chore(deps): bump the dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dependencies group with 8 updates in the /pkg/js directory:

Package	From	To
ajv	8.18.0	8.20.0
yaml	2.8.3	2.9.0
@openfga/sdk	0.9.3	0.9.6
@types/node	25.5.0	26.0.1
@typescript-eslint/eslint-plugin	8.57.1	8.62.0
eslint-import-resolver-typescript	4.4.4	4.4.5
prettier	3.8.1	3.8.4
typescript	5.9.3	6.0.3

Updates ajv from 8.18.0 to 8.20.0

Release notes

Sourced from ajv's releases.

v8.20.0

What's Changed

• fix: add support for node 22/24, drop node 16/21 by @​jasoniangreen in ajv-validator/ajv#2580
• fix: add ES2022.RegExp for RegExpIndicesArray by @​SignpostMarv in ajv-validator/ajv#2604

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

v8.19.0

What's Changed

• fix prototype pollution via format keyword using $data ref by @​epoberezkin in ajv-validator/ajv#2607

Full Changelog: ajv-validator/ajv@v8.18.0...v8.19.0

Commits

• 0fba0b8 8.20.0
• 9caf8d6 fix: add ES2022.RegExp for RegExpIndicesArray; fixes ajv-validator/ajv#2603 (...
• 2065350 fix: add support for node 22/24, drop node 16/21 (#2580)
• 154b58d 8.19.0
• e8d2bdc test/fix prototype pollution via $data ref with format keyword (#2607)
• See full diff in compare view

Updates yaml from 2.8.3 to 2.9.0

Release notes

Sourced from yaml's releases.

v2.9.0

The changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of parseDocument() and parseAllDocuments(): I've removed the claim that they'll "never throw".

It remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which yaml CVEs have been issued so far.

Starting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.

• fix: Avoid calling Array.prototype.push.apply() with large source array
• fix(lexer): Avoid recursive calls that may exhaust the call stack

v2.8.4

• Disable alias resolution with maxAliasCount:0 (#677)
• Handle invalid unicode escapes (e1a1a77)
• Apply minFractionDigits only to decimal strings (#676)

Commits

• ddb21b0 2.9.0
• 167365b docs: Clarify that not all errors can be avoided
• 6eca2a7 fix: Avoid calling Array.prototype.push.apply() with large source array
• 0543cd5 fix(lexer): Avoid recursive calls that may exhaust the call stack
• ccdf743 2.8.4
• f625789 fix: Disable alias resolution with maxAliasCount:0 (#677)
• e1a1a77 fix: Handle invalid unicode escapes
• a163ea0 style: Satify Prettier
• b2a5a6c fix: Apply minFractionDigits only to decimal strings (#676)
• 93c951b chore: Bump JSR version to v2.8.3 (#673)
• Additional commits viewable in compare view

Updates @openfga/sdk from 0.9.3 to 0.9.6

Release notes

Sourced from @​openfga/sdk's releases.

v0.9.6

0.9.6 (2026-05-11)

Fixed

• correctly set default retry params (#394) (6b03882) , Thanks @​kamilogorek
• prevent token refresh thundering herd (#333) (025346f)
• stop mutating token refresh errors into auth errors (#329) (d5cbccb)

What's Changed

• fix: Correctly set authorization model id when calling batch checks by @​kamilogorek in openfga/js-sdk#372
• chore(ci): release automation configs by @​SoulPancake in openfga/js-sdk#362
• chore: Add 'release' to task types for PR validation by @​SoulPancake in openfga/js-sdk#371
• chore(deps): bump axios from 1.14.0 to 1.15.0 by @​dependabot[bot] in openfga/js-sdk#373
• chore: add pull request title pattern for releases by @​SoulPancake in openfga/js-sdk#375
• chore: fix releaser config by @​SoulPancake in openfga/js-sdk#377
• release: v0.9.5 by @​openfga-releaser-bot[bot] in openfga/js-sdk#378
• chore(deps): bump ajv from 8.17.1 to 8.18.0 in /example/streamed-list-objects in the npm_and_yarn group across 1 directory by @​dependabot[bot] in openfga/js-sdk#337
• chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in the dependencies group by @​dependabot[bot] in openfga/js-sdk#380
• chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates by @​dependabot[bot] in openfga/js-sdk#379
• chore: use releaser app client ID by @​SoulPancake in openfga/js-sdk#382
• chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 by @​dependabot[bot] in openfga/js-sdk#384
• feat: add APIExecutor dedicated examples by @​SoulPancake in openfga/js-sdk#385
• chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 in the dependencies group by @​dependabot[bot] in openfga/js-sdk#387
• chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /example/streamed-list-objects in the npm_and_yarn group across 1 directory by @​dependabot[bot] in openfga/js-sdk#383
• docs: parse raw stream by @​SoulPancake in openfga/js-sdk#389
• fix: prevent token refresh thundering herd by @​aaguiarz in openfga/js-sdk#333
• chore: Ignore eslint 10.x dependabot by @​curfew-marathon in openfga/js-sdk#390
• chore(deps-dev): bump eslint from 9.39.2 to 9.39.4 by @​dependabot[bot] in openfga/js-sdk#391
• chore: add bootstrap-sha to release-please config by @​SoulPancake in openfga/js-sdk#393
• fix: correctly set default retry params by @​kamilogorek in openfga/js-sdk#394
• feat: draft releases, version verification, and reusable workflows by @​SoulPancake in openfga/js-sdk#396
• chore(deps): bump deps by @​rhamzeh in openfga/js-sdk#398
• chore(ci): fix typo specifying node version env by @​rhamzeh in openfga/js-sdk#399
• chore(ci): Harden GitHub Actions by @​step-security-bot in openfga/js-sdk#400
• chore: bump example deps & point to parent SDK rather than published by @​rhamzeh in openfga/js-sdk#403
• fix: stop mutating token refresh errors into auth errors by @​aaguiarz in openfga/js-sdk#329
• chore(deps): bump the dependencies group with 2 updates by @​dependabot[bot] in openfga/js-sdk#407
• chore(eslint): bump eslint to v10 by @​rhamzeh in openfga/js-sdk#412
• chore(deps-dev): bump the dependencies group across 1 directory with 3 updates by @​dependabot[bot] in openfga/js-sdk#411
• chore(deps): bump github/codeql-action from 3.35.3 to 4.35.4 in the dependencies group by @​dependabot[bot] in openfga/js-sdk#414
• chore(deps-dev): bump @​types/node from 25.6.1 to 25.6.2 in the dependencies group across 1 directory by @​dependabot[bot] in openfga/js-sdk#413
• release: v0.9.6 by @​SoulPancake in openfga/js-sdk#397
• release: v0.9.7 by @​openfga-releaser-bot[bot] in openfga/js-sdk#416
• chore: revert release & notes for v0.9.7 by @​SoulPancake in openfga/js-sdk#418

New Contributors

• @​kamilogorek made their first contribution in openfga/js-sdk#372
• @​curfew-marathon made their first contribution in openfga/js-sdk#390

... (truncated)

Changelog

Sourced from @​openfga/sdk's changelog.

0.9.6 (2026-05-11)

Fixed

• correctly set default retry params (#394) (6b03882) , Thanks @​kamilogorek
• prevent token refresh thundering herd (#333) (025346f)
• stop mutating token refresh errors into auth errors (#329) (d5cbccb)

0.9.5 (2026-04-10)

Fixed

• Correctly set authorization model id when calling batch checks (#372) (bbc8bde)

v0.9.4

v0.9.4 (2026-03-31)

• fix(deps): pin axios to 1.14.0 and fix brace-expansion audit vulnerability (#363) - details

Commits

• 93131c7 chore: revert release & notes for v0.9.7 (#418)
• 23c122a release: v0.9.7 (#416)
• cf64c87 release: v0.9.6 (#397)
• 1ca65d8 chore(deps-dev): bump @​types/node from 25.6.1 to 25.6.2 in the dependencies g...
• b101440 chore(deps): bump github/codeql-action from 3.35.3 to 4.35.4 in the dependenc...
• 2ef6c57 chore(deps-dev): bump the dependencies group across 1 directory with 3 update...
• 313ae1e chore(eslint): bump eslint to v10 (#412)
• e352c99 chore(deps): bump the dependencies group with 2 updates (#407)
• d5cbccb fix: stop mutating token refresh errors into auth errors (#329)
• e6e5854 chore: bump example deps & point to parent SDK rather than published (#403)
• Additional commits viewable in compare view

Updates @types/node from 25.5.0 to 26.0.1

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.57.1 to 8.62.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

🩹 Fixes

• add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

• eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
• eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
• eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
• eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

• Anas @​anasm266
• Deftera @​Deftera186
• Kirk Waiblinger @​kirkwaiblinger
• lumir
• Sarath Francis @​sarathfrancis90

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)
• ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

🩹 Fixes

• eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)
• eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
• eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
• eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)

❤️ Thank You

• Anas @​anasm266
• Deftera @​Deftera186
• Kirk Waiblinger @​kirkwaiblinger
• lumir
• Sarath Francis @​sarathfrancis90

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

... (truncated)

Commits

• 54e2857 chore(release): publish 8.62.0
• 81e4c26 feat: remove redundant package.json "files" (#12444)
• b784054 chore: use stableTypeOrdering compiler option (#12427)
• aaad718 chore(release): publish 8.61.1
• 0cc8f35 fix(eslint-plugin): [no-unnecessary-template-expression] respect ECMAScript l...
• 6f269e2 fix(eslint-plugin): [no-unnecessary-boolean-literal-compare] fix precedence b...
• 1b5d543 fix(eslint-plugin): [no-unnecessary-type-assertion] wrap object literal in pa...
• 565e666 fix(eslint-plugin): [no-unnecessary-type-assertion] avoid false positive for ...
• 204eabc fix(eslint-plugin): [consistent-indexed-object-style] do not remove comments ...
• 16a5b24 chore(release): publish 8.61.0
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.57.1 to 8.62.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

🩹 Fixes

• add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

• eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
• eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
• eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
• eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

• Anas @​anasm266
• Deftera @​Deftera186
• Kirk Waiblinger @​kirkwaiblinger
• lumir
• Sarath Francis @​sarathfrancis90

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)
• ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.0 (2026-06-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.1 (2026-06-01)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.0 (2026-05-25)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.4 (2026-05-18)

This was a version bump only for parser to align it with other projects, there were no code changes.

... (truncated)

Commits

• 54e2857 chore(release): publish 8.62.0
• 81e4c26 feat: remove redundant package.json "files" (#12444)
• aaad718 chore(release): publish 8.61.1
• 16a5b24 chore(release): publish 8.61.0
• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• f891c29 chore(release): publish 8.60.0
• ca6ca14 chore(release): publish 8.59.4
• 48e13c0 chore(release): publish 8.59.3
• 44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
• Additional commits viewable in compare view

Updates eslint-import-resolver-typescript from 4.4.4 to 4.4.5

Release notes

Sourced from eslint-import-resolver-typescript's releases.

v4.4.5

Patch Changes

• #473 32c61ab Thanks @​leey0818! - fix: check tsconfig matching before using resolver

Changelog

Sourced from eslint-import-resolver-typescript's changelog.

4.4.5

Patch Changes

• #473 32c61ab Thanks @​leey0818! - fix: check tsconfig matching before using resolver

Commits

• 724c47d chore: release eslint-import-resolver-typescript (#480)
• 32c61ab fix: check tsconfig matching before using resolver (#473)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-import-resolver-typescript since your current version.

Updates prettier from 3.8.1 to 3.8.4

Release notes

Sourced from prettier's releases.

3.8.4

• Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (prettier/prettier#17746 by @​byplayer)

🔗 Changelog

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.4

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a


b


c

d



<!-- Prettier 3.8.3 -->

a

b


c

d



<!-- Prettier 3.8.4 -->


a

b



c

d

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
</tr></table>

... (truncated)

Commits

• 1c6ba55 Release 3.8.4
• 4a673dc Fix blank lines between list items and nested sub-lists being removed in Mark...
• 074aaed Replace main branch in changelog link with tags (#19054)
• c22a003 Bump Prettier dependency to 3.8.3
• 07bad1f Clean changelog_unreleased
• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).
• fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

• npm

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 050880c Bump version to 6.0.3 and LKG
• eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
• ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
• 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​typescript-eslint/​parser@​8.57.1 ⏵ 8.62.0			+1
	npm/​@​typescript-eslint/​eslint-plugin@​8.57.1 ⏵ 8.62.0			-3
	npm/​@​types/​node@​25.5.0 ⏵ 26.0.1
	npm/​ajv@​8.18.0 ⏵ 8.20.0	+1
	npm/​yaml@​2.8.3 ⏵ 2.9.0	+1
	npm/​eslint-import-resolver-typescript@​4.4.4 ⏵ 4.4.5
	npm/​typescript@​5.9.3 ⏵ 6.0.3	+1		+1
	npm/​@​openfga/​sdk@​0.9.3 ⏵ 0.9.6	+1		+1
	npm/​prettier@​3.8.1 ⏵ 3.8.4	+1		+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pkg/js/package-lock.json → npm/@typescript-eslint/eslint-plugin@8.62.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.62.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm typescript under CC-BY-4.0 License: CC-BY-4.0 - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) License: MIT-Khronos-old - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt) From: pkg/js/package-lock.json → npm/typescript@6.0.3 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report