build(deps): bump the npm-dependencies group across 1 directory with 16 updates

[dependabot]

Bumps the npm-dependencies group with 16 updates in the / directory:

Package	From	To
@cyclonedx/cyclonedx-library	6.13.1	10.0.0
fast-xml-parser	5.3.4	5.5.9
https-proxy-agent	7.0.6	8.0.0
p-limit	4.0.0	7.3.0
packageurl-js	1.0.2	2.0.1
smol-toml	1.6.0	1.6.1
web-tree-sitter	0.26.6	0.26.7
@types/node	20.19.31	25.5.0
chai	4.5.0	6.2.2
eslint	8.57.1	10.1.0
mocha	10.8.2	11.7.5
msw	2.12.7	2.12.14
sinon	15.2.0	21.0.3
sinon-chai	3.7.0	4.0.1
typescript	5.9.3	6.0.2
which	5.0.0	6.0.1

Updates @cyclonedx/cyclonedx-library from 6.13.1 to 10.0.0

Release notes

Sourced from @​cyclonedx/cyclonedx-library's releases.

10.0.0

BREAKING changes

• Removed deprecated symbols
• Removed PackageUrl factories
• No longer use external standards' implementations directly

Removed

• Entrypoint Builders (via #1377)
• Entrypoint Factories (via #1377)
• Entrypoint Utils (via #1377)
• Entrypoint Contrib/PackageUrl (via #1378)
• Deprecated symbol Builders (#1346 via #1377)
• Deprecated symbol Builders.FromNodePackageJson (#1346 via #1377)
• Deprecated symbol Builders.FromNodePackageJson.ToolBuilder (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Builders.ToolBuilder instead.
• Deprecated symbol Builders.FromNodePackageJson.ComponentBuilder (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Builders.ComponentBuilder instead.
• Deprecated symbol Factories (#1346 via #1377)
• Deprecated symbol Factories.FromNodePackageJson (#1346 via #1377)
• Deprecated symbol Factories.FromNodePackageJson.ExternalReferenceFactory (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory instead.
• Deprecated symbol Factories.FromNodePackageJson.PackageUrlFactory (#1346 via #1377)
  Use packageurl-js downstream.
• Deprecated symbol Factories.LicenseFactory (#1346, #1348 via #1377, #1378)
  Use Contrib.License.Factories.LicenseFactory instead.
• Deprecated symbol Factories.PackageUrlFactory (#1346 via #1377)
  Use packageurl-js downstream.
• Deprecated symbol Types.NodePackageJson (#1346, #1348 via #1377, #1378)
  Use Contrib.FromNodePackageJson.Types.NodePackageJson instead.
• Deprecated symbol Types.assertNodePackageJson (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Types.assertNodePackageJson instead.
• Deprecated symbol Types.isNodePackageJson (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Types.isNodePackageJson instead.
• Deprecated symbol Utils (#1346 via #1377)
• Deprecated symbol Utils.BomUtility (#1346 via #1377)
• Deprecated symbol Utils.BomUtility.randomSerialNumber (#1346 via #1377)
  Use Contrib.Bom.Utils.randomSerialNumber instead.
• Deprecated symbol Utils.LicenseUtility (#1346 via #1377)
• Deprecated symbol Utils.LicenseUtility.FsUtils (#1346 via #1377)
  Use Contrib.License.Utils.FsUtils instead.
• Deprecated symbol Utils.LicenseUtility.PathUtils (#1346 via #1377)
• Use Contrib.License.Utils.PathUtils instead.
• Deprecated symbol Utils.LicenseUtility.FileAttachment (#1346 via #1377)
  Use Contrib.License.Utils.FileAttachment instead.
• Deprecated symbol Utils.LicenseUtility.ErrorReporter (#1346 via #1377)
  Use Contrib.License.Utils.ErrorReporter instead.
• Deprecated symbol Utils.LicenseUtility.LicenseEvidenceGatherer (#1346 via #1377)
  Use Contrib.License.Utils.LicenseEvidenceGatherer instead.
• Deprecated symbol Utils.NpmjsUtility (#1346 via #1377)
• Deprecated symbol Utils.NpmjsUtility.parsePackageIntegrity (#1346 via #1377)
  Use Contrib.FromNodePackageJson.Utils.parsePackageIntegrity instead.

... (truncated)

Changelog

Sourced from @​cyclonedx/cyclonedx-library's changelog.

10.0.0 -- 2026-03-03

• BREAKING changes
  • Removed deprecated symbols
  • Removed PackageUrl factories
  • No longer use external standards' implementations directly
• Removed
  • Entrypoint Builders (via #1377)
  • Entrypoint Factories (via #1377)
  • Entrypoint Utils (via #1377)
  • Entrypoint Contrib/PackageUrl (via #1378)
  • Deprecated symbol Builders (#1346 via #1377)
  • Deprecated symbol Builders.FromNodePackageJson (#1346 via #1377)
  • Deprecated symbol Builders.FromNodePackageJson.ToolBuilder (#1346 via #1377)
    Use Contrib.FromNodePackageJson.Builders.ToolBuilder instead.
  • Deprecated symbol Builders.FromNodePackageJson.ComponentBuilder (#1346 via #1377)
    Use Contrib.FromNodePackageJson.Builders.ComponentBuilder instead.
  • Deprecated symbol Factories (#1346 via #1377)
  • Deprecated symbol Factories.FromNodePackageJson (#1346 via #1377)
  • Deprecated symbol Factories.FromNodePackageJson.ExternalReferenceFactory (#1346 via #1377)
    Use Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory instead.
  • Deprecated symbol Factories.FromNodePackageJson.PackageUrlFactory (#1346 via #1377)
    Use packageurl-js downstream.
  • Deprecated symbol Factories.LicenseFactory (#1346, #1348 via #1377, #1378)
    Use Contrib.License.Factories.LicenseFactory instead.
  • Deprecated symbol Factories.PackageUrlFactory (#1346 via #1377)
    Use packageurl-js downstream.
  • Deprecated symbol Types.NodePackageJson (#1346, #1348 via #1377, #1378)
    Use Contrib.FromNodePackageJson.Types.NodePackageJson instead.
  • Deprecated symbol Types.assertNodePackageJson (#1346 via #1377)
    Use Contrib.FromNodePackageJson.Types.assertNodePackageJson instead.
  • Deprecated symbol Types.isNodePackageJson (#1346 via #1377)
    Use Contrib.FromNodePackageJson.Types.isNodePackageJson instead.
  • Deprecated symbol Utils (#1346 via #1377)
  • Deprecated symbol Utils.BomUtility (#1346 via #1377)
  • Deprecated symbol Utils.BomUtility.randomSerialNumber (#1346 via #1377)
    Use Contrib.Bom.Utils.randomSerialNumber instead.
  • Deprecated symbol Utils.LicenseUtility (#1346 via #1377)
  • Deprecated symbol Utils.LicenseUtility.FsUtils (#1346 via #1377)
    Use Contrib.License.Utils.FsUtils instead.
  • Deprecated symbol Utils.LicenseUtility.PathUtils (#1346 via #1377)
  • Use Contrib.License.Utils.PathUtils instead.
  • Deprecated symbol Utils.LicenseUtility.FileAttachment (#1346 via #1377)
    Use Contrib.License.Utils.FileAttachment instead.
  • Deprecated symbol Utils.LicenseUtility.ErrorReporter (#1346 via #1377)
    Use Contrib.License.Utils.ErrorReporter instead.
  • Deprecated symbol Utils.LicenseUtility.LicenseEvidenceGatherer (#1346 via #1377)
    Use Contrib.License.Utils.LicenseEvidenceGatherer instead.
  • Deprecated symbol Utils.NpmjsUtility (#1346 via #1377)
  • Deprecated symbol Utils.NpmjsUtility.parsePackageIntegrity (#1346 via #1377)

... (truncated)

Commits

• b47c069 10.0.0
• 869c416 chore: prep v10.0.0
• 2fecf38 docs
• d533341 feat: harden schema validators (#1396)
• aa8ddb1 feat: pulled SPDX license IDs v1.0-3.28.0 (#1395)
• 2a75d8f chore(deps): bump knip from 5.83.1 to 5.85.0 in /tools/test-dependencies (#1392)
• 397ab83 v10.0.0 (#1376)
• 21e9cf8 style: typed import extra
• f1a09d8 Merge remote-tracking branch 'origin/main' into feat/10.0.0-dev
• d0cab76 9.5.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​cyclonedx/cyclonedx-library since your current version.

Updates fast-xml-parser from 5.3.4 to 5.5.9

Release notes

Sourced from fast-xml-parser's releases.

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call

fix bugs of entity parsing and value parsing

fix: entity expansion limits update strnum package to 2.2.0

fix entity expansion and incorrect replacement and performance

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.5...v5.5.6

support onDangerousProperty

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.3...v5.5.5

update dependecies to fix typings

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.1...v5.5.2

integrate path-expression-matcher

• support path-expression-matcher
• fix: stopNode should not be parsed
• performance improvement for stopNode checking

Separate Builder

XML Builder was the part of fast-xml-parser for years. But considering that any bug in builder may false-alarm the users who are only using parser and vice-versa, we have decided to split it into a separate package.

Migration

To migrate to fast-xml-builder;

From

import { XMLBuilder } from "fast-xml-parser";

To

import  XMLBuilder  from "fast-xml-builder";

XMLBuilder will be removed from current package in any next major version of this library. So better to migrate.

support strictReservedNames

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.9...v5.3.9

handle non-array input for XML builder && support maxNestedTags

• support maxNestedTags
• handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)
• save use of js properies Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.7...v5.3.8

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.5.9 / 2026-03-23

• combine typing files

4.5.5 / 2026-03-22

apply fixes from v5 (legacy maintenance branch v4-maintenance)

• support maxEntityCount
• support onDangerousProperty
• support maxNestedTags
• handle prototype pollution
• fix incorrect entity name replacement
• fix incorrect condition for entity expansion

5.5.8 / 2026-03-20

• pass read only matcher in callback

5.5.7 / 2026-03-19

• fix: entity expansion limits
• update strnum package to 2.2.0

5.5.6 / 2026-03-16

• update builder dependency
• fix incorrect regex to replace . in entity name
• fix check for entitiy expansion for lastEntities and html entities too

5.5.5 / 2026-03-13

• sanitize dangerous tag or attribute name
• error on critical property name
• support onDangerousProperty option

5.5.4 / 2026-03-13

• declare Matcher & Expression as unknown so user is not forced to install path-expression-matcher

5.5.3 / 2026-03-11

• upgrade builder

5.5.2 / 2026-03-11

• update dependency to fix typings

5.5.1 / 2026-03-10

• fix dependency

... (truncated)

Commits

• a8934f9 upgrade strnum
• 23d13e4 combine typing files
• 0c0a7dc update maintenance docs
• a92a665 pass read only matcher in call back
• a21c441 update package detail
• 239b64a check for min value for entity exapantion options
• 61cb666 restrict more properties to be unsafe
• 41abd66 performance improvement of reading DOCTYPE
• 3dfcd20 refactor: performance improvement
• 870043e update release info
• Additional commits viewable in compare view

Updates https-proxy-agent from 7.0.6 to 8.0.0

Release notes

Sourced from https-proxy-agent's releases.

https-proxy-agent@8.0.0

Major Changes

• 9c92c09: Convert to ESM. All packages now use "type": "module" and compile to ESM output instead of CommonJS.

Patch Changes

• Updated dependencies [9c92c09]
  • agent-base@8.0.0

Changelog

Sourced from https-proxy-agent's changelog.

8.0.0

Major Changes

• 9c92c09: Convert to ESM. All packages now use "type": "module" and compile to ESM output instead of CommonJS.

Patch Changes

• Updated dependencies [9c92c09]
  • agent-base@8.0.0

Commits

• 8dcdac8 Version Packages (#395)
• 5d3f71a Use pnpm catalog: for shared dependencies
• 77da068 Use workspace:* for inter-repo dependencies
• f70a9dc Fix CI failures: update Node.js matrix and test configuration
• 9c92c09 Convert all packages to ESM with type: module
• 0b77ac7 Migrate from Jest to Vitest
• ed00d30 Re-generate self-signed cert for tests
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for https-proxy-agent since your current version.

Updates p-limit from 4.0.0 to 7.3.0

Release notes

Sourced from p-limit's releases.

v7.3.0

• Add rejectOnClear option 8907801
• Support options object in pLimit() 870db0f

---

sindresorhus/p-limit@v7.2.0...v7.3.0

v7.2.0

• Make .map() method accept an iterable, not just array (#98) d76231b

---

sindresorhus/p-limit@v7.1.1...v7.2.0

v7.1.1

• Fix limitFunction type ccb80b2

---

sindresorhus/p-limit@v7.1.0...v7.1.1

v7.1.0

• Add index parameter to map() method 2aeffd4

---

sindresorhus/p-limit@v7.0.0...v7.1.0

v7.0.0

Breaking

• Require Node.js 20 78b81a5
• activeCount now increments when tasks actually start running (more intuitive) rather than when queued. This means:
  • activeCount reflects truly active/running promises
  • pendingCount more accurately represents waiting

Improvements

• Add .map convenience method 86a5d73
• Improve performance (#93) be1965b

---

sindresorhus/p-limit@v6.2.0...v7.0.0

v6.2.0

• Add limitFunction() (#88) ef48184

sindresorhus/p-limit@v6.1.0...v6.2.0

... (truncated)

Commits

• 886bda5 7.3.0
• 8907801 Add rejectOnClear option
• ce9d71c Add test for shared context provider pattern
• 24503f9 Document recursive limiter deadlocks
• 9bce97a Add recipes documentation
• 870db0f Support options object in pLimit()
• 1fb1407 Fix benchmarks
• 7bdd25c 7.2.0
• d76231b Make .map() method accept an iterable, not just array (#98)
• 9da5934 Use native Node.js timers instead of delay package in tests
• Additional commits viewable in compare view

Updates packageurl-js from 1.0.2 to 2.0.1

Changelog

Sourced from packageurl-js's changelog.

2.0.1

Bug Fix

• Fix decoding problems around the % character #75 (fix contributed by @​jdalton)

2.0.0

• Significant refactor based on code from @​jdalton
• Numerous bug fixes and improvements the community was asking for
  • See closed issues and PRs for details (too many to list here)

1.2.1

Bug Fixes

• purls with + in versions are now valid #52 (contributed by @​satanshiro)
• purl names staring with : are now accepted #45 (contributed by @​aniruth37)

1.2.0

Features

• Add pub parsing for Dart and Flutter packages (contributed by @​topaztee)

1.1.1

Bug Fix

• publish errors

1.1.0

Features

• Verify entire version string is properly encoded (contributed by @​mcombuechen, @​topaztee)

Commits

• cd1eb4b chore: bump to v2.0.1 (#77)
• f7dccd6 fix: error on decode with meaningful message
• 07b818b fix: only decode in parseString
• c2f576f bump to v2.0.0 (#74)
• b5660a5 Merge pull request #73 from package-url/jdalton/sync
• 400de0c Merge pull request #72 from package-url/dependabot/npm_and_yarn/braces-3.0.3
• b6c8ce8 fix: correct package-url.d.ts readonly type casing
• 96822af fix: correct param name typos
• f81a6be fix: use encodeQualifierValue for qualifierKey and qualifierValue
• ff590d2 feat: encode qualifiers with URLSearchParams
• Additional commits viewable in compare view

Updates smol-toml from 1.6.0 to 1.6.1

Release notes

Sourced from smol-toml's releases.

v1.6.1

This release addresses a minor security vulnerability where an attacker-controlled TOML document can exploit an unrestricted recustion and cause a stack overflow error with a document that contains thousands of sucessive commented lines. Security advisory: GHSA-v3rj-xjv7-4jmq

Commits

• 072b64f chore: version bump
• 19a5dc7 chore: upgrade dependencies and actions
• f286f87 fix: don't use recursion in skipVoid
• See full diff in compare view

Updates web-tree-sitter from 0.26.6 to 0.26.7

Release notes

Sourced from web-tree-sitter's releases.

v0.26.7

Notable Changes

• A regression in v0.26.6 with quantified alternations was fixed.
• Release artifacts for the tree-sitter CLI are now published as zip archives (in addition to gzipped executables, which are planned for removal in a future minor release).

What's Changed

• fix: skip missing Makefile in version command by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5386
• fix(wasm): pass target triple to clang (#5385) by @​clason in tree-sitter/tree-sitter#5390
• chore(parser): return NULL, not false, for incomplete parse by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5398
• fix(loader): link with libc on OpenBSD to compile parser by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5399
• refactor(query): remove alternative_is_immediate by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5412
• fix(query): don't add copies for quantifier steps outside alternations by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5414
• revert allowing dashes in parser name by @​tree-sitter-ci-bot[bot] in tree-sitter/tree-sitter#5433
• ci(release): publish zip archives by @​clason in tree-sitter/tree-sitter#5434
• release v0.26.7 by @​clason in tree-sitter/tree-sitter#5435

Full Changelog: tree-sitter/tree-sitter@v0.26.6...v0.26.7

Commits

• 6f2e8a6 release v0.26.7
• See full diff in compare view

Updates @types/node from 20.19.31 to 25.5.0

Commits

• See full diff in compare view

Updates chai from 4.5.0 to 6.2.2

Release notes

Sourced from chai's releases.

v6.2.2

What's Changed

• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in chaijs/chai#1745
• chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 by @​renovate[bot] in chaijs/chai#1746
• build(deps): bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in chaijs/chai#1747
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in chaijs/chai#1749
• fix: avoid BigInt literal in closeTo for runtime compat by @​bheemreddy-samsara in chaijs/chai#1748
• chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 by @​renovate[bot] in chaijs/chai#1751
• chore(deps): update dependency prettier to v3.7.3 by @​renovate[bot] in chaijs/chai#1754
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1755
• chore(deps): update dependencies to v9.39.2 by @​renovate[bot] in chaijs/chai#1757
• chore: add --legal-comments=none option by @​hyperz111 in chaijs/chai#1756
• chore(deps): update dependency esbuild to v0.27.2 by @​renovate[bot] in chaijs/chai#1759

New Contributors

• @​bheemreddy-samsara made their first contribution in chaijs/chai#1748
• @​hyperz111 made their first contribution in chaijs/chai#1756

Full Changelog: chaijs/chai@v6.2.1...v6.2.2

v6.2.1

What's Changed

• chore: add renovate config by @​43081j in chaijs/chai#1709
• chore: use new renovate schema by @​43081j in chaijs/chai#1713
• chore(deps): update actions/setup-node action to v5 (main) by @​renovate[bot] in chaijs/chai#1711
• chore(deps): update actions/checkout action to v5 (main) by @​renovate[bot] in chaijs/chai#1710
• chore(deps): update dependency eslint to v9 (main) by @​renovate[bot] in chaijs/chai#1715
• chore(deps): update dependency @​rollup/plugin-commonjs to v28 (main) by @​renovate[bot] in chaijs/chai#1714
• chore(deps): update dependency mocha to v11 (main) by @​renovate[bot] in chaijs/chai#1717
• chore(deps): update dependency eslint-plugin-jsdoc to v60 (main) by @​renovate[bot] in chaijs/chai#1716
• chore: disable renovate for 4.x.x by @​43081j in chaijs/chai#1722
• chore(deps): update dependency eslint-plugin-jsdoc to v61 by @​renovate[bot] in chaijs/chai#1727
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in chaijs/chai#1729
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1726
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1730
• chore(deps): update dependency node to v24 by @​renovate[bot] in chaijs/chai#1731
• chore(deps): update dependency @​rollup/plugin-commonjs to v29 by @​renovate[bot] in chaijs/chai#1732
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1734
• build(deps): bump koa from 2.14.2 to 2.16.1 by @​dependabot[bot] in chaijs/chai#1683
• docs: update browser usage by @​43081j in chaijs/chai#1736
• chore(deps): update dependencies by @​renovate[bot] in chaijs/chai#1740
• docs: add comprehensive documentation for containSubset assertion by @​Aashish-Jha-11 in chaijs/chai#1739
• Set esbuild target to es2021 to support Safari < 16.4 by @​larabr in chaijs/chai#1737

New Contributors

• @​renovate[bot] made their first contribution in chaijs/chai#1711
• @​Aashish-Jha-11 made their first contribution in chaijs/chai#1739
• @​larabr made their first contribution in chaijs/chai#1737

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

... (truncated)

Commits

• 814172d chore(deps): update dependency esbuild to v0.27.2 (#1759)
• b38c22b chore: add legal-comments=none option (#1756)
• 180d4cc chore(deps): update dependencies to v9.39.2 (#1757)
• 678cd00 chore(deps): update dependencies (#1755)
• c8fb100 chore(deps): update dependency prettier to v3.7.3 (#1754)
• d63c74e chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 (#1751)
• 243bf86 fix: avoid BigInt literal in closeTo for runtime compat (#1748)
• d8b0395 chore(deps): update actions/checkout action to v6 (#1749)
• 7e1e247 build(deps): bump glob from 10.4.5 to 10.5.0 (#1747)
• b25e5d8 chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 (#1746)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chai since your current version.

Updates eslint from 8.57.1 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
• 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

• 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
• e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

• b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
• 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
• 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
• 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
• e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
• 7f10d84 docs: Update README (GitHub Actions Bot)
• aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
• a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652) (renovate[bot])
• cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649) (renovate[bot])
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])
• dbb4c95 chore: remove trunk (#20478) (sethamus)
• c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)
• c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])
• 07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)
• 079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)
• 5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)
• f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])

v10.0.3

Bug Fixes

• e511b58 fix: update eslint (

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.