Chore(deps-dev): Bump the npm-root group with 9 updates#237
Chore(deps-dev): Bump the npm-root group with 9 updates#237dependabot[bot] wants to merge 3 commits into
Conversation
Bumps the npm-root group with 9 updates: | Package | From | To | | --- | --- | --- | | [@double-great/stylelint-a11y](https://github.com/double-great/stylelint-a11y) | `3.4.14` | `3.4.15` | | [eslint](https://github.com/eslint/eslint) | `10.4.0` | `10.5.0` | | [eslint-plugin-security](https://github.com/eslint-community/eslint-plugin-security) | `4.0.0` | `4.0.1` | | [fallow](https://github.com/fallow-rs/fallow) | `2.101.0` | `2.102.0` | | [jscpd](https://github.com/kucherenko/jscpd/tree/HEAD/rust/jscpd) | `4.2.4` | `5.0.10` | | [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.52.0` | `0.56.0` | | [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.67.0` | `1.71.0` | | [stylelint](https://github.com/stylelint/stylelint) | `17.12.0` | `17.13.0` | | [yauzl](https://github.com/thejoshwolfe/yauzl) | `3.3.1` | `3.4.0` | Updates `@double-great/stylelint-a11y` from 3.4.14 to 3.4.15 - [Release notes](https://github.com/double-great/stylelint-a11y/releases) - [Changelog](https://github.com/double-great/stylelint-a11y/blob/main/CHANGELOG.md) - [Commits](double-great/stylelint-a11y@v3.4.14...v3.4.15) Updates `eslint` from 10.4.0 to 10.5.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.4.0...v10.5.0) Updates `eslint-plugin-security` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/eslint-community/eslint-plugin-security/releases) - [Changelog](https://github.com/eslint-community/eslint-plugin-security/blob/main/CHANGELOG.md) - [Commits](eslint-community/eslint-plugin-security@eslint-plugin-security-v4.0.0...eslint-plugin-security-v4.0.1) Updates `fallow` from 2.101.0 to 2.102.0 - [Release notes](https://github.com/fallow-rs/fallow/releases) - [Changelog](https://github.com/fallow-rs/fallow/blob/main/CHANGELOG.md) - [Commits](fallow-rs/fallow@v2.101.0...v2.102.0) Updates `jscpd` from 4.2.4 to 5.0.10 - [Release notes](https://github.com/kucherenko/jscpd/releases) - [Changelog](https://github.com/kucherenko/jscpd/blob/master/CHANGELOG.md) - [Commits](https://github.com/kucherenko/jscpd/commits/v5.0.10/rust/jscpd) Updates `oxfmt` from 0.52.0 to 0.56.0 - [Release notes](https://github.com/oxc-project/oxc/releases) - [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md) - [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.56.0/npm/oxfmt) Updates `oxlint` from 1.67.0 to 1.71.0 - [Release notes](https://github.com/oxc-project/oxc/releases) - [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md) - [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.71.0/npm/oxlint) Updates `stylelint` from 17.12.0 to 17.13.0 - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](stylelint/stylelint@17.12.0...17.13.0) Updates `yauzl` from 3.3.1 to 3.4.0 - [Commits](thejoshwolfe/yauzl@3.3.1...3.4.0) --- updated-dependencies: - dependency-name: "@double-great/stylelint-a11y" dependency-version: 3.4.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-root - dependency-name: eslint dependency-version: 10.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-root - dependency-name: eslint-plugin-security dependency-version: 4.0.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-root - dependency-name: fallow dependency-version: 2.102.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-root - dependency-name: jscpd dependency-version: 5.0.10 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm-root - dependency-name: oxfmt dependency-version: 0.56.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-root - dependency-name: oxlint dependency-version: 1.71.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-root - dependency-name: stylelint dependency-version: 17.13.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-root - dependency-name: yauzl dependency-version: 3.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-root ... Signed-off-by: dependabot[bot] <support@github.com>
…ipts - Resolve jscpd entry from the package manifest (v5 dropped bin/jscpd) - Fix pre-commit clone filter for v5 scan-dir-relative :subformat paths - Exclude Effort/Scripts one-off deploy scripts from duplication scans - Disable no-implicit-globals/no-sync for scripts/** (CommonJS build scripts)
- brace-expansion 5.0.5 -> 5.0.6 (GHSA-jxxr-4gwj-5jf2, via eslint>minimatch) - js-yaml 4.1.1 -> 4.2.0 (GHSA-h67p-54hq-rp68, via stylelint>cosmiconfig) Lockfile-only npm audit fix; both transitive and dev-only. Audit now clean.
Bundle ReportChanges will increase total bundle size by 799 bytes (0.04%) ⬆️. This is within the configured threshold ✅ Detailed changes
Affected Assets, Files, and Routes:view changes for bundle: viper-frontend-esmAssets Changed:
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #237 +/- ##
==========================================
+ Coverage 44.58% 44.65% +0.06%
==========================================
Files 896 897 +1
Lines 51733 51890 +157
Branches 4834 4868 +34
==========================================
+ Hits 23063 23169 +106
- Misses 28098 28141 +43
- Partials 572 580 +8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. |
There was a problem hiding this comment.
Pull request overview
This PR updates the repo’s root npm dev-tooling dependencies (lint/format/duplication/security tooling) and adjusts internal scripts/config to remain compatible with the upgraded toolchain—most notably the jscpd v5 CLI entrypoint change.
Changes:
- Bump root devDependencies including
jscpd(v4 → v5),eslint,oxlint/oxfmt,stylelint, and others, and refreshpackage-lock.json. - Update jscpd runner scripts to resolve the CLI entry via
jscpd/package.jsoninstead of a hardcoded path. - Adjust jscpd output filtering for v5 clone-name formatting and update
.oxlintrc.json/.jscpd.jsonto account for new rules and ignore patterns.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/lint-staged-jscpd.js | Switches to resolved jscpd entrypoint and normalizes v5 clone names for staged-file scoping. |
| scripts/lib/jscpd-entry.js | Adds a shared helper to locate the installed jscpd CLI entry script via the package manifest. |
| scripts/audit-jscpd.js | Updates whole-project jscpd audit to use the resolved entrypoint. |
| scripts/audit-jscpd-regression.js | Updates CI regression runner to use the resolved entrypoint; minor comment tweak. |
| package.json | Bumps devDependencies for linting/formatting/duplication tooling. |
| package-lock.json | Regenerates lockfile for the dependency updates (including jscpd v5 + platform bins). |
| .oxlintrc.json | Disables newly-introduced rules for scripts/**/* to keep intended sync-script patterns allowed. |
| .jscpd.json | Adds an ignore entry for **/Effort/Scripts/** to exclude that subtree from duplication scans. |
Note
This branch carries two follow-up commits on top of the dependabot bump so the upgrade lands cleanly. Details below; the original dependabot summary is preserved further down.
Additional changes in this branch
The raw bump was not mergeable as-is: jscpd v4 → v5 is a full Rust rewrite with breaking changes that break our duplication tooling and would red the CI
jscpd-regressionjobs. Two commits address that.fix(tooling): make jscpd runners v5-compatible and exclude Effort/Scripts—50a101c3node_modules/jscpd/bin/jscpd(entry is nowrun-jscpd.js). All three runners hardcoded the old path, sonpm run audit:dupesand both CIjscpd-regressionjobs would fail. Addedscripts/lib/jscpd-entry.jsto resolve the CLI from the package manifest (version-agnostic).:html/:typescriptsuffix on Vue SFC blocks. Fixed the pre-commit clone filter inscripts/lint-staged-jscpd.js, which was otherwise silently matching nothing, plus a guard against malformed entries..jscpd.jsonnow ignoresweb/Areas/Effort/Scripts/**(one-off DB migration/deploy scripts), dropping C# clones from 88 to 60 signal..oxlintrc.jsondisablesno-implicit-globalsandnode/no-syncforscripts/**(both false-positives for CommonJS build scripts; the alternative.cjsmigration was deemed out of scope for a dependency bump).fix(deps): patch brace-expansion and js-yaml DoS advisories—e2347303npm audit fixfor two moderate, transitive, dev-only advisories surfaced during review:5.0.5 → 5.0.6(GHSA-jxxr-4gwj-5jf2, viaeslint → minimatch)4.1.1 → 4.2.0(GHSA-h67p-54hq-rp68, viastylelint → cosmiconfig)Lockfile-only;
npm auditnow reports 0 vulnerabilities.Reviewer notes
optionalDependencies, no direct advisories. jscpd is the only bump needing code adaptation, handled here.npm run audit:dupes(vue 53 / csharp 60 clones), the CI regression--save/--checkround-trip (+0 delta), and the full pre-commit gate (build + lint + tests + verify:build) all pass.Original dependabot summary below.
Bumps the npm-root group with 9 updates:
3.4.143.4.1510.4.010.5.04.0.04.0.12.101.02.102.04.2.45.0.100.52.00.56.01.67.01.71.017.12.017.13.03.3.13.4.0Updates
@double-great/stylelint-a11yfrom 3.4.14 to 3.4.15Release notes
Sourced from @double-great/stylelint-a11y's releases.
Commits
6c1ab3b3.4.15ffc4950Update dependencies (#136)2396e70Bump the build group with 2 updates (#134)84ebf11Revise stylelint docs link (#135)Updates
eslintfrom 10.4.0 to 10.5.0Release notes
Sourced from eslint's releases.
... (truncated)
Commits
de3b67210.5.0362a518Build: changelog update for 10.5.05ca8c52feat: correct stack tracking in max-nested-callbacks (#20973)b565783feat: report no-with violations at the with keyword (#20971)2ce032ffeat: report max-lines-per-function violations at function head (#20966)732cb3efeat: report max-nested-callbacks violations at function head (#20967)f9c138afeat: report max-depth violations on keywords (#20943)8ae1b5bdocs: Update READMEca7eb90docs: update Node.js prerequisites to include ICU support (#20962)b18bf58chore: update ecosystem plugins (#20959)Updates
eslint-plugin-securityfrom 4.0.0 to 4.0.1Release notes
Sourced from eslint-plugin-security's releases.
Changelog
Sourced from eslint-plugin-security's changelog.
Commits
cb8645cchore: release 4.0.1 🚀 (#204)74c97bbfix: treat import.meta.dirname and import.meta.filename as static (#200)0b45f82chore(deps-dev): bump shell-quote from 1.7.4 to 1.8.4 (#202)954149achore(deps-dev): bump handlebars from 4.7.7 to 4.7.9 (#198)d5012b6chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 (#197)b53d8b4chore(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#196)7876750chore(deps): bump minimatch (#194)Updates
fallowfrom 2.101.0 to 2.102.0Release notes
Sourced from fallow's releases.
... (truncated)
Changelog
Sourced from fallow's changelog.
... (truncated)
Commits
8a83dc0chore: release v2.102.0b5e53b5fix(dead-code): credit merged namespace star re-export valuese890fbechore(deps): bump napi from 3.9.0 to 3.9.2 (#1381)2238983chore(deps): bump insta from 1.47.2 to 1.48.0 (#1380)4059812chore(deps-dev): bump oxfmt from 0.54.0 to 0.55.0 (#1378)01e2813chore(deps): bump rust-lang/crates-io-auth-action from 1.0.4 to 1.0.5 (#1375)eb55b34chore(deps-dev): bump@tanstack/intentin /npm/fallow (#1376)7b8c570chore(deps-dev): bump oxlint from 1.69.0 to 1.70.0 (#1377)e585f05refactor(review-app): namespace persisted state under fallow-review instead o...0ffd4catest(unused-members): cover issue-844 typed-instance crediting at monorepo pa...Updates
jscpdfrom 4.2.4 to 5.0.10Release notes
Sourced from jscpd's releases.
... (truncated)
Changelog
Sourced from jscpd's changelog.
... (truncated)
Commits
Updates
oxfmtfrom 0.52.0 to 0.56.0Changelog
Sourced from oxfmt's changelog.
Commits
c4be770release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (#23707)aa79b5brelease(apps): oxlint v1.70.0 && oxfmt v0.55.0 (#23442)9a2788bfeat(linter/unicorn): implementprefer-export-fromrule (#22935)44ae845release(apps): oxlint v1.69.0 && oxfmt v0.54.0 (#23116)dadafe3docs(oxlint, oxfmt): mention migrate skills in npm READMEs (#22965)f88961adocs(oxfmt): annotate each config option with supported languages (#22953)964a758release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (#22883)Updates
oxlintfrom 1.67.0 to 1.71.0Release notes
Sourced from oxlint's releases.
... (truncated)
Changelog
Sourced from oxlint's changelog.
... (truncated)
Commits
c4be770release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (#23707)0dc2405feat(linter): add schema foreslint/no-restricted-properties(#23619)b638d0efeat(linter): add schema fornode/callback-return(#23615)6d355abrefactor(linter): removenumber_as_object_schemahelper (#23614)eb8bedcfeat(linter): add schema forimport/extensions(#23557)46f3625feat(linter): implement node/no-sync rule (#23589)953c7b3refactor(linter): makeunicorn/numeric-separators-styleoptionsu32(#23558)b01739afeat(linter): add schema forunicorn/numeric-separators-style(#23554)68afd2afeat(linter/node): implementno-mixed-requiresrule (#23539)b08e9f5refactor(linter): re-enable schema for `jsx_a11y/no-noninteractive-element-in...Updates
stylelintfrom 17.12.0 to 17.13.0Release notes
Sourced from stylelint's releases.
Changelog
Sourced from stylelint's changelog.
Commits
7fcee2bRelease 17.13.0 (#9342)3b7287bRefactor to reuse shared utilities (#9337)8e889c3Bump lint-staged from 17.0.4 to 17.0.5 (#9334)a74aab4Bump the stylelint-actions group with 5 updates (#9333)74c6448Fixdeclaration-block-no-duplicate-propertiesfalse negatives for interleav...1cd26acSkip changeset verification on fork PRs CI (#9331)