Skip to content

chore(deps): Bump the npm group with 4 updates#74

Merged
wochinge merged 3 commits into
mainfrom
dependabot/npm_and_yarn/npm-c4af9fdf82
Jul 6, 2026
Merged

chore(deps): Bump the npm group with 4 updates#74
wochinge merged 3 commits into
mainfrom
dependabot/npm_and_yarn/npm-c4af9fdf82

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm group with 4 updates: valibot, @langfuse/client, eslint and prettier.

Updates valibot from 1.4.1 to 1.4.2

Release notes

Sourced from valibot's releases.

v1.4.2

Many thanks to @​Faze-up and @​chatman-media for contributing to this release.

  • Fix word count actions to cache the Intl.Segmenter for non-primitive locales, preventing it from being recreated on every words, minWords, maxWords and notWords validation (pull request #1521)
  • Fix flatten method to handle issue path keys that collide with Object.prototype members like toString instead of throwing a TypeError (pull request #1522)
  • Fix intersect schema to merge object keys that collide with Object.prototype members like toString instead of failing to merge them (pull request #1522)
Commits
  • 0dc26ea Bump library version to 1.4.2
  • 1bd01c3 fix: handle keys that collide with Object.prototype in flatten and merge (#1522)
  • 752c636 docs: clarify string length semantics (#1505)
  • a3beff9 fix: cache word-count segmenter for non-primitive locales (#1521)
  • 1f9b183 Update FUNDING.yml in fabvor of Open Collective
  • 2c63b2a Update logos of partners in README
  • 09616b2 Add CodeRabbit as partner and remove Stainless
  • 92bcf55 Add Cloudflare to privacy policy page
  • 9bb6617 Add Cloudflare as a deploy target to our website (#1508)
  • c05bf95 Bump to-json-schema version to 1.7.1
  • Additional commits viewable in compare view

Updates @langfuse/client from 5.7.0 to 5.9.0

Release notes

Sourced from @​langfuse/client's releases.

v5.9.0

Full Changelog: langfuse/langfuse-js@v5.8.0...v5.9.0

v5.8.0

What's Changed

Full Changelog: langfuse/langfuse-js@v5.7.0...v5.8.0

Commits

Updates eslint from 10.5.0 to 10.6.0

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)
Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

Updates prettier from 3.8.4 to 3.9.1

Release notes

Sourced from prettier's releases.

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.1

diff

CLI: Fix ignored file has been cached incorrectly (#19483 by @​kovsu)

Bug details prettier/prettier#18016

3.9.0

diff

🔗 Release Notes

3.8.5

diff

Flow: Support readonly as a variance annotation (#19022 by @​marcoww6)

Flow now accepts readonly as a property variance annotation, equivalent to + (covariant/read-only).

// Input
type T = {
  readonly foo: string,
};
// Prettier 3.8.4
SyntaxError
// Prettier 3.8.5
type T = {
readonly foo: string,
};

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm group with 4 updates: [valibot](https://github.com/open-circle/valibot), [@langfuse/client](https://github.com/langfuse/langfuse-js/tree/HEAD/packages/client), [eslint](https://github.com/eslint/eslint) and [prettier](https://github.com/prettier/prettier).


Updates `valibot` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/open-circle/valibot/releases)
- [Commits](open-circle/valibot@v1.4.1...v1.4.2)

Updates `@langfuse/client` from 5.7.0 to 5.9.0
- [Release notes](https://github.com/langfuse/langfuse-js/releases)
- [Changelog](https://github.com/langfuse/langfuse-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/langfuse/langfuse-js/commits/v5.9.0/packages/client)

Updates `eslint` from 10.5.0 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.5.0...v10.6.0)

Updates `prettier` from 3.8.4 to 3.9.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.1)

---
updated-dependencies:
- dependency-name: valibot
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@langfuse/client"
  dependency-version: 5.9.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: prettier
  dependency-version: 3.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 6, 2026

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, standard Dependabot bumps (valibot patch, @langfuse/client + eslint + prettier minor).

Extended reasoning...

Overview

This is a Dependabot PR that bumps four dependencies in the npm group: valibot (1.4.1 → 1.4.2, patch), @langfuse/client (5.7.0 → 5.9.0, minor), eslint (10.5.0 → 10.6.0, minor), and prettier (3.8.4 → 3.9.1, minor). Only package.json and pnpm-lock.yaml are modified — no source code touched.

Security risks

None identified. All packages are well-known and from trusted upstream sources (open-circle, langfuse, eslint, prettier). Release notes are limited to bug fixes and small features (Object.prototype collision fixes in valibot, eslint rule improvements, prettier parser upgrades). The only production runtime dependency touched is valibot (patch-only), and @langfuse/client is scoped to devDependencies.

Level of scrutiny

Low. Config-only dependency bumps within the same major version, no API surface changes flagged in the release notes, and CI (lint/format/typecheck/test/build) will catch any incompatibilities before merge. Prettier 3.9's parser upgrade could theoretically reformat code, but that would surface as a format:check failure rather than a runtime issue.

Other factors

No bugs were surfaced by the bug hunting system, no prior reviewer comments on the PR, and the repo has established test/lint/build checks that gate merges. This is exactly the kind of small, mechanical, low-risk change appropriate for shadow approval.

@wochinge wochinge added the update-dist Rebuild and commit dist/ for Dependabot PRs label Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Experiment Results: 01e00b8

Experiment Status Actions
Uppercase (py) ✅ Pass View GitHub Action Run · View in Langfuse
Uppercase (ts) ✅ Pass View GitHub Action Run · View in Langfuse
Mixed dir (node) ✅ Pass View GitHub Action Run · View in Langfuse
Mixed dir (python) ✅ Pass View GitHub Action Run · View in Langfuse
Regression fixture ❌ Regression View GitHub Action Run · View in Langfuse

Details

✅ Uppercase (py) (Source)
Score Value
avg_accuracy 1.000
Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000
✅ Uppercase (ts) (Source)
Score Value
avg_accuracy 1.000
Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000
✅ Mixed dir (node) (Source)
Score Value
avg_accuracy 1.000
Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000
✅ Mixed dir (python) (Source)
Score Value
avg_accuracy 1.000
Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000
❌ Regression fixture (Source)

RegressionError: synthetic regression triggered by e2e fixture

Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000

@wochinge wochinge merged commit b84b301 into main Jul 6, 2026
10 checks passed
@wochinge wochinge deleted the dependabot/npm_and_yarn/npm-c4af9fdf82 branch July 6, 2026 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code update-dist Rebuild and commit dist/ for Dependabot PRs

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant