build(deps-dev): bump the dev-dependencies group with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates:

Package	From	To
@types/vscode	1.118.0	1.120.0
@vitest/coverage-v8	4.1.6	4.1.7
knip	6.14.1	6.14.2
typescript-eslint	8.59.4	8.60.0
vitest	4.1.6	4.1.7

Updates @types/vscode from 1.118.0 to 1.120.0

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.6 to 4.1.7

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

Commits

• a09d472 chore: release v4.1.7
• See full diff in compare view

Updates knip from 6.14.1 to 6.14.2

Release notes

Sourced from knip's releases.

Release 6.14.2

• Fix vscode-knip build: pin native oxc bindings to bundled JS version (1b45a4103312c9c059560ae2e1eac25d86b4e2ac)
• Release vscode-knip@2.1.5 (328892eb04e65b4702e1ef2303db3156b8f2e1a3)
• Fix Astro plugin to support both possible middleware entry points (#1749) (33e0cc1a530a8cf5b6b05c8b3a3ca55f8fce8a75) - thanks @​schmalz-dmi!
• Fix LICENSE link (#1760) (829620f9077ddea086a610c279c7c1250dd66e11) - thanks @​vortispy!
• Fix GraphQL Codegen script config dependencies (#1756) (e841c6355e7eff240e74010bfd2be8bbb22ff2b6) - thanks @​jakeleventhal!
• Set pnpm config via env vars, disable verify-deps in ecosystem tests (53c12248cc3e79fd79f3efde691d463fc795c40f)
• Update slonik ecosystem snapshot (f18410b34c8554364a9f003660bebae5e826de57)
• Fix Serverless TypeScript plugin dependencies (#1757) (ebde7f8f3e3004db7f51fb5d60a0bdc2452116ef) - thanks @​jakeleventhal!
• Fix extended tsconfig type dependency attribution (#1758) (f600b09e562317a37844ed8cdf1b9b46e06c9405) - thanks @​jakeleventhal!
• Fix Bun binary dependency tracking (#1759) (1b289239f35ff2912195b7e39a96c667c54c1fc5) - thanks @​jakeleventhal!
• Detect Babel plugins/presets in Vite plugin options (resolve #1761) (2753d6910743a12a207fca81cb8325c00803963a)

Commits

• e93ccaa Release knip@6.14.2
• 2753d69 Detect Babel plugins/presets in Vite plugin options (resolve #1761)
• 1b28923 Fix Bun binary dependency tracking (#1759)
• f600b09 Fix extended tsconfig type dependency attribution (#1758)
• ebde7f8 Fix Serverless TypeScript plugin dependencies (#1757)
• e841c63 Fix GraphQL Codegen script config dependencies (#1756)
• 829620f Fix LICENSE link (#1760)
• 33e0cc1 Fix Astro plugin to support both possible middleware entry points (#1749)
• See full diff in compare view

Updates typescript-eslint from 8.59.4 to 8.60.0

Release notes

Sourced from typescript-eslint's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

• rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

• playground TS version selector is not working (#12326, #12325)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Vinccool96

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• f891c29 chore(release): publish 8.60.0
• See full diff in compare view

Updates vitest from 4.1.6 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

Commits

• a09d472 chore: release v4.1.7
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@oxc-project/types	0.132.0	Unknown	Unknown
npm/@rolldown/binding-android-arm64	1.0.2	Unknown	Unknown
npm/@rolldown/binding-darwin-arm64	1.0.2	Unknown	Unknown
npm/@rolldown/binding-darwin-x64	1.0.2	Unknown	Unknown
npm/@rolldown/binding-freebsd-x64	1.0.2	Unknown	Unknown
npm/@rolldown/binding-linux-arm-gnueabihf	1.0.2	Unknown	Unknown
npm/@rolldown/binding-linux-arm64-gnu	1.0.2	Unknown	Unknown
npm/@rolldown/binding-linux-arm64-musl	1.0.2	Unknown	Unknown
npm/@rolldown/binding-linux-ppc64-gnu	1.0.2	Unknown	Unknown
npm/@rolldown/binding-linux-s390x-gnu	1.0.2	Unknown	Unknown
npm/@rolldown/binding-linux-x64-gnu	1.0.2	Unknown	Unknown
npm/@rolldown/binding-linux-x64-musl	1.0.2	Unknown	Unknown
npm/@rolldown/binding-openharmony-arm64	1.0.2	Unknown	Unknown
npm/@rolldown/binding-wasm32-wasi	1.0.2	Unknown	Unknown
npm/@rolldown/binding-win32-arm64-msvc	1.0.2	Unknown	Unknown
npm/@rolldown/binding-win32-x64-msvc	1.0.2	Unknown	Unknown
npm/@types/vscode	1.120.0	🟢 6.5	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 8 Found 25/29 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@typescript-eslint/eslint-plugin	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@vitest/coverage-v8	4.1.7	Unknown	Unknown
npm/@vitest/expect	4.1.7	Unknown	Unknown
npm/@vitest/mocker	4.1.7	Unknown	Unknown
npm/@vitest/pretty-format	4.1.7	Unknown	Unknown
npm/@vitest/runner	4.1.7	Unknown	Unknown
npm/@vitest/snapshot	4.1.7	Unknown	Unknown
npm/@vitest/spy	4.1.7	Unknown	Unknown
npm/@vitest/utils	4.1.7	Unknown	Unknown
npm/knip	6.14.2	Unknown	Unknown
npm/rolldown	1.0.2	Unknown	Unknown
npm/typescript-eslint	8.60.0	🟢 6.5	Details Check Score Reason Code-Review 🟢 8 Found 21/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/vite	8.0.14	🟢 7	Details Check Score Reason Code-Review 🟢 7 Found 19/26 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
npm/vitest	4.1.7	Unknown	Unknown

Scanned Files

• package-lock.json

[aymenfurter]

Bumped engines.vscode from ^1.118.0 to ^1.120.0 to match the updated @types/vscode@1.120.0 — without this, vsce package fails with a version mismatch error.

[aymenfurter]

@san360 Could you review this when you get a chance? Thanks