches — neither from injecting adaptive thinking on models that don't support it, nor from sending standard thinking to models that require adaptive. Thinking-mode selection for dual-mode models is unchanged.
  • Allow skills with the same name from different plugins to coexist
  • Let integrations read and write CLI user settings
  • View LSP server logs in /lsp logs and read_agent
  • Prompt to install gh CLI when it is missing in GitHub repositories
  • Add GitHub attachment variants to prompt rendering
  • Extension toggles preserve the selected mode
  • Return to the prompt after cancelling attached shell commands
  • Keep background git status checks from disrupting concurrent git commands
  • Recover corrupted session history on load
  • Preserve newlines in /after and /every scheduled prompts
  • Keep multi-line /worktree tasks intact when starting them
  • Make /cd path completion keep Enter, Escape, and Tab behavior in sync

... (truncated)

Commits
  • c802cc3 Update changelog.md for version 1.0.66
  • 214d530 Update changelog.md for version 1.0.65
  • e7d294d Update changelog.md for version 1.0.64
  • b71d117 Update changelog.md for version 1.0.63
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Dependency updates npm NPM package configuration labels Jun 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 29, 2026 19:33
@dependabot dependabot Bot added dependencies Dependency updates npm NPM package configuration labels Jun 29, 2026
@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@eslint/config-array 0.23.5 UnknownUnknown
npm/@eslint/config-helpers 0.6.0 UnknownUnknown
npm/@eslint/core 1.2.1 UnknownUnknown
npm/@eslint/object-schema 3.0.5 UnknownUnknown
npm/@eslint/plugin-kit 0.7.2 UnknownUnknown
npm/@types/esrecurse 4.3.1 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/28 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
npm/@typescript-eslint/parser 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/eslint 10.6.0 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 8Found 23/28 approved changesets -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/eslint-scope 9.1.2 UnknownUnknown
npm/@github/copilot 1.0.67 UnknownUnknown
npm/@github/copilot 1.0.67 UnknownUnknown
npm/@github/copilot-darwin-arm64 1.0.67 UnknownUnknown
npm/@github/copilot-darwin-x64 1.0.67 UnknownUnknown
npm/@github/copilot-linux-arm64 1.0.67 UnknownUnknown
npm/@github/copilot-linux-x64 1.0.67 UnknownUnknown
npm/@github/copilot-linuxmusl-arm64 1.0.67 UnknownUnknown
npm/@github/copilot-linuxmusl-x64 1.0.67 UnknownUnknown
npm/@github/copilot-win32-arm64 1.0.67 UnknownUnknown
npm/@github/copilot-win32-x64 1.0.67 UnknownUnknown

Scanned Files

  • docs/docusaurus/package-lock.json
  • evals/beval/package-lock.json
  • package-lock.json

@codecov-commenter

codecov-commenter commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.72%. Comparing base (c0ae4ed) to head (66ea650).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #2253      +/-   ##
==========================================
+ Coverage   81.64%   81.72%   +0.07%     
==========================================
  Files         130      120      -10     
  Lines       19471    19395      -76     
  Branches       12        0      -12     
==========================================
- Hits        15898    15850      -48     
+ Misses       3570     3545      -25     
+ Partials        3        0       -3     
Flag Coverage Δ
docusaurus ?
pester 86.02% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 11 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

Copy link
Copy Markdown
Contributor

Eval Execution

Status: Passed

  • Artifacts evaluated: 0
  • Specs run: 0
  • Assertions passed: 0
  • Assertions failed (blocking): 0
  • Assertions failed (advisory): 0
  • Failed specs (merge-blocking): 0

No changed AI artifacts required evaluation.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Review — Safety Check Results

Changes Summary

Dependency Directory Old Version New Version Bump Type
@typescript-eslint/parser docs/docusaurus 8.62.0 8.62.1 Patch
eslint docs/docusaurus 9.39.4 10.6.0 Major ⚠️
@github/copilot evals/beval 1.0.63 1.0.65 Patch

Safety Checks

Check Result
License compatibility @typescript-eslint/parser and eslint are MIT. @github/copilot carries SEE LICENSE IN LICENSE.md (existing, previously accepted).
SHA pinning (GitHub Actions) ✅ No workflow files modified.
New dependencies introduced ✅ None — all are version bumps of existing dependencies.
Environment sync (devcontainer / setup steps) ✅ Not affected by this PR.
Known vulnerabilities (Dependabot assessment) ✅ No vulnerabilities flagged.

Findings

@typescript-eslint/parser 8.62.0 → 8.62.1 (patch): Low risk. The changelog confirms this is a version-alignment release with no parser-specific code changes.

eslint 9.39.4 → 10.6.0 (major — requires human review): ESLint v10 is a major release with breaking changes. Key items to verify before merging:

  • Node.js ≥ v20 is required (v18 support was dropped).
  • Deprecated APIs removed in v10 — any custom rules or configs using removed APIs will break.
  • eslint:recommended rule set was updated, which may surface new lint failures.

Please confirm the Docusaurus lint/build CI checks pass with this bump. See the inline comment on docs/docusaurus/package.json for details.

@github/copilot 1.0.63 → 1.0.65 (patch): Two consecutive patch releases (1.0.63 → 1.0.64 → 1.0.65). The changelog describes bug fixes and incremental features in the Copilot CLI. Low risk for the evaluation harness.


i️ This review is informational. No approval is granted — human merge review is required.

Generated by Dependabot PR Review for issue #2253 · 237.9 AIC · ⌖ 12.8 AIC · ⊞ 46.4K

"@typescript-eslint/parser": "8.62.0",
"eslint": "9.39.4",
"@typescript-eslint/parser": "8.62.1",
"eslint": "10.6.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Major version bump: eslint 9.39.4 → 10.6.0

This is a major version upgrade (v9 → v10). ESLint v10 includes breaking changes that should be verified before merging:

  • Node.js compatibility: ESLint v10 dropped support for Node.js v18; Node.js v20 or later is required.
  • Removed deprecated APIs: Several APIs deprecated in v9 have been removed.
  • eslint:recommended updates: Rule set changes may cause new lint failures.

Please confirm the Docusaurus build/lint pipeline still passes and that the CI environment meets the Node.js ≥ v20 requirement.

…h 3 updates

Bumps the npm-dependencies group with 2 updates in the /docs/docusaurus directory: [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [eslint](https://github.com/eslint/eslint).
Bumps the npm-dependencies group with 1 update in the /evals/beval directory: [@github/copilot](https://github.com/github/copilot-cli).


Updates `@typescript-eslint/parser` from 8.62.0 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/parser)

Updates `eslint` from 9.39.4 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.4...v10.6.0)

Updates `@github/copilot` from 1.0.63 to 1.0.67
- [Release notes](https://github.com/github/copilot-cli/releases)
- [Changelog](https://github.com/github/copilot-cli/blob/main/changelog.md)
- [Commits](github/copilot-cli@v1.0.63...v1.0.67)

---
updated-dependencies:
- dependency-name: "@github/copilot"
  dependency-version: 1.0.65
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-dependencies-0671360012 branch from 7514e8c to 66ea650 Compare July 1, 2026 04:29

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Review — Safety Check Results

Three dependencies bumped across two directories. All safety checks passed except one finding that requires human attention.

Changes Summary

Package Directory Old Version New Version Bump Type
@typescript-eslint/parser docs/docusaurus 8.62.0 8.62.1 patch
eslint docs/docusaurus 9.39.4 10.6.0 major ⚠️
@github/copilot evals/beval 1.0.63 1.0.67 patch

Findings

@typescript-eslint/parser 8.62.0 → 8.62.1 (patch)

  • Changelog confirms: "version bump only for parser to align it with other projects, there were no code changes."
  • License: MIT — compatible.
  • No breaking changes. Safe to merge.

⚠️ eslint 9.39.4 → 10.6.0 (major — human review required)

  • This is a major version bump across two major versions (v9 → v10).
  • ESLint v10 introduced breaking changes including removal of previously deprecated APIs and rule changes. Human review of the Docusaurus ESLint configuration is recommended to confirm no rules or plugins break.
  • License: MIT — compatible.
  • Dependabot reports no known vulnerabilities.

@github/copilot 1.0.63 → 1.0.67 (patch)

  • Patch-level bump; os-theme optional dependency was dropped in this version (dependency cleanup, not a breaking change).
  • License: SEE LICENSE IN LICENSE.md — this is an existing dependency, not newly introduced; no license compatibility change detected.
  • No breaking changes noted. Safe to merge pending the eslint finding above.

SHA Pinning

Not applicable — all changes are npm package dependencies, not GitHub Actions references. No GitHub Actions files were modified in this PR.

Environment Synchronization

Not applicable — changes are isolated to docs/docusaurus and evals/beval; neither .devcontainer/ nor copilot-setup-steps.yml were affected.


Verdict: The eslint major version bump (v9 → v10) warrants a human look at the Docusaurus lint configuration before merging. The two patch bumps are clean.

Generated by Dependabot PR Review for issue #2253 · 121.2 AIC · ⌖ 12.5 AIC · ⊞ 46.5K

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates npm NPM package configuration

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant