chore(deps-dev): bump the dev-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates in the / directory:

Package	From	To
eslint	10.0.2	10.2.0
openclaw	2026.3.31	2026.4.2
typescript	5.9.3	6.0.2
typescript-eslint	8.56.1	8.58.0
vitest	4.0.18	4.1.2

Updates eslint from 10.0.2 to 10.2.0

Release notes

Sourced from eslint's releases.

v10.2.0

Features

• 586ec2f feat: Add meta.languages support to rules (#20571) (Copilot)
• 14207de feat: add Temporal to no-obj-calls (#20675) (Pixel998)
• bbb2c93 feat: add Temporal to ES2026 globals (#20672) (Pixel998)

Bug Fixes

• 542cb3e fix: update first-party dependencies (#20714) (Francesco Trotta)

Documentation

• a2af743 docs: add language to configuration objects (#20712) (Francesco Trotta)
• 845f23f docs: Update README (GitHub Actions Bot)
• 5fbcf59 docs: remove sourceType from ts playground link (#20477) (Tanuj Kanti)
• 8702a47 docs: Update README (GitHub Actions Bot)
• ddeaded docs: Update README (GitHub Actions Bot)
• 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic)
• eab65c7 docs: update eslint versions in examples (#20664) (루밀LuMir)
• 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#20660) (Milos Djermanovic)

Chores

• 8120e30 refactor: extract no unmodified loop condition (#20679) (kuldeep kumar)
• 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697) (renovate[bot])
• 01ed3aa test: add unit tests for unicode utilities (#20622) (Manish chaudhary)
• 811f493 ci: remove --legacy-peer-deps from types integration tests (#20667) (Milos Djermanovic)
• 6b86fcf chore: update dependency npm-run-all2 to v8 (#20663) (renovate[bot])
• 632c4f8 chore: add prettier update commit to .git-blame-ignore-revs (#20662) (루밀LuMir)
• b0b0f21 chore: update dependency eslint-plugin-regexp to ^3.1.0 (#20659) (Milos Djermanovic)
• 228a2dd chore: update dependency eslint-plugin-eslint-plugin to ^7.3.2 (#20661) (Milos Djermanovic)
• 3ab4d7e test: Add tests for eslintrc-style keys (#20645) (kuldeep kumar)

v10.1.0

Features

• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
• 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

• 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
• e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

• b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
• 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
• 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
• 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
• e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
• 7f10d84 docs: Update README (GitHub Actions Bot)
• aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
• a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

... (truncated)

Commits

• 000128c 10.2.0
• 1988fad Build: changelog update for 10.2.0
• 542cb3e fix: update first-party dependencies (#20714)
• a2af743 docs: add language to configuration objects (#20712)
• 845f23f docs: Update README
• 5fbcf59 docs: remove sourceType from ts playground link (#20477)
• 8702a47 docs: Update README
• ddeaded docs: Update README
• 8120e30 refactor: extract no unmodified loop condition (#20679)
• 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697)
• Additional commits viewable in compare view

Updates openclaw from 2026.3.31 to 2026.4.2

Release notes

Sourced from openclaw's releases.

openclaw 2026.4.2

Breaking

• Plugins/xAI: move x_search settings from the legacy core tools.web.x_search.* path to the plugin-owned plugins.entries.xai.config.xSearch.* path, standardize x_search auth on plugins.entries.xai.config.webSearch.apiKey / XAI_API_KEY, and migrate legacy config with openclaw doctor --fix. (#59674) Thanks @​vincentkoc.
• Plugins/web fetch: move Firecrawl web_fetch config from the legacy core tools.web.fetch.firecrawl.* path to the plugin-owned plugins.entries.firecrawl.config.webFetch.* path, route web_fetch fallback through the new fetch-provider boundary instead of a Firecrawl-only core branch, and migrate legacy config with openclaw doctor --fix. (#59465) Thanks @​vincentkoc.

Changes

• Tasks/Task Flow: restore the core Task Flow substrate with managed-vs-mirrored sync modes, durable flow state/revision tracking, and openclaw flows inspection/recovery primitives so background orchestration can persist and be operated separately from plugin authoring layers. (#58930) Thanks @​mbelinky.
• Tasks/Task Flow: add managed child task spawning plus sticky cancel intent, so external orchestrators can stop scheduling immediately and let parent Task Flows settle to cancelled once active child tasks finish. (#59610) Thanks @​mbelinky.
• Plugins/Task Flow: add a bound api.runtime.taskFlow seam so plugins and trusted authoring layers can create and drive managed Task Flows from host-resolved OpenClaw context without passing owner identifiers on each call. (#59622) Thanks @​mbelinky.
• Android/assistant: add assistant-role entrypoints plus Google Assistant App Actions metadata so Android can launch OpenClaw from the assistant trigger and hand prompts into the chat composer. (#59596) Thanks @​obviyus.
• Exec defaults: make gateway/node host exec default to YOLO mode by requesting security=full with ask=off, and align host approval-file fallbacks plus docs/doctor reporting with that no-prompt default.
• Providers/runtime: add provider-owned replay hook surfaces for transcript policy, replay cleanup, and reasoning-mode dispatch. (#59143) Thanks @​jalehman.
• Plugins/hooks: add before_agent_reply so plugins can short-circuit the LLM with synthetic replies after inline actions. (#20067) Thanks @​JoshuaLelon.
• Channels/session routing: move provider-specific session conversation grammar into plugin-owned session-key surfaces, preserving Telegram topic routing and Feishu scoped inheritance across bootstrap, model override, restart, and tool-policy paths.
• Feishu/comments: add a dedicated Drive comment-event flow with comment-thread context resolution, in-thread replies, and feishu_drive comment actions for document collaboration workflows. (#58497) Thanks @​wittam-01.
• Matrix/plugin: emit spec-compliant m.mentions metadata across text sends, media captions, edits, poll fallback text, and action-driven edits so Matrix mentions notify reliably in clients like Element. (#59323) Thanks @​gumadeiras.
• Diffs: add plugin-owned viewerBaseUrl so viewer links can use a stable proxy/public origin without passing baseUrl on every tool call. (#59341) Related #59227. Thanks @​gumadeiras.
• Agents/compaction: resolve agents.defaults.compaction.model consistently for manual /compact and other context-engine compaction paths, so engine-owned compaction uses the configured override model across runtime entrypoints. (#56710) Thanks @​oliviareid-svg.
• Agents/compaction: add agents.defaults.compaction.notifyUser so the 🧹 Compacting context... start notice is opt-in instead of always being shown. (#54251) Thanks @​oguricap0327.
• WhatsApp/reactions: add reactionLevel guidance for agent reactions. Thanks @​mcaxtr.
• Exec approvals/channels: auto-enable DM-first native chat approvals when supported channels can infer approvers from existing owner config, while keeping channel fanout explicit and clarifying forwarding versus native approval client config.

Fixes

• Providers/transport policy: centralize request auth, proxy, TLS, and header shaping across shared HTTP, stream, and websocket paths, block insecure TLS/runtime transport overrides, and keep proxy-hop TLS separate from target mTLS settings. (#59682) Thanks @​vincentkoc.
• Providers/Copilot: classify native GitHub Copilot API hosts in the shared provider endpoint resolver and harden token-derived proxy endpoint parsing so Copilot base URL routing stays centralized and fails closed on malformed hints. (#59644) Thanks @​vincentkoc.
• Providers/streaming headers: centralize default and attribution header merging across OpenAI websocket, embedded-runner, and proxy stream paths so provider-specific headers stay consistent and caller overrides only win where intended. (#59542) Thanks @​vincentkoc.
• Providers/media HTTP: centralize base URL normalization, default auth/header injection, and explicit header override handling across shared OpenAI-compatible audio, Deepgram audio, Gemini media/image, and Moonshot video request paths. (#59469) Thanks @​vincentkoc.
• Providers/OpenAI-compatible routing: centralize native-vs-proxy request policy so hidden attribution and related OpenAI-family defaults only apply on verified native endpoints across stream, websocket, and shared audio HTTP paths. (#59433) Thanks @​vincentkoc.
• Providers/Anthropic routing: centralize native-vs-proxy endpoint classification for direct Anthropic service_tier handling so spoofed or proxied hosts do not inherit native Anthropic defaults. (#59608) Thanks @​vincentkoc.
• Gateway/exec loopback: restore legacy-role fallback for empty paired-device token maps and allow silent local role upgrades so local exec and node clients stop failing with pairing-required errors after 2026.3.31. (#59092) Thanks @​openperf.
• Agents/subagents: pin admin-only subagent gateway calls to operator.admin while keeping agent at least privilege, so sessions_spawn no longer dies on loopback scope-upgrade pairing with close(1008) "pairing required". (#59555) Thanks @​openperf.
• Exec approvals/config: strip invalid security, ask, and askFallback values from ~/.openclaw/exec-approvals.json during normalization so malformed policy enums fall back cleanly to the documented defaults instead of corrupting runtime policy resolution. (#59112) Thanks @​openperf.
• Exec approvals/doctor: report host policy sources from the real approvals file path and ignore malformed host override values when attributing effective policy conflicts. (#59367) Thanks @​gumadeiras.
• Exec/runtime: treat tools.exec.host=auto as routing-only, keep implicit no-config exec on sandbox when available or gateway otherwise, and reject per-call host overrides that would bypass the configured sandbox or host target. (#58897) Thanks @​vincentkoc.
• Slack/mrkdwn formatting: add built-in Slack mrkdwn guidance in inbound context so Slack replies stop falling back to generic Markdown patterns that render poorly in Slack. (#59100) Thanks @​jadewon.
• WhatsApp/presence: send unavailable presence on connect in self-chat mode so personal-phone users stop losing all push notifications while the gateway is running. (#59410) Thanks @​mcaxtr.
• WhatsApp/media: add HTML, XML, and CSS to the MIME map and fall back gracefully for unknown media types instead of dropping the attachment. (#51562) Thanks @​bobbyt74.
• Matrix/onboarding: restore guided setup in openclaw channels add and openclaw configure --section channels, while keeping custom plugin wizards on the shared setupWizard seam. (#59462) Thanks @​gumadeiras.
• Matrix/streaming: keep live partial previews for the current assistant block while preserving completed block updates as separate messages when channels.matrix.blockStreaming is enabled. (#59384) Thanks @​gumadeiras.
• Feishu/comment threads: harden document comment-thread delivery so whole-document comments fall back to add_comment, delayed reply lookups retry more reliably, and user-visible replies avoid reasoning/planning spillover. (#59129) Thanks @​wittam-01.
• MS Teams/streaming: strip already-streamed text from fallback block delivery when replies exceed the 4000-character streaming limit so long responses stop duplicating content. (#59297) Thanks @​bradgroux.
• Slack/thread context: filter thread starter and history by the effective conversation allowlist without dropping valid open-room, DM, or group DM context. (#58380) Thanks @​jacobtomlinson.
• Mattermost/probes: route status probes through the SSRF guard and honor allowPrivateNetwork so connectivity checks stay safe for self-hosted Mattermost deployments. (#58529) Thanks @​mappel-nv.
• Zalo/webhook replay: scope replay dedupe key by chat and sender so reused message IDs across different chats or senders no longer collide, and harden metadata reads for partially missing payloads. (#58444)
• QQBot/structured payloads: restrict local file paths to QQ Bot-owned media storage, block traversal outside that root, reduce path leakage in logs, and keep inline image data URLs working. (#58453) Thanks @​jacobtomlinson.
• Image generation/providers: route OpenAI, MiniMax, and fal image requests through the shared provider HTTP transport path so custom base URLs, guarded private-network routing, and provider request defaults stay aligned with the rest of provider HTTP. Thanks @​vincentkoc.

... (truncated)

Changelog

Sourced from openclaw's changelog.

2026.4.2

Breaking

• Plugins/xAI: move x_search settings from the legacy core tools.web.x_search.* path to the plugin-owned plugins.entries.xai.config.xSearch.* path, standardize x_search auth on plugins.entries.xai.config.webSearch.apiKey / XAI_API_KEY, and migrate legacy config with openclaw doctor --fix. (#59674) Thanks @​vincentkoc.
• Plugins/web fetch: move Firecrawl web_fetch config from the legacy core tools.web.fetch.firecrawl.* path to the plugin-owned plugins.entries.firecrawl.config.webFetch.* path, route web_fetch fallback through the new fetch-provider boundary instead of a Firecrawl-only core branch, and migrate legacy config with openclaw doctor --fix. (#59465) Thanks @​vincentkoc.

Changes

• Tasks/Task Flow: restore the core Task Flow substrate with managed-vs-mirrored sync modes, durable flow state/revision tracking, and openclaw tasks flow inspection/recovery primitives so background orchestration can persist and be operated separately from plugin authoring layers. (#58930) Thanks @​mbelinky.
• Tasks/Task Flow: add managed child task spawning plus sticky cancel intent, so external orchestrators can stop scheduling immediately and let parent Task Flows settle to cancelled once active child tasks finish. (#59610) Thanks @​mbelinky.
• Plugins/Task Flow: add a bound api.runtime.taskFlow seam so plugins and trusted authoring layers can create and drive managed Task Flows from host-resolved OpenClaw context without passing owner identifiers on each call. (#59622) Thanks @​mbelinky.
• Android/assistant: add assistant-role entrypoints plus Google Assistant App Actions metadata so Android can launch OpenClaw from the assistant trigger and hand prompts into the chat composer. (#59596) Thanks @​obviyus.
• Exec defaults: make gateway/node host exec default to YOLO mode by requesting security=full with ask=off, and align host approval-file fallbacks plus docs/doctor reporting with that no-prompt default.
• Providers/runtime: add provider-owned replay hook surfaces for transcript policy, replay cleanup, and reasoning-mode dispatch. (#59143) Thanks @​jalehman.
• Plugins/hooks: add before_agent_reply so plugins can short-circuit the LLM with synthetic replies after inline actions. (#20067) Thanks @​JoshuaLelon.
• Channels/session routing: move provider-specific session conversation grammar into plugin-owned session-key surfaces, preserving Telegram topic routing and Feishu scoped inheritance across bootstrap, model override, restart, and tool-policy paths.
• Feishu/comments: add a dedicated Drive comment-event flow with comment-thread context resolution, in-thread replies, and feishu_drive comment actions for document collaboration workflows. (#58497) Thanks @​wittam-01.
• Matrix/plugin: emit spec-compliant m.mentions metadata across text sends, media captions, edits, poll fallback text, and action-driven edits so Matrix mentions notify reliably in clients like Element. (#59323) Thanks @​gumadeiras.
• Diffs: add plugin-owned viewerBaseUrl so viewer links can use a stable proxy/public origin without passing baseUrl on every tool call. (#59341) Related #59227. Thanks @​gumadeiras.
• Agents/compaction: resolve agents.defaults.compaction.model consistently for manual /compact and other context-engine compaction paths, so engine-owned compaction uses the configured override model across runtime entrypoints. (#56710) Thanks @​oliviareid-svg.
• Agents/compaction: add agents.defaults.compaction.notifyUser so the 🧹 Compacting context... start notice is opt-in instead of always being shown. (#54251) Thanks @​oguricap0327.
• WhatsApp/reactions: add reactionLevel guidance for agent reactions. Thanks @​mcaxtr.
• Exec approvals/channels: auto-enable DM-first native chat approvals when supported channels can infer approvers from existing owner config, while keeping channel fanout explicit and clarifying forwarding versus native approval client config.
• Android/assistant: auto-send Google Assistant App Actions prompts once chat is healthy and idle, while keeping bare assistant launches as open-only. (#59721) Thanks @​obviyus.

Fixes

• Sandbox/security: block credential-path binds even when sandbox home paths resolve through canonical aliases, so agent containers cannot mount user secret stores through alternate home-directory paths. (#59157) Thanks @​eleqtrizit.
• Gateway/Windows scheduled tasks: preserve Task Scheduler settings on reinstall, fail loud when Scheduled Task /Run does not start, and report fast failed restarts with the actual elapsed time instead of a fake 60s timeout. (#59335) Thanks @​tmimmanuel.
• Control UI/model picker: preserve already-qualified provider/model refs from the server so models whose ids already contain slashes stop being double-prefixed and remapped to the wrong provider. (#49874) Thanks @​ShionEria.
• Models/selection: resolve bare model ids in session model switches against the configured allowlist before falling back to the current session provider, so Control UI model picks stop drifting into google/k2p5 and similar wrong-provider refs. (#51580) Thanks @​honwee.

2026.4.1-beta.1

• Providers/transport policy: centralize request auth, proxy, TLS, and header shaping across shared HTTP, stream, and websocket paths, block insecure TLS/runtime transport overrides, and keep proxy-hop TLS separate from target mTLS settings. (#59682) Thanks @​vincentkoc.
• Providers/OpenRouter: gate documented OpenRouter attribution to native OpenRouter endpoints or the default route so custom proxy base URLs do not inherit OpenRouter request headers.
• Providers/Copilot: classify native GitHub Copilot API hosts in the shared provider endpoint resolver and harden token-derived proxy endpoint parsing so Copilot base URL routing stays centralized and fails closed on malformed hints. (#59644) Thanks @​vincentkoc.
• Providers/streaming headers: centralize default and attribution header merging across OpenAI websocket, embedded-runner, and proxy stream paths so provider-specific headers stay consistent and caller overrides only win where intended. (#59542) Thanks @​vincentkoc.
• Providers/media HTTP: centralize base URL normalization, default auth/header injection, and explicit header override handling across shared OpenAI-compatible audio, Deepgram audio, Gemini media/image, and Moonshot video request paths. (#59469) Thanks @​vincentkoc.
• Providers/OpenAI-compatible routing: centralize native-vs-proxy request policy so hidden attribution and related OpenAI-family defaults only apply on verified native endpoints across stream, websocket, and shared audio HTTP paths. (#59433) Thanks @​vincentkoc.
• Providers/Anthropic routing: centralize native-vs-proxy endpoint classification for direct Anthropic service_tier handling so spoofed or proxied hosts do not inherit native Anthropic defaults. (#59608) Thanks @​vincentkoc.
• Gateway/exec loopback: restore legacy-role fallback for empty paired-device token maps and allow silent local role upgrades so local exec and node clients stop failing with pairing-required errors after 2026.3.31. (#59092) Thanks @​openperf.
• Agents/subagents: pin admin-only subagent gateway calls to operator.admin while keeping agent at least privilege, so sessions_spawn no longer dies on loopback scope-upgrade pairing with close(1008) "pairing required". (#59555) Thanks @​openperf.
• Exec approvals/config: strip invalid security, ask, and askFallback values from ~/.openclaw/exec-approvals.json during normalization so malformed policy enums fall back cleanly to the documented defaults instead of corrupting runtime policy resolution. (#59112) Thanks @​openperf.
• Exec approvals/doctor: report host policy sources from the real approvals file path and ignore malformed host override values when attributing effective policy conflicts. (#59367) Thanks @​gumadeiras.
• Exec/runtime: treat tools.exec.host=auto as routing-only, keep implicit no-config exec on sandbox when available or gateway otherwise, and reject per-call host overrides that would bypass the configured sandbox or host target. (#58897) Thanks @​vincentkoc.
• Slack/mrkdwn formatting: add built-in Slack mrkdwn guidance in inbound context so Slack replies stop falling back to generic Markdown patterns that render poorly in Slack. (#59100) Thanks @​jadewon.
• WhatsApp/presence: send unavailable presence on connect in self-chat mode so personal-phone users stop losing all push notifications while the gateway is running. (#59410) Thanks @​mcaxtr.
• WhatsApp/media: add HTML, XML, and CSS to the MIME map and fall back gracefully for unknown media types instead of dropping the attachment. (#51562) Thanks @​bobbyt74.

... (truncated)

Commits

• d74a122 fix: mirror bedrock runtime dep in root package
• f911bbc refactor(plugins): separate activation from enablement (#59844)
• 4aeb025 docs: rename TaskFlow to Task Flow in prose
• d9c662d docs: restructure automation section as Automation & Tasks
• 3bd2bbe docs: clarify npm release workflow inputs
• 0ebb69b build: set release version to 2026.4.2
• 38bd525 test: align strict inline-eval awk denial expectation
• 209535b build: make npm release tag configurable
• bcd61e5 docs: fix TaskFlow CLI command path and CLI task notify policy
• 9f3a26c fix(discord): quiet Carbon reconcile log
• Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.56.1 to 8.58.0

Release notes

Sourced from typescript-eslint's releases.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

🩹 Fixes

• eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
• eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
• eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

• ej shafran @​ej-shafran
• Evyatar Daud @​StyleShit
• GG ZIBLAKING
• milkboy2564 @​SeolJaeHyeok
• teee32 @​teee32

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#12127)
• eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#11954)
• typescript-estree: skip createIsolatedProgram fallback for projectService (#12066, #12065)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• Konv Suu
• mdm317
• Newton Yuan @​NewtonYuan
• RyoheiYamamoto
• SungHyun627 @​SungHyun627
• Tamashoo @​Tamashoo

See GitHub Releases for more information.

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.58.0 (2026-03-30)

🚀 Features

• support TypeScript 6 (#12124)

❤️ Thank You

• Evyatar Daud @​StyleShit

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4933417 chore(release): publish 8.58.0
• 8cde2d0 feat: support TypeScript 6 (#12124)
• be4d54d chore(release): publish 8.57.2
• c7c38aa chore(release): publish 8.57.1
• 2c6aeee chore(release): publish 8.57.0
• f696dad chore: use pnpm catalog (#12047)
• a09921e chore: update vitest to 4.x (#12071)
• See full diff in compare view

Updates vitest from 4.0.18 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

v4.1.1

   🚀 Features

• experimental:
  • Expose matchesTags to test if the current filter matches tags  -  by @​sheremet-va in vitest-dev/vitest#9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in vitest-dev/vitest#9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in vitest-dev/vitest#9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in vitest-dev/vitest#9831 and vitest-dev/vitest#9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in vitest-dev/vitest#9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in vitest-dev/vitest#9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in vitest-dev/vitest#9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in vitest-dev/vitest#9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in vitest-dev/vitest#9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in vitest-dev/vitest#9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in vitest-dev/vitest#9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in vitest-dev/vitest#9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in vitest-dev/vitest#9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in vitest-dev/vitest#9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in vitest-dev/vitest#9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in vitest-dev/vitest#9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa...

    Description has been truncated