Skip to content

chore(deps): bump the npm-deps group with 5 updates#291

Merged
collinmcneese merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-deps-368568f010
Apr 6, 2026
Merged

chore(deps): bump the npm-deps group with 5 updates#291
collinmcneese merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-deps-368568f010

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-deps group with 5 updates:

Package From To
dotenv 17.3.1 17.4.1
express-rate-limit 8.3.1 8.3.2
toml 3.0.0 4.1.1
cspell 9.7.0 10.0.0
eslint 10.1.0 10.2.0

Updates dotenv from 17.3.1 to 17.4.1

Changelog

Sourced from dotenv's changelog.

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)
Commits

Updates express-rate-limit from 8.3.1 to 8.3.2

Release notes

Sourced from express-rate-limit's releases.

v8.3.2

You can view the changelog here.

Commits
  • c4dbb42 8.3.2
  • 8f1cc66 v8.3.2 changelog
  • 601b87f Fix skipFailedRequests for for connections that close very early (#611)
  • 014c2f3 chore(deps-dev): bump the development-dependencies group with 6 updates (#612)
  • 4e8b18b Remove Zuplo sponsorship details from README (#613)
  • 31dab19 test: use numeric range for reset timestamp assertion (#610)
  • f82ad13 chore(deps-dev): bump the development-dependencies group with 2 updates (#609)
  • fa0b098 docs: fix broken link
  • See full diff in compare view

Updates toml from 3.0.0 to 4.1.1

Changelog

Sourced from toml's changelog.

4.1.1 - March 31 2026

  • Increase performance ~5x (#68)

4.1.0 - March 31 2026

  • Add spec v1.1.0 support (#67)

4.0.1 - March 31 2026

  • Minor packaging changes

4.0.0 - March 31 2026

  • Modernize tooling and support TOML v1.0.0 spec (#66)

2.3.0 - July 13 2015

  • Correctly handle quoted keys (#21)

2.2.3 - June 8 2015

  • Support empty inline tables (#24)
  • Do not allow implicit table definitions to replace value (#23)
  • Don't allow tables to replace inline tables (#25)

2.2.2 - April 3 2015

  • Correctly handle newlines at beginning of string (#22)

2.2.1 - March 17 2015

  • Parse dates generated by Date#toISOString() (#20)

2.2.0 - Feb 26 2015

  • Support TOML spec v0.4.0

2.1.0 - Jan 7 2015

... (truncated)

Commits

Updates cspell from 9.7.0 to 10.0.0

Release notes

Sourced from cspell's releases.

v10.0.0

Features

fix: upgrade import-fresh from v3 to v4 (#8786)

Summary

Upgrades import-fresh from v3 to v4.

API changes in v4

  • v3: Synchronous default export — importFresh(modulePath) returns the module directly
  • v4: Factory pattern — createImportFresh(parentURL) returns an async function; v4 is ESM-only and uses Node.js module loader hooks instead of manipulating the require cache

Changes

  • packages/cspell-lib/package.json: bump import-fresh to ^4.0.0; remove clear-module dependency (no longer needed since v4 uses module loader hooks instead of Node's require cache)
  • packages/cspell-lib/src/lib/Settings/Controller/pnpLoader.ts:
    • Import createImportFresh factory; call createImportFresh(pnpFileUrl) at use time inside loadPnp(), bound to the pnp file's own URL so each load is correctly scoped to the file being loaded
    • Make loadPnp and loadPnpIfNeeded async
    • Change cachedPnpImportsSynccachedPnpImports (now stores Promise<LoaderResult>)
    • Remove clearModule.single usage (v4 cache-busts via loader hooks; clearing the require cache is no longer applicable)
    • Pass a file URL (toFileUrl(pnpFile).href) to importFresh since v4 uses import() under the hood, which requires URLs or relative specifiers for absolute paths
    • Use optional chaining on the module's default export to handle edge cases
  • test-packages/cspell-lib/test-cspell-lib-rollup/package.json: bump import-fresh to ^4.0.0
  • test-packages/cspell-lib/test-cspell-lib-webpack/package.json: bump import-fresh to ^4.0.0

Testing

All 91 test files (1584 tests) pass, including the 10 dedicated pnpLoader tests.


feat!: Drop support for Node 20 (#8779)

Pull request overview

This PR updates the monorepo to require Node.js 22.18+ (dropping Node 20 support), aligning package engine constraints, CI matrices, and documentation with the new baseline.

Changes:

  • Bump engines.node across packages/test-packages to >=22.18.0 and update root @types/node to ^22.19.15.
  • Update CI workflows to test Node 22/24/25 and adjust integration update workflow to Node 22.
  • Remove eslint-plugin-n “unsupported node builtins” disables now that the minimum Node version includes those built-ins.

... (truncated)

Changelog

Sourced from cspell's changelog.

v10.0.0 (2026-04-06)

Features

fix: upgrade import-fresh from v3 to v4 (#8786)

Summary

Upgrades import-fresh from v3 to v4.

API changes in v4

  • v3: Synchronous default export — importFresh(modulePath) returns the module directly
  • v4: Factory pattern — createImportFresh(parentURL) returns an async function; v4 is ESM-only and uses Node.js module loader hooks instead of manipulating the require cache

Changes

  • packages/cspell-lib/package.json: bump import-fresh to ^4.0.0; remove clear-module dependency (no longer needed since v4 uses module loader hooks instead of Node's require cache)
  • packages/cspell-lib/src/lib/Settings/Controller/pnpLoader.ts:
    • Import createImportFresh factory; call createImportFresh(pnpFileUrl) at use time inside loadPnp(), bound to the pnp file's own URL so each load is correctly scoped to the file being loaded
    • Make loadPnp and loadPnpIfNeeded async
    • Change cachedPnpImportsSynccachedPnpImports (now stores Promise<LoaderResult>)
    • Remove clearModule.single usage (v4 cache-busts via loader hooks; clearing the require cache is no longer applicable)
    • Pass a file URL (toFileUrl(pnpFile).href) to importFresh since v4 uses import() under the hood, which requires URLs or relative specifiers for absolute paths
    • Use optional chaining on the module's default export to handle edge cases
  • test-packages/cspell-lib/test-cspell-lib-rollup/package.json: bump import-fresh to ^4.0.0
  • test-packages/cspell-lib/test-cspell-lib-webpack/package.json: bump import-fresh to ^4.0.0

Testing

All 91 test files (1584 tests) pass, including the 10 dedicated pnpLoader tests.


feat!: Drop support for Node 20 (#8779)

Pull request overview

This PR updates the monorepo to require Node.js 22.18+ (dropping Node 20 support), aligning package engine constraints, CI matrices, and documentation with the new baseline.

Changes:

... (truncated)

Commits

Updates eslint from 10.1.0 to 10.2.0

Release notes

Sourced from eslint's releases.

v10.2.0

Features

  • 586ec2f feat: Add meta.languages support to rules (#20571) (Copilot)
  • 14207de feat: add Temporal to no-obj-calls (#20675) (Pixel998)
  • bbb2c93 feat: add Temporal to ES2026 globals (#20672) (Pixel998)

Bug Fixes

  • 542cb3e fix: update first-party dependencies (#20714) (Francesco Trotta)

Documentation

  • a2af743 docs: add language to configuration objects (#20712) (Francesco Trotta)
  • 845f23f docs: Update README (GitHub Actions Bot)
  • 5fbcf59 docs: remove sourceType from ts playground link (#20477) (Tanuj Kanti)
  • 8702a47 docs: Update README (GitHub Actions Bot)
  • ddeaded docs: Update README (GitHub Actions Bot)
  • 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic)
  • eab65c7 docs: update eslint versions in examples (#20664) (루밀LuMir)
  • 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#20660) (Milos Djermanovic)

Chores

  • 8120e30 refactor: extract no unmodified loop condition (#20679) (kuldeep kumar)
  • 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697) (renovate[bot])
  • 01ed3aa test: add unit tests for unicode utilities (#20622) (Manish chaudhary)
  • 811f493 ci: remove --legacy-peer-deps from types integration tests (#20667) (Milos Djermanovic)
  • 6b86fcf chore: update dependency npm-run-all2 to v8 (#20663) (renovate[bot])
  • 632c4f8 chore: add prettier update commit to .git-blame-ignore-revs (#20662) (루밀LuMir)
  • b0b0f21 chore: update dependency eslint-plugin-regexp to ^3.1.0 (#20659) (Milos Djermanovic)
  • 228a2dd chore: update dependency eslint-plugin-eslint-plugin to ^7.3.2 (#20661) (Milos Djermanovic)
  • 3ab4d7e test: Add tests for eslintrc-style keys (#20645) (kuldeep kumar)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm-deps group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [dotenv](https://github.com/motdotla/dotenv) | `17.3.1` | `17.4.1` |
| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.3.1` | `8.3.2` |
| [toml](https://github.com/BinaryMuse/toml-node) | `3.0.0` | `4.1.1` |
| [cspell](https://github.com/streetsidesoftware/cspell/tree/HEAD/packages/cspell) | `9.7.0` | `10.0.0` |
| [eslint](https://github.com/eslint/eslint) | `10.1.0` | `10.2.0` |


Updates `dotenv` from 17.3.1 to 17.4.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.3.1...v17.4.1)

Updates `express-rate-limit` from 8.3.1 to 8.3.2
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](express-rate-limit/express-rate-limit@v8.3.1...v8.3.2)

Updates `toml` from 3.0.0 to 4.1.1
- [Changelog](https://github.com/BinaryMuse/toml-node/blob/master/CHANGELOG.md)
- [Commits](BinaryMuse/toml-node@v3.0.0...v4.1.1)

Updates `cspell` from 9.7.0 to 10.0.0
- [Release notes](https://github.com/streetsidesoftware/cspell/releases)
- [Changelog](https://github.com/streetsidesoftware/cspell/blob/main/packages/cspell/CHANGELOG.md)
- [Commits](https://github.com/streetsidesoftware/cspell/commits/v10.0.0/packages/cspell)

Updates `eslint` from 10.1.0 to 10.2.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.1.0...v10.2.0)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: express-rate-limit
  dependency-version: 8.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: toml
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm-deps
- dependency-name: cspell
  dependency-version: 10.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-deps
- dependency-name: eslint
  dependency-version: 10.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 6, 2026
@dependabot dependabot Bot requested a review from collinmcneese as a code owner April 6, 2026 07:43
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 6, 2026

@collinmcneese collinmcneese left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved

@collinmcneese collinmcneese merged commit 5ecefcd into main Apr 6, 2026
6 of 7 checks passed
@collinmcneese collinmcneese deleted the dependabot/npm_and_yarn/npm-deps-368568f010 branch April 6, 2026 12:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant