build(deps-dev): bump the dev-deps group across 1 directory with 8 updates

[dependabot]

Bumps the dev-deps group with 8 updates in the / directory:

Package	From	To
@eslint/eslintrc	3.3.3	3.3.5
@typescript-eslint/eslint-plugin	8.53.1	8.58.1
@typescript-eslint/parser	8.53.1	8.58.1
cypress	15.9.0	15.13.1
dotenv	17.2.3	17.4.2
lint-staged	16.2.7	16.4.0
prettier	3.8.1	3.8.2
vitest	4.0.17	4.1.4

Updates @eslint/eslintrc from 3.3.3 to 3.3.5

Release notes

Sourced from @​eslint/eslintrc's releases.

eslintrc: v3.3.5

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

eslintrc: v3.3.4

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Changelog

Sourced from @​eslint/eslintrc's changelog.

3.3.5 (2026-03-04)

Bug Fixes

• update dependency minimatch to ^3.1.5 (#227) (3dc2381)

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Commits

• 5135df1 chore: release 3.3.5 🚀 (#228)
• c109d69 docs: Update README sponsors
• 3dc2381 fix: update dependency minimatch to ^3.1.5 (#227)
• 81385b6 ci: pin Node.js 25.6.1 (#226)
• 4c45e24 chore: release 3.3.4 🚀 (#223)
• 30339d0 fix: update minimatch to 3.1.3 to address security vulnerabilities (#224)
• 9139140 fix: update ajv to 6.14.0 to address security vulnerabilities (#221)
• 245ada5 docs: Update README sponsors
• 78b1a0e docs: Update README sponsors
• df32fff docs: Update README sponsors
• Additional commits viewable in compare view

Updates @typescript-eslint/eslint-plugin from 8.53.1 to 8.58.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

• eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

• MinJae @​Ju-MINJAE

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.58.1 (2026-04-08)

🩹 Fixes

• eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

• MinJae @​Ju-MINJAE

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#11954)
• eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#12127)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)

❤️ Thank You

... (truncated)

Commits

• 5311ed3 chore(release): publish 8.58.1
• c3f8ed5 fix(eslint-plugin): [no-unused-vars] fix false negative for type predicate pa...
• e372a66 Revert: feat(eslint-plugin): [no-unnecessary-type-arguments] report inferred ...
• 4933417 chore(release): publish 8.58.0
• 5a9bd36 fix(eslint-plugin): [prefer-regexp-exec] avoid fixing unknown RegExp flags (#...
• edb90eb fix(eslint-plugin): [no-extraneous-class] handle index signatures (#12142)
• 8cde2d0 feat: support TypeScript 6 (#12124)
• 1bf86c9 fix(eslint-plugin): crash in no-unnecessary-type-arguments (#12163)
• e9cc25a docs(eslint-plugin): fix typo (#12155)
• be4d54d chore(release): publish 8.57.2
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.53.1 to 8.58.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

• eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

• MinJae @​Ju-MINJAE

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.1 (2026-04-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

... (truncated)

Commits

• 5311ed3 chore(release): publish 8.58.1
• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• be4d54d chore(release): publish 8.57.2
• c7c38aa chore(release): publish 8.57.1
• 2c6aeee chore(release): publish 8.57.0
• f696dad chore: use pnpm catalog (#12047)
• a09921e chore: update vitest to 4.x (#12071)
• 96a04a9 chore(release): publish 8.56.1
• 8b8b68f chore(release): publish 8.56.0
• Additional commits viewable in compare view

Updates cypress from 15.9.0 to 15.13.1

Release notes

Sourced from cypress's releases.

v15.13.1

Changelog: https://docs.cypress.io/app/references/changelog#15-13-1

v15.13.0

Changelog: https://docs.cypress.io/app/references/changelog#15-13-0

v15.12.0

Changelog: https://docs.cypress.io/app/references/changelog#15-12-0

v15.11.0

Changelog: https://docs.cypress.io/app/references/changelog#15-11-0

v15.10.0

Changelog: https://docs.cypress.io/app/references/changelog#15-10-0

Commits

• ab60822 chore: release cypress app 15.3.1 (#33571)
• 5fa0657 chore(deps): update dependency cypress-example-kitchensink to 6.0.0 (#33549)
• 0ff43c1 chore(npm/react): migrate to @​packages/eslint-config (#33426)
• 44fd8b9 perf: skip git status and git log calls in run mode (#33552)
• 80e20d2 chore: Update v8 snapshot cache - darwin (#33557)
• 532979a chore: updating v8 snapshot cache (#33562)
• 58bbebc chore(deps): update actions/setup-node action to v5 (#33544)
• d6114cb chore: updating v8 snapshot cache (#33547)
• 2844171 dependency: Upgrade node-forge to ^1.4.0 (#33546)
• 60325bb fix: reject cy.intercept delay values >= 2^31 (#33377)
• Additional commits viewable in compare view

Updates dotenv from 17.2.3 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

• Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

• Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

• Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates lint-staged from 16.2.7 to 16.4.0

Release notes

Sourced from lint-staged's releases.

v16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

v16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Changelog

Sourced from lint-staged's changelog.

16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Commits

• 445f9dd chore(changeset): release
• d91be60 docs: update readme to use picomatch
• b392a9f refactor: extract matchFiles and add unit tests
• 687fc90 refactor: replace micromatch with picomatch
• 26dadf9 chore(changeset): release
• 9d6e827 build(deps): update dependencies
• 8aea986 chore(changeset): release
• 0109e8d fix: strip Git CRLF warning from output
• dfd6a7a chore(changeset): release
• 2adaf6c fix(Windows): do not spawn tasks as detached since it opens a cmd window on ...
• Additional commits viewable in compare view

Updates prettier from 3.8.1 to 3.8.2

Release notes

Sourced from prettier's releases.

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.1 -->
@​let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.2 -->
@​let fn = (a) => (a ? 1 : 2);
{{ fn(a instanceof b) }}

Commits

• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• 881360b Support default never in Angular v21.2 (#19034)
• 07d6724 Bump Prettier dependency to 3.8.1
• 8b4a53a Clean changelog_unreleased
• See full diff in compare view

Updates vitest from 4.0.17 to 4.1.4

Release notes

Sourced from vitest's releases.

v4.1.4

   🚀 Experimental Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in vitest-dev/vitest#10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in vitest-dev/vitest#10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in vitest-dev/vitest#9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in vitest-dev/vitest#10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)
• Do not hoist imports whose names match class properties .  -  by @​SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)
• browser: Spread user server options into browser Vite server in project  -  by @​GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

• Add experimental.preParse flag  -  by @​sheremet-va in vitest-dev/vitest#10070 (78273)
• Support browser.locators.exact option  -  by @​sheremet-va in vitest-dev/vitest#10013 (48799)
• Add TestAttachment.bodyEncoding  -  by @​hi-ogawa in vitest-dev/vitest#9969 (89ca0)
• Support custom snapshot matcher  -  by @​hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

   🐞 Bug Fixes

• Advance fake timers with expect.poll interval  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10022 (3f5bf)
• Add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional dependency  -  by @​alan-agius4 in vitest-dev/vitest#10025 (146d4)
• Fix defineHelper for webkit async stack trace + update playwright 1.59.0  -  by @​hi-ogawa in vitest-dev/vitest#10036 (5a5fa)
• Fix suite hook throwing errors for unused auto test-scoped fixture  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10035 (39865)
• expect:
  • Remove JestExtendError.context from verbose error reporting  -  by @​hi-ogawa in vitest-dev/vitest#9983 (66751)
  • Don't leak "runner" types  -  by @​sheremet-va in vitest-dev/vitest#10004 (ec204)
• snapshot:
  • Fix flagging obsolete snapshots for snapshot properties mismatch  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#9986 (6b869)
  • Export custom snapshot matcher helper from vitest  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10042 (691d3)
• ui:
  • Don't leak vite types  -  by @​sheremet-va in vitest-dev/vitest#10005 (fdff1)
• vm:
  • Fix external module resolve error with deps optimizer query  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10024 (9dbf4)

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits

• ac04bac chore: release v4.1.4
• 82c858d chore: Remove no-op function in plugin config logic (#8501)
• d4fbb5c feat(experimental): support aria snapshot (#9668)
• b77de96 feat(reporter): add filterMeta option to json reporter (#10078)
• a120e3a feat(experimental): expose assertion as a public field (#10095)
• 5375780 feat(coverage): default to text reporter skipFull if agent detected (#10018)
• a1b5f0f fix: make expect(..., message) consistent as error message prefix (#10068)
• 203f07a fix: use "black" foreground for labeled terminal message to ensure contrast (...
• 2dc0d62 chore: release v4.1.3
• 7827363 feat: add experimental.preParse flag (#10070)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
tools	Ready	Preview, Comment	Apr 13, 2026 8:19am