Skip to content

chore: Bump the "dependencies" group with 2 updates across multiple ecosystems#13

Merged
alex289 merged 1 commit into
mainfrom
dependabot/dependencies-a0732ad8b5
Jul 14, 2026
Merged

chore: Bump the "dependencies" group with 2 updates across multiple ecosystems#13
alex289 merged 1 commit into
mainfrom
dependabot/dependencies-a0732ad8b5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 5 updates:

Package From To
@types/node 26.1.0 26.1.1
oxfmt 0.57.0 0.58.0
oxlint 1.72.0 1.73.0
rolldown 1.1.4 1.1.5
typescript 6.0.3 7.0.2

Updates @types/node from 26.1.0 to 26.1.1

Commits

Updates oxfmt from 0.57.0 to 0.58.0

Commits

Updates oxlint from 1.72.0 to 1.73.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

  • 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
  • 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
  • bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
  • 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
  • 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
  • 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
  • ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

  • 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
  • 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
  • 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
  • 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
  • a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
  • ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
  • 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
  • ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
  • e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
  • 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
  • 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
  • fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
  • ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
  • dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
  • 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
  • cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

  • 25d577e language_server: Start tools in parallel (#15500) (Sysix)
  • 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
  • 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
  • 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
  • 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
  • 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

  • 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
  • 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
  • a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
  • 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
  • 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
  • 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.73.0] - 2026-07-06

🚀 Features

  • a2c97f3 linter/unicorn: Implement explicit-timer-delay rule (#23612) (Mikhail Baev)
  • 85735cb linter/unicorn: Implement no-confusing-array-with rule (#23638) (Shekhu☺️)
  • cb4fbb9 linter/eslint: Implement no-unreachable-loop rule (#23975) (Todor Andonov)
  • dc32112 linter/eslint/no-constant-binary-expression: Check relational comparisons (#24088) (camc314)
  • d963967 linter/unicorn/no-array-sort: Add allowAfterSpread option (#24043) (Boshen)
  • 0a75682 linter: Add per-rule timings for type-aware linting (#22488) (camchenry)
  • 743e222 linter/react: Add disallowedValues option for forbid-dom-props rule (#23970) (Mikhail Baev)

🐛 Bug Fixes

  • bdb51c7 linter/jest/prefer-ending-with-an-expect: Validate config patterns (#24122) (camc314)
  • 45d607d linter/react/forbid-component-props: Make allow/disallow lists optional in schema (#24024) (Boshen)
Commits
  • 39677ba release(apps): oxlint v1.73.0 && oxfmt v0.58.0 (#24219)
  • a2c97f3 feat(linter/unicorn): implement explicit-timer-delay rule (#23612)
  • bdb51c7 fix(linter/jest/prefer-ending-with-an-expect): validate config patterns (#24122)
  • 85735cb feat(linter/unicorn): implement no-confusing-array-with rule (#23638)
  • cb4fbb9 feat(linter/eslint): implement no-unreachable-loop rule (#23975)
  • dc32112 feat(linter/eslint/no-constant-binary-expression): check relational compariso...
  • d963967 feat(linter/unicorn/no-array-sort): add allowAfterSpread option (#24043)
  • 45d607d fix(linter/react/forbid-component-props): make allow/disallow lists optional ...
  • 0a75682 feat(linter): add per-rule timings for type-aware linting (#22488)
  • 743e222 feat(linter/react): add disallowedValues option for forbid-dom-props rule...
  • See full diff in compare view

Updates rolldown from 1.1.4 to 1.1.5

Release notes

Sourced from rolldown's releases.

v1.1.5

[1.1.5] - 2026-07-08

🚀 Features

🐛 Bug Fixes

🚜 Refactor

... (truncated)

Changelog

Sourced from rolldown's changelog.

[1.1.5] - 2026-07-08

🚀 Features

🐛 Bug Fixes

🚜 Refactor

... (truncated)

Commits
  • f09947a release: v1.1.5 (#10194)
  • bb66570 fix: improve invalid annotation warnings (#10185)
  • fb1d3b4 fix(sourcemap_filenames): use public option name in pattern errors (#10188)
  • cccee78 test: move string_wizard replace unit tests to the JS magic-string suite (#10...
  • 4b018b3 fix(sourcemap_filenames): hash prepared sourcemap content (#10178)
  • 72ce2b9 feat(sourcemap_filenames): add a sourcemapFileNames option (#9271)
  • 7fe2c4d chore(deps): update oxc to 0.139.0 (#10161)
  • f730cac fix: propagate errors from output.globals function (#9880)
  • 5b4a408 chore(rolldown_plugin_utils): remove dead asset-url and css scaffolding (#10131)
  • 460900a docs(cli): clarify disabling boolean/object flags like codeSplitting (#10153)
  • Additional commits viewable in compare view

Updates typescript from 6.0.3 to 7.0.2

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


Bumps the dependencies group with 2 updates: github/codeql-action/init and github/codeql-action/analyze.

Updates github/codeql-action/init from 4.36.3 to 4.37.0

Release notes

Sourced from github/codeql-action/init's releases.

v4.37.0

  • Update default CodeQL bundle version to 2.26.0. #3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973
Changelog

Sourced from github/codeql-action/init's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #3956

4.37.0 - 08 Jul 2026

  • Update default CodeQL bundle version to 2.26.0. #3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973

4.36.3 - 01 Jul 2026

No user facing changes.

4.36.2 - 04 Jun 2026

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

4.36.1 - 02 Jun 2026

No user facing changes.

4.36.0 - 22 May 2026

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

  • Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

... (truncated)

Commits
  • 99df26d Merge pull request #3996 from github/update-v4.37.0-c7c896d71
  • 31c2707 Add changenote for #3973
  • 72df218 Update changelog for v4.37.0
  • c7c896d Merge pull request #3995 from github/update-bundle/codeql-bundle-v2.26.0
  • 3f34ff0 Add changelog note
  • 43bec09 Update default bundle to codeql-bundle-v2.26.0
  • f58f0d1 Merge pull request #3973 from github/mbg/repo-props/config-file-shorthands
  • 7dc37cb Merge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...
  • 8e22350 Thread ActionState to initConfig
  • 69c9e8c Mark some status-report imports as type-only to avoid circular dependencies
  • Additional commits viewable in compare view

Updates github/codeql-action/analyze from 4.36.3 to 4.37.0

Release notes

Sourced from github/codeql-action/analyze's releases.

v4.37.0

  • Update default CodeQL bundle version to 2.26.0. #3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973
Changelog

Sourced from github/codeql-action/analyze's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. #3956

4.37.0 - 08 Jul 2026

  • Update default CodeQL bundle version to 2.26.0. #3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #3973

4.36.3 - 01 Jul 2026

No user facing changes.

4.36.2 - 04 Jun 2026

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

4.36.1 - 02 Jun 2026

No user facing changes.

4.36.0 - 22 May 2026

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

  • Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

... (truncated)

Commits
  • 99df26d Merge pull request #3996 from github/update-v4.37.0-c7c896d71
  • 31c2707 Add changenote for #3973
  • 72df218 Update changelog for v4.37.0
  • c7c896d Merge pull request #3995 from github/update-bundle/codeql-bundle-v2.26.0
  • 3f34ff0 Add changelog note
  • 43bec09 Update default bundle to codeql-bundle-v2.26.0
  • f58f0d1 Merge pull request #3973 from github/mbg/repo-props/config-file-shorthands
  • 7dc37cb Merge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...
  • 8e22350 Thread ActionState to initConfig
  • 69c9e8c Mark some status-report imports as type-only to avoid circular dependencies
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `26.1.0` | `26.1.1` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.57.0` | `0.58.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.72.0` | `1.73.0` |
| [rolldown](https://github.com/rolldown/rolldown/tree/HEAD/packages/rolldown) | `1.1.4` | `1.1.5` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.3` | `7.0.2` |


Updates `@types/node` from 26.1.0 to 26.1.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `oxfmt` from 0.57.0 to 0.58.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.58.0/npm/oxfmt)

Updates `oxlint` from 1.72.0 to 1.73.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.73.0/npm/oxlint)

Updates `rolldown` from 1.1.4 to 1.1.5
- [Release notes](https://github.com/rolldown/rolldown/releases)
- [Changelog](https://github.com/rolldown/rolldown/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rolldown/rolldown/commits/v1.1.5/packages/rolldown)

Updates `typescript` from 6.0.3 to 7.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/commits)
chore: Bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [github/codeql-action/init](https://github.com/github/codeql-action) and [github/codeql-action/analyze](https://github.com/github/codeql-action).


Updates `github/codeql-action/init` from 4.36.3 to 4.37.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@54f647b...99df26d)

Updates `github/codeql-action/analyze` from 4.36.3 to 4.37.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@54f647b...99df26d)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 26.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: oxfmt
  dependency-version: 0.58.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: oxlint
  dependency-version: 1.73.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: rolldown
  dependency-version: 1.1.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: github/codeql-action/init
  dependency-version: 4.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 14, 2026
@codecov

codecov Bot commented Jul 14, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@alex289 alex289 merged commit 2295425 into main Jul 14, 2026
8 checks passed
@alex289 alex289 deleted the dependabot/dependencies-a0732ad8b5 branch July 14, 2026 06:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant