Skip to content

chore(deps-dev): bump the development-dependencies group with 8 updates#174

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-7d0319908a
Closed

chore(deps-dev): bump the development-dependencies group with 8 updates#174
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-7d0319908a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-dependencies group with 8 updates:

Package From To
@cloudflare/workers-types 4.20260621.1 4.20260629.1
@types/node 25.9.4 26.0.1
@typescript/native-preview 7.0.0-dev.20260613.1 7.0.0-dev.20260629.1
oxfmt 0.54.0 0.56.0
oxlint 1.70.0 1.71.0
rolldown 1.1.2 1.1.3
turbo 2.9.18 2.10.0
vite 7.3.5 8.1.0

Updates @cloudflare/workers-types from 4.20260621.1 to 4.20260629.1

Commits

Updates @types/node from 25.9.4 to 26.0.1

Commits

Updates @typescript/native-preview from 7.0.0-dev.20260613.1 to 7.0.0-dev.20260629.1

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for @​typescript/native-preview since your current version.


Updates oxfmt from 0.54.0 to 0.56.0

Changelog

Sourced from oxfmt's changelog.

Changelog

All notable changes to this package will be documented in this file.

The format is based on Keep a Changelog.

[0.55.0] - 2026-06-15

🚀 Features

  • 9a2788b linter/unicorn: Implement prefer-export-from rule (#22935) (AliceLanniste)
Commits

Updates oxlint from 1.70.0 to 1.71.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

  • 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
  • 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
  • bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
  • 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
  • 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
  • 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
  • ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

  • 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
  • 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
  • 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
  • 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
  • a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
  • ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
  • 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
  • ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
  • e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
  • 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
  • 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
  • fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
  • ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
  • dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
  • 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
  • cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

  • 25d577e language_server: Start tools in parallel (#15500) (Sysix)
  • 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
  • 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
  • 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
  • 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
  • 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

  • 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
  • 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
  • a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
  • 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
  • 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
  • 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.71.0] - 2026-06-22

🚀 Features

  • 0dc2405 linter: Add schema for eslint/no-restricted-properties (#23619) (Sysix)
  • b638d0e linter: Add schema for node/callback-return (#23615) (Sysix)
  • eb8bedc linter: Add schema for import/extensions (#23557) (WaterWhisperer)
  • 46f3625 linter: Implement node/no-sync rule (#23589) (fujitani sora)
  • b01739a linter: Add schema for unicorn/numeric-separators-style (#23554) (Mikhail Baev)
  • 68afd2a linter/node: Implement no-mixed-requires rule (#23539) (fujitani sora)
  • a421215 linter: Add schema for eslint/prefer-destructuring (#23410) (WaterWhisperer)
  • 84438be linter/jsdoc: Added missing options to require-param-description (#23416) (kapobajza)
  • 51910df linter/jsdoc: Add missing options to require-param-type rule (#23418) (kapobajza)
  • e90925f linter/unicorn: Implement prefer-number-coercion rule (#23497) (Shekhu☺️)
  • dd1c866 linter/vue: Implement no-async-in-computed-properties rule (#23493) (bab)
  • b02444e linter: Add schema for react/jsx-no-script-url (#23475) (WaterWhisperer)
  • a8dce46 linter/unicorn: Implement max-nested-calls rule (#23461) (arieleli01212)

🐛 Bug Fixes

  • a303c23 linter/jsx-a11y: Align anchor-is-valid config with upstream (#23446) (camc314)

📚 Documentation

  • b50bf4d linter: Remove manually written options doc for eslint/arrow-body-style (#23490) (Mikhail Baev)
Commits
  • c4be770 release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (#23707)
  • 0dc2405 feat(linter): add schema for eslint/no-restricted-properties (#23619)
  • b638d0e feat(linter): add schema for node/callback-return (#23615)
  • 6d355ab refactor(linter): remove number_as_object_schema helper (#23614)
  • eb8bedc feat(linter): add schema for import/extensions (#23557)
  • 46f3625 feat(linter): implement node/no-sync rule (#23589)
  • 953c7b3 refactor(linter): make unicorn/numeric-separators-style options u32 (#23558)
  • b01739a feat(linter): add schema for unicorn/numeric-separators-style (#23554)
  • 68afd2a feat(linter/node): implement no-mixed-requires rule (#23539)
  • b08e9f5 refactor(linter): re-enable schema for `jsx_a11y/no-noninteractive-element-in...
  • Additional commits viewable in compare view

Updates rolldown from 1.1.2 to 1.1.3

Release notes

Sourced from rolldown's releases.

v1.1.3

[1.1.3] - 2026-06-24

🐛 Bug Fixes

🚜 Refactor

📚 Documentation

⚡ Performance

  • utils: avoid allocation in default_sanitize_file_name for clean names (#9928) by @​Boshen
  • binding: box once-per-build futures before spawn_future (#9864) by @​Boshen
  • utils: avoid wasted allocation in legitimize_identifier_name (#9926) by @​Boshen
  • rolldown: fuse the canonical-name dedup and insert in the renamer (#9900) by @​Boshen
  • rolldown: probe the name map once in ConflictResolver::resolve (#9899) by @​Boshen
  • cut two heap allocations from wrapped ESM init finalize (#9901) by @​Boshen
  • rolldown_plugin_vite_reporter: hoist invariant out_dir prefix out of reporter loop (#9873) by @​shulaoda
  • drop throwaway Vec in wrapped esm init stmt (#9878) by @​shulaoda
  • borrow owner_filename in build-import-analysis AddDeps (#9874) by @​shulaoda

🧪 Testing

⚙️ Miscellaneous Tasks

... (truncated)

Changelog

Sourced from rolldown's changelog.

[1.1.3] - 2026-06-24

🐛 Bug Fixes

🚜 Refactor

📚 Documentation

⚡ Performance

  • utils: avoid allocation in default_sanitize_file_name for clean names (#9928) by @​Boshen
  • binding: box once-per-build futures before spawn_future (#9864) by @​Boshen
  • utils: avoid wasted allocation in legitimize_identifier_name (#9926) by @​Boshen
  • rolldown: fuse the canonical-name dedup and insert in the renamer (#9900) by @​Boshen
  • rolldown: probe the name map once in ConflictResolver::resolve (#9899) by @​Boshen
  • cut two heap allocations from wrapped ESM init finalize (#9901) by @​Boshen
  • rolldown_plugin_vite_reporter: hoist invariant out_dir prefix out of reporter loop (#9873) by @​shulaoda
  • drop throwaway Vec in wrapped esm init stmt (#9878) by @​shulaoda
  • borrow owner_filename in build-import-analysis AddDeps (#9874) by @​shulaoda

🧪 Testing

⚙️ Miscellaneous Tasks

... (truncated)

Commits
  • e77f7c7 release: v1.1.3 (#9958)
  • 3fb2310 fix(camel-case): correct camel case for nested values (#9933)
  • 2f66847 fix(cli): display --help options in camelCase (#9941)
  • 9f960eb fix(watch): make close reentrant in event callbacks (#9904)
  • 8cbf3ff chore(rolldown_plugin_vite_build_import_analysis): remove unused v2 code path...
  • 828bfef fix: git for windows treats symlink files as regular files (#9915)
  • 4ca8e87 chore(rolldown_plugin_vite_manifest): remove unused is_enable_v2 code path (#...
  • 632c59e fix(chunking): pass plugin meta to codeSplitting groups name function (#9267)
  • 752820d fix(dev): serve assets emitted during HMR/lazy compile (vite#22596) (#9815)
  • dfe43a6 fix(release): dry-run step no longer publishes binding packages (#9866)
  • See full diff in compare view

Updates turbo from 2.9.18 to 2.10.0

Release notes

Sourced from turbo's releases.

Turborepo v2.10.0

What's Changed

create-turbo

@​turbo/codemod

eslint

@​turbo/repository

@​turbo/telemetry

Examples

Changelog

... (truncated)

Commits
  • 12fb0d9 publish 2.10.0 to registry
  • a12323b release(turborepo): 2.9.19-canary.10 (#13130)
  • 65175fe fix: Hash selected dependency outputs instead of tasks (#13129)
  • 5ba8917 fix: Improve watch graceful shutdown (#13128)
  • 75ee2cc chore: Update to Rust 1.96.0 (#12974)
  • 6dccf5a fix: Restart deferred hash consumers in watch (#13127)
  • 4ebb50f feat: Add deferred hashing for task inputs (#13125)
  • 517e1a5 docs: Fix stderr debugging guidance (#13122)
  • 0220b35 fix: Respect task inputs when stopping interruptible persistent tasks in watc...
  • 6988692 fix: Add ComSpec and PATHEXT to default Windows env passthrough (#13114)
  • Additional commits viewable in compare view

Updates vite from 7.3.5 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

Bug Fixes

  • bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
  • cache falsy values in perEnvironmentState (#22715) (0e91e79)
  • glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
  • html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
  • optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
  • resolved build options should be kept as a getter (#22691) (3527191)
  • server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
  • use literal envPrefix queries for Vite Task (#22706) (da72733)
  • warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

8.1.0-beta.0 (2026-06-15)

Features

  • import.meta.glob support caseSensitive option (#21707) (2ad6737)
  • add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
  • build: chunk importmap (#21580) (e180312)
  • css: support lightningcss plugin dependency (#21748) (0b7aaed)
  • deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
  • html: add html.additionalAssetSources option (#21412) (a41404b)
  • integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
  • rename server.hmr options to server.ws options (#21357) (9ce3036)
  • server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
  • track dependencies when loading config with native (#22602) (a7e2da8)
  • types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
  • update rolldown to 1.1.1 (#22593) (8a13d63)
  • wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

  • apply correct fs restrictions for pnpm gvs (#22415) (092320b)
  • css: support external CSS with lightningcss (#18389) (d64a1a5)
  • deps: update all non-major dependencies (#22637) (44bb9d9)
  • deps: update all non-major dependencies (#22681) (f4f0633)
  • html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
  • optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the development-dependencies group with 8 updates
191d85d 
Bumps the development-dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@cloudflare/workers-types](https://github.com/cloudflare/workerd) | `4.20260621.1` | `4.20260629.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.4` | `26.0.1` |
| [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260613.1` | `7.0.0-dev.20260629.1` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.54.0` | `0.56.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.70.0` | `1.71.0` |
| [rolldown](https://github.com/rolldown/rolldown/tree/HEAD/packages/rolldown) | `1.1.2` | `1.1.3` |
| [turbo](https://github.com/vercel/turborepo) | `2.9.18` | `2.10.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.5` | `8.1.0` |


Updates `@cloudflare/workers-types` from 4.20260621.1 to 4.20260629.1
- [Release notes](https://github.com/cloudflare/workerd/releases)
- [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md)
- [Commits](https://github.com/cloudflare/workerd/commits)

Updates `@types/node` from 25.9.4 to 26.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript/native-preview` from 7.0.0-dev.20260613.1 to 7.0.0-dev.20260629.1
- [Changelog](https://github.com/microsoft/typescript-go/blob/main/CHANGES.md)
- [Commits](https://github.com/microsoft/typescript-go/commits)

Updates `oxfmt` from 0.54.0 to 0.56.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.56.0/npm/oxfmt)

Updates `oxlint` from 1.70.0 to 1.71.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.71.0/npm/oxlint)

Updates `rolldown` from 1.1.2 to 1.1.3
- [Release notes](https://github.com/rolldown/rolldown/releases)
- [Changelog](https://github.com/rolldown/rolldown/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rolldown/rolldown/commits/v1.1.3/packages/rolldown)

Updates `turbo` from 2.9.18 to 2.10.0
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.9.18...v2.10.0)

Updates `vite` from 7.3.5 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

---
updated-dependencies:
- dependency-name: "@cloudflare/workers-types"
  dependency-version: 4.20260629.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@types/node"
  dependency-version: 26.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: "@typescript/native-preview"
  dependency-version: 7.0.0-dev.20260629.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: oxfmt
  dependency-version: 0.56.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: oxlint
  dependency-version: 1.71.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: rolldown
  dependency-version: 1.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: turbo
  dependency-version: 2.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@greptile-apps

greptile-apps Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

PR author is in the excluded authors list.

@socket-security

socket-security Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedoxfmt@​0.56.0691008996100
Added@​cloudflare/​workers-types@​4.20260629.176100100100100
Addedrolldown@​1.1.3951007899100
Added@​types/​node@​26.0.11001008196100
Added@​typescript/​native-preview@​7.0.0-dev.20260629.110010082100100
Addedvite@​8.1.0991008298100
Addedturbo@​2.10.01001008597100
Updatedoxlint@​1.70.0 ⏵ 1.71.099 +110092 +196100

View full report

@socket-security

socket-security Bot commented Jun 29, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm oxfmt is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/oxfmt@0.56.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/oxfmt@0.56.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm oxfmt is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/oxfmt@0.56.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/oxfmt@0.56.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@ian-pascoe ian-pascoe closed this Jun 29, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/development-dependencies-7d0319908a branch June 29, 2026 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ian-pascoe