Skip to content

chore(deps): bump the bsv-workspace group across 1 directory with 38 updates#273

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/bsv-workspace-9b15c4e686
Open

chore(deps): bump the bsv-workspace group across 1 directory with 38 updates#273
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/bsv-workspace-9b15c4e686

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Contributor

Bumps the bsv-workspace group with 38 updates in the / directory:

Package From To
@rspack/cli 2.0.8 2.1.3
@rspack/core 2.0.8 2.1.3
@types/node 26.0.0 26.1.1
eslint 10.5.0 10.7.0
globals 17.6.0 17.7.0
typescript 6.0.3 7.0.2
typescript-eslint 8.61.1 8.63.0
tsx 4.22.4 4.23.0
webpack 5.107.2 5.108.4
webpack-cli 7.0.3 7.2.1
chalk 4.1.2 5.6.2
@typescript-eslint/eslint-plugin 8.61.1 8.63.0
@typescript-eslint/parser 8.61.1 8.63.0
jest-fetch-mock 3.0.3 4.2.0
webpack-dev-server 5.2.5 6.0.0
vitest 4.1.9 4.1.10
@libp2p/bootstrap 12.0.25 12.0.26
@libp2p/crypto 5.1.20 5.1.21
@libp2p/identify 4.1.8 4.1.9
@libp2p/interface 3.2.4 3.2.5
@libp2p/kad-dht 16.3.3 16.3.4
@libp2p/peer-id 6.0.11 6.0.12
@libp2p/ping 3.1.7 3.1.8
@libp2p/pnet 3.0.23 3.0.24
@libp2p/tcp 11.0.22 11.0.23
libp2p 3.3.4 3.3.5
mongodb 7.3.0 7.5.0
knex 3.2.10 3.3.0
better-sqlite3 12.10.0 12.11.1
mysql2 3.22.3 3.22.6
fs-extra 11.3.5 11.3.6
prettier 3.8.4 3.9.5
react-router-dom 6.30.4 7.18.1
@shikijs/rehype 4.2.0 4.3.1
@vitejs/plugin-react 6.0.2 6.0.3
mermaid 11.15.0 11.16.0
vite 8.0.16 8.1.4
vite-react-ssg 0.9.0 0.9.1

Updates @rspack/cli from 2.0.8 to 2.1.3

Release notes

Sourced from @​rspack/cli's releases.

v2.1.3

What's Changed

New Features 🎉

Performance 🚀

Bug Fixes 🐞

Refactor 🔨

Other Changes

... (truncated)

Commits

Updates @rspack/core from 2.0.8 to 2.1.3

Release notes

Sourced from @​rspack/core's releases.

v2.1.3

What's Changed

New Features 🎉

Performance 🚀

Bug Fixes 🐞

Refactor 🔨

Other Changes

... (truncated)

Commits
  • 89d97c1 chore(release): release 2.1.3
  • 3e2682e fix(binding): keep path data chunk compatible (#14698)
  • 0a55623 fix(mf): emit manifest assets with forward-slash names on Windows (#14667)
  • 11c536c chore(deps): update dependency prettier to v3.9.4 (#14680)
  • bbaae57 chore(deps): update patch npm dependencies (#14679)
  • 4621e17 feat(core): expose the real Chunk instance to filename functions (#14549)
  • 2329e38 chore: release version 2.1.2 (#14628)
  • a783338 feat(css): support parser exportType (#14095)
  • 4681914 feat: support import.meta style module variables (#14539)
  • c2120e5 fix(browser): inject runtime require into browser MF runtime (#14590)
  • Additional commits viewable in compare view

Updates @types/node from 26.0.0 to 26.1.1

Commits

Updates eslint from 10.5.0 to 10.7.0

Release notes

Sourced from eslint's releases.

v10.7.0

Features

  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)
  • 557fde8 feat: support computed Number.parseInt member access in radix rule (#21041) (Pixel)
  • 0b4a73b feat: add suggestions to no-compare-neg-zero (#21034) (den$)
  • 96cdd42 feat: report invalid signed numeric radix values in radix rule (#21030) (Pixel)

Bug Fixes

  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069) (Pixel)
  • 0d7d70c fix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)
  • 75ec753 fix: handle static template literals in eqeqeq rule (#21058) (Pixel)
  • b717a22 fix: prevent eqeqeq null option from reporting non-equality operators (#21057) (Pixel)
  • e35b05f fix: avoid no-invalid-regexp false positive for shadowed RegExp (#21051) (Pixel)
  • a3172b6 fix: avoid no-control-regex false positive for shadowed RegExp (#21050) (Pixel)
  • d1f637e fix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)
  • 8859baf fix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)
  • a9e5961 fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)
  • 8a240a7 fix: avoid false positives in radix rule for spread arguments (#21044) (Pixel)

Documentation

  • c30d808 docs: Update README (GitHub Actions Bot)
  • 5139800 docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)
  • 04174cb docs: Update README (GitHub Actions Bot)
  • 026e130 docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)
  • 9d42fef docs: Update README (GitHub Actions Bot)
  • b230159 docs: Update README (GitHub Actions Bot)
  • 0129972 docs: correct **/.js glob to **/*.js in config files guide (#21036) (EduardF1)

Chores

  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])
  • 81a4774 chore: updates for v9.39.5 release (Jenkins)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071) (Francesco Trotta)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067) (lumir)
  • 833ec10 chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])
  • 7ea106d chore: update ecosystem plugins (#21059) (ESLint Bot)
  • 8fb550e chore: add prettier update commit to .git-blame-ignore-revs (#21056) (lumir)
  • e4e1166 chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])
  • 0493f53 chore: update prettier to v3.9.0 (#21054) (Pixel)
  • 1056a99 chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])
  • 4d4155d ci: run ecosystem tests on pull requests (#21027) (sethamus)
  • 993539f chore: update dependency @​eslint/json to ^2.0.1 (#21042) (renovate[bot])
  • 53f8b69 test: add error locations to no-constant-binary-expression (#21039) (lumir)
  • 5ab71d5 refactor: clean up radix rule internals (#21015) (Pixel)
  • a80a9a4 chore: update ecosystem plugins (#21035) (ESLint Bot)
  • 7c9a029 ci: add Node.js 26 to CI (#20847) (lumir)

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)

... (truncated)

Commits
  • fabd99b 10.7.0
  • 37c5e75 Build: changelog update for 10.7.0
  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076)
  • 81a4774 chore: updates for v9.39.5 release
  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071)
  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032)
  • c30d808 docs: Update README
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067)
  • Additional commits viewable in compare view

Updates globals from 17.6.0 to 17.7.0

Release notes

Sourced from globals's releases.

v17.7.0

  • Update globals (2026-06-22) (#345) 33b75f9

sindresorhus/globals@v17.6.0...v17.7.0

Commits

Updates typescript from 6.0.3 to 7.0.2

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


Updates typescript-eslint from 8.61.1 to 8.63.0

Release notes

Sourced from typescript-eslint's releases.

v8.63.0

8.63.0 (2026-07-06)

🚀 Features

  • eslint-plugin: [no-misused-promises] detect async usage of a sync dispose usage (#12426)

🩹 Fixes

  • eslint-plugin: [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (#12447, #12446)
  • eslint-plugin: [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (#12491, #12485)
  • eslint-plugin: [no-base-to-string] don't flag a shadowed String() call (#12492)
  • scope-manager: export ClassStaticBlockScope (#12460)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.63.0 (2026-07-06)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.1 (2026-06-29)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates tsx from 4.22.4 to 4.23.0

Release notes

Sourced from tsx's releases.

v4.23.0

4.23.0 (2026-07-03)

Bug Fixes

Features


This release is also available on:

v4.22.5

4.22.5 (2026-07-02)

Bug Fixes

  • isolate hook state per async module.register() registration (a305f36)

This release is also available on:

Commits
  • 1dfad37 docs: cite esbuild's extension-resolution model in node notes
  • 257bbbb fix: avoid redundant filesystem probes during module resolution
  • c178197 feat: add multi-scenario startup benchmark suite
  • 51800ac docs: add Node internals knowledge base (notes/node)
  • a305f36 fix: isolate hook state per async module.register() registration
  • ca501a9 chore: upgrade skills-npm to v1.2.0
  • 596cd1f test: cover __dirname, __filename, & require.cache in CJS TS file
  • 75d9bf0 test: lock in lenient ESM for ambiguous and CJS-typed packages
  • 1472f3e test: cover ESM-syntax dependency with omitted "type" field
  • See full diff in compare view

Updates webpack from 5.107.2 to 5.108.4

Release notes

Sourced from webpack's releases.

v5.108.4

Patch Changes

v5.108.3

Patch Changes

v5.108.2

Patch Changes

v5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

v5.108.0

Minor Changes

  • Treat top-level await and import.meta as ES module markers, matching Node.js syntax detection so no explicit module type is needed. (by @​alexander-akait in #21218)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.108.4

Patch Changes

5.108.3

Patch Changes

5.108.2

Patch Changes

5.108.1

Patch Changes

  • Fix invalid property access for escaped namespace imports with multi-character mangled export names. (by @​xiaoxiaojx in #21280)

  • Add frames to ProfilingPlugin TracingStartedInBrowser event so the trace loads in Chrome DevTools. (by @​alexander-akait in #21269)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 11, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 11, 2026
@socket-security

socket-security Bot commented Jul 11, 2026

Copy link
Copy Markdown

@socket-security

socket-security Bot commented Jul 11, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/@rspack/core@2.1.3npm/vite@8.1.4npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm mermaid is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: docs-site/package.jsonnpm/mermaid@11.16.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/mermaid@11.16.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm powershell-utils is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/webpack-dev-server@6.0.0npm/powershell-utils@0.1.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/powershell-utils@0.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm webpack is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/helpers/did-client/package.jsonnpm/webpack@5.108.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.108.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

…updates

---
updated-dependencies:
- dependency-name: "@libp2p/bootstrap"
  dependency-version: 12.0.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@libp2p/crypto"
  dependency-version: 5.1.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@libp2p/identify"
  dependency-version: 4.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@libp2p/interface"
  dependency-version: 3.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@libp2p/kad-dht"
  dependency-version: 16.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@libp2p/peer-id"
  dependency-version: 6.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@libp2p/ping"
  dependency-version: 3.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@libp2p/pnet"
  dependency-version: 3.0.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@libp2p/tcp"
  dependency-version: 11.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: "@rspack/cli"
  dependency-version: 2.1.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: "@rspack/core"
  dependency-version: 2.1.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: "@shikijs/rehype"
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: "@types/node"
  dependency-version: 26.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.63.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.63.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: better-sqlite3
  dependency-version: 12.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: chalk
  dependency-version: 5.6.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: bsv-workspace
- dependency-name: eslint
  dependency-version: 10.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: fs-extra
  dependency-version: 11.3.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: jest-fetch-mock
  dependency-version: 4.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: bsv-workspace
- dependency-name: knex
  dependency-version: 3.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: libp2p
  dependency-version: 3.3.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: mermaid
  dependency-version: 11.16.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: mongodb
  dependency-version: 7.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: mysql2
  dependency-version: 3.22.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: prettier
  dependency-version: 3.9.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: react-router-dom
  dependency-version: 7.18.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: bsv-workspace
- dependency-name: tsx
  dependency-version: 4.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: bsv-workspace
- dependency-name: typescript-eslint
  dependency-version: 8.63.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: vite-react-ssg
  dependency-version: 0.9.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: vitest
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bsv-workspace
- dependency-name: webpack
  dependency-version: 5.108.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: webpack-cli
  dependency-version: 7.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bsv-workspace
- dependency-name: webpack-dev-server
  dependency-version: 6.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: bsv-workspace
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/bsv-workspace-9b15c4e686 branch from 6fcabdd to 34e5a85 Compare July 13, 2026 08:49
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants