Skip to content

chore(deps): bump the minor-and-patch group with 4 updates#172

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-546a835867
Open

chore(deps): bump the minor-and-patch group with 4 updates#172
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-546a835867

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 4 updates: helmet, @eslint/eslintrc, eslint and @anthropic-ai/sdk.

Updates helmet from 8.2.0 to 8.3.0

Changelog

Sourced from helmet's changelog.

8.3.0 - 2026-07-11

Changed

  • Content-Security-Policy: improved performance by ~7% when there are no dynamic directives
  • Content-Security-Policy: improved error handling for invalid directive names

Fixed

  • Content-Security-Policy: useDefaults: false with no directives is no longer valid, both at runtime and the type level
  • Content-Security-Policy: dynamically-computed directive values would throw, not call next, when invalid
  • Content-Security-Policy: dynamically-computed directive value entries would throw, not call next, when function threw
Commits
  • 75f1a98 8.3.0
  • f03f70d Update changelog for 8.3.0 release
  • a307fce Fix capitalization in CSP package changelog
  • 5347b43 Format default CSP in README for readability
  • 9afc570 CSP: fix middleware-specific README missing link
  • 266c95c Minor speedups to project setups test
  • 7a4196c CSP: update package-specific changelog
  • 02716b4 CSP: improve performance when there are no dynamic directives
  • 3f511ed CSP: move utility functions to separate file
  • 80338af CSP: disabling defaults with no directives is now an error
  • Additional commits viewable in compare view

Updates @eslint/eslintrc from 3.3.5 to 3.3.6

Release notes

Sourced from @​eslint/eslintrc's releases.

eslintrc: v3.3.6

3.3.6 (2026-07-10)

Bug Fixes

  • update js-yaml to 4.3.0 to address security vulnerability (#235) (0c5de74)
Changelog

Sourced from @​eslint/eslintrc's changelog.

3.3.6 (2026-07-10)

Bug Fixes

  • update js-yaml to 4.3.0 to address security vulnerability (#235) (0c5de74)
Commits

Updates eslint from 10.6.0 to 10.7.0

Release notes

Sourced from eslint's releases.

v10.7.0

Features

  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)
  • 557fde8 feat: support computed Number.parseInt member access in radix rule (#21041) (Pixel)
  • 0b4a73b feat: add suggestions to no-compare-neg-zero (#21034) (den$)
  • 96cdd42 feat: report invalid signed numeric radix values in radix rule (#21030) (Pixel)

Bug Fixes

  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069) (Pixel)
  • 0d7d70c fix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)
  • 75ec753 fix: handle static template literals in eqeqeq rule (#21058) (Pixel)
  • b717a22 fix: prevent eqeqeq null option from reporting non-equality operators (#21057) (Pixel)
  • e35b05f fix: avoid no-invalid-regexp false positive for shadowed RegExp (#21051) (Pixel)
  • a3172b6 fix: avoid no-control-regex false positive for shadowed RegExp (#21050) (Pixel)
  • d1f637e fix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)
  • 8859baf fix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)
  • a9e5961 fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)
  • 8a240a7 fix: avoid false positives in radix rule for spread arguments (#21044) (Pixel)

Documentation

  • c30d808 docs: Update README (GitHub Actions Bot)
  • 5139800 docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)
  • 04174cb docs: Update README (GitHub Actions Bot)
  • 026e130 docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)
  • 9d42fef docs: Update README (GitHub Actions Bot)
  • b230159 docs: Update README (GitHub Actions Bot)
  • 0129972 docs: correct **/.js glob to **/*.js in config files guide (#21036) (EduardF1)

Chores

  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])
  • 81a4774 chore: updates for v9.39.5 release (Jenkins)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071) (Francesco Trotta)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067) (lumir)
  • 833ec10 chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])
  • 7ea106d chore: update ecosystem plugins (#21059) (ESLint Bot)
  • 8fb550e chore: add prettier update commit to .git-blame-ignore-revs (#21056) (lumir)
  • e4e1166 chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])
  • 0493f53 chore: update prettier to v3.9.0 (#21054) (Pixel)
  • 1056a99 chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])
  • 4d4155d ci: run ecosystem tests on pull requests (#21027) (sethamus)
  • 993539f chore: update dependency @​eslint/json to ^2.0.1 (#21042) (renovate[bot])
  • 53f8b69 test: add error locations to no-constant-binary-expression (#21039) (lumir)
  • 5ab71d5 refactor: clean up radix rule internals (#21015) (Pixel)
  • a80a9a4 chore: update ecosystem plugins (#21035) (ESLint Bot)
  • 7c9a029 ci: add Node.js 26 to CI (#20847) (lumir)
Commits
  • fabd99b 10.7.0
  • 37c5e75 Build: changelog update for 10.7.0
  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076)
  • 81a4774 chore: updates for v9.39.5 release
  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071)
  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032)
  • c30d808 docs: Update README
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067)
  • Additional commits viewable in compare view

Updates @anthropic-ai/sdk from 0.110.0 to 0.111.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.111.0

0.111.0 (2026-07-10)

Full Changelog: sdk-v0.110.0...sdk-v0.111.0

Features

  • api: add support for dreaming (77b28a6)
  • tools: gate session tool calls on evaluated_permission; bound idle by server stop_reason (68a6d7b)

Chores

  • docs: small updates to field descriptions (e25b885)
  • docs: update model example (a33f3f0)
  • docs: updates to descriptions and examples (eac4bac)
Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.111.0 (2026-07-10)

Full Changelog: sdk-v0.110.0...sdk-v0.111.0

Features

  • api: add support for dreaming (77b28a6)
  • tools: gate session tool calls on evaluated_permission; bound idle by server stop_reason (68a6d7b)

Chores

  • docs: small updates to field descriptions (e25b885)
  • docs: update model example (a33f3f0)
  • docs: updates to descriptions and examples (eac4bac)
Commits
  • 9e46760 chore: release main
  • 8d461ea feat(api): add support for dreaming
  • 9436e29 codegen metadata
  • 0aec1e7 feat(tools): gate session tool calls on evaluated_permission; bound idle by s...
  • ac2fc67 chore(docs): update model example
  • c8af65d chore(docs): updates to descriptions and examples
  • 2a3a904 codegen metadata
  • 57c56c9 chore(docs): small updates to field descriptions
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group with 4 updates: [helmet](https://github.com/helmetjs/helmet), [@eslint/eslintrc](https://github.com/eslint/eslintrc), [eslint](https://github.com/eslint/eslint) and [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript).


Updates `helmet` from 8.2.0 to 8.3.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.2.0...v8.3.0)

Updates `@eslint/eslintrc` from 3.3.5 to 3.3.6
- [Release notes](https://github.com/eslint/eslintrc/releases)
- [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md)
- [Commits](eslint/eslintrc@eslintrc-v3.3.5...eslintrc-v3.3.6)

Updates `eslint` from 10.6.0 to 10.7.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.6.0...v10.7.0)

Updates `@anthropic-ai/sdk` from 0.110.0 to 0.111.0
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.110.0...sdk-v0.111.0)

---
updated-dependencies:
- dependency-name: helmet
  dependency-version: 8.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@eslint/eslintrc"
  dependency-version: 3.3.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: eslint
  dependency-version: 10.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.111.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants