Skip to content

Bump the npm-all group with 8 updates#37

Merged
fey merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm-all-d54d3ac66c
Apr 9, 2026
Merged

Bump the npm-all group with 8 updates#37
fey merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm-all-d54d3ac66c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026

Bumps the npm-all group with 8 updates:

Package From To
lodash 4.17.21 4.18.1
documentation 13.2.5 14.0.3
eslint 7.28.0 10.2.0
eslint-config-airbnb-base 14.2.1 15.0.0
eslint-plugin-import 2.23.4 2.32.0
eslint-plugin-jest 24.3.6 29.15.1
jest 27.0.4 30.3.0
jest-cli 27.0.4 30.3.0

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

  • Add security notice for _.template in threat model and API docs (#6099)
  • Document lower > upper behavior in _.random (#6115)
  • Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

Commits
  • cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
  • 75535f5 chore: prune stale advisory refs (#6170)
  • 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
  • 59be2de release(minor): bump to 4.18.0 (#6161)
  • af63457 fix: broken tests for _.template 879aaa9
  • 1073a76 fix: linting issues
  • 879aaa9 fix: validate imports keys in _.template
  • fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
  • 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
  • b819080 ci: add dist sync validation workflow (#6137)
  • Additional commits viewable in compare view

Updates documentation from 13.2.5 to 14.0.3

Release notes

Sourced from documentation's releases.

v14.0.0

chore(release): 14.0.0

Changelog

Sourced from documentation's changelog.

14.0.3 (2024-01-30)

Bug Fixes

14.0.2 (2023-05-19)

Bug Fixes

14.0.1 (2022-12-14)

Improvements

  • chore: upgrade git-url-parse to 13.1.0 to fix vulnerabilities #1565

14.0.0 (2022-08-19)

14.0.0-alpha.1 (2022-08-07)

Features

  • ✨ update Babel, copy list of plugins from Prettier (3f187d7)

14.0.0-alpha.0 (2022-08-05)

⚠ BREAKING CHANGES

  • all Extensions should contains '.' so that mean if you have just 'ts' then need to convert to '.ts'
  • external parameter was removed Migration plan propose to move all external resources to input usages Motivation: packages has many inputs which describe in package.json so that mean need each time to parse all package.json of external resources to understand which entry point need to pick. But it is base on guesses because entry point may could not contains a documentation and the best way to handle it manually.
  • The serve parameter was removed, you can use any other tools which could be refresh and store your html site The private parameter has removed, use a access
  • documentation.js will now require node 14 or later.

Bug Fixes

  • add micromark dependencies fixed #1381 (3ba8165)
  • add TS and TSX as default extensions fixed #1377 (f0cb1c0)
  • external was removed as prefer of input usages (e3c59d7)
  • html report, it is return html if output is not defined (0975871)

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates eslint from 7.28.0 to 10.2.0

Release notes

Sourced from eslint's releases.

v10.2.0

Features

  • 586ec2f feat: Add meta.languages support to rules (#20571) (Copilot)
  • 14207de feat: add Temporal to no-obj-calls (#20675) (Pixel998)
  • bbb2c93 feat: add Temporal to ES2026 globals (#20672) (Pixel998)

Bug Fixes

  • 542cb3e fix: update first-party dependencies (#20714) (Francesco Trotta)

Documentation

  • a2af743 docs: add language to configuration objects (#20712) (Francesco Trotta)
  • 845f23f docs: Update README (GitHub Actions Bot)
  • 5fbcf59 docs: remove sourceType from ts playground link (#20477) (Tanuj Kanti)
  • 8702a47 docs: Update README (GitHub Actions Bot)
  • ddeaded docs: Update README (GitHub Actions Bot)
  • 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic)
  • eab65c7 docs: update eslint versions in examples (#20664) (루밀LuMir)
  • 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#20660) (Milos Djermanovic)

Chores

  • 8120e30 refactor: extract no unmodified loop condition (#20679) (kuldeep kumar)
  • 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697) (renovate[bot])
  • 01ed3aa test: add unit tests for unicode utilities (#20622) (Manish chaudhary)
  • 811f493 ci: remove --legacy-peer-deps from types integration tests (#20667) (Milos Djermanovic)
  • 6b86fcf chore: update dependency npm-run-all2 to v8 (#20663) (renovate[bot])
  • 632c4f8 chore: add prettier update commit to .git-blame-ignore-revs (#20662) (루밀LuMir)
  • b0b0f21 chore: update dependency eslint-plugin-regexp to ^3.1.0 (#20659) (Milos Djermanovic)
  • 228a2dd chore: update dependency eslint-plugin-eslint-plugin to ^7.3.2 (#20661) (Milos Djermanovic)
  • 3ab4d7e test: Add tests for eslintrc-style keys (#20645) (kuldeep kumar)

v10.1.0

Features

  • ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
  • 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

  • 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
  • e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

  • b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
  • 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
  • 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
  • 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
  • e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
  • 7f10d84 docs: Update README (GitHub Actions Bot)
  • aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
  • a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by eslintbot, a new releaser for eslint since your current version.


Updates eslint-config-airbnb-base from 14.2.1 to 15.0.0

Commits
  • 366bfa6 [eslint config] [base] v15.0.0
  • f3d3a07 [eslint config] [base] [breaking] drop eslint < 7, add eslint 8
  • eac8cc6 [eslint config] [base] [breaking] add exports
  • be6966b [eslint-config] [meta] add --no-save to link scripts
  • 4fc997b [readme] some updates
  • 96f11d8 [actions] run prepublishOnly in prepublish tests
  • c12a08c [actions] fix action working directories
  • 10a6d02 [meta] use prepublishOnly script for npm 7+
  • ef6c478 [eslint config] [*] [dev deps] update @babel/runtime
  • 6734b78 [eslint config] [*] [deps] update eslint-plugin-import, object.entries
  • Additional commits viewable in compare view
Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.


Updates eslint-plugin-import from 2.23.4 to 2.32.0

Release notes

Sourced from eslint-plugin-import's releases.

v2.32.0

Added

Fixed

Changed

... (truncated)

Changelog

Sourced from eslint-plugin-import's changelog.

[2.32.0] - 2025-06-20

Added

  • add [enforce-node-protocol-usage] rule and import/node-version setting (#3024, thanks [@​GoldStrikeArch] and [@​sevenc-nanashi])
  • add TypeScript types (#3097, thanks [@​G-Rath])
  • [extensions]: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks [@​Xunnamius])
  • [order]: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks [@​Xunnamius])
  • [order]: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks [@​Xunnamius])
  • [order]: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks [@​Xunnamius])

Fixed

  • [no-unused-modules]: provide more meaningful error message when no .eslintrc is present (#3116, thanks [@​michaelfaith])
  • configs: added missing name attribute for eslint config inspector (#3151, thanks [@​NishargShah])
  • [order]: ensure arcane imports do not cause undefined behavior (#3128, thanks [@​Xunnamius])
  • [order]: resolve undefined property access issue when using named ordering (#3166, thanks [@​Xunnamius])
  • [enforce-node-protocol-usage]: avoid a crash with some TS code (#3173, thanks [@​ljharb])
  • [order]: codify invariants from docs into config schema (#3152, thanks [@​Xunnamius])

Changed

[2.31.0] - 2024-10-03

Added

Fixed

  • ExportMap / flat config: include languageOptions in context (#3052, thanks [@​michaelfaith])
  • [no-named-as-default]: Allow using an identifier if the export is both a named and a default export (#3032, thanks [@​akwodkiewicz])
  • [export]: False positive for exported overloaded functions in TS (#3065, thanks [@​liuxingbaoyu])
  • exportMap: export map cache is tainted by unreliable parse results (#3062, thanks [@​michaelfaith])
  • exportMap: improve cacheKey when using flat config (#3072, thanks [@​michaelfaith])
  • adjust "is source type module" checks for flat config (#2996, thanks [@​G-Rath])

Changed

... (truncated)

Commits
  • 01c9eb0 v2.32.0
  • ae57cc1 [Deps] update array-includes, array.prototype.findlastindex, `eslint-modu...
  • 9e1ad6b [Fix] order: codify invariants from docs into config schema
  • f017790 [Docs] no-restricted-paths: clarify wording and fix errors
  • 7d83a57 [Docs] no-unused-modules: add missing double quote
  • 519eb94 [utils] v2.12.1
  • 71ad145 [actions] split out tests into new vs old eslint
  • 9b096c4 [utils] [dev deps] update @arethetypeswrong/cli, @ljharb/tsconfig, `@type...
  • da5f6ec [Fix] enforce-node-protocol-usage: avoid a crash with some TS code
  • 6e49a58 [Refactor] order: remove unnecessary negative check
  • Additional commits viewable in compare view

Updates eslint-plugin-jest from 24.3.6 to 29.15.1

Release notes

Sourced from eslint-plugin-jest's releases.

v29.15.1

29.15.1 (2026-03-24)

Bug Fixes

v29.15.0

29.15.0 (2026-02-15)

Features

  • no-conditional-in-test: only report optional chaining when allowOptionalChaining is false (#1934) (3f5751e)

v29.14.0

29.14.0 (2026-02-12)

Features

  • no-conditional-in-test: ban optional chaining (#1933) (6406493)

v29.13.0

29.13.0 (2026-02-08)

Features

v29.12.2

29.12.2 (2026-02-03)

Bug Fixes

  • add optional peer dependency on TypeScript (#1926) (82e3b04)

v29.12.1

29.12.1 (2026-01-02)

Bug Fixes

  • no-unnecessary-assertion: don't report for any and unknown types (#1918) (388a36c)

v29.12.0

29.12.0 (2025-12-30)

... (truncated)

Changelog

Sourced from eslint-plugin-jest's changelog.

29.15.1 (2026-03-24)

Bug Fixes

29.15.0 (2026-02-15)

Features

  • no-conditional-in-test: only report optional chaining when allowOptionalChaining is false (#1934) (3f5751e)

29.14.0 (2026-02-12)

Features

  • no-conditional-in-test: ban optional chaining (#1933) (6406493)

29.13.0 (2026-02-08)

Features

29.12.2 (2026-02-03)

Bug Fixes

  • add optional peer dependency on TypeScript (#1926) (82e3b04)

29.12.1 (2026-01-02)

Bug Fixes

  • no-unnecessary-assertion: don't report for any and unknown types (#1918) (388a36c)

29.12.0 (2025-12-30)

Features

  • prefer-mock-return-shorthand: greatly improve checking if mutable variables are used (#1914) (13bbd20)

29.11.4 (2025-12-30)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-jest since your current version.


Updates jest from 27.0.4 to 30.3.0

Release notes

Sourced from jest's releases.

v30.3.0

Features

  • [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
  • [jest-fake-timers] Add setTimerTickMode to configure how timers advance
  • [*] Reduce token usage when run through LLMs (3f17932)

Fixes

  • [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
  • [jest-mock] Use Symbol from test environment (#15858)
  • [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
  • [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
  • [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
  • [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

  • [*] Replace remaining micromatch uses with picomatch
  • [deps] Update to sinon/fake-timers v15
  • [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
  • Updated Twitter icon to match the latest brand guidelines (#15869)

30.2.0

Chore & Maintenance

  • [*] Update example repo for testing React Native projects (#15832)
  • [*] Update jest-watch-typeahead to v3 (#15830)

Features

  • [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

  • [babel-jest] Export the TransformerConfig interface (#15820)
  • [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

  • Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

  • [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

... (truncated)

Changelog

Sourced from jest's changelog.

30.3.0

Features

  • [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
  • [jest-fake-timers] Add setTimerTickMode to configure how timers advance
  • [*] Reduce token usage when run through LLMs (3f17932)

Fixes

  • [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
  • [jest-mock] Use Symbol from test environment (#15858)
  • [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
  • [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
  • [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
  • [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

  • [*] Replace remaining micromatch uses with picomatch
  • [deps] Update to sinon/fake-timers v15
  • [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
  • Updated Twitter icon to match the latest brand guidelines (#15869)

30.2.0

Chore & Maintenance

  • [*] Update example repo for testing React Native projects (#15832)
  • [*] Update jest-watch-typeahead to v3 (#15830)

Features

  • [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

  • [jest-matcher-utils] Fix infinite recursion with self-referential getters in deepCyclicCopyReplaceable (#15831)
  • [babel-jest] Export the TransformerConfig interface (#15820)
  • [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

  • Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

... (truncated)

Commits
  • efb59c2 v30.3.0
  • 96c53d3 feat(jest-config): add defineConfig and mergeConfig functions (...

    Description has been truncated

@dependabot
Bump the npm-all group with 8 updates
8c5356f 
Bumps the npm-all group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [documentation](https://github.com/documentationjs/documentation) | `13.2.5` | `14.0.3` |
| [eslint](https://github.com/eslint/eslint) | `7.28.0` | `10.2.0` |
| [eslint-config-airbnb-base](https://github.com/airbnb/javascript) | `14.2.1` | `15.0.0` |
| [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) | `2.23.4` | `2.32.0` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `24.3.6` | `29.15.1` |
| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `27.0.4` | `30.3.0` |
| [jest-cli](https://github.com/jestjs/jest/tree/HEAD/packages/jest-cli) | `27.0.4` | `30.3.0` |


Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.18.1)

Updates `documentation` from 13.2.5 to 14.0.3
- [Release notes](https://github.com/documentationjs/documentation/releases)
- [Changelog](https://github.com/documentationjs/documentation/blob/master/CHANGELOG.md)
- [Commits](documentationjs/documentation@v13.2.5...v14.0.3)

Updates `eslint` from 7.28.0 to 10.2.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v7.28.0...v10.2.0)

Updates `eslint-config-airbnb-base` from 14.2.1 to 15.0.0
- [Commits](airbnb/javascript@eslint-config-airbnb-base-v14.2.1...eslint-config-airbnb-base-v15.0.0)

Updates `eslint-plugin-import` from 2.23.4 to 2.32.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](import-js/eslint-plugin-import@v2.23.4...v2.32.0)

Updates `eslint-plugin-jest` from 24.3.6 to 29.15.1
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](jest-community/eslint-plugin-jest@v24.3.6...v29.15.1)

Updates `jest` from 27.0.4 to 30.3.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest)

Updates `jest-cli` from 27.0.4 to 30.3.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest-cli)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-all
- dependency-name: documentation
  dependency-version: 14.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-all
- dependency-name: eslint
  dependency-version: 10.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-all
- dependency-name: eslint-config-airbnb-base
  dependency-version: 15.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-all
- dependency-name: eslint-plugin-import
  dependency-version: 2.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-all
- dependency-name: eslint-plugin-jest
  dependency-version: 29.15.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-all
- dependency-name: jest
  dependency-version: 30.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-all
- dependency-name: jest-cli
  dependency-version: 30.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026
fey
fey approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@fey fey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@fey fey merged commit 978d875 into main Apr 9, 2026
0 of 2 checks passed
@fey fey deleted the dependabot/npm_and_yarn/npm-all-d54d3ac66c branch April 9, 2026 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fey fey fey approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fey