Skip to content

chore(deps)(deps-dev): bump @eslint-community/eslint-plugin-eslint-comments from 4.7.1 to 4.7.2 in /apps/ui#271

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/apps/ui/eslint-community/eslint-plugin-eslint-comments-4.7.2
Closed

chore(deps)(deps-dev): bump @eslint-community/eslint-plugin-eslint-comments from 4.7.1 to 4.7.2 in /apps/ui#271
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/apps/ui/eslint-community/eslint-plugin-eslint-comments-4.7.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps @eslint-community/eslint-plugin-eslint-comments from 4.7.1 to 4.7.2.

Release notes

Sourced from @​eslint-community/eslint-plugin-eslint-comments's releases.

v4.7.2

4.7.2 (2026-05-26)

Bug Fixes

  • deps: pin modern-monaco version to 0.4.0 (#320) (62a2c3a)
  • docs: use modern-monaco instead of monaco-editor (#311) (42919d0)
Commits
  • 62a2c3a fix(deps): pin modern-monaco version to 0.4.0 (#320)
  • 42919d0 fix(docs): use modern-monaco instead of monaco-editor (#311)
  • 9f93f00 chore(deps): Bump actions/deploy-pages from 4 to 5 (#312)
  • b99d9d5 chore(deps): Bump codecov/codecov-action from 5 to 6 (#313)
  • 7c77e2b chore(deps): Bump actions/configure-pages from 5 to 6 (#314)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

…mments

Bumps [@eslint-community/eslint-plugin-eslint-comments](https://github.com/eslint-community/eslint-plugin-eslint-comments) from 4.7.1 to 4.7.2.
- [Release notes](https://github.com/eslint-community/eslint-plugin-eslint-comments/releases)
- [Commits](eslint-community/eslint-plugin-eslint-comments@v4.7.1...v4.7.2)

---
updated-dependencies:
- dependency-name: "@eslint-community/eslint-plugin-eslint-comments"
  dependency-version: 4.7.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@dependabot dependabot Bot requested a review from agjs as a code owner July 6, 2026 07:13
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
agjs added a commit that referenced this pull request Jul 9, 2026
)

* chore(deps): aggregate weekly Dependabot batch (api, ui, docs, ci)

Consolidates 23 Dependabot PRs (#248#271) into one batch. Lockfiles
regenerated per app; all three app gates pass locally.

api (apps/api):
  pg 8.21.0→8.22.0, @anthropic-ai/sdk 0.105.0→0.106.0, openai 6.44.0→6.45.0,
  @sentry/bun 10.59.0→10.62.0, resend 6.14.0→6.16.0, stripe 22.2.2→22.3.0,
  bullmq 5.79.1→5.79.2, knip 6.16.1→6.23.0

ui (apps/ui):
  @sentry/react 10.59.0→10.62.0, i18next 26.3.1→26.3.3,
  lucide-react 1.21.0→1.22.0, @tanstack/react-query(+devtools) 5.101.0→5.101.2,
  @playwright/test 1.61.0→1.61.1, @eslint-community/eslint-plugin-eslint-comments
  4.7.1→4.7.2, knip 6.16.1→6.23.0

docs (apps/docs) — includes two majors, validated via build:ci:
  astro 6.4.8→7.0.3, @astrojs/react 5.0.7→6.0.0,
  wrangler 4.103.0→4.105.0, @axe-core/cli 4.11.3→4.12.1

lint tooling, lockstep across api + ui:
  eslint 10.5.0→10.6.0, typescript-eslint 8.61.1→8.62.0,
  eslint-plugin-unicorn 68.0.0→69.0.0, prettier 3.8.4→3.9.1

ci (.github/workflows):
  docker/login-action v4.2.0→v4.4.0, docker/build-push-action v7.2.0→v7.3.0,
  docker/setup-buildx-action v4.1.0→v4.2.0, opentofu/setup-opentofu v2.0.1→v2.0.2

prettier 3.9.1 collapses short one-member-per-line unions onto a single
line; the 14 reformatted *.types.ts / test files are mechanical style-only
churn from that bump (no logic change), committed so format:check stays green.

* fix(api): stop semgrep false-positive on bunfig minimumReleaseAge

The apps/api bunfig header comment contained the literal `[install]`
token. Semgrep's generic-mode `bun-missing-minimum-release-age` rule
(from p/owasp-top-ten) has no TOML parser, so it read that comment as a
second, empty `[install]` table and reported minimumReleaseAge missing —
even though the real table sets it to 604800 (7 days). apps/ui and
apps/docs have no such header comment, which is why only api tripped.

This surfaced now because the deps batch reformats files under
apps/api/src/, which is what gates the semgrep SAST scan (dependency-only
batches never touch src/, so the latent finding was never scanned).

Reword the comment to drop the bracketed token and hoist minimumReleaseAge
directly under [install] to match ui/docs. No install-behavior change.
@agjs

agjs commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Superseded by #272 — this bump was aggregated into the weekly Dependabot batch (merged as 7c33c77). Closing.

@agjs agjs closed this Jul 9, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/bun/apps/ui/eslint-community/eslint-plugin-eslint-comments-4.7.2 branch July 9, 2026 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant