Skip to content

deps: bump the dev-dependencies group with 7 updates#148

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-443a05a44d
Open

deps: bump the dev-dependencies group with 7 updates#148
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-443a05a44d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 7 updates:

Package From To
@playwright/test 1.61.0 1.61.1
@types/node 26.0.0 26.1.0
eslint 10.5.0 10.6.0
globals 17.6.0 17.7.0
prettier 3.8.4 3.9.4
typescript-eslint 8.61.1 8.62.1
fallow 2.101.0 3.0.0

Updates @playwright/test from 1.61.0 to 1.61.1

Release notes

Sourced from @​playwright/test's releases.

v1.61.1

Bug Fixes

  • #41365 [Bug]: Expect.Extend matcher with same name as default matcher in same expect instance overrides default matchers implementation to custom matcher
  • #41351 [Bug]: Playwright UI mode: apiRequestContext._wrapApiCall reports unexpected number of bytes (same test passes in headed mode)
  • #41360 [Bug]: Trace viewer: message times in websockets are downscaled by 1000
  • #41311 [Bug]: [Regression]: Sync loader throws "context.conditions?.includes is not a function" on Node 22.15
  • #41371 [Regression]: Sync ESM loader (registerHooks) fails to resolve extensionless .ts subpath imports across pnpm workspace symlinks
Commits
  • 39e3553 cherry-pick(#41399): fix(test): load require-reached files as commonjs in syn...
  • 4328122 chore: mark v1.61.1 (#41404)
  • 2c29a94 fix(tracing): stop recording websocket frames outside of chunks (#41398)
  • 4324b19 cherry-pick(#41367): fix(test): keep builtin expect matchers on base extend
  • 041e7e3 cherry-pick(#41364): fix(har): WebSocket message timestamps should be in mi...
  • b8a0fc3 cherry-pick(#41309, #43149): Revert "fix(firefox): treat `navigationCommitted...
  • b5a3175 cherry-pick(#41319): fix(loader): support other node versions
  • d4724a9 cherry-pick(#41290): feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image
  • See full diff in compare view

Updates @types/node from 26.0.0 to 26.1.0

Commits

Updates eslint from 10.5.0 to 10.6.0

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)
Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

Updates globals from 17.6.0 to 17.7.0

Release notes

Sourced from globals's releases.

v17.7.0

  • Update globals (2026-06-22) (#345) 33b75f9

sindresorhus/globals@v17.6.0...v17.7.0

Commits

Updates prettier from 3.8.4 to 3.9.4

Release notes

Sourced from prettier's releases.

3.9.4

  • Angular: Format @content(name) -> @content (name) to align with other block syntax (#19499 by @​fisker)

🔗 Changelog

3.9.3

🔗 Changelog

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.4

diff

Angular: Format @content(name) -> @content (name) to align with other block syntax (#19499 by @​fisker)

<!-- Input -->
<FancyButton [label]="title">
  @content (icon) {
    <span>Icon!</span>
  }
  @content (description) {
    <span>Description text</span>
  }
  <span>Other children</span>
</FancyButton>
<!-- Prettier 3.9.3 -->
<FancyButton [label]="title">
@​content(icon) {
<span>Icon!</span>
}
@​content(description) {
<span>Description text</span>
}
<span>Other children</span>
</FancyButton>
<!-- Prettier 3.9.4 -->
<FancyButton [label]="title">
@​content (icon) {
<span>Icon!</span>
}
@​content (description) {
<span>Description text</span>
}
<span>Other children</span>
</FancyButton>

3.9.3

diff

Markdown: Fix unexpected removal of characters in liquid syntax (#19489 by @​seiyab)

</tr></table> 

... (truncated)

Commits
  • b693cb2 Release 3.9.4
  • 2e92ac0 Angular: Format @content(name) -> @content (name) to align with other blo...
  • abed2c2 Bump Prettier dependency to 3.9.3
  • 6cfbc00 Clean changelog_unreleased
  • 3732e1d Release 3.9.3
  • a74a7b0 Allow decorators to be used with declare on class fields (#19492)
  • bd9e11a Correct text identification in liquid syntax (#19489)
  • 269eee3 Bump Prettier dependency to 3.9.1
  • ec7ccd1 Clean changelog_unreleased
  • c47654c Release 3.9.1
  • Additional commits viewable in compare view

Updates typescript-eslint from 8.61.1 to 8.62.1

Release notes

Sourced from typescript-eslint's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.62.1 (2026-06-29)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates fallow from 2.101.0 to 3.0.0

Release notes

Sourced from fallow's releases.

v3.0.0: new brand, styling audit, rule packs, and architecture guard

Fallow 3.0

Your code-health gate now reviews your styles. Same PR, same JSON, no new tool.

Fallow 3.0 is a major release for one reason: fallow audit, the gate that already reviews your TypeScript and JavaScript, now reviews your CSS and CSS-in-JS in the same PR, in the same JSON stream, with no separate tool and no extra config. That is the change that crossed the version to 3.0.

Alongside it: policy-as-code with rule packs, a pre-edit architecture guard, better PR and MR reporting, and a new brand mark.

No breaking changes. CLI flags, configuration, and JSON output contracts are all unchanged. The major bump marks the platform milestone (styling in audit), not a breaking API change. GitHub Action users on @v2 should move to @v3 to keep receiving releases.

npm install -g fallow@3.0.0
# or
npx fallow@3.0.0

Styling analysis, now inside fallow audit

Run fallow audit on your next PR and styling feedback lands next to your JS and TS findings, in the same JSON. No new command, no new config, no second tool. Findings are verdict-neutral by default: they report, they do not fail the gate. What you get:

  • Design-system drift and near-duplicate theme tokens
  • Duplicate CSS blocks and selector-complexity hotspots
  • Dead styling surface and broken references
  • Raw one-off values that bypass your tokens

The deep pass scans the project-wide styling surface, then narrows cross-file results back to the anchors the PR touched. A two-file change gets styling feedback scoped to those two files, not a repo-wide dump.

Two new findings, css-token-drift and raw-style-value, flag introduced raw values on design-system axes: colors, font sizes, line heights, radii, and shadows. They are low-confidence and verify-first, so they stay off the gate until you opt in:

// gate on drift once you trust it
"rules": { "css-token-drift": "error" }

Dialing it back:

  • --no-css (or audit.css: false) disables styling analysis entirely.
  • --no-css-deep (or audit.cssDeep: false) keeps the local styling checks and skips only the project-wide reachability pass.

Styling actions are report-only (auto_fixable: false). Agents surface the finding and let you verify and edit by hand, rather than rewriting your styles for you.

Custom rules: policy as code

Encode your architecture in declarative rule packs, enforce them in the same gate, and let agents check the rules before writing a line.

  • Authoring. fallow rule-pack init | list | test | schema scaffolds, inspects, and validates policy packs. init drops in a starter or architecture-oriented pack and can wire it straight into your config. list shows loaded packs with their sources, severities, matchers, and messages (human or JSON). test and schema validate a pack before you ship it.
  • V2 matchers. Scope rules to boundary zones, ban direct exports with banned-export, and use a trailing /* banned-import specifier for subpath-only deep-import bans. Everything reports under one stable policy-violation family, so existing suppressions and CI keep working untouched.
  • A guard that runs before the edit. fallow guard <files> tells you which rules govern a file before a line is written: its boundary zone, allowed import zones, forbidden call patterns, rule-pack rules, effective severities, and suppression tokens. It works on files that do not exist yet, and it is exposed as the read-only MCP guard tool, so an agent can ask "what rules apply here?" and stay inside the lines from the first draft.

... (truncated)

Changelog

Sourced from fallow's changelog.

[3.0.0] - 2026-07-04

Added

  • Rule-pack authoring commands for repo-wide policy linting. fallow rule-pack now exposes init, list, test, and schema as one command family. init can scaffold starter and architecture-oriented packs, wire them into the local config when possible, and print a manual snippet otherwise. list shows the loaded packs, source files, effective severities, matcher patterns, and rule messages in human or JSON form, giving teams a clearer path to project-specific guardrails without hand-authoring every file from scratch.

  • Pre-edit architecture guard reports for agents and humans. fallow guard reports the boundary zone, allowed import zones, forbidden call patterns, rule-pack policy rules, effective severities, suppression tokens, and notes for one or more files before code is written. It is config-only, works for files that do not exist yet, and is also exposed as the read-only MCP guard tool so agents can ask which repo-wide rules apply before editing.

  • Rule-pack V2 matchers for architecture policy. Rule-pack rules can now be scoped to boundary zones, ban direct exports via banned-export, and use a trailing /* banned-import specifier for subpath-only deep-import bans. These all continue to report as policy-violation, so existing suppressions and CI integrations keep one stable issue family.

  • Richer PR and MR reporting for GitHub Actions and GitLab CI. The bundled CI integrations now render sticky summary comments from typed Rust output, with a gate table, an attention banner, top fixes, and sidecar artifacts for full drilldown. Clean runs no longer create a new sticky comment; if an older Fallow comment already exists, the integration updates it so stale warnings disappear. GitHub Actions also posts a native Fallow Check Run from the same decision artifact when checks: write is available, while workflow annotations and job summaries prefer the typed sidecars before falling back to the legacy jq summaries. Inline GitHub review comments and GitLab MR discussions skip clean zero-comment envelopes, so dead-code-only jobs no longer leave "0 inline findings" timeline noise.

  • fallow audit now includes styling findings by default. Audit now runs CSS and CSS-in-JS analytics in the normal PR gate and emits verdict-neutral styling findings for design-system drift, duplicate CSS blocks, selector complexity, dead styling surface, broken references, near-duplicate theme tokens, and raw one-off values. The default deep pass scans the project-wide styling surface and narrows cross-file results back to changed anchors, so agents see styling consistency feedback in the same JSON stream as JS/TS findings. Use --no-css / audit.css: false to disable styling entirely, or --no-css-deep / audit.cssDeep: false to keep local styling checks while skipping project-wide reachability. Styling actions stay report-only (auto_fixable: false); agents must verify and edit manually.

  • Audit can now flag introduced raw CSS values on design-system axes.

... (truncated)

Commits
  • 630722b chore: release v3.0.0
  • 348caa5 feat(core): add rule-pack v2 matchers
  • 7989267 feat(cli): add pre-edit architecture guard reports
  • 691c3f9 feat: add v3 styling analysis integration
  • 2c67798 feat(cli): add rule-pack authoring commands
  • d4e8a86 fix(brand): update GitHub Pages favicon to the f-wing mark
  • 80dd2c3 feat(brand): new fallow f-wing logo (#1733)
  • 0dac94e feat(action): post PR output as the branded Fallow app (#1737)
  • 606685c chore: fix vscode guard dist check
  • ac7df1b refactor(architecture): finish engine and registry split
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dev-dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.61.0` | `1.61.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `26.0.0` | `26.1.0` |
| [eslint](https://github.com/eslint/eslint) | `10.5.0` | `10.6.0` |
| [globals](https://github.com/sindresorhus/globals) | `17.6.0` | `17.7.0` |
| [prettier](https://github.com/prettier/prettier) | `3.8.4` | `3.9.4` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.61.1` | `8.62.1` |
| [fallow](https://github.com/fallow-rs/fallow) | `2.101.0` | `3.0.0` |


Updates `@playwright/test` from 1.61.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.61.0...v1.61.1)

Updates `@types/node` from 26.0.0 to 26.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 10.5.0 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.5.0...v10.6.0)

Updates `globals` from 17.6.0 to 17.7.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.6.0...v17.7.0)

Updates `prettier` from 3.8.4 to 3.9.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.4)

Updates `typescript-eslint` from 8.61.1 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint)

Updates `fallow` from 2.101.0 to 3.0.0
- [Release notes](https://github.com/fallow-rs/fallow/releases)
- [Changelog](https://github.com/fallow-rs/fallow/blob/main/CHANGELOG.md)
- [Commits](fallow-rs/fallow@v2.101.0...v3)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: prettier
  dependency-version: 3.9.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: typescript-eslint
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: fallow
  dependency-version: 3.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 4, 2026
@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

🗺️ StyleProof report

🆕 1 new surface(s) captured with no baseline to compare — shown below for review. Approve them before they become the baseline.

📊 View the side-by-side visual report →


To accept: rebuild the map with styleproof-map, then rerun the report.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Fallow audit report

No GitHub PR/MR findings.

Generated by fallow.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Fallow audit report

Quality gate passed

0 inline findings selected for GitHub review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants