chore(deps): bump the dev-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates in the / directory:

Package	From	To
@cloudflare/workers-types	4.20260530.1	4.20260603.1
@vitest/coverage-istanbul	4.1.7	4.1.8
eslint	10.3.0	10.4.1
vitest	4.1.7	4.1.8
wrangler	4.90.1	4.97.0

Updates @cloudflare/workers-types from 4.20260530.1 to 4.20260603.1

Commits

• See full diff in compare view

Updates @vitest/coverage-istanbul from 4.1.7 to 4.1.8

Release notes

Sourced from @​vitest/coverage-istanbul's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• See full diff in compare view

Updates eslint from 10.3.0 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

... (truncated)

Commits

• 4a3d15a 10.4.1
• 43e7e2b Build: changelog update for 10.4.1
• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
• b0e466b test: add data property to invalid tests cases for rules (#20924)
• d4ce898 fix: propagate failures from delegated commands (#20917)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
• f78838b test: add CodePath type coverage (#20904)
• 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
• 002942c ci: declare contents:read on update-readme workflow (#20919)
• Additional commits viewable in compare view

Updates vitest from 4.1.7 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Updates wrangler from 4.90.1 to 4.97.0

Release notes

Sourced from wrangler's releases.

wrangler@4.97.0

Minor Changes

• #13996 94b29f7 Thanks @​vaishnav-mk! - Add restart-from-step options to wrangler workflows instances restart

  You can now restart a Workflow instance from a specific step using --from-step-name, with optional --from-step-count and --from-step-type disambiguation. These options work for both remote Workflow instances and local wrangler dev --local sessions.

Patch Changes

• #14141 b210c5e Thanks @​MattieTK! - Add re-authentication hint to account fetch error messages

  When Wrangler fails to automatically retrieve account IDs, the error messages now suggest running wrangler login as a troubleshooting step. This addresses confusion for users who encounter these errors after OAuth system changes or other authentication issues.

• #14078 aec1bb8 Thanks @​MattieTK! - Bump am-i-vibing from 0.1.1 to 0.4.0

  This updates the agentic environment detection library to the latest version, which includes improved detection coverage for newer AI coding agents.

• #14147 e06cbb7 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260529.1	1.20260601.1

• #14027 9a26191 Thanks @​matingathani! - Gracefully handle EMFILE error when assets directory exceeds OS watcher limit

  Previously, when wrangler dev was pointed at an assets directory with more than ~4,096 subdirectories, the chokidar file watcher threw an EMFILE: too many open files error that was not caught, causing an infinite error loop that made the dev server unresponsive.

  Now the error is caught and wrangler:

  1. Logs a clear warning explaining the platform watcher limit was hit
  2. Recommends reducing the number of subdirectories by flattening or restructuring the assets directory
  3. Disables the assets watcher gracefully so the dev server continues working without hot-reload

• #14041 5565823 Thanks @​matingathani! - Fix wrangler complete printing the AI skills prompt into shell completion output

  Previously, running eval "$(wrangler complete zsh)" (or any other shell) would fail with errors like zsh: command not found: --install-skills because the interactive AI agent skills installation prompt was included in the completion script output.

  The skills prompt is now skipped when running wrangler complete, so the generated completion script is clean and can be sourced correctly.

• #13881 890fca7 Thanks @​matingathani! - Show a clear error when --metadata is not valid JSON instead of silently ignoring the value

• #14149 6fc9777 Thanks @​mattjohnsonpint! - Fix wrangler deploy --upload-source-maps silently skipping source maps when the entry file ends with magic comments after //# sourceMappingURL=

  Wrangler previously assumed the //# sourceMappingURL= comment was the last non-empty line of a module. Tools like sentry-cli sourcemaps inject append a //# debugId= comment after it, which silently caused source maps to be omitted from the upload form, most commonly when deploying with --no-bundle --upload-source-maps. Wrangler now scans trailing magic comments (lines starting with //# or //@) and detects the //# sourceMappingURL= comment regardless of which other magic comments follow it.

• #14105 337e912 Thanks @​dario-piotrowicz! - Remove trailing periods from URLs in terminal output

  URLs printed to the terminal with a sentence-ending period (e.g. https://example.com/path.) would include the period when clicked in some terminal emulators, causing 404 errors. This removes trailing periods from all URLs displayed in CLI output across wrangler, miniflare, vitest-pool-workers, and workers-utils.

... (truncated)

Commits

• 0b60424 Version Packages (#14142)
• 42288d4 fix: Include currentAgentSkillsInstalled in command telemetry events (#14155)
• 6fc9777 [wrangler] fix: don't assume sourceMappingURL is on the last line (#14149)
• 94b29f7 [workflows] Restart from step (#13996)
• e06cbb7 Bump the workerd-and-workers-types group with 2 updates (#14147)
• 5565823 [wrangler] Fix wrangler complete printing AI skills prompt into shell compl...
• 8e7b74f [wrangler] fix: send Workflows schedules as { cron } objects on deploy (#14150)
• 9a26191 [wrangler] fix: gracefully handle EMFILE when assets watcher exceeds director...
• aec1bb8 [wrangler] Bump am-i-vibing from 0.1.1 to 0.4.0 (#14078)
• 890fca7 [wrangler] fix: show clear error when --metadata is not valid JSON (#13881)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vitest@​4.1.8
	@​vitest/​coverage-istanbul@​4.1.8
	wrangler@​4.97.0
	eslint@​10.4.1
	@​cloudflare/​workers-types@​4.20260603.1

View full report