chore(deps): bump the npm group across 1 directory with 9 updates

[dependabot]

Bumps the npm group with 8 updates in the / directory:

Package	From	To
commander	14.0.3	15.0.0
js-yaml	4.1.1	5.0.0
@anthropic-ai/sdk	0.98.0	0.105.0
@types/node	25.9.1	26.0.0
@vitest/coverage-v8	4.1.7	4.1.9
eslint	10.4.0	10.5.0
openai	6.39.0	6.44.0
typescript-eslint	8.60.0	8.61.1

Updates commander from 14.0.3 to 15.0.0

Release notes

Sourced from commander's releases.

v15.0.0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

Changed

• Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
• Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
• dev: switch tests from Jest to node:test test runner (#2463)

Deleted

• Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

v15.0.0-0

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 in May 2026 will move Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

... (truncated)

Changelog

Sourced from commander's changelog.

[15.0.0] (2026-05-29)

Commander 15 is ESM only. This is expected to be seamless for ESM consumers, but some CommonJS consumers may hit issues with tooling requiring configuration for ESM-only dependencies. See Migration Tips below.

The release of Commander 15 moves Commander 14 into maintenance. Commander 14 will get security updates for 12 months (to May 2027). For more info see Release Policy.

Added

• show excess command-arguments in error message (#2384)

Fixed

• Breaking: only lone --no-* option sets default option value to true, default not implicitly set when define both positive and negative option in either order (#2405)
• update example to use compatible character for MINGW64 (#2475)

Changed

• Breaking: migrated Commander implementation from CommonJS to ESM (#2464)
• Breaking: Commander 15 requires Node.js v22.12.0 or higher (for require(esm)).
• dev: switch tests from Jest to node:test test runner (#2463)

Deleted

• Breaking: removed deprecated export of commander/esm.mjs (#2464)

Migration Tips

Commander 15 is ESM only, but this does not mean you need to migrate to ESM to use it. Importing ESM from CommonJS is supported by Node.js, and Bun, and Deno. Hopefully it Just Works for you! However, you may be using a different runtime or some other part of your setup that may not yet natively support importing ESM from CommonJS, such as your testing framework or bundler.

If you have problems using Commander 15 in your environment, one option is stay on Commander 14 for now. Commander 14 will get security updates until May 2027 and things will hopefully improve for your setup in the meantime.

[15.0.0-0] (2026-02-22)

(Released as 15.0.0)

Commits

• ba6d13d Fix release dates in changelog (#2523)
• a752ed9 Pin GitHub actions with hash (#2521)
• 74d5dfe Drop EOL node 20 from test matrix, and add node 26 (#2520)
• 6df9b68 Update details for 15.0.0 release (#2519)
• 01ce5d0 Remove jest esm examples (#2517)
• d785d8b Update dependencies (#2518)
• 9098b48 Update dependencies (#2506)
• 373f660 Use node:util stripVTControlCharacters instead of own code (#2486)
• 987f289 Use simple match in test (to avoid warning about expensive regex) (#2485)
• 0ea3bb3 Update dependecies and lint (#2489)
• Additional commits viewable in compare view

Updates js-yaml from 4.1.1 to 5.0.0

Changelog

Sourced from js-yaml's changelog.

[5.0.0] - 2026-06-20

Added

• Added named exports for schemas, tags, parser events and AST utilities.
• Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
• Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
• Added dump() transform option for changing the generated AST before rendering.
• Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
• Added formal data layers (events and AST) for modular data pipelines.
  • Added low-level parser (to events), presenter and visitor APIs.
• Added the YAML Test Suite to the test set.

Changed

• See the migration guide for upgrade notes.
• Rewritten in TypeScript and reorganized the public API around flat named exports.
• Reduced the set of exported schemas:
  • YAML 1.2 schemas: CORE_SCHEMA (loader default), JSON_SCHEMA, FAILSAFE_SCHEMA.
  • YAML11_SCHEMA, a combination of all YAML 1.1 tags (YAML 1.1 does not specify a schema, only "types").
• load/dump default behaviour is now specified exactly via schemas:
  • load uses CORE_SCHEMA, without !!merge by default.
  • dump uses YAML11_SCHEMA + CORE_SCHEMA for the quoting check, to guarantee backward compatibility by default.
• !!set is now loaded as a JavaScript Set.
• Replaced the Type API with a tags API. Similar, but more precise and simpler. See examples for details. Tags can be defined via defineScalarTag(), defineSequenceTag() and defineMappingTag(), or as a spread + override of an existing tag.
• Renamed Schema.extend() to Schema.withTags().
• Expanded YAML 1.2 conformance and improved handling of directives, document markers, block keys, multiline scalars, tag syntax and other things.
• load() now throws on empty input instead of returning undefined.
• Moved browser builds to the js-yaml/browser export.
• Deprecated the loadAll signature with an iterator (still works, but is a candidate for removal).

Removed

• Removed deprecated safeLoad(), safeLoadAll() and safeDump() exports.
• Removed DEFAULT_SCHEMA and the nested types export.
• Removed loader options onWarning, legacy and listener.
• Removed dumper options styles, replacer, noCompatMode, condenseFlow, quotingType and forceQuotes. Renamed noArrayIndent to seqNoIndent. Formatting and representation are now configured through presenter options,

... (truncated)

Commits

• 75148bc 5.0.0 released
• 704b25d Quote document markers followed by whitespace
• 42dea28 Support complex !!pairs keys with realMapTag
• 6cf374e Fix dumping strings that collide with YAML markers
• 65b8d94 Clarify !!omap/!!pairs support
• 33e3640 Move tagname helpers to common/ and remove unused exports
• 4dd582b Cleanup export types
• 39b3792 Add types export
• 0cd01e9 docs: update for v5
• c5a61a4 Fix presenter coverage
• Additional commits viewable in compare view

Updates @anthropic-ai/sdk from 0.98.0 to 0.105.0

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.105.0

0.105.0 (2026-06-18)

Full Changelog: sdk-v0.104.2...sdk-v0.105.0

Features

• api: add support for new code_execution_20260120 tool (8dc2b54)
• stream: lazily parse partial tool json input (#99) (e55ceee)

Chores

• internal/deps: bump swc to 1.15.40 (#97) (a1d4d75)
• internal: use are the types wrong directly (#94) (3d362af)
• tests: stop using deprecated models (#98) (65ae1af)

sdk: v0.104.2

0.104.2 (2026-06-15)

Full Changelog: sdk-v0.104.1...sdk-v0.104.2

Chores

• api: remove retired models from API and SDKs (a942876)

sdk: v0.104.1

0.104.1 (2026-06-09)

Full Changelog: sdk-v0.104.0...sdk-v0.104.1

Bug Fixes

• api: add frontier_llm refusal category (465e686)

sdk: v0.104.0

0.104.0 (2026-06-09)

Full Changelog: sdk-v0.103.0...sdk-v0.104.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (d01e38b)

sdk: v0.103.0

0.103.0 (2026-06-09)

Full Changelog: sdk-v0.102.0...sdk-v0.103.0

Features

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.105.0 (2026-06-18)

Full Changelog: sdk-v0.104.2...sdk-v0.105.0

Features

• api: add support for new code_execution_20260120 tool (8dc2b54)
• stream: lazily parse partial tool json input (#99) (e55ceee)

Chores

• internal/deps: bump swc to 1.15.40 (#97) (a1d4d75)
• internal: use are the types wrong directly (#94) (3d362af)
• tests: stop using deprecated models (#98) (65ae1af)

0.104.2 (2026-06-15)

Full Changelog: sdk-v0.104.1...sdk-v0.104.2

Chores

• api: remove retired models from API and SDKs (a942876)

0.104.1 (2026-06-09)

Full Changelog: sdk-v0.104.0...sdk-v0.104.1

Bug Fixes

• api: add frontier_llm refusal category (465e686)

0.104.0 (2026-06-09)

Full Changelog: sdk-v0.103.0...sdk-v0.104.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (d01e38b)

0.103.0 (2026-06-09)

Full Changelog: sdk-v0.102.0...sdk-v0.103.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (cc337f7)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (cc337f7)
• middleware: add ctx.logger (#55) (edd1454)

... (truncated)

Commits

• ab700dc chore: release main
• a322517 feat(api): add support for new code_execution_20260120 tool
• 65a0106 feat(stream): lazily parse partial tool json input (#99)
• 384ab51 chore(tests): stop using deprecated models (#98)
• a49a191 chore(internal/deps): bump swc to 1.15.40 (#97)
• 7ac63f3 chore(internal): use are the types wrong directly (#94)
• fbee0d1 chore: release main
• e984ba4 chore(api): remove retired models from API and SDKs
• 9a0442d chore: release main
• 1ccd401 fix(api): add frontier_llm refusal category
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​anthropic-ai/sdk since your current version.

Updates @types/node from 25.9.1 to 26.0.0

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.7 to 4.1.9

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.9

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• a7a61e7 chore: release v4.1.9 (#10598)
• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Updates eslint from 10.4.0 to 10.5.0

Release notes

Sourced from eslint's releases.

v10.5.0

Features

• 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
• b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
• 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
• 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
• f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
• bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
• c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

• 8ae1b5b docs: Update README (GitHub Actions Bot)
• ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)
• f99b47a docs: Update README (GitHub Actions Bot)
• acf03d4 docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)

Chores

• b18bf58 chore: update ecosystem plugins (#20959) (ESLint Bot)
• c2d1444 refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)
• 243b8c5 chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)
• 217b2a9 test: add unit tests for ParserService (#20949) (Taejin Kim)
• 72003e7 test: add location information to error messages in max-statements (#20945) (lumir)
• 7797c26 refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)
• 67c46fa chore: update ecosystem plugins (#20938) (ESLint Bot)
• 95d8c7a chore: update dependency @​eslint/json to v2 (#20934) (renovate[bot])
• cf9e496 chore: update @​arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)
• fb6d396 test: run type tests with TypeScript 7 (#20868) (sethamus)

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)

... (truncated)

Commits

• de3b672 10.5.0
• 362a518 Build: changelog update for 10.5.0
• 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973)
• b565783 feat: report no-with violations at the with keyword (#20971)
• 2ce032f feat: report max-lines-per-function violations at function head (#20966)
• 732cb3e feat: report max-nested-callbacks violations at function head (#20967)
• f9c138a feat: report max-depth violations on keywords (#20943)
• 8ae1b5b docs: Update README
• ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962)
• b18bf58 chore: update ecosystem plugins (#20959)
• Additional commits viewable in compare view

Updates openai from 6.39.0 to 6.44.0

Release notes

Sourced from openai's releases.

v6.44.0

6.44.0 (2026-06-17)

Full Changelog: v6.43.0...v6.44.0

Features

• api: update OpenAPI spec or Stainless config (d05bdbc)

v6.43.0

6.43.0 (2026-06-16)

Full Changelog: v6.42.0...v6.43.0

Bug Fixes

• fix TS to use main (dc5078b)
• restore pnpm repo configuration on next (c2575d6)

Chores

• Convert repository to pnpm (#1934) (fbf80f3)
• sync repo (34be1be)
• Update default branch references to main (#1920) (5436f42)

Build System

• remove scheduled release (#1936) (0c92f62)

v6.42.0

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

• api: responses.moderation and chat_completions.moderation (6d8f592)

v6.41.0

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

• api: Add Amazon Bedrock Responses support (#1899) (535b045)

v6.40.0

... (truncated)

Changelog

Sourced from openai's changelog.

6.44.0 (2026-06-17)

Full Changelog: v6.43.0...v6.44.0

Features

• api: update OpenAPI spec or Stainless config (d05bdbc)

6.43.0 (2026-06-16)

Full Changelog: v6.42.0...v6.43.0

Bug Fixes

• fix TS to use main (dc5078b)
• restore pnpm repo configuration on next (c2575d6)

Chores

• Convert repository to pnpm (#1934) (fbf80f3)
• sync repo (34be1be)
• Update default branch references to main (#1920) (5436f42)

Build System

• remove scheduled release (#1936) (0c92f62)

6.42.0 (2026-06-03)

Full Changelog: v6.41.0...v6.42.0

Features

• api: responses.moderation and chat_completions.moderation (6d8f592)

6.41.0 (2026-06-01)

Full Changelog: v6.40.0...v6.41.0

Features

• api: Add Amazon Bedrock Responses support (#1899) (535b045)

6.40.0 (2026-06-01)

Full Changelog: v6.39.1...v6.40.0

Features

... (truncated)

Commits

• e1bd0c2 release: 6.44.0
• ede3e38 feat(api): update OpenAPI spec or Stainless config
• 503cfc2 release: 6.43.0
• fd04fab fix: restore pnpm repo configuration on next
• 0096df7 fix: fix TS to use main
• ba8ff4d chore: sync repo
• fbf80f3 chore: Convert repository to pnpm (#1934)
• 879f325 test: Update CI Node version coverage (#1935)
• f2e0abd test: Use CI environment for OpenAI API key workflows (#1937)
• 0c92f62 build: remove scheduled release (#1936)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.60.0 to 8.61.1

Release notes

Sourced from typescript-eslint's releases.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

• eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
• eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
• eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
• eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

• Anas @​anasm266
• Deftera @​Deftera186
• Kirk Waiblinger @​kirkwaiblinger
• lumir
• Sarath Francis @​sarathfrancis90

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)
• ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

🩹 Fixes

• rule-schema-to-typescript-types: respect ECMAScript line terminators (#12374)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.61.1 (2026-06-15)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.0 (2026-06-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.60.1 (2026-06-01)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• aaad718 chore(release): publish 8.61.1
• 16a5b24 chore(release): publish 8.61.0
• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• See full diff in compare view

Updates vitest from 4.1.7 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• a7a61e7 chore: release v4.1.9 (#10598)
• 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
• 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
• a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​anthropic-ai/​sdk@​0.98.0 ⏵ 0.105.0			+1	+1
	typescript-eslint@​8.60.0 ⏵ 8.61.1
	openai@​6.39.0 ⏵ 6.44.0	+9		+1
	vitest@​4.1.7 ⏵ 4.1.9	+1		+1
	@​vitest/​coverage-v8@​4.1.7 ⏵ 4.1.9
	@​types/​node@​25.9.1 ⏵ 26.0.0				+1
	commander@​14.0.3 ⏵ 15.0.0	+1
	js-yaml@​4.1.1 ⏵ 5.0.0		+2		-1
	eslint@​10.4.0 ⏵ 10.5.0	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/vitest@4.1.9 → npm/@emnapi/runtime@1.11.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/typescript-eslint@8.61.1 → npm/@typescript-eslint/eslint-plugin@8.61.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.61.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report