chore(deps): Bump the dev-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the dev-dependencies group with 2 updates in the / directory: @types/node and eslint-plugin-unicorn.

Updates @types/node from 25.9.1 to 25.9.3

Commits

• See full diff in compare view

Updates eslint-plugin-unicorn from 65.0.0 to 65.0.1

Release notes

Sourced from eslint-plugin-unicorn's releases.

v65.0.1

• no-unused-array-method-return: Fix false positive on type assertions (#3065) 4939b00a
• prefer-https: Fix false positive on XML namespace URIs (#3063) 51842624

---

sindresorhus/eslint-plugin-unicorn@v65.0.0...v65.0.1

Commits

• bd9b1f0 65.0.1
• 4939b00 no-unused-array-method-return: Fix false positive on type assertions (#3065)
• 5184262 prefer-https: Fix false positive on XML namespace URIs (#3063)
• de64ab6 Docs: Use JS syntax in configuration examples
• See full diff in compare view

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​node@​25.9.1 ⏵ 25.9.3			+1
	eslint-plugin-unicorn@​65.0.0 ⏵ 65.0.1	+1			+8

View full report

[nullvariant-blaze]

🐗 Blaze's Release Review 📦

No version bump. Just dependency changes... boring. Wake me up when it's deploy time! 😤

---

よっしゃ！デプロイしまくるぞ！

This review was ENTHUSIASTICALLY filed by nullvariant-blaze[bot]

[nullvariant-luna]

👧 Luna's Exploration Report 📦

No new dependencies added. Just version bumps! Nothing to explore here... 😴

---

Botに418返そうよ！

This report was curiously compiled by nullvariant-luna[bot]

[nullvariant-mimi]

🐰 Mimi's Validation Report ✅

All checks are looking good! Great job! 🎉

⏳ Some checks are still running. I will keep watching!

---

バリデーターを通してくださいね

This report was carefully prepared by nullvariant-mimi[bot]

[github-actions]

VEX Assessment: not_affected

This dependency update modifies devDependencies only.

• Status: not_affected
• Justification: vulnerable_code_not_in_execute_path
• Impact: Zero production dependencies. No third-party code is included in the published VSIX.

Any CVEs in updated devDependencies do not affect end users. The VEX document will be automatically updated by the weekly VEX Auto-Update workflow.

🤖 Automated VEX assessment

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@types/node	^25.9.3	Unknown	Unknown
npm/eslint-plugin-unicorn	^65.0.1	Unknown	Unknown
npm/@types/node	25.9.3	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 25/29 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed
npm/eslint-plugin-unicorn	65.0.1	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 2/29 approved changesets -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• extensions/git-id-switcher/package.json
• package-lock.json

[nullvariant-ciel]

🕊️ Ciel's Mediation ☀️

*~~ gliding on a gentle breeze ~~ How serene!*

3 zoo members have reviewed this PR.

Zoo Member	Status
🐰 Mimi	Commented
👧 Luna	Commented
🐗 Blaze	Commented

☀️ The zoo is in harmony. Everything looks peaceful from up here.

---

まあまあ、ほどほどに。

This mediation was peacefully delivered by nullvariant-ciel[bot]

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[nullvariant-justice]

⚖️ Justice grants passage. CI checks passed — this code meets the garden's standards.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud