Skip to content

Bump minimatch, @typescript-eslint/eslint-plugin, @typescript-eslint/parser and lerna#2789

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-9f0007e332
Closed

Bump minimatch, @typescript-eslint/eslint-plugin, @typescript-eslint/parser and lerna#2789
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-9f0007e332

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Bumps minimatch to 3.1.5 and updates ancestor dependencies minimatch, @typescript-eslint/eslint-plugin, @typescript-eslint/parser and lerna. These dependencies need to be updated together.

Updates minimatch from 3.1.2 to 3.1.5

Commits

Updates minimatch from 5.1.6 to 5.1.9

Commits

Updates minimatch from 9.0.3 to 9.0.9

Commits

Updates @typescript-eslint/eslint-plugin from 6.21.0 to 8.57.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

  • eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

  • eslint-plugin: [strict-void-return] false positives with overloads (#12055)
  • eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
  • eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
  • eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
  • eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
  • typescript-estree: switch back to use ts.getModifiers() (#12034)
  • typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.57.0 (2026-03-09)

🚀 Features

  • eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

  • eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
  • eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
  • typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)
  • eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
  • eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
  • eslint-plugin: [strict-void-return] false positives with overloads (#12055)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

🩹 Fixes

  • use parser options from context.languageOptions (#12043)

... (truncated)

Commits
  • 2c6aeee chore(release): publish 8.57.0
  • 46bf066 docs(eslint-plugin): document no-unnecessary-condition limitation with object...
  • f696dad chore: use pnpm catalog (#12047)
  • 2029c78 fix(eslint-plugin): [no-base-to-string] fix false positive for toString with ...
  • 0f4f101 fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpec...
  • 53f473b fix(typescript-estree): if the template literal is tagged and the text has an...
  • 2291b81 docs: minor grammar adjustment (#12112)
  • fc5cd09 fix(eslint-plugin): guard against negative paramIndex in no-useless-default-a...
  • adc2aad fix(eslint-plugin): handle statically analyzable computed keys in prefer-read...
  • 85badff fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​typescript-eslint/eslint-plugin since your current version.


Updates @typescript-eslint/parser from 6.21.0 to 8.57.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

  • eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

  • eslint-plugin: [strict-void-return] false positives with overloads (#12055)
  • eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
  • eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
  • eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
  • eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
  • typescript-estree: switch back to use ts.getModifiers() (#12034)
  • typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.57.0 (2026-03-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.54.0 (2026-01-26)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.53.1 (2026-01-19)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​typescript-eslint/parser since your current version.


Updates lerna from 9.0.3 to 9.0.5

Release notes

Sourced from lerna's releases.

v9.0.5

9.0.5 (2026-02-28)

Bug Fixes

v9.0.4

9.0.4 (2026-02-10)

Bug Fixes

  • bump tar to 7.5.7, rimraf to 6.1.2, @​npmcli/run-script to 10.0.3 (#4267) (43e3d46)
Changelog

Sourced from lerna's changelog.

9.0.5 (2026-02-28)

Bug Fixes

9.0.4 (2026-02-10)

Bug Fixes

  • bump tar to 7.5.7, rimraf to 6.1.2, @​npmcli/run-script to 10.0.3 (#4267) (43e3d46)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump minimatch, @typescript-eslint/eslint-plugin, @typescript-eslint/…
9235cc9 
…parser and lerna

Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.1.5 and updates ancestor dependencies [minimatch](https://github.com/isaacs/minimatch), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [lerna](https://github.com/lerna/lerna/tree/HEAD/packages/lerna). These dependencies need to be updated together.


Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 5.1.6 to 5.1.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.3 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

Updates `@typescript-eslint/eslint-plugin` from 6.21.0 to 8.57.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.57.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 6.21.0 to 8.57.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.57.0/packages/parser)

Updates `lerna` from 9.0.3 to 9.0.5
- [Release notes](https://github.com/lerna/lerna/releases)
- [Changelog](https://github.com/lerna/lerna/blob/main/packages/lerna/CHANGELOG.md)
- [Commits](https://github.com/lerna/lerna/commits/v9.0.5/packages/lerna)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 5.1.9
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.57.0
  dependency-type: direct:development
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.57.0
  dependency-type: direct:development
- dependency-name: lerna
  dependency-version: 9.0.5
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 9, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 9, 2026 18:36
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 9, 2026
@vercel
Copy link
Copy Markdown

vercel bot commented Mar 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
react-sdk-demo Ready Ready Preview, Comment Mar 9, 2026 6:40pm

Request Review

@dependabot dependabot bot mentioned this pull request Mar 9, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 9, 2026

Dependency Review

The following issues were found:

  • ❌ 1 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.

View full job summary

@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Mar 9, 2026

⚠️ No Changeset found

Latest commit: 9235cc9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 9, 2026

⚠️ Security Dependency Review Failed ⚠️

This pull request introduces dependencies with security vulnerabilities of moderate severity or higher.

Vulnerable Dependencies:

📦 tar@7.5.8

What to do next?

  1. Review the vulnerability details in the Dependency Review Comment above, specifically the "Vulnerabilities" section
  2. Click on the links in the "Vulnerability" section to see the details of the vulnerability
  3. If multiple versions of the same package are vulnerable, please update to the common latest non-vulnerable version
  4. If you are unsure about the vulnerability, please contact the security engineer
  5. If the vulnerability cannot be avoided (can't upgrade, or need to keep), contact #security on slack to get it added to the allowlist

Security Engineering contact: #security on slack

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 21, 2026

Superseded by #2791.

@dependabot dependabot bot closed this Mar 21, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/multi-9f0007e332 branch March 21, 2026 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants