:arrow_up: Updates eslint-plugin-github to v6 by renovate[bot] · Pull Request #885 · AlexRogalskiy/github-action-json-fields

renovate · 2025-03-22T08:12:04Z

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
eslint-plugin-github	`^4.1.3` → `^6.0.0`

Release Notes

github/eslint-plugin-github (eslint-plugin-github)

`v6.0.0`

Compare Source

What's Changed

BREAKING CHANGE: This project is now ESM. Users of Node < 20.x will need to upgrade their version of Node, or continue to use v5.x of this library.

Remove github plugin from typescript by @gracepark in #610
Add typescript by @gracepark in #616
chore(deps): bump the all-dependencies group across 1 directory with 9 updates by @dependabot in #617
chore(deps): bump eslint-config-prettier from 10.0.1 to 10.0.2 in the all-dependencies group by @dependabot in #618
chore(deps): bump the all-dependencies group with 8 updates by @dependabot in #619
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #620
chore: update rule meta to satisfiy lint rules by @43081j in #621
feat: migrate to ESM only by @43081j in #622

New Contributors

@43081j made their first contribution in #621

Full Changelog: github/eslint-plugin-github@v5.1.8...v6.0.0

`v5.1.8`

Compare Source

What's Changed

chore(deps): bump @eslint/compat from 1.2.5 to 1.2.6 in the all-dependencies group by @dependabot in #607
Update a11y rule config to not flag role being set for ul by @khiga8 in #608
Update prettier plugin name by @gracepark in #609

Full Changelog: github/eslint-plugin-github@v5.1.7...v5.1.8

`v5.1.7`

Compare Source

What's Changed

Upgrade eslint-plugin-import for eslint 9 support by @tomups in #603
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #604
Update names back to original for eslint-comments and no-only-tests by @gracepark in #605

New Contributors

@tomups made their first contribution in #603

Full Changelog: github/eslint-plugin-github@v5.1.6...v5.1.7

`v5.1.6`

Compare Source

What's Changed

fix: upgrade eslint-plugin-jsx-a11y by @hyldmo in #597
chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #598
chore(deps): bump the all-dependencies group across 1 directory with 7 updates by @dependabot in #601
Update naming of plugins by @gracepark in #602

New Contributors

@hyldmo made their first contribution in #597

Full Changelog: github/eslint-plugin-github@v5.1.5...v.5.1.6

`v5.1.5`

Compare Source

What's Changed

fix: async-currenttarget/preventdefault doesn’t consider nested scopes by @kurtextrem in #567
chore(deps): bump the all-dependencies group with 6 updates by @dependabot in #586
use single quotes by @arelia in #590
chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #588
chore(deps): bump the all-dependencies group with 6 updates by @dependabot in #592
chore(deps): bump the all-dependencies group across 1 directory with 3 updates by @dependabot in #595
chore(deps): bump @eslint/plugin-kit from 0.2.2 to 0.2.4 in the npm_and_yarn group by @dependabot in #593
Update rules for flat config by @gracepark in #596

New Contributors

@kurtextrem made their first contribution in #567
@arelia made their first contribution in #590

Full Changelog: github/eslint-plugin-github@v5.1.4...v5.1.5

`v5.1.4`

Compare Source

What's Changed

chore(deps): bump the all-dependencies group with 6 updates by @dependabot in #581
chore(deps-dev): bump cross-spawn from 6.0.5 to 6.0.6 in the npm_and_yarn group by @dependabot in #574
Update README.md by @gracepark in #583
Update filenames default since it is now in our repo by @gracepark in #584

Full Changelog: github/eslint-plugin-github@v5.1.3...v5.1.4

`v5.1.3`

Compare Source

What's Changed

ESLint <v9 will maintain backwards compatibility by using the original eslint-filenames-plugin by @gracepark in #579
For ESLint v9+, if you configured the filenames/match-regex rule, please note we have adapted the match regex rule into eslint-plugin-github as the original eslint-filenames-plugin is no longer maintained and needed an ESLint v9 update. Please update the rule name to github/filenames-match-regex and keep the same configuration.

Full Changelog: github/eslint-plugin-github@v5.1.2...v5.1.3

`v5.1.2`

Compare Source

What's Changed

Update filenames by @gracepark in #578

Full Changelog: github/eslint-plugin-github@v5.1.1...v5.1.2

`v5.1.1`

Compare Source

What's Changed

chore(deps): bump the all-dependencies group across 1 directory with 4 updates by @dependabot in #575
Update package.json by @gracepark in #577

Full Changelog: github/eslint-plugin-github@v5.1.0...v5.1.1

`v5.1.0`

Compare Source

In this release we're supporting ESLint's new flat config and still maintaining legacy configs for backwards compatibility. We've created flat configs via getFlatConfigs():

Usage

import github from 'eslint-plugin-github'

export default [
  github.getFlatConfigs().browser,
  github.getFlatConfigs().recommended,
  github.getFlatConfigs().react,
  ...github.getFlatConfigs().typescript,
  {
    files: ['**/*.{js,mjs,cjs,jsx,mjsx,ts,tsx,mtsx}'],
    ignores: ['eslint.config.mjs'],
    rules: {
      'github/array-foreach': 'error',
      'github/async-preventdefault': 'warn',
      'github/no-then': 'error',
      'github/no-blur': 'error',
    },
  },
]

What's Changed

chore(deps): bump micromatch from 4.0.5 to 4.0.8 in the npm_and_yarn group by @dependabot in #549
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #552
chore(deps): bump the all-dependencies group across 1 directory with 5 updates by @dependabot in #557
Actions/Node Updates by @dgreif in #558
[Patch] Bumping eslint-plugin-escompat plugin to latest version by @dusave in #560
chore(deps): bump the all-dependencies group across 1 directory with 3 updates by @dependabot in #561
chore(deps): bump the all-dependencies group with 6 updates by @dependabot in #562
Update Dockerfile by @gracepark in #565
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #569
Support flat config and upgrade eslint to v9 by @gracepark in #571

New Contributors

@dusave made their first contribution in #560
@gracepark made their first contribution in #565

Full Changelog: github/eslint-plugin-github@v5.0.2...v5.1.0

`v5.0.2`

Compare Source

What's Changed

chore(deps): bump the all-dependencies group across 1 directory with 3 updates by @dependabot in #533
chore(deps): bump braces from 3.0.2 to 3.0.3 by @dependabot in #534
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #535
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #536
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #537
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #538
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #540
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #541
chore(deps): bump the all-dependencies group across 1 directory with 3 updates by @dependabot in #543
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #544
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #545
chore(deps): bump the all-dependencies group across 1 directory with 4 updates by @dependabot in #551

Full Changelog: github/eslint-plugin-github@v5.0.1...v5.0.2

`v5.0.1`

Compare Source

What's Changed

chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #530
Provide no-redundant-roles exception for rowgroup by @khiga8 in #531

Full Changelog: github/eslint-plugin-github@v5.0.0...v5.0.1

`v5.0.0`

Compare Source

Formally releasing v5.0.0!

This release includes everything in pre-release v5.0.0-2!

We notably dropped support for node 14 and node 16 in favor of node 18.

What's Changed

Drop node 14/16 support and fix bug in getElementType logic by @khiga8 in #525
Bump node 14 to node 18 by @khiga8 in #529
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #510
chore(deps): bump the all-dependencies group with 2 updates by @dependabot in #511
chore(deps): bump the all-dependencies group with 2 updates by @dependabot in #512
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #514
chore(deps): bump the all-dependencies group across 1 directory with 4 updates by @dependabot in #522

`v4.10.2`

Compare Source

What's Changed

Functionality

Update no-then.md by @cefn in #503
fix a11y-svg-has-accessible-name considering whitespace JSXText by @nnmrts in #508

Dependancy updates

chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #482
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #484
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #485
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #486
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #487
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #489
chore(deps): bump actions/setup-node from 3 to 4 by @dependabot in #488
chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #490
chore(deps): bump the all-dependencies group with 2 updates by @dependabot in #491
chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #492
chore(deps): bump the all-dependencies group with 2 updates by @dependabot in #493
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #494
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #495
chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #496
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #498
chore(deps): bump the all-dependencies group with 2 updates by @dependabot in #499
chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #500
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #501
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #502
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #504
chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #507
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #509

New Contributors

@cefn made their first contribution in #503
@nnmrts made their first contribution in #508

Full Changelog: github/eslint-plugin-github@v4.10.1...v4.10.2

`v4.10.1`

Compare Source

What's Changed

chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #478
chore(deps): bump actions/checkout from 3 to 4 by @dependabot in #480
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #479
chore(deps): bump the all-dependencies group with 2 updates by @dependabot in #481
Bug: Don't fallback to checking implicit role if role is set by @khiga8 in #483

Full Changelog: github/eslint-plugin-github@v4.10.0...v4.10.1

`v4.10.0`

Compare Source

What's Changed

Update a11y-no-visually-hidden-interactive-element.md by @kendallgassner in #468
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #469
chore(deps): bump the all-dependencies group with 6 updates by @dependabot in #471
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #472
chore(deps): bump the all-dependencies group with 3 updates by @dependabot in #473
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #474
chore(deps): bump the all-dependencies group with 4 updates by @dependabot in #475
Override rule config temporarily to address false positive by @khiga8 in #476

Full Changelog: github/eslint-plugin-github@v4.9.2...v4.10.0

`v4.9.2`

Compare Source

What's Changed

Use getLiteralPropValue for sr-only class by @khiga8 in #466

Full Changelog: github/eslint-plugin-github@v4.9.1...v4.9.2

`v4.9.1`

Compare Source

Bug fixes

This release includes bug fixes for a few accessibility rules including: a11y-aria-role-supports-props, a11y-no-title-attribute, and
jsx-a11y/no-interactive-element-to-noninteractive-role.

What's Changed

Ignore calls to a method named innerText by @camchenry in #455
bump prettier and eslint-plugin-prettier to latest versions by @shiftkey in #457
chore(deps): bump the all-dependencies group with 5 updates by @dependabot in #458
Set config override for false positive rule by @khiga8 in #460
Re-introduce accidentally removed testing commands by @khiga8 in #459
Fix bugs with getRole and getElementType by @khiga8 in #461
[Fix] Only look at semantic elements for a11y-no-title-attribute by @kendallgassner in #464
Check for presence of attribute in getRole rather than the value by @khiga8 in #463

New Contributors

@camchenry made their first contribution in #455
@shiftkey made their first contribution in #457

Full Changelog: github/eslint-plugin-github@v4.9.0...v4.9.1

`v4.9.0`

Compare Source

What's Changed

create rule: github/a11y-no-visually-hidden-interactive-element by @kendallgassner in #446
Add polymorphic component check in getElementType by @kendallgassner in #449
Adds svg-has-accessible-name rule by @lindseywild in #450
chore(deps): bump semver from 5.7.1 to 5.7.2 by @dependabot in #451
Create rule: a11y-no-title-attribute by @kendallgassner in #453
Bump aria-query and update to fix tests by @khiga8 in #448
Rename role-supports-aria-props to a11y- by @khiga8 in #454

New Contributors

@kendallgassner made their first contribution in #446
@lindseywild made their first contribution in #450

Full Changelog: github/eslint-plugin-github@v4.8.0...v4.9.0

`v4.8.0`

Compare Source

What's Changed

Update react.js to turn jsx-a11y/no-autofocus off by @khiga8 in #442
Dependency Updates
- chore(deps): bump eslint-config-prettier from 8.7.0 to 8.8.0 by @dependabot in #419
- chore(deps): bump @typescript-eslint/eslint-plugin from 5.55.0 to 5.56.0 by @dependabot in #420
- chore(deps): bump prettier from 2.8.4 to 2.8.7 by @dependabot in #421
- chore(deps): bump @typescript-eslint/parser from 5.55.0 to 5.56.0 by @dependabot in #422
- chore(deps-dev): bump eslint from 8.36.0 to 8.37.0 by @dependabot in #425
- chore(deps): bump @typescript-eslint/parser from 5.56.0 to 5.57.0 by @dependabot in #424
- chore(deps): bump @typescript-eslint/eslint-plugin from 5.56.0 to 5.57.0 by @dependabot in #423
- chore(deps): bump @typescript-eslint/parser from 5.57.0 to 5.57.1 by @dependabot in #426
- chore(deps-dev): bump eslint from 8.37.0 to 8.38.0 by @dependabot in #427
- chore(deps): bump @typescript-eslint/eslint-plugin from 5.57.0 to 5.57.1 by @dependabot in #428
- chore(deps): bump @typescript-eslint/eslint-plugin from 5.57.1 to 5.58.0 by @dependabot in #430
- chore(deps): bump @typescript-eslint/parser from 5.57.1 to 5.58.0 by @dependabot in #429
- chore(deps): bump prettier from 2.8.7 to 2.8.8 by @dependabot in #431
- chore(deps-dev): bump eslint from 8.38.0 to 8.39.0 by @dependabot in #434
- chore(deps): bump @typescript-eslint/eslint-plugin from 5.58.0 to 5.59.0 by @dependabot in #433
- chore(deps): bump @typescript-eslint/parser from 5.58.0 to 5.59.0 by @dependabot in #432
- chore(deps): bump @typescript-eslint/eslint-plugin from 5.59.0 to 5.59.1 by @dependabot in #435
- chore(deps): bump @typescript-eslint/parser from 5.59.0 to 5.59.2 by @dependabot in #437
- chore(deps-dev): bump eslint from 8.39.0 to 8.40.0 by @dependabot in #438
- chore(deps): bump @typescript-eslint/eslint-plugin from 5.59.1 to 5.59.2 by @dependabot in #439
- Group dependabot updates by @manuelpuyol in #441

Full Changelog: github/eslint-plugin-github@v4.7.0...v4.8.0

`v4.7.0`

Compare Source

What's Changed

chore(deps): bump @typescript-eslint/eslint-plugin from 5.51.0 to 5.52.0 by @dependabot in #403
chore(deps): bump @typescript-eslint/parser from 5.51.0 to 5.52.0 by @dependabot in #405
chore(deps): bump eslint-plugin-escompat from 3.3.4 to 3.4.0 by @dependabot in #404
chore(deps): bump @typescript-eslint/eslint-plugin from 5.52.0 to 5.53.0 by @dependabot in #409
chore(deps-dev): bump eslint from 8.34.0 to 8.35.0 by @dependabot in #408
chore(deps): bump @typescript-eslint/parser from 5.52.0 to 5.53.0 by @dependabot in #407
chore(deps): bump @typescript-eslint/eslint-plugin from 5.53.0 to 5.54.0 by @dependabot in #410
chore(deps): bump @typescript-eslint/parser from 5.53.0 to 5.54.0 by @dependabot in #411
chore(deps): bump eslint-config-prettier from 8.6.0 to 8.7.0 by @dependabot in #415
chore(deps): bump @typescript-eslint/eslint-plugin from 5.54.0 to 5.54.1 by @dependabot in #414
chore(deps): bump @typescript-eslint/parser from 5.54.0 to 5.54.1 by @dependabot in #412
chore(deps-dev): bump eslint from 8.35.0 to 8.36.0 by @dependabot in #413
Automate docs with eslint-doc-generator by @bmish in #398
chore(deps): bump @typescript-eslint/eslint-plugin from 5.54.1 to 5.55.0 by @dependabot in #417
chore(deps): bump @typescript-eslint/parser from 5.54.1 to 5.55.0 by @dependabot in #416
Update no-inner-html.md by @khiga8 in #381
New rule to flag invalid aria-label format by @khiga8 in #418

New Contributors

@bmish made their first contribution in #398

Full Changelog: github/eslint-plugin-github@v4.6.1...v4.7.0

`v4.6.1`

Compare Source

What's Changed

Update events handled by no-useless-passive and require-passive-events by @boris-petrov in #354
feat: role-supports-aria-props rule (no aria-label-misuse) by @smockle in #362
Updated dependencies

New Contributors

@boris-petrov made their first contribution in #354
@smockle made their first contribution in #362

Full Changelog: github/eslint-plugin-github@v4.6.0...v4.6.1

`v4.6.0`

Compare Source

What's Changed

Allow wildcard *.*.* prefix extension by @theinterned in #357

Full Changelog: github/eslint-plugin-github@v4.5.0...v4.6.0

`v4.5.0`

Compare Source

What's Changed

chore(deps): bump @typescript-eslint/parser from 5.41.0 to 5.42.0 by @dependabot in #337
chore(deps-dev): bump eslint from 8.26.0 to 8.27.0 by @dependabot in #339
chore(deps): bump @typescript-eslint/eslint-plugin from 5.41.0 to 5.42.0 by @dependabot in #338
chore(deps): bump @typescript-eslint/parser from 5.42.0 to 5.42.1 by @dependabot in #342
chore(deps-dev): bump chai from 4.3.6 to 4.3.7 by @dependabot in #341
bump @typescript-eslint/eslint-plugin from 5.42.0 to 5.42.1 by @dependabot in #340
chore(deps): bump @typescript-eslint/parser from 5.42.1 to 5.44.0 by @dependabot in #348
chore(deps): bump @typescript-eslint/eslint-plugin from 5.42.1 to 5.44.0 by @dependabot in #349
chore(deps): bump prettier from 2.7.1 to 2.8.0 by @dependabot in #347
chore(deps): bump @typescript-eslint/parser from 5.44.0 to 5.45.0 by @dependabot in #353
chore(deps-dev): bump eslint from 8.27.0 to 8.29.0 by @dependabot in #351
chore(deps): bump @typescript-eslint/eslint-plugin from 5.44.0 to 5.45.0 by @dependabot in #350
allow .server.* file extension by @theinterned in #343

New Contributors

@theinterned made their first contribution in #343

Full Changelog: github/eslint-plugin-github@v4.4.1...v4.5.0

`v4.4.1`

Compare Source

What's Changed

Use eslint-plugin-escompat in typescript config by @bdragon in #326
chore(deps): bump @typescript-eslint/parser from 5.39.0 to 5.40.0 by @dependabot in #327
chore(deps): bump @typescript-eslint/eslint-plugin from 5.39.0 to 5.40.0 by @dependabot in #329
chore(deps-dev): bump mocha from 10.0.0 to 10.1.0 by @dependabot in #328
chore(deps): bump @typescript-eslint/parser from 5.40.0 to 5.40.1 by @dependabot in #334
chore(deps-dev): bump eslint from 8.25.0 to 8.26.0 by @dependabot in #333
chore(deps): bump eslint-plugin-no-only-tests from 3.0.0 to 3.1.0 by @dependabot in #332
chore(deps): bump eslint-plugin-escompat from 3.3.3 to 3.3.4 by @dependabot in #331
chore(deps): bump @typescript-eslint/eslint-plugin from 5.40.0 to 5.40.1 by @dependabot in #330
chore(deps): bump @typescript-eslint/parser from 5.40.1 to 5.41.0 by @dependabot in #335
chore(deps): bump @typescript-eslint/eslint-plugin from 5.40.1 to 5.41.0 by @dependabot in #336

New Contributors

@bdragon made their first contribution in #326

Full Changelog: github/eslint-plugin-github@v4.4.0...v4.4.1

`v4.4.0`

Compare Source

What's Changed

chore(deps): bump eslint-plugin-no-only-tests from 2.6.0 to 3.0.0 by @dependabot in #286
chore(deps): bump @typescript-eslint/parser from 5.30.6 to 5.30.7 by @dependabot in #285
chore(deps): bump @typescript-eslint/eslint-plugin from 5.30.6 to 5.30.7 by @dependabot in #287
chore(deps-dev): bump eslint-plugin-eslint-plugin from 5.0.0 to 5.0.1 by @dependabot in #288
chore(deps): bump eslint-plugin-jsx-a11y from 6.6.0 to 6.6.1 by @dependabot in #289
chore(deps): bump prettier from 2.6.2 to 2.7.1 by @dependabot in #264
chore(deps): bump @typescript-eslint/eslint-plugin from 5.30.7 to 5.31.0 by @dependabot in #291
chore(deps): bump @typescript-eslint/parser from 5.30.7 to 5.31.0 by @dependabot in #290
chore(deps-dev): bump eslint from 8.20.0 to 8.21.0 by @dependabot in #292
chore(deps-dev): bump eslint-plugin-eslint-plugin from 5.0.1 to 5.0.2 by @dependabot in #293
chore(deps): bump @typescript-eslint/eslint-plugin from 5.31.0 to 5.32.0 by @dependabot in #294
chore(deps): bump @typescript-eslint/parser from 5.31.0 to 5.32.0 by @dependabot in [

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Moscow, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2025-03-22T08:12:20Z

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

github-actions · 2025-03-22T08:12:21Z

Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.

github-actions · 2025-03-22T08:12:22Z

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.

socket-security · 2025-12-05T00:14:40Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
lodash@4.17.20
jsonpath@1.1.0
jsonlint@1.6.3
license-checker@25.0.1
remark-preset-davidtheclark@0.12.0
markdown-link-check@3.8.7
remark-lint-code-block-style@2.0.1
remark-lint-ordered-list-marker-value@2.0.1
remark-cli@9.0.0
remark-validate-links@10.0.4
eslint-plugin-github@4.1.3 ⏵ 6.0.0	^-1	⁺¹⁸	^-1
pretty-quick@3.1.0
semantic-release@17.3.9
prettier@2.2.1
lint-staged@10.5.4

View full report

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

socket-security · 2026-04-15T15:27:22Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: npm `json-schema` is vulnerable to Prototype Pollution CVE: GHSA-896r-f27r-55mw json-schema is vulnerable to Prototype Pollution (CRITICAL) Affected versions: < 0.4.0 Patched version: 0.4.0 From: package-lock.json → `npm/@semantic-release/npm@7.0.10` → `npm/jest-circus@26.6.3` → `npm/coveralls@3.1.0` → `npm/jest@26.6.3` → `npm/markdown-link-check@3.8.7` → `npm/json-schema@0.2.3` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/json-schema@0.2.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Prototype Pollution in npm `minimist` CVE: GHSA-xvch-5gv4-984h Prototype Pollution in minimist (CRITICAL) Affected versions: >= 1.0.0 < 1.2.6; < 0.2.4 Patched version: 1.2.6 From: package-lock.json → `npm/folio@0.3.18` → `npm/conventional-changelog-cli@2.1.1` → `npm/@semantic-release/npm@7.0.10` → `npm/license-checker@25.0.1` → `npm/jest-circus@26.6.3` → `npm/coveralls@3.1.0` → `npm/jest@26.6.3` → `npm/@semantic-release/release-notes-generator@9.0.1` → `npm/minimist@1.2.5` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/minimist@1.2.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `npm` is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: package-lock.json → `npm/@semantic-release/npm@7.0.10` → `npm/npm@6.14.11` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/npm@6.14.11`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

renovate Bot added the npm dependencies label Mar 22, 2025

auto-assign Bot requested a review from AlexRogalskiy March 22, 2025 08:12

github-actions Bot added the review-required label Mar 22, 2025

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch 2 times, most recently from 4acdbc6 to 758b385 Compare August 15, 2025 12:10

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from 758b385 to 46a91ca Compare August 23, 2025 06:53

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from 46a91ca to d500c55 Compare September 1, 2025 04:28

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from d500c55 to f30afed Compare September 26, 2025 07:11

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from f30afed to f299b1c Compare October 23, 2025 08:17

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch 2 times, most recently from 69ad8bc to d9f2c7a Compare November 19, 2025 03:53

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from d9f2c7a to 797a83b Compare December 5, 2025 00:13

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from 797a83b to 39173d3 Compare December 31, 2025 23:52

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from 39173d3 to 3d4a10f Compare January 9, 2026 15:43

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch 2 times, most recently from cdeca50 to 87d1859 Compare January 24, 2026 04:00

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from 87d1859 to 39344b5 Compare February 3, 2026 06:56

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch 2 times, most recently from 14fba04 to 09d6846 Compare February 18, 2026 07:39

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch 2 times, most recently from 5a0fdba to 0fd7194 Compare March 14, 2026 09:16

⬆️ Updates eslint-plugin-github to v6

398cc1a

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

renovate Bot force-pushed the renovate/eslint-plugin-github-6.x branch from 0fd7194 to 398cc1a Compare April 15, 2026 15:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

⬆️ Updates eslint-plugin-github to v6#885

⬆️ Updates eslint-plugin-github to v6#885
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/eslint-plugin-github-6.x

renovate Bot commented Mar 22, 2025 •

edited

Loading

Uh oh!

github-actions Bot commented Mar 22, 2025

Uh oh!

github-actions Bot commented Mar 22, 2025

Uh oh!

github-actions Bot commented Mar 22, 2025

Uh oh!

socket-security Bot commented Dec 5, 2025 •

edited

Loading

Uh oh!

socket-security Bot commented Apr 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

renovate Bot commented Mar 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

Usage

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

Functionality

Dependancy updates

New Contributors

What's Changed

What's Changed

What's Changed

Bug fixes

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

Configuration

Uh oh!

github-actions Bot commented Mar 22, 2025

Uh oh!

github-actions Bot commented Mar 22, 2025

Uh oh!

github-actions Bot commented Mar 22, 2025

Hello from PR Helper

Uh oh!

socket-security Bot commented Dec 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented Apr 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented Mar 22, 2025 •

edited

Loading

socket-security Bot commented Dec 5, 2025 •

edited

Loading