You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#4849a07009 Thanks @sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.
Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/eslint-plugin-jsdoc@63.0.13. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^8.0.2→^8.2.0^3.5.38→^3.5.39v10.3.0→v10.4.0^5.24.0→^5.24.29.39.4→9.39.5^4.16.2→^4.17.163.0.7→63.0.13^1.0.8→^1.1.0^17.6.0→^17.7.016.2.0→16.2.16.17.1→6.26.0^0.6.7→^0.6.81.61.0→1.61.110.34.4→10.34.5^4.1.0→^4.2.04.1.0→4.2.0^5.48.0→^5.49.0^8.61.1→^8.64.0~7.3.5→~7.3.6~7.3.5→~7.3.64.1.9→4.1.10^2.2.0→^2.3.1Release Notes
vitejs/vite (@vitejs/plugin-legacy)
v8.2.0Features
Bug Fixes
Code Refactoring
babel-plugin-polyfill-*consistently (#22874) (9dddae6)v8.1.0Compare Source
vuejs/core (@vue/reactivity)
v3.5.39Compare Source
Bug Fixes
actions/stale (actions/stale)
v10.4.0Compare Source
What's Changed
Bug Fix
only-issue-typesvalidation by @trueberryless in #1338Dependency Updates
New Contributors
Full Changelog: actions/stale@v10.3.0...v10.4.0
webpack/enhanced-resolve (enhanced-resolve)
v5.24.2Compare Source
Patch Changes
v5.24.1Compare Source
Patch Changes
eslint/eslint (eslint)
v9.39.5Compare Source
un-ts/eslint-plugin-import-x (eslint-plugin-import-x)
v4.17.1Compare Source
Patch Changes
cf25a01Thanks @marcalexiei! - fix(extensions): don't require an extension for package subpaths that resolve to a.d.ts(e.g.vitest/config)v4.17.0Compare Source
Minor Changes
4b2c0c5Thanks @regseb! - SupportRegExpin theimport-x/ignoresetting and theignoreoption of theno-unresolvedrule.Patch Changes
#494
1c84235Thanks @morgan-coded! - Fixedno-unresolvedcrashing when case-sensitive path checks encounterEACCESorEPERMon an ancestor directory.#481
3e13121Thanks @B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak#484
9a07009Thanks @sairus2k! - Make theextensionsrule check Node.js subpath imports (specifiers starting with#, e.g.#utils/helper). PreviouslyparsePathtreated a leading#as a URL hash fragment, so the rule skipped extension validation for these imports.Note: single-segment subpath imports without a slash (e.g.
#dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.#468
240ed58Thanks @silverwind! - Makeextensionshandle.d.tscorrectly#479
e3cc7e4Thanks @mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence#476
fce29b1Thanks @nbouvrette! - fix(deps): replace @package-json/types with an inline minimal typegajus/eslint-plugin-jsdoc (eslint-plugin-jsdoc)
v63.0.13Compare Source
Bug Fixes
v63.0.12Compare Source
v63.0.11Compare Source
Bug Fixes
require-jsdoc: skip overloads to find method comment blocks; fixes #1688 (7676b50)v63.0.10Compare Source
Bug Fixes
v63.0.9Compare Source
Bug Fixes
check-template-names,require-template,valid-types: keep commas inside@templatedefault values (0980b71)v63.0.8Compare Source
Bug Fixes
check-template-names: detect template usage in@augments/@extends/@implementstypes (208079f)unjs/exsolve (exsolve)
v1.1.0Compare Source
compare changes
🚀 Enhancements
🔥 Performance
🏡 Chore
❤️ Contributors
sindresorhus/globals (globals)
v17.7.0Compare Source
sindresorhus/globby (globby)
v16.2.1Compare Source
gitignoreignoring an entire checkout under an anchored ancestor path (#277)e7bd988webpro-nl/knip (knip)
v6.26.0: Release 6.26.0Compare Source
4249935) - thanks @trueberryless!1da09fd)39125a7)aed361c)3b4d58c)d92107e)ef3b601)8292981)#-imports to source when node condition is unbuilt (resolve #1873) (f2713ed)a6f0772)5742913)7301075)5e6f82b)009aad8)f638c83)9396ab1)3ceee89)9bc1754)45dea0a)e1249ad)a45941d)43aecd5)589ffda)f041c19)8fa7b11)4254f7d)dfb9acb)d533da8)b99702a)aab080b)5dea975)c84bb7a)620079d)b5231c1)fc1ba0f)f256a5b) - thanks @trueberryless!6b8454a)606e5d0)199180d)1974533)a220729)v6.25.0: Release 6.25.0Compare Source
nodeLinker: pnpmstore (#1852) (3764605) - thanks @blowery!9cc5a41)packageExtensionsin yarn and pnpm (#1847) (61d3164) - thanks @trueberryless!d23c10d) - thanks @trueberryless!1eb42e6) - thanks @trueberryless!3bf3d11) - thanks @trueberryless!6e6a509) - thanks @dayongkr!2ac4c04) - thanks @jakeleventhal!da606eb)d231d67)fc7bb1e)6f18138)105687d)38e4a4a)1255369)77c2142)0f27e77)195510c)92903ec)a0bfe7b)1301475)23b4a74)e3f0e5c)9422d06)5e192e9)5dc7f12) - thanks @remcohaszing!46111ef) - thanks @jakeleventhal!5ab3483) - thanks @trueberryless!20cd970) - thanks @jakeleventhal!cyclesissue type (resolve #1734) (#1812) (1b0ed6b)c61d008) - thanks @trueberryless!89a2d8d)v6.24.0: Release 6.24.0Compare Source
32bc844) - thanks @trueberryless!82a8d09) - thanks @trueberryless!d9ef038)aea7923)pnpm run lintto CI workflow (ec9aa1c)111f2e0) - thanks @trueberryless!dc2a640) - thanks @trueberryless!ffce88c) - thanks @trueberryless!6f090f9) - thanks @cyphercodes!7901abd)0d739be)5525759) - thanks @trueberryless!3c9d4ad)acba6b8) - thanks @johnjenkins!cf997b2) - thanks @morgan-coded!260f192)bb0eeb6)v6.23.0: Release 6.23.0Compare Source
f85d96f) - thanks @trueberryless!62e9753) - thanks @ghostdevv!94e2863) - thanks @trueberryless!8a6050e)849b5ac)v6.22.0: Release 6.22.0Compare Source
1dffe36) - thanks @patrik-csak!5095ae1) - thanks @gwagjiug!7759a98)11fe8bd) - thanks @serhalp!a5302b2) - thanks @serhalp!3e1b821) - thanks @trueberryless!76c92e2)v6.21.0: Release 6.21.0Compare Source
8754c43)3c8deac) - thanks @gwagjiug!9b8af2b)f89db41)f32c6ea)v6.20.0: Release 6.20.0Compare Source
6f08c68)2bc2f24)v6.19.0: Release 6.19.0Compare Source
3fee8bf) - thanks @fubits1!e30cfe7)71e71a7)v6.18.0: Release 6.18.0Compare Source
7dda4ec)3b71565)64865f8)ec93e20) - thanks @remcohaszing!203c31e)392835a)62d802b)d2caedd) - thanks @gwagjiug!9083c16) - thanks @WooWan!v6.17.2: Release 6.17.2Compare Source
63dbd65)vitest --coverageflag (#1800) (dc11d9f) - thanks @WooWan!8ce1ec8) - thanks @WooWan!27a1cae)630e152)microsoft/playwright (playwright-core)
v1.61.1Compare Source
pnpm/pnpm (pnpm)
v10.34.5Compare Source
unjs/std-env (std-env)
v4.2.0Compare Source
compare changes
🚀 Enhancements
🩹 Fixes
🏡 Chore
❤️ Contributors
terser/terser (terser)
v5.49.0Compare Source
boxoption to dompropstypescript-eslint/typescript-eslint (typescript-eslint)
v8.64.0Compare Source
This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
v8.63.0[Compare
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.