deps(deps-dev): bump the development-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the development-dependencies group with 5 updates in the / directory:

Package	From	To
@eslint/js	9.39.4	10.0.1
dependency-cruiser	17.4.0	17.4.2
eslint	9.39.4	10.4.0
graphql	16.11.0	16.14.0
typescript-eslint	8.59.4	8.60.0

Updates @eslint/js from 9.39.4 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)
• aa3fb2b fix!: tighten func-names schema (#20119) (Pixel998)
• f6c0ed0 feat!: report eslint-env comments as errors (#20128) (Francesco Trotta)
• 4bf739f fix!: remove deprecated LintMessage#nodeType and TestCaseError#type (#20096) (Pixel998)
• 523c076 feat!: drop support for jiti < 2.2.0 (#20016) (michael faith)
• 454a292 feat!: update eslint:recommended configuration (#20210) (Pixel998)
• 4f880ee feat!: remove v10_* and inactive unstable_* flags (#20225) (sethamus)
• f18115c feat!: no-shadow-restricted-names report globalThis by default (#20027) (sethamus)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160) (Milos Djermanovic)

Features

• bff9091 feat: handle Array.fromAsync in array-callback-return (#20457) (Francesco Trotta)
• 290c594 feat: add self to no-implied-eval rule (#20468) (sethamus)
• 43677de feat: fix handling of function and class expression names in no-shadow (#20432) (Milos Djermanovic)

... (truncated)

Commits

• 84fb885 chore: package.json update for @​eslint/js release
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467)
• f3fbc2f chore: set @eslint/js version to 10.0.0 to skip releasing it (#20466)
• b4b3127 chore: package.json update for @​eslint/js release
• 0b14059 chore: package.json update for @​eslint/js release
• fa31a60 feat!: add name to configs (#20015)
• 1e2cad5 chore: package.json update for @​eslint/js release
• 454a292 feat!: update eslint:recommended configuration (#20210)
• c6358c3 feat!: Require Node.js ^20.19.0 || ^22.13.0 || >=24 (#20160)
• See full diff in compare view

Updates dependency-cruiser from 17.4.0 to 17.4.2

Release notes

Sourced from dependency-cruiser's releases.

v17.4.2

📖 documentation

• ae0fcd40 doc: corrects typos

👷 maintenance

• ccef0faf chore(npm): sets ignore-scripts on ci
• ca1fe64a chore(npm): makes publishing staged only
• d4dad0e9/ 1d1bc84a/ ca1fe64a build(npm): updates external dependencies

v17.4.1

This release was created on github, but not published to npmjs

Commits

• 6434625 17.4.2
• 1759529 chore(ci): simplifies release flow again
• 56e501f 17.4.1
• ccef0fa chore(npm): sets ignore-scripts on ci
• ca1fe64 chore(npm): makes publishing staged only
• b5b2c36 build(npm): updates external dependencies
• 1d1bc84 build(npm): updates external dependencies
• ae0fcd4 doc: corrects typos
• d4dad0e build(npm): updates external dependencies
• See full diff in compare view

Updates eslint from 9.39.4 to 10.4.0

Release notes

Sourced from eslint's releases.

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

Chores

• 6616856 chore: upgrade knip to v6 (#20875) (Pixel998)
• d13b084 ci: ensure auto-created PRs run CI (#20860) (lumir)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)
• 24db8cb test: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)
• 2ef0549 chore: update ecosystem plugins (#20857) (github-actions[bot])
• a429791 ci: remove eslint-webpack-plugin types integration test (#20668) (Milos Djermanovic)
• 9e37386 chore: replace recast with range approach in code-sample-minimizer (#20682) (Copilot)
• 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#20845) (Francesco Trotta)
• 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#20716) (Pixel998)
• 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#20800) (xbinaryx)
• f1dfbc9 chore: update ecosystem plugins (#20836) (github-actions[bot])
• c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])
• 5b817d6 test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)
• 1c13ae3 test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)

... (truncated)

Commits

• 452c401 10.4.0
• b6417e8 Build: changelog update for 10.4.0
• 6616856 chore: upgrade knip to v6 (#20875)
• d13b084 ci: ensure auto-created PRs run CI (#20860)
• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862)
• 544c0c3 fix: escape code path DOT labels in debug output (#20866)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865)
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863)
• 9084664 docs: Update README
• Additional commits viewable in compare view

Updates graphql from 16.11.0 to 16.14.0

Release notes

Sourced from graphql's releases.

v16.14.0 (2026-05-03)

New Feature 🚀

• #4317 Allow configuration of the ofType introspection depth (@​Nols1000)
• #4521 Add experimental support for directives on directive definitions (@​BoD)

Bug Fix 🐞

• #4652 Fix valueFromAST variable own-property checks (@​abishekgiri)

Docs 📝

• #4706 Fix mistake in GraphQLError guidance (@​benjie)

Committers: 4

• Abishek Kumar Giri(@​abishekgiri)
• Benjie(@​benjie)
• Benoit 'BoD' Lubek(@​BoD)
• Nils-Börge Margotti(@​Nols1000)

v16.13.2 (2026-03-24)

Docs 📝

• #4611 add dev mode docs (@​yaacovCR)

Polish 💅

• #4631 Use Object.create(null) over {} to avoid prototype issues - v16 (@​benjie)

Internal 🏠

• #4626 backport: internal: streamline release process (#4615) (@​yaacovCR)

Committers: 2

• Benjie(@​benjie)
• Yaacov Rydzinski (@​yaacovCR)

v16.13.1 (2026-03-04)

First 16.x.x release with trusted publishing and provenance, see: https://docs.npmjs.com/trusted-publishers for additional information.

Docs 📝

• #4433 docs: move migrate from express graphql guide to graphqlJS docs (@​sarahxsanders)

Internal 🏠

• #4608 internal: backport new release flow from 17.x.x (@​yaacovCR)
• #4610 internal: pin node version for release action (@​yaacovCR)

Committers: 2

• Sarah Sanders(@​sarahxsanders)
• Yaacov Rydzinski (@​yaacovCR)

16.13.0

... (truncated)

Commits

• 57b385b chore(release): v16.14.0 (#4720)
• 85700ed Fix mistake in GraphQLError guidance (#4706)
• 8eb6383 Allow configuration of the ofType introspection depth (#4317)
• ad9c519 Add support for directives on directive definitions (#4521)
• db2987c fix(valueFromAST): restore variable own-property checks (#4652)
• 123e958 chore(release): v16.13.2 (#4632)
• 13f130d Use Object.create(null) over {} to avoid prototype issues - v16 (#4631)
• 6ca59e1 backport: internal: streamline release process (#4615) (#4626)
• df8c53f docs: dev mode for v17 (#4611)
• 3b5c3f9 internal: pin node version for release action (#4610)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for graphql since your current version.

Updates typescript-eslint from 8.59.4 to 8.60.0

Release notes

Sourced from typescript-eslint's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• f891c29 chore(release): publish 8.60.0
• See full diff in compare view

[github-actions]

🔍 The Case of Pull Request #533

Plain-English Readout

• Holmes (evidence investigation): Holmes says this change looks ready to ship.
• Watson (independent verification): Watson found verification concerns. Most important concern: No evidence citations were available for trust analysis.
• Moriarty (trend forecast): Moriarty does not have enough historical data yet to forecast readiness.

Suggested next actions

1. Resolve Watson’s verification concerns before trusting the Holmes verdict as final.

📚 Glossary (what the Holmes terms mean)

• HOLMES: Wesley’s main evidence investigation. It decides whether the cited proof is strong enough to justify shipping this commit.
• WATSON: An independent verification pass. It checks Holmes’s citations and score math instead of trusting them blindly.
• MORIARTY: A readiness forecast over time. It is advisory trend analysis, not the release gate itself.
• Schema coverage score (SCS): How much of the schema has direct supporting evidence across generated artifacts and cited proof.
• Test confidence index (TCI): How much test evidence exists for constraints, policies, relationships, and operations.
• Migration risk index (MRI): How risky the schema change is to roll out. Lower is better.
• Evidence trust: Whether the report is backed by exact citations, whole-file citations, or coarse references. Weak trust means the claim may be directionally right but not specific enough to trust blindly.
• Citation quality: A count of exact line-span citations versus whole-file or coarse references.
• ELEMENTARY: Ready to ship based on the current evidence.
• REQUIRES INVESTIGATION: More work or review is needed before shipping.
• YOU SHALL NOT PASS: Do not ship this change in its current state.

---

🕵️ SHA-lock HOLMES full report (click to expand)

🕵️ SHA-lock HOLMES Investigation

• Generated: 2026-01-01T00:00:00.000Z
• Commit SHA: 79c881e
• Bundle Version: 2.0.0

⚠️ Evidence valid only for commit 79c881e

🔍 Executive Deduction

"Watson, after careful examination of the evidence, I deduce..."

Weighted Completion: ██████████ 95.0%
Scores: SCS 95.0% · TCI 90.0% · MRI 10.0%
Verification Status: 2 claims verified
Citation Quality: 2 exact · 0 whole-file · 0 coarse
Evidence Trust: strong
Ship Verdict: ELEMENTARY

🧩 SCS Breakdown

Component	Score	Coverage
Sql	100.0%	1.00/1.00
Types	100.0%	1.00/1.00
Validation	100.0%	1.00/1.00
Tests	100.0%	1.00/1.00

🧪 TCI Breakdown

Component	Score	Coverage	Note
Unit Constraints	100.0%	1/1	N/A
Unit Rls	100.0%	1/1	N/A
Integration Relations	100.0%	1/1	N/A
E2e Ops	90.0%	9/10	fixture

⚠️ MRI Breakdown

Component	Risk Share	Points	Count
Drops	0.0%	0	0
Renames Without Uid	0.0%	0	0
Add Not Null Without Default	100.0%	1	1
Non Concurrent Indexes	0.0%	0	0

📊 The Weight of Evidence

"Observe, Watson, how not all features carry equal importance..."

Element	Weight	Status	Evidence	Strength	Deduction
schema	5	✅ Exact SQL & tests	test/fixtures/examples/.wesley-cache/shipme-fixture/tests.sql:1-1@79c881e	exact	Elementary!

🚪 Security & Performance Gates

"Elementary security measures, Watson..."

Gate	Status	Evidence	Holmes's Ruling
Migration Risk	✅	MRI: 10.0%	"Trivial risk"
Test Coverage	✅	TCI: 90.0%	"Excellent coverage"
Sensitive Fields	✅	0 fields	"All secured"
Evidence Quality	✅	2 exact · 0 whole-file · 0 coarse	"All 2 citations resolve to exact line spans."

📋 The Verdict

✅ ELEMENTARY - Ship immediately!
"The evidence is conclusive. No mysteries remain."

Signed and sealed,

• S. Holmes, Consulting Detective

[END OF INVESTIGATION FOR COMMIT 79c881e]

🧵 Command Run

• Run ID: run-26278bc5-fc1a-44c9-bdc1-f68b404ba16b
• Transmutation: holmes-investigate
• Command: investigate
• Status: completed
• Ledger: /home/runner/work/wesley/wesley/test/fixtures/examples/.wesley-cache/ledger

---

🩺 Dr. WATSON full report (click to expand)

🩺 Dr. Watson's Independent Verification Report

Medical Examination of Evidence

• Examination Date: 2026-05-27T15:59:13.113Z
• Patient SHA: 79c881e

🔬 Citation Verification

"Let me examine each piece of evidence independently..."

• Citations Examined: 2
• Verified: 0 ✅
• Failed: 0 ❌
• Unable to Verify: 2
• Exact Subrange Citations: 0
• Whole-file Citations: 0
• Coarse Citations: 0
• Evidence Trust: missing
• Trust Note: No evidence citations were available for trust analysis.

Verification Rate: 0.0%

📊 Mathematical Verification

"I shall recalculate Holmes's arithmetic..."

Holmes claimed SCS: 95.0%
Watson calculates: 100.0%
Difference: ⚠️ Significant

🔍 Consistency Analysis

"Checking for contradictions in Holmes's deductions..."

✅ No logical inconsistencies detected

🩺 Dr. Watson's Medical Opinion

VERIFICATION: CONCERNS NOTED ⚠️

"While Holmes's methods are generally sound, I have noted some"
"discrepancies that warrant further investigation. No evidence citations were available for trust analysis."

Respectfully submitted,

• Dr. J. Watson, M.D.
  Medical Examiner & Verification Specialist

🧵 Command Run

• Run ID: run-52e675d6-5854-4fbc-8edc-ac0bcf554f65
• Transmutation: watson-verify
• Command: verify
• Status: completed
• Ledger: /home/runner/work/wesley/wesley/test/fixtures/examples/.wesley-cache/ledger

---

🔮 Professor MORIARTY full report (click to expand)

🧠 Professor Moriarty's Temporal Predictions

The Mathematics of Inevitability

• Analysis Date: 2026-05-27T15:59:46.515Z

INSUFFICIENT DATA

"I require at least two data points to predict the future."
"Run Wesley generate multiple times to build history."

🧵 Command Run

• Run ID: run-bf5668aa-31de-40fc-91a5-4a980fc45cad
• Transmutation: moriarty-predict
• Command: predict
• Status: completed
• Ledger: /home/runner/work/wesley/wesley/test/fixtures/examples/.wesley-cache/ledger

---

Machine-readable reports: holmes-report.json · watson-report.json · moriarty-report.json (see workflow artifacts).

---

Filed at 221B Repository Street

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9e5c80a974

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep website ESLint on a peer-supported major

Rebasing wesley-website to eslint@^10.4.0 introduces peer incompatibilities in the existing lint stack: eslint-config-mantine@4.0.3 declares eslint and @eslint/js as ^9.9.1, and the current eslint-plugin-jsx-a11y@6.10.2/eslint-plugin-react@7.37.5 entries also cap peers at ESLint 9 (see pnpm-lock.yaml peer declarations around lines 1542-1543, 1558, and 1581). This can cause pnpm install failures in strict-peer environments and leaves lint behavior unsupported in environments that only warn, so the major bump should be gated on upgrading the dependent config/plugins to versions that explicitly support ESLint 10.

Useful? React with 👍 / 👎.