Bump the all-dependencies group with 9 updates

[dependabot]

Bumps the all-dependencies group with 9 updates:

Package	From	To
@types/diff	7.0.2	8.0.0
@types/node	20.19.13	20.19.18
@typescript-eslint/eslint-plugin	8.43.0	8.45.0
@typescript-eslint/parser	8.43.0	8.45.0
@vscode/vsce	3.6.0	3.6.2
del-cli	6.0.0	7.0.0
esbuild	0.25.9	0.25.10
lint-staged	16.1.6	16.2.3
tsx	4.20.5	4.20.6

Updates @types/diff from 7.0.2 to 8.0.0

Commits

• See full diff in compare view

Updates @types/node from 20.19.13 to 20.19.18

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.43.0 to 8.45.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.45.0

8.45.0 (2025-09-29)

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#11616)

🩹 Fixes

• disable generating declaration maps (#11627)
• ast-spec: narrow ArrowFunctionExpression.generator to false (#11636)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#11617)
• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#11614)

❤️ Thank You

• Bjorn Lu
• Josh Goldberg ✨
• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.44.1

8.44.1 (2025-09-22)

🩹 Fixes

• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#11597)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#11599)
• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#11611)
• typescript-estree: forbid class property with name constructor (#11590)

❤️ Thank You

• fisker Cheung @​fisker
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.44.0

8.44.0 (2025-09-15)

🚀 Features

• eslint-plugin: [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (#11267)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.45.0 (2025-09-29)

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#11616)

🩹 Fixes

• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#11614)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#11617)

❤️ Thank You

• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

8.44.1 (2025-09-22)

🩹 Fixes

• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#11611)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#11599)
• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#11597)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

8.44.0 (2025-09-15)

🚀 Features

• eslint-plugin: [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (#11267)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-conversion] ignore enum members (#11490)

❤️ Thank You

• Moses Odutusin @​thebolarin
• Ronen Amiel

... (truncated)

Commits

• 255e9e2 chore(release): publish 8.45.0
• 967764e fix(eslint-plugin): [prefer-nullish-coalescing] ignoreBooleanCoercion should ...
• f2eeb9d feat(eslint-plugin): expose rule name via RuleModule interface (#11616)
• 590fac6 fix(eslint-plugin): [no-base-to-string] check if superclass is ignored (#11617)
• c198052 chore(release): publish 8.44.1
• c392a0d fix(eslint-plugin): [await-thenable] should not report passing values to prom...
• 20c3d97 fix(eslint-plugin): [no-unsafe-enum-comparison] support unions of literals (#...
• 4fde781 fix(eslint-plugin): [no-base-to-string] make ignoredTypeNames match type name...
• 77056f7 chore(release): publish 8.44.0
• 684e63f chore(deps): update eslint monorepo to v9.35.0 (#11600)
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.43.0 to 8.45.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.45.0

8.45.0 (2025-09-29)

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#11616)

🩹 Fixes

• disable generating declaration maps (#11627)
• ast-spec: narrow ArrowFunctionExpression.generator to false (#11636)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#11617)
• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#11614)

❤️ Thank You

• Bjorn Lu
• Josh Goldberg ✨
• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.44.1

8.44.1 (2025-09-22)

🩹 Fixes

• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#11597)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#11599)
• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#11611)
• typescript-estree: forbid class property with name constructor (#11590)

❤️ Thank You

• fisker Cheung @​fisker
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

v8.44.0

8.44.0 (2025-09-15)

🚀 Features

• eslint-plugin: [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (#11267)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.45.0 (2025-09-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.44.1 (2025-09-22)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.44.0 (2025-09-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 255e9e2 chore(release): publish 8.45.0
• c198052 chore(release): publish 8.44.1
• 77056f7 chore(release): publish 8.44.0
• See full diff in compare view

Updates @vscode/vsce from 3.6.0 to 3.6.2

Release notes

Sourced from @​vscode/vsce's releases.

v3.6.2

Changes:

• #1199: fix: generate language model tag for languageModelChatProvider contributions

This list of changes was auto generated.

v3.6.2-0

Changes:

• #1199: fix: generate language model tag for languageModelChatProvider contributions

This list of changes was auto generated.

v3.6.1

Changes:

• #1198: chore: bump vsce-sign to 2.0.7
• #1194: Engineering - do not run Azure Pipeline for pull requests
• #1193: fix: check exec params
• #1191: Bump tmp from 0.2.3 to 0.2.4
• #1188: Avoid Node.js DEP0190 warning by using string form for prepublish command
• #1190: chore: migrate PR check to GitHub Actions
• #1189: update secretlint
• #1187: Bump form-data from 4.0.0 to 4.0.4
• #1185: chore: onboard OSS pipeline to 1ES template
• #1179: add commonjs annotation to package.json

This list of changes was auto generated.

v3.6.1-9

Changes:

• #1198: chore: bump vsce-sign to 2.0.7

This list of changes was auto generated.

v3.6.1-8

Changes:

... (truncated)

Commits

• 6a944cc Merge pull request #1199 from joyceerhl/patch-1
• 623d46c fix test
• 70f3535 fix: generate language model tag for languageModelChatProvider contributions
• d9422df chore: bump vsce-sign to 2.0.7 (#1198)
• 91b5381 Engineering - do not run Azure Pipeline for pull requests (#1194)
• 6d9f87e fix: check exec params (#1193)
• 8fa2eb5 Bump tmp from 0.2.3 to 0.2.4 (#1191)
• 6b0b21d Avoid Node.js DEP0190 warning by using string form for prepublish command (#1...
• 29a2b75 chore: migrate PR check to GitHub Actions (#1190)
• 472e6ec Merge pull request #1189 from microsoft/benibenj/other-tarantula
• Additional commits viewable in compare view

Updates del-cli from 6.0.0 to 7.0.0

Release notes

Sourced from del-cli's releases.

v7.0.0

Breaking

• Require Node.js 20 aba3b05

Improvements

• Improve error presentation 822f27c
• Fix --dry-run behavior and clarify help text f71aaa6

---

sindresorhus/del-cli@v6.0.0...v7.0.0

Commits

• 77857ae 7.0.0
• aba3b05 Require Node.js 20
• 6562054 Add tests for directory paths with trailing slash
• 822f27c Improve error presentation
• f71aaa6 Fix --dry-run behavior and clarify help text
• See full diff in compare view

Updates esbuild from 0.25.9 to 0.25.10

Release notes

Sourced from esbuild's releases.

v0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @supports (color: blue) { color: blue }
  }
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  {
  color: blue;
  }
  }
  /* New output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  ::placeholder {
  color: blue;
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

  However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

  /* Original code */
  ::placeholder {
    color: red;
    body & { color: green }
    @supports (color: blue) { color: blue }
  }
  /* Old output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  {
  color: blue;
  }
  }
  /* New output (with --supported:nesting=false) */
  ::placeholder {
  color: red;
  }
  body :is() {
  color: green;
  }
  @​supports (color: blue) {
  ::placeholder {
  color: blue;

... (truncated)

Commits

• d6b668f publish 0.25.10 to npm
• 5088c19 refactor: use strings.Builder (#4290)
• 755da31 run make update-compat-table
• a1d9c86 fix #4287: marked the wrong issue as fixed
• 73a0b2a fix #4286: minifier panic due to identity function
• 134dadf fix #4265: @supports nested inside ::pseudo
• See full diff in compare view

Updates lint-staged from 16.1.6 to 16.2.3

Release notes

Sourced from lint-staged's releases.

v16.2.3

Patch Changes

• #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

v16.2.2

Patch Changes

• #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

  Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

  % npx lint-staged --fail-on-changes
  ✔ Backed up original state in git stash (c18d55a3)
  ✔ Running tasks for staged files...
  ✖ Tasks modified files and --fail-on-changes was used!
  ↓ Cleaning up temporary files...
  ✖ lint-staged failed because --fail-on-changes was used.
  Any lost modifications can be restored from a git stash:
  > git stash list --format="%h %s"
  c18d55a3 On main: lint-staged automatic backup
  > git apply --index c18d55a3

v16.2.1

Patch Changes

• #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

  export default {
  ---  "*": (files: string[]) => void console.log('staged files', files)
  +++  "*": (files: readonly string[]) => void console.log('staged files', files)
  }

• #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

• #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

• #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

  Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

v16.2.0

Minor Changes

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.2.3

Patch Changes

• #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

16.2.2

Patch Changes

• #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

  Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

  % npx lint-staged --fail-on-changes
  ✔ Backed up original state in git stash (c18d55a3)
  ✔ Running tasks for staged files...
  ✖ Tasks modified files and --fail-on-changes was used!
  ↓ Cleaning up temporary files...
  ✖ lint-staged failed because --fail-on-changes was used.
  Any lost modifications can be restored from a git stash:
  > git stash list --format="%h %s"
  c18d55a3 On main: lint-staged automatic backup
  > git apply --index c18d55a3

16.2.1

Patch Changes

• #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

  export default {
  ---  "*": (files: string[]) => void console.log('staged files', files)
  +++  "*": (files: readonly string[]) => void console.log('staged files', files)
  }

• #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

• #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

• #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

  Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

... (truncated)

Commits

• bdcd03a chore(changeset): release
• 27cd541 fix: do not count hidden (partially) unstaged changes when using `--fail-on-c...
• ab2f42e fix: emit correct value to debug logs
• 3fc5832 refactor: make general error messages more clear they originate from lint-staged
• 409d79a chore(changeset): release
• 7edaee9 docs: fix typo in changeset
• 699f95d fix: backup stash example uses real hash if available
• 47d01a9 fix: print backup stash example when failing to --fail-on-changes
• 325dc03 fix: restore unstaged changes on errors when --fail-on-errors or `--no-reve...
• 53bb27b fix: do not drop backup stash when errors and --fail-on-changes was used
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lint-staged since your current version.

Updates tsx from 4.20.5 to 4.20.6

Release notes

Sourced from tsx's releases.

v4.20.6

4.20.6 (2025-09-26)

Bug Fixes

• properly hide relaySignal from process.listeners() (#741) (710a424)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• 710a424 fix: properly hide relaySignal from process.listeners() (#741)
• 20b91c4 docs: make sponsors dynamic
• 08dcd59 chore: move vercel settings to root
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions