Skip to content

chore(deps-dev): bump the dev-dependencies group with 5 updates#148

Merged
uhyo merged 1 commit intomasterfrom
dependabot/npm_and_yarn/dev-dependencies-a1a65f1e1f
Mar 12, 2026
Merged

chore(deps-dev): bump the dev-dependencies group with 5 updates#148
uhyo merged 1 commit intomasterfrom
dependabot/npm_and_yarn/dev-dependencies-a1a65f1e1f

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 11, 2026
edited
Loading

Bumps the dev-dependencies group with 5 updates:

Package From To
oxlint 1.51.0 1.53.0
turbo 2.8.13 2.8.16
wrangler 4.70.0 4.72.0
@types/node 25.3.3 25.4.0
tsdown 0.20.3 0.21.2

Updates oxlint from 1.51.0 to 1.53.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

  • 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
  • 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
  • bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
  • 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
  • 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
  • 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
  • ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

  • 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
  • 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
  • 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
  • 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
  • a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
  • ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
  • 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
  • ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
  • e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
  • 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
  • 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
  • fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
  • ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
  • dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
  • 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
  • cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

  • 25d577e language_server: Start tools in parallel (#15500) (Sysix)
  • 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
  • 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
  • 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
  • 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
  • 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

  • 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
  • 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
  • a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
  • 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
  • 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
  • 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

Changelog

All notable changes to this package will be documented in this file.

The format is based on Keep a Changelog.

[1.52.0] - 2026-03-09

🚀 Features

  • 61bf388 linter: Add options.reportUnusedDisableDirectives to config file (#19799) (Peter Wagenet)
  • 2919313 linter: Introduce denyWarnings config options (#19926) (camc314)
  • a607119 linter: Introduce maxWarnings config option (#19777) (camc314)

📚 Documentation

  • 6c0e0b5 linter: Add oxlint.config.ts to the config docs. (#19941) (connorshea)
  • 160e423 linter: Add a note that the typeAware and typeCheck options require oxlint-tsgolint (#19940) (connorshea)
Commits
  • 856781f release(apps): oxlint v1.53.0 && oxfmt v0.38.0 (#20218)
  • 9870467 release(apps): oxlint v1.52.0 && oxfmt v0.37.0 (#20143)
  • 61bf388 feat(linter): add options.reportUnusedDisableDirectives to config file (#19...
  • 6c0e0b5 docs(linter): Add oxlint.config.ts to the config docs. (#19941)
  • 160e423 docs(linter): Add a note that the typeAware and typeCheck options require oxl...
  • 2919313 feat(linter): introduce denyWarnings config options (#19926)
  • a607119 feat(linter): introduce maxWarnings config option (#19777)
  • See full diff in compare view

Updates turbo from 2.8.13 to 2.8.16

Release notes

Sourced from turbo's releases.

Turborepo v2.8.16

What's Changed

turbo-ignore

@​turbo/codemod

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.8.15...v2.8.16

Turborepo v2.8.16-canary.1

What's Changed

turbo-ignore

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.8.15...v2.8.16-canary.1

Turborepo v2.8.15

What's Changed

create-turbo

@​turbo/repository

Changelog

... (truncated)

Commits
  • ecad149 publish 2.8.16 to registry
  • 10386ae fix: Guard against missing pipeline key in clean-globs codemod (#12235)
  • 3f7edba docs: missing migrate word (#12234)
  • e03a168 release(turborepo): 2.8.16-canary.1 (#12233)
  • 5bd21fb docs: Remove CONSOLE DO NOT TRACK link (#12232)
  • e9195cd fix: Prevent tsdown from cleaning @​turbo/gen binaries during release (#12230)
  • 8d0481e fix: Honor --output-logs errors-only for non-cached tasks (#11926)
  • a70d0fc Revert "ci: Re-enable Rust unit tests in release workflow" (#12229)
  • e637353 fix: Promote nested bun lockfile entries when hoisted version is pruned (#12228)
  • 9086c1e fix: Remove all remaining pnpm dependency overrides (#12227)
  • Additional commits viewable in compare view

Updates wrangler from 4.70.0 to 4.72.0

Release notes

Sourced from wrangler's releases.

wrangler@4.72.0

Minor Changes

  • #12746 211d75d Thanks @​NuroDev! - Add support for inheritable bindings in type generation

    When using wrangler types with multiple environments, bindings from inheritable config properties (like assets) are now correctly inherited from the top-level config in all named environments. Previously, if you defined assets.binding at the top level with named environments, the binding would be marked as optional in the generated Env type because the type generation didn't account for inheritance.

    Example:

    {
	"assets": {
		"binding": "ASSETS",
		"directory": "./public"
	},
	"env": {
		"staging": {},
		"production": {}
	}
}

    Before this change, ASSETS would be typed as ASSETS?: Fetcher (optional). Now, ASSETS is correctly typed as ASSETS: Fetcher (required). This fix currently applies to the assets binding, with an extensible mechanism to support additional inheritable bindings in the future.

  • #12826 de65c58 Thanks @​gabivlj! - Enable container egress interception in local dev without the experimental compatibility flag

    Container local development now always prepares the egress interceptor sidecar image needed for interceptOutboundHttp(). This makes container-to-Worker interception available by default in Wrangler, Miniflare, and the Cloudflare Vite plugin.

Patch Changes

  • #12790 5451a7f Thanks @​petebacondarwin! - Bump node-forge to ^1.3.2 to address security vulnerabilities

    node-forge had ASN.1 unbounded recursion, OID integer truncation, and ASN.1 validator desynchronization vulnerabilities. This is a bundled dependency used for local HTTPS certificate handling.

  • #12795 82cc2a8 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260301.1 1.20260306.1

  • #12811 3c67c2a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260306.1 1.20260307.1

... (truncated)

Commits
  • 24f807b Version Packages (#12789)
  • b8c33f5 Make remote dev exchange_url optional (#12771)
  • ba18c02 [wrangler] Make worker deletion in e2e test cleanup best-effort (#12832)
  • de65c58 containers: Remove experimental flag from enabling egress interception for co...
  • 9f93b54 Strip query strings from module names when writing to disk (#12824)
  • d645594 Bump the workerd-and-workers-types group with 2 updates (#12827)
  • 6ed249b [wrangler] Fix d1 execute --json returning string "null" for SQL NULL values ...
  • 3c67c2a Bump the workerd-and-workers-types group with 2 updates (#12811)
  • 82cc2a8 Bump the workerd-and-workers-types group with 2 updates (#12795)
  • 211d75d fix(wrangler): Fix type generation inheritable bindings (#12746)
  • Additional commits viewable in compare view

Updates @types/node from 25.3.3 to 25.4.0

Commits

Updates tsdown from 0.20.3 to 0.21.2

Release notes

Sourced from tsdown's releases.

v0.21.2

   🚨 Breaking Changes

  • exe: Add exe.outDir for separate executable output dir, defaults to build  -  by @​sxzz (d49ef)

Note: Executable is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

   🐞 Bug Fixes

  • css: Skip data URIs and external URLs in CSS url() rebasing  -  by @​sxzz (13907)
    View changes on GitHub

v0.21.1

   🚨 Breaking Changes

[!IMPORTANT] If you are using CSS features (e.g., CSS imports), you now need to manually install the @tsdown/css package:

npm install @tsdown/css -D
# or
pnpm add @tsdown/css -D

Note: CSS support is still an experimental feature and does not follow SemVer. Breaking changes may occur in any release.

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v0.21.0 - Notable Changes

... (truncated)

Commits
  • ab8446b chore: release v0.21.2
  • 57c5b3c chore: upgrade deps
  • cbd7b38 feat(deps): rename onlyAllowBundle to onlyBundle (#819)
  • d9f0fcc chore(deps): update all non-major dependencies (#815)
  • 139076c fix(css): skip data URIs and external URLs in CSS url() rebasing
  • d49ef37 feat(exe)!: add exe.outDir for separate executable output dir, defaults to ...
  • 8869180 test: add case for preserving folder structure in unbundle mode (#817)
  • bad2d17 feat: add root option for controlling output directory structure
  • 2b1be7e chore: release v0.21.1
  • 38ca9c1 chore: upgrade unrun
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 11, 2026
@dependabot
chore(deps-dev): bump the dev-dependencies group with 5 updates
1f5be86 
Bumps the dev-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.51.0` | `1.53.0` |
| [turbo](https://github.com/vercel/turborepo) | `2.8.13` | `2.8.16` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.70.0` | `4.72.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.3` | `25.4.0` |
| [tsdown](https://github.com/rolldown/tsdown) | `0.20.3` | `0.21.2` |


Updates `oxlint` from 1.51.0 to 1.53.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.53.0/npm/oxlint)

Updates `turbo` from 2.8.13 to 2.8.16
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.8.13...v2.8.16)

Updates `wrangler` from 4.70.0 to 4.72.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.72.0/packages/wrangler)

Updates `@types/node` from 25.3.3 to 25.4.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `tsdown` from 0.20.3 to 0.21.2
- [Release notes](https://github.com/rolldown/tsdown/releases)
- [Commits](rolldown/tsdown@v0.20.3...v0.21.2)

---
updated-dependencies:
- dependency-name: oxlint
  dependency-version: 1.53.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: turbo
  dependency-version: 2.8.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: wrangler
  dependency-version: 4.72.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: tsdown
  dependency-version: 0.21.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-a1a65f1e1f branch from 48a81a2 to 1f5be86 Compare March 11, 2026 23:35
@uhyo uhyo merged commit aa952aa into master Mar 12, 2026
1 check passed
@uhyo uhyo deleted the dependabot/npm_and_yarn/dev-dependencies-a1a65f1e1f branch March 12, 2026 00:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@uhyo