Bump the npm-development group across 1 directory with 11 updates

[dependabot]

Bumps the npm-development group with 10 updates in the / directory:

Package	From	To
@eslint/compat	2.0.2	2.0.5
@jest/globals	30.2.0	30.3.0
@rollup/plugin-commonjs	29.0.0	29.0.2
@types/node	25.3.3	25.6.0
@typescript-eslint/eslint-plugin	8.56.1	8.58.1
eslint-plugin-jest	29.15.0	29.15.2
jest	30.2.0	30.3.0
prettier	3.8.1	3.8.2
rollup	4.59.0	4.60.1
ts-jest	29.4.6	29.4.9

Updates @eslint/compat from 2.0.2 to 2.0.5

Release notes

Sourced from @​eslint/compat's releases.

migrate-config: v2.0.5

2.0.5 (2026-04-03)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/compat bumped from ^2.0.3 to ^2.0.4
  • devDependencies
    • @​eslint/core bumped from ^1.1.1 to ^1.2.0

compat: v2.0.5

2.0.5 (2026-04-08)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.2.0 to ^1.2.1

migrate-config: v2.0.4

2.0.4 (2026-03-20)

Bug Fixes

• update dependency @​eslint/eslintrc to ^3.3.5 (#397) (8567c19)

compat: v2.0.4

2.0.4 (2026-04-03)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.1 to ^1.2.0

compat: v2.0.3

2.0.3 (2026-03-06)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

... (truncated)

Changelog

Sourced from @​eslint/compat's changelog.

2.0.5 (2026-04-08)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.2.0 to ^1.2.1

2.0.4 (2026-04-03)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.1 to ^1.2.0

2.0.3 (2026-03-06)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​eslint/core bumped from ^1.1.0 to ^1.1.1

Commits

• d2dbf7b chore: release main (#424)
• fe114ee chore: release main (#413)
• 8863791 docs: Update README sponsors
• 835ddf9 docs: Update README sponsors
• 8cd3676 docs: Update README sponsors
• 4d73459 docs: Update README sponsors
• a6c7a26 chore: update eslint and eslint-config-eslint (#401)
• 41eb19f chore: release main (#380)
• 5c42055 docs: Update README sponsors
• b13b482 docs: Update README sponsors
• Additional commits viewable in compare view

Updates @jest/globals from 30.2.0 to 30.3.0

Release notes

Sourced from @​jest/globals's releases.

v30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

Changelog

Sourced from @​jest/globals's changelog.

30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

Commits

• efb59c2 v30.3.0
• See full diff in compare view

Updates @rollup/plugin-commonjs from 29.0.0 to 29.0.2

Changelog

Sourced from @​rollup/plugin-commonjs's changelog.

v29.0.2

2026-03-06

Bugfixes

• commonjs: conditional exports (#1952)

v29.0.1

2026-03-05

Bugfixes

• commonjs: correctly replaces shorthand "global" property in object (#1957)

Commits

• 2de0d62 chore(release): commonjs v29.0.2
• ab65325 fix(commonjs): conditional exports (#1952)
• 7d22981 chore(repo): add rollup-plugin keyword in package.json (#1955)
• a79ae55 chore(release): commonjs v29.0.1
• bb41cfd chore(release): commonjs v29.0.1
• 14ae186 fix(commonjs): correctly replaces shorthand "global" property in object (#1957)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​rollup/plugin-commonjs since your current version.

Updates @types/node from 25.3.3 to 25.6.0

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.56.1 to 8.58.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

• eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

• MinJae @​Ju-MINJAE

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.58.1 (2026-04-08)

🩹 Fixes

• eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

• MinJae @​Ju-MINJAE

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#11954)
• eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#12127)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)

❤️ Thank You

... (truncated)

Commits

• 5311ed3 chore(release): publish 8.58.1
• c3f8ed5 fix(eslint-plugin): [no-unused-vars] fix false negative for type predicate pa...
• e372a66 Revert: feat(eslint-plugin): [no-unnecessary-type-arguments] report inferred ...
• 4933417 chore(release): publish 8.58.0
• 5a9bd36 fix(eslint-plugin): [prefer-regexp-exec] avoid fixing unknown RegExp flags (#...
• edb90eb fix(eslint-plugin): [no-extraneous-class] handle index signatures (#12142)
• 8cde2d0 feat: support TypeScript 6 (#12124)
• 1bf86c9 fix(eslint-plugin): crash in no-unnecessary-type-arguments (#12163)
• e9cc25a docs(eslint-plugin): fix typo (#12155)
• be4d54d chore(release): publish 8.57.2
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.56.1 to 8.58.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

• eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

• MinJae @​Ju-MINJAE

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.1 (2026-04-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 5311ed3 chore(release): publish 8.58.1
• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• be4d54d chore(release): publish 8.57.2
• c7c38aa chore(release): publish 8.57.1
• 2c6aeee chore(release): publish 8.57.0
• f696dad chore: use pnpm catalog (#12047)
• a09921e chore: update vitest to 4.x (#12071)
• See full diff in compare view

Updates eslint-plugin-jest from 29.15.0 to 29.15.2

Release notes

Sourced from eslint-plugin-jest's releases.

v29.15.2

29.15.2 (2026-04-09)

Bug Fixes

• valid-mock-module-path: don't report virtual mocks (#1946) (a1916d1)

v29.15.1

29.15.1 (2026-03-24)

Bug Fixes

• allow TypeScript@7 in peer dependency (#1949) (0498c1e)

Changelog

Sourced from eslint-plugin-jest's changelog.

29.15.2 (2026-04-09)

Bug Fixes

• valid-mock-module-path: don't report virtual mocks (#1946) (a1916d1)

29.15.1 (2026-03-24)

Bug Fixes

• allow TypeScript@7 in peer dependency (#1949) (0498c1e)

Commits

• f14a941 chore(release): 29.15.2 [skip ci]
• a1916d1 fix(valid-mock-module-path): don't report virtual mocks (#1946)
• 4a52787 chore(deps): lock file maintenance (#1958)
• 285c6f6 ci: don't run smoketest on tannerlinsley/react-table (#1959)
• 1da0928 chore(deps): lock file maintenance (#1956)
• 8532d0e docs(valid-expect): use valid alert syntax (#1954)
• 03405ae chore(deps): update dependency @​schemastore/package to v1 (#1942)
• de0e154 chore(deps): update codecov/codecov-action action to v6 (#1952)
• d50f50c chore: add node v25 to CI (#1950)
• d5192df chore(release): 29.15.1 [skip ci]
• Additional commits viewable in compare view

Updates jest from 30.2.0 to 30.3.0

Release notes

Sourced from jest's releases.

v30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

Changelog

Sourced from jest's changelog.

30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

Commits

• efb59c2 v30.3.0
• 96c53d3 feat(jest-config): add defineConfig and mergeConfig functions (#15844)
• See full diff in compare view

Updates prettier from 3.8.1 to 3.8.2

Release notes

Sourced from prettier's releases.

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.1 -->
@​let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.2 -->
@​let fn = (a) => (a ? 1 : 2);
{{ fn(a instanceof b) }}

Commits

• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• 881360b Support default never in Angular v21.2 (#19034)
• 07d6724 Bump Prettier dependency to 3.8.1
• 8b4a53a Clean changelog_unreleased
• See full diff in compare view

Updates rollup from 4.59.0 to 4.60.1

Release notes

Sourced from rollup's releases.

v4.60.1

4.60.1

2026-03-30

Bug Fixes

• Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

• #6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274) (@​littlegrayss, @​TrickyPi)
• #6317: chore(deps): pin dependencies (@​renovate[bot], @​lukastaegert)
• #6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@​renovate[bot], @​lukastaegert)
• #6319: chore(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6320: chore(deps): pin dependency typescript to v5 (@​renovate[bot], @​lukastaegert)
• #6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@​renovate[bot], @​lukastaegert)
• #6322: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6323: chore(deps): lock file maintenance (@​renovate[bot])
• #6324: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)

v4.60.0

4.60.0

2026-03-22

Features

• Support source phase imports as long as they are external (#6279)

Pull Requests

• #6279: feat: external only Source Phase imports support (@​guybedford, @​lukastaegert)

v4.59.1

4.59.1

2026-03-21

Bug Fixes

• Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

• #6281: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6282: chore(deps): update github artifact actions (major) (@​renovate[bot], @​lukastaegert)
• #6283: chore(deps): update dependency nyc to v18 (@​renovate[bot], @​lukastaegert)
• #6284: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #6285: chore(deps): lock file maintenance (@​renovate[bot])

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.1

2026-03-30

Bug Fixes

• Resolve a situation where side effect imports could be dropped due to a caching issue (#6286)

Pull Requests

• #6286: fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274) (@​littlegrayss, @​TrickyPi)
• #6317: chore(deps): pin dependencies (@​renovate[bot], @​lukastaegert)
• #6318: chore(deps): update msys2/setup-msys2 digest to cafece8 (@​renovate[bot], @​lukastaegert)
• #6319: chore(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6320: chore(deps): pin dependency typescript to v5 (@​renovate[bot], @​lukastaegert)
• #6321: chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (@​renovate[bot], @​lukastaegert)
• #6322: fix(deps): update swc monorepo (major) (@​renovate[bot], @​lukastaegert)
• #6323: chore(deps): lock file maintenance (@​renovate[bot])
• #6324: chore(deps): lock file maintenance (@​renovate[bot], @​lukastaegert)

4.60.0

2026-03-22

Features

• Support source phase imports as long as they are external (#6279)

Pull Requests

• #6279: feat: external only Source Phase imports support (@​guybedford, @​lukastaegert)

4.59.1

2026-03-21

Bug Fixes

• Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

• #6281: fix(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6282: chore(deps): update github artifact actions (major) (@​renovate[bot], @​lukastaegert)
• #6283: chore(deps): update dependency nyc to v18 (@​renovate[bot], @​lukastaegert)
• #6284: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #6285: chore(deps): lock file maintenance (@​renovate[bot])
• #6290: chore(deps): update minor/patch updates (@​renovate[bot], @​lukastaegert)
• #6291: chore(deps): update dependency @​shikijs/vitepress-twoslash to v4 (@​renovate[bot])
• #6292: chore(deps): lock file maintenance (@​renovate[bot])

... (truncated)

Commits

• ae871d7 4.60.1
• 51f8f60 fix: skip dropping side-effects on namespaceReexportsByName cache hit (#6274)...
• ca55406 chore(deps): pin dependency typescript to v5 (#6320)
• fe50d86 chore(deps): pin dependencies (#6317)
• 42785ff chore(deps): update minor/patch updates (#6319)
• 65e82a9 chore(deps): update msys2/setup-msys2 digest to cafece8 (#6318)
• c336205 chore(deps): update openharmony-rs/setup-ohos-sdk action to v1 (#6321)
• b25d25e fix(deps): update swc monorepo (major) (#6322)
• 119abdb chore(deps): lock file maintenance (#6324)
• 5598a66 chore(deps): lock file maintenance (#6323)
• Additional commits viewable in compare view

Updates ts-jest from 29.4.6 to 29.4.9

Release notes

Sourced from ts-jest's releases.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.7 (2026-04-01)

Features

• support TypeScript v6 (eda517d)

Commits

• bac2e77 chore(release): bump version to 29.4.9
• f8a9cc9 fix: use correct registry for npm OIDC trusted publishing
• e2eec26 fix: npm permissions
• 263f2ac chore: remove npm auth token
• 5df0e45 OIDC
• f82c144 Merge pull request #5250 from kulshekhar/copilot/bump-patch-version
• e6ec5ae Update CHANGELOG.md
• 62c3199 Update CHANGELOG.md
• 052e751 Bump patch version to 29.4.7
• f79e77b Merge pull request #5249 from ext/feature/ts6-peer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-jest since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and sto...

Description has been truncated

[github-actions]

Super-linter summary

Language	Validation result
BASH	Pass ✅
BASH_EXEC	Pass ✅
CHECKOV	Pass ✅
ENV	Pass ✅
GITHUB_ACTIONS	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JAVASCRIPT_PRETTIER	Pass ✅
JSON_PRETTIER	Pass ✅
MARKDOWN	Pass ✅
MARKDOWN_PRETTIER	Pass ✅
NATURAL_LANGUAGE	Pass ✅
PRE_COMMIT	Pass ✅
SHELL_SHFMT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Fail ❌
TYPESCRIPT_PRETTIER	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Pass ✅

Super-linter detected linting errors

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

TRIVY

Report Summary

┌───────────────────┬──────┬─────────────────┬───────────────────┬─────────┐
│      Target       │ Type │ Vulnerabilities │ Misconfigurations │ Secrets │
├───────────────────┼──────┼─────────────────┼───────────────────┼─────────┤
│ package-lock.json │ npm  │        7        │         -         │    -    │
└───────────────────┴──────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.69/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


package-lock.json (npm)
=======================
Total: 7 (UNKNOWN: 0, LOW: 0, MEDIUM: 3, HIGH: 4, CRITICAL: 0)

┌─────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│     Library     │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                            Title                             │
├─────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ fast-xml-parser │ CVE-2026-33036 │ HIGH     │ fixed  │ 5.3.8             │ 5.5.6, 4.5.5   │ fast-xml-parser: fast-xml-parser: Denial of Service via XML  │
│                 │                │          │        │                   │                │ entity expansion bypass                                      │
│                 │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-33036                   │
│                 ├────────────────┼──────────┤        │                   ├────────────────┼──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-33349 │ MEDIUM   │        │                   │ 4.5.5, 5.5.7   │ fast-xml-parser: fast-xml-parser: Denial of Service via      │
│                 │                │          │        │                   │                │ unbounded entity expansion due to incorrect...               │
│                 │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-33349                   │
├─────────────────┼────────────────┼──────────┤        ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ undici          │ CVE-2026-1526  │ HIGH     │        │ 6.23.0            │ 6.24.0, 7.24.0 │ undici: undici: Denial of Service via unbounded memory       │
│                 │                │          │        │                   │                │ consumption during WebSocket permessage-deflate...           │
│                 │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-1526                    │
│                 ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-1528  │          │        │                   │                │ undici: undici: Denial of Service via crafted WebSocket      │
│                 │                │          │        │                   │                │ frame with large length...                                   │
│                 │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-1528                    │
│                 ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-2229  │          │        │                   │                │ undici: Undici: Denial of Service via invalid WebSocket      │
│                 │                │          │        │                   │                │ permessage-deflate extension parameter                       │
│                 │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-2229                    │
│                 ├────────────────┼──────────┤        │                   │                ├──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-1525  │ MEDIUM   │        │                   │                │ undici: Undici: HTTP Request Smuggling and Denial of Service │
│                 │                │          │        │                   │                │ due to duplicate...                                          │
│                 │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-1525                    │
│                 ├────────────────┤          │        │                   │                ├──────────────────────────────────────────────────────────────┤
│                 │ CVE-2026-1527  │          │        │                   │                │ undici: Undici: HTTP header injection and request smuggling  │
│                 │                │          │        │                   │                │ vulnerability                                                │
│                 │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2026-1527                    │
└─────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘