Skip to content

Build(deps-dev): bump the npm-development group with 9 updates #162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Build(deps-dev): bump the npm-development group with 9 updates #162

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 1, 2026

Bumps the npm-development group with 9 updates:

Package From To
@eslint/compat 2.0.0 2.0.2
@types/node 25.0.10 25.2.0
@typescript-eslint/eslint-plugin 8.51.0 8.54.0
@typescript-eslint/parser 8.51.0 8.54.0
eslint-plugin-jest 29.12.0 29.12.1
eslint-plugin-prettier 5.5.4 5.5.5
globals 17.1.0 17.3.0
prettier 3.7.4 3.8.1
rollup 4.54.0 4.57.1

Updates @eslint/compat from 2.0.0 to 2.0.2

Release notes

Sourced from @​eslint/compat's releases.

compat: v2.0.2

2.0.2 (2026-01-29)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^1.0.1 to ^1.1.0

migrate-config: v2.0.2

2.0.2 (2026-01-29)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/compat bumped from ^2.0.1 to ^2.0.2
    • devDependencies
      • @​eslint/core bumped from ^1.0.1 to ^1.1.0

compat: v2.0.1

2.0.1 (2026-01-08)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^1.0.0 to ^1.0.1

migrate-config: v2.0.1

2.0.1 (2026-01-08)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/compat bumped from ^2.0.0 to ^2.0.1
    • devDependencies
      • @​eslint/core bumped from ^1.0.0 to ^1.0.1
Changelog

Sourced from @​eslint/compat's changelog.

2.0.2 (2026-01-29)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^1.0.1 to ^1.1.0

2.0.1 (2026-01-08)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​eslint/core bumped from ^1.0.0 to ^1.0.1
Commits

Updates @types/node from 25.0.10 to 25.2.0

Commits

Updates @typescript-eslint/eslint-plugin from 8.51.0 to 8.54.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.54.0

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • scope-manager: support ScopeManager#addGlobals (#11914)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • scope-manager: prevent misidentification of "use strict" directives (#11995)
  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.53.1

8.53.1 (2026-01-19)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] skip fixer if interface is a default export (#11951)
  • utils: make RuleCreator root defaultOptions optional (#11956)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.53.0

8.53.0 (2026-01-12)

🚀 Features

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • deps: update dependency prettier to v3.8.0 (#11991)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

8.53.1 (2026-01-19)

🩹 Fixes

  • utils: make RuleCreator root defaultOptions optional (#11956)
  • eslint-plugin: [consistent-indexed-object-style] skip fixer if interface is a default export (#11951)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

8.53.0 (2026-01-12)

🚀 Features

  • eslint-plugin: add rule [strict-void-return] (#9707)
  • eslint-plugin: [no-unused-vars] add a fixer to remove unused imports (#11922)

🩹 Fixes

  • eslint-plugin: [no-useless-default-assignment] fix false positive for parameters corresponding to a rest parameter (#11916)

... (truncated)

Commits
  • d423e57 chore(release): publish 8.54.0
  • 80e33ff feat(eslint-plugin-internal): add prefer-tsutils-methods rule (#11974)
  • ec4f73a feat(typescript-estree): add shortcut methods to ParserServicesWithTypeInform...
  • d32f909 test(eslint-plugin): skip rules tests in windows ci (#11988)
  • 17fa993 test(eslint-plugin): improve vitest performance with isolate: false (#11754)
  • 1c66ab4 fix(eslint-plugin): [no-unnecessary-type-assertion] check both base constrain...
  • aaa7ca2 fix(deps): update dependency prettier to v3.8.0 (#11991)
  • d50aa18 fix(scope-manager): fix catch clause scopes def.name (#11982)
  • 4c0b379 fix(eslint-plugin): [no-unused-private-class-members] private destructured cl...
  • 9940e53 chore(release): publish 8.53.1
  • Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.51.0 to 8.54.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.54.0

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • scope-manager: support ScopeManager#addGlobals (#11914)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • scope-manager: prevent misidentification of "use strict" directives (#11995)
  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.53.1

8.53.1 (2026-01-19)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] skip fixer if interface is a default export (#11951)
  • utils: make RuleCreator root defaultOptions optional (#11956)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.53.0

8.53.0 (2026-01-12)

🚀 Features

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.54.0 (2026-01-26)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.53.1 (2026-01-19)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.53.0 (2026-01-12)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.52.0 (2026-01-05)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates eslint-plugin-jest from 29.12.0 to 29.12.1

Release notes

Sourced from eslint-plugin-jest's releases.

v29.12.1

29.12.1 (2026-01-02)

Bug Fixes

  • no-unnecessary-assertion: don't report for any and unknown types (#1918) (388a36c)
Changelog

Sourced from eslint-plugin-jest's changelog.

29.12.1 (2026-01-02)

Bug Fixes

  • no-unnecessary-assertion: don't report for any and unknown types (#1918) (388a36c)
Commits
  • 45edad2 chore(release): 29.12.1 [skip ci]
  • 388a36c fix(no-unnecessary-assertion): don't report for any and unknown types (#1...
  • badfe77 docs: put rule descriptions after title (#1916)
  • ce44f84 chore: update eslint-remote-tester (#1915)
  • See full diff in compare view

Updates eslint-plugin-prettier from 5.5.4 to 5.5.5

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.5

Patch Changes

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.5

Patch Changes

Commits
  • e2c154a chore: release eslint-plugin-prettier (#773)
  • 6795c1a build(deps): Bump the actions group across 1 directory with 2 updates (#774)
  • 77651a3 fix: bump synckit for yarn PnP ESM issue (#776)
  • 7264ed0 chore: bump prettier-linter-helpers to v1.0.1 (#772)
  • e11a5b7 build(deps): Bump the actions group across 1 directory with 3 updates (#769)
  • befda88 ci: enable trusted publishing (#757)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-prettier since your current version.


Updates globals from 17.1.0 to 17.3.0

Release notes

Sourced from globals's releases.

v17.3.0

  • Update globals (2026-02-01) (#336) 295fba9

sindresorhus/globals@v17.2.0...v17.3.0

v17.2.0

  • jasmine: Add throwUnless and throwUnlessAsync globals (#335) 97f23a7

sindresorhus/globals@v17.1.0...v17.2.0

Commits

Updates prettier from 3.7.4 to 3.8.1

Release notes

Sourced from prettier's releases.

3.8.1

🔗 Changelog

3.8.0

  • Support Angular v21.1

diff

🔗 Release note "Prettier 3.8: Support for Angular v21.1"

Changelog

Sourced from prettier's changelog.

3.8.1

diff

Include available printers in plugin type declarations (#18706 by @​porada)

// Input
import * as prettierPluginEstree from "prettier/plugins/estree";
// Prettier 3.8.0
// Property 'printers' does not exist on type 'typeof import("prettier/plugins/estree")'. ts(2339)
prettierPluginEstree.printers.estree; //=> any
// Prettier 3.8.1
prettierPluginEstree.printers.estree; //=> Printer
prettierPluginEstree.printers["estree-json"]; //=> Printer

3.8.0

diff

🔗 Release Notes

Commits

Updates rollup from 4.54.0 to 4.57.1

Release notes

Sourced from rollup's releases.

v4.57.1

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

v4.57.0

4.57.0

2026-01-27

Features

  • Add import attributes to all plugin hooks that did not provide them yet (#5700)
  • Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#5700)

Pull Requests

v4.56.0

4.56.0

2026-01-22

Features

  • Track object property inclusions of dynamic namespace members (#6230)

Bug Fixes

  • Handle methods that access dynamically imported namespace members via this (#6230)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

4.57.0

2026-01-27

Features

  • Add import attributes to all plugin hooks that did not provide them yet (#5700)
  • Deprecate returning import attributes from load or transform hooks as that will no longer be supported with rollup 5 (#5700)

Pull Requests

4.56.0

2026-01-22

Features

  • Track object property inclusions of dynamic namespace members (#6230)

Bug Fixes

  • Handle methods that access dynamically imported namespace members via this (#6230)

Pull Requests

... (truncated)

Commits
  • d37675f 4.57.1
  • eafac0b chore(deps): lock file maintenance (#6255)
  • 47fa568 chore(deps): update dependency lru-cache to v11 (#6252)
  • 416f476 Fully include dynamic imports in a try-catch (#6254)
  • 5e393e3 fix: Isolate and cache process.report.getReport() calls in a child process ...
  • c931d23 chore(deps): lock file maintenance minor/patch updates (#6253)
  • c79e6c2 Mitigate vulnerability that would allow to steal credentials
  • 743d054 4.57.0
  • 74121c7 extend more hooks to include import attributes and add warnings (#5700)
  • c519d82 Refactor to reduce Rollup 5 upgrade diff (#6246)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Build(deps-dev): bump the npm-development group with 9 updates
d61a29e 
Bumps the npm-development group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) | `2.0.0` | `2.0.2` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.10` | `25.2.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.51.0` | `8.54.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.51.0` | `8.54.0` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.12.0` | `29.12.1` |
| [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) | `5.5.4` | `5.5.5` |
| [globals](https://github.com/sindresorhus/globals) | `17.1.0` | `17.3.0` |
| [prettier](https://github.com/prettier/prettier) | `3.7.4` | `3.8.1` |
| [rollup](https://github.com/rollup/rollup) | `4.54.0` | `4.57.1` |


Updates `@eslint/compat` from 2.0.0 to 2.0.2
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/compat-v2.0.2/packages/compat)

Updates `@types/node` from 25.0.10 to 25.2.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.51.0 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.51.0 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/parser)

Updates `eslint-plugin-jest` from 29.12.0 to 29.12.1
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](jest-community/eslint-plugin-jest@v29.12.0...v29.12.1)

Updates `eslint-plugin-prettier` from 5.5.4 to 5.5.5
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/eslint-plugin-prettier@v5.5.4...v5.5.5)

Updates `globals` from 17.1.0 to 17.3.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.1.0...v17.3.0)

Updates `prettier` from 3.7.4 to 3.8.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.7.4...3.8.1)

Updates `rollup` from 4.54.0 to 4.57.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.54.0...v4.57.1)

---
updated-dependencies:
- dependency-name: "@eslint/compat"
  dependency-version: 2.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 25.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint-plugin-jest
  dependency-version: 29.12.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-plugin-prettier
  dependency-version: 5.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: globals
  dependency-version: 17.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: prettier
  dependency-version: 3.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: rollup
  dependency-version: 4.57.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependabot Dependabot issues and PRs npm Node.js issues and PRs labels Feb 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 1, 2026 21:24
@dependabot dependabot bot added dependabot Dependabot issues and PRs npm Node.js issues and PRs labels Feb 1, 2026
@github-actions
Copy link

github-actions bot commented Feb 1, 2026

MegaLinter analysis: Error

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 5 0 0 0.05s
✅ JSON jsonlint 5 0 0 0.22s
✅ JSON npm-package-json-lint yes no no 1.54s
✅ JSON prettier 5 0 0 1.03s
✅ JSON v8r 5 0 0 9.1s
✅ MARKDOWN markdownlint 1 0 0 0.78s
✅ REPOSITORY checkov yes no no 23.35s
✅ REPOSITORY gitleaks yes no no 1.47s
✅ REPOSITORY git_diff yes no no 0.06s
❌ REPOSITORY grype yes 20 no 48.54s
✅ REPOSITORY secretlint yes no no 0.97s
✅ REPOSITORY syft yes no no 9.12s
✅ REPOSITORY trivy-sbom yes no no 4.76s
✅ REPOSITORY trufflehog yes no no 30.64s
✅ TYPESCRIPT prettier 9 0 0 1.19s
✅ YAML prettier 13 0 0 0.85s
✅ YAML v8r 13 0 0 8.51s
✅ YAML yamllint 13 0 0 0.68s

Detailed Issues

❌ REPOSITORY / grype - 20 errors 
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME    INSTALLED  FIXED IN          TYPE       VULNERABILITY        SEVERITY  EPSS           RISK   
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-61723       High      < 0.1% (11th)  < 0.1  
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-61725       High      < 0.1% (8th)   < 0.1  
stdlib  go1.23.10  *1.24.12, 1.25.6  go-module  CVE-2025-61726       High      < 0.1% (5th)   < 0.1  
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-47912       Medium    < 0.1% (8th)   < 0.1  
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-58185       Medium    < 0.1% (8th)   < 0.1  
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-58186       Medium    < 0.1% (8th)   < 0.1  
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-58188       High      < 0.1% (3rd)   < 0.1  
stdlib  go1.23.10  *1.24.9, 1.25.3   go-module  CVE-2025-58187       High      < 0.1% (3rd)   < 0.1  
stdlib  go1.23.10  *1.24.11, 1.25.5  go-module  CVE-2025-61729       High      < 0.1% (3rd)   < 0.1  
stdlib  go1.23.10  *1.23.12, 1.24.6  go-module  CVE-2025-47906       Medium    < 0.1% (4th)   < 0.1  
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-61724       Medium    < 0.1% (4th)   < 0.1  
undici  5.29.0     6.23.0            npm        GHSA-g9mf-h72j-4rw9  Medium    < 0.1% (3rd)   < 0.1  
stdlib  go1.23.10  *1.24.12, 1.25.6  go-module  CVE-2025-61728       Medium    < 0.1% (2nd)   < 0.1  
stdlib  go1.23.10  *1.23.12, 1.24.6  go-module  CVE-2025-47907       High      < 0.1% (0th)   < 0.1  
stdlib  go1.23.10  *1.24.12, 1.25.6  go-module  CVE-2025-61731       High      < 0.1% (0th)   < 0.1  
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-58183       Medium    < 0.1% (2nd)   < 0.1  
stdlib  go1.23.10  *1.24.8, 1.25.2   go-module  CVE-2025-58189       Medium    < 0.1% (2nd)   < 0.1  
stdlib  go1.23.10  *1.24.11, 1.25.5  go-module  CVE-2025-61727       Medium    < 0.1% (0th)   < 0.1  
stdlib  go1.23.10  *1.24.12, 1.25.6  go-module  CVE-2025-61730       Medium    < 0.1% (0th)   < 0.1  
stdlib  go1.23.10  *1.23.11, 1.24.5  go-module  CVE-2025-4674        High      < 0.1% (0th)   < 0.1
[0048] ERROR discovered vulnerabilities at or above the severity threshold

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx [email protected] --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,TYPESCRIPT_PRETTIER,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependabot Dependabot issues and PRs npm Node.js issues and PRs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants