Bump the development-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the development-dependencies group with 7 updates in the / directory:

Package	From	To
@types/node	25.9.0	25.9.3
@typescript-eslint/parser	8.59.4	8.61.0
@vercel/ncc	0.38.4	0.44.0
eslint-plugin-prettier	5.5.5	5.5.6
js-yaml	4.1.1	4.2.0
prettier	3.8.3	3.8.4
ts-jest	29.4.9	29.4.11

Updates @types/node from 25.9.0 to 25.9.3

Commits

• See full diff in compare view

Updates @typescript-eslint/parser from 8.59.4 to 8.61.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)
• ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

🩹 Fixes

• rule-schema-to-typescript-types: respect ECMAScript line terminators (#12374)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.61.0 (2026-06-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.1 (2026-06-01)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.0 (2026-05-25)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 16a5b24 chore(release): publish 8.61.0
• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• f891c29 chore(release): publish 8.60.0
• See full diff in compare view

Updates @vercel/ncc from 0.38.4 to 0.44.0

Release notes

Sourced from @​vercel/ncc's releases.

0.44.0

0.44.0 (2026-06-09)

Features

• read permissions pr.yml (#1323) (5ea625e)

0.43.0

0.43.0 (2026-06-09)

Changes

• BREAKING CHANGE: add Node 24 and 26 support, remove 20 (#1318) (#1305)
• switch npm releases to trusted publishing (OIDC) (#1325) (#1327) (#1328) (#1329) (#1330) (#1331) (#1332)
• switch package management to pnpm (#1321)
• fix predictable global cache directory in /tmp enables symlink/hijack risks (#1314)
• reorder extension resolution to prioritise TypeScript over JSON (#1315)
• support TypeScript 6 transpile builds (#1316)

Commits

• 88be21f chore(deps): Bump actions/checkout from 5 to 6 (#1300)
• 5ea625e feat: read permissions pr.yml (#1323)
• a1ff315 feat: remove npm devDependency (#1332)
• 9e077ab feat: add publishConfig to package.json (#1331)
• 7290aa7 feat(ci): upgrade python and remove LLVM LTO flags from MSVC build to fix Nod...
• a428a10 feat: publish using node@24 (#1329)
• 3192116 feat: use canonical package repository metadata (#1328)
• 4461a52 feat: lock semantic-release publish dependencies (#1327)
• e00b2de feat: switch npm releases to trusted publishing (OIDC) (#1325)
• 5f8f509 feat: delete .github/CODEOWNERS (#1324)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vercel/ncc since your current version.

Updates eslint-plugin-prettier from 5.5.5 to 5.5.6

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.6

Patch Changes

• #791 b5c96a3 Thanks @​JounQin! - chore: bump all (dev)Dependencies

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.6

Patch Changes

• #791 b5c96a3 Thanks @​JounQin! - chore: bump all (dev)Dependencies

Commits

• 4f33ea5 chore: release eslint-plugin-prettier (#792)
• 4745b54 ci: declare workflow-level contents: read on 2 workflows (#790)
• b5c96a3 chore: bump all (dev)Dependencies (#791)
• e867680 chore(deps): update all dependencies (#766)
• e8e2f7f chore: testing eslint v10 (#779)
• ca076d9 chore: update dev dependencies (#780)
• 42e6369 build(deps): Bump the actions group with 2 updates (#778)
• 53ff214 Remove empty NPM_TOKEN from release.yml
• See full diff in compare view

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

• Added docs/safety.md with notes about processing untrusted YAML.
• Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
• Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
• Added sourcemaps to dist/ builds.

Changed

• Stop resolving numbers with underscores as numeric scalars, #627.
• Switched dev toolchains to Vite / neostandard.
• Updated demo.
• Reorganized tests.
• dist/ files are no longer kept in the repository.

Fixed

• Fix parsing of properties on the first implicit block mapping key, #62.
• Fix trailing whitespace handling when folding flow scalar lines, #307.
• Reject top-level block scalars without content indentation, #280.
• Ensure numbers survive round-trip, #737.
• Fix test coverage for issue #221.
• Fix flow scalar trailing whitespace folding, #307.
• Fix digits in YAML named tag handles.

Security

• Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

Commits

• See full diff in compare view

Updates prettier from 3.8.3 to 3.8.4

Release notes

Sourced from prettier's releases.

3.8.4

• Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (prettier/prettier#17746 by @​byplayer)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.4

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a


b


c

d



<!-- Prettier 3.8.3 -->

a

b


c

d



<!-- Prettier 3.8.4 -->


a

b



c

d

Commits

• 1c6ba55 Release 3.8.4
• 4a673dc Fix blank lines between list items and nested sub-lists being removed in Mark...
• 074aaed Replace main branch in changelog link with tags (#19054)
• c22a003 Bump Prettier dependency to 3.8.3
• 07bad1f Clean changelog_unreleased
• See full diff in compare view

Updates ts-jest from 29.4.9 to 29.4.11

Release notes

Sourced from ts-jest's releases.

v29.4.11

Please refer to CHANGELOG.md for details.

v29.4.10

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.11 (2026-05-21)

Bug Fixes

• preserve Bundler on the CJS path under TypeScript >= 6 (3941818), closes #4198

29.4.10 (2026-05-18)

Bug Fixes

• pass resolutionMode to ts.resolveModuleName for hybrid module support (b557a85)
• rebuild Program when consecutive compiles need different module kinds (a82a2b3), closes #4774
• respect tsconfig moduleResolution instead of forcing Node10 (1bffffc)
• transformer: transpile mjs files from node_modules for CJS mode (96d025d)
• transformer: use a consistent comparator in hoist-jest sortStatements (8a8fd2f)

Commits

• bff2d64 chore(release): 29.4.11
• 3941818 fix: preserve Bundler on the CJS path under TypeScript >= 6
• efb3c2f build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website
• 4e46fad ci: refactor release workflow
• 96b3ac0 chore(release): 29.4.10
• e98ec64 build(deps): update github/codeql-action digest to 458d36d
• 21ac58f build(deps): update jest packages
• 0fdc96d build(deps): update dependency semver to ^7.8.0
• 4b95551 build(deps): update dependency jest-environment-jsdom to ^30.4.1 (#5311)
• 7b88447 build(deps): update eslint packages to ^8.59.3 (#5310)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[stacklane-pr-stack-visualizer]

🧱 Stack PR · Base of stack

Stack Structure:

• Bump the development-dependencies group across 1 directory with 7 updates #182 dependabot/npm_and_yarn/development-dependencies-fc53a49f72 ← YOU ARE HERE

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​typescript-eslint/​parser@​8.59.4 ⏵ 8.61.0
	@​types/​node@​25.9.0 ⏵ 25.9.3	+1		+1
	js-yaml@​4.1.1 ⏵ 4.2.0	-11
	@​vercel/​ncc@​0.38.4 ⏵ 0.44.0	+1		+1
	eslint-plugin-prettier@​5.5.5 ⏵ 5.5.6
	ts-jest@​29.4.9 ⏵ 29.4.11			+1
	prettier@​3.8.3 ⏵ 3.8.4	+1		+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm js-yaml is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/js-yaml@4.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-yaml@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report