Bump eslint from 9.27.0 to 9.29.0

[dependabot]

Bumps eslint from 9.27.0 to 9.29.0.

Release notes

Sourced from eslint's releases.

v9.29.0

Features

• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 19cdd22 feat: prune suppressions for non-existent files (#19825) (TKDev7)
• b3d720f feat: add ES2025 globals (#19835) (fisker Cheung)
• 677a283 feat: add auto-accessor fields support to class-methods-use-this (#19789) (sethamus)
• dbba058 feat: allow global type declaration in no-var (#19714) (Remco Haszing)
• 342bd29 feat: ignore type annotations in no-restricted-globals (#19781) (sethamus)
• 786bcd1 feat: add allowProperties option to no-restricted-properties (#19772) (sethamus)
• 05b66d0 feat: add sourceCode.isGlobalReference(node) method (#19695) (Nitin Kumar)

Bug Fixes

• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837) (ntnyq)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer)
• 1ba3318 fix: add language and dialects to no-use-before-define (#19808) (Francesco Trotta)

Documentation

• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)
• 3aed075 docs: Update README (GitHub Actions Bot)
• a2f888d docs: enhance documentation with links and fix typos (#19761) (루밀LuMir)
• 53c3235 docs: update to clarify prompt usage (#19748) (Jennifer Davis)

Chores

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833) (Nicholas C. Zakas)
• 152ed51 test: switch to flat config mode in code path analysis tests (#19824) (Milos Djermanovic)
• b647239 chore: Update first-party dependencies faster with Renovate (#19822) (Nicholas C. Zakas)
• 7abe42e refactor: SafeEmitter -> SourceCodeVisitor (#19708) (Nicholas C. Zakas)
• e392895 perf: improve time complexity of getLocFromIndex (#19782) (루밀LuMir)
• 0ed289c chore: remove accidentally committed file (#19807) (Francesco Trotta)

v9.28.0

Features

• b0674be feat: Customization of serialization for languageOptions (#19760) (Nicholas C. Zakas)
• a95721f feat: Add --pass-on-unpruned-suppressions CLI option (#19773) (Milos Djermanovic)
• bfd0e7a feat: support TypeScript syntax in no-use-before-define (#19566) (Tanuj Kanti)
• 68c61c0 feat: support TS syntax in no-shadow (#19565) (Nitin Kumar)
• 0f773ef feat: support TS syntax in no-magic-numbers (#19561) (Nitin Kumar)
• c4a6b60 feat: add allowTypeAnnotation to func-style (#19754) (sethamus)
• b03ad17 feat: add TypeScript support to prefer-arrow-callback (#19678) (Tanuj Kanti)
• bc3c331 feat: ignore overloaded function declarations in func-style rule (#19755) (sethamus)

Bug Fixes

• eea3e7e fix: Remove configured global variables from GlobalScope#implicit (#19779) (Milos Djermanovic)
• a467de3 fix: update context.report types (#19751) (Nitin Kumar)
• fd467bb fix: remove interopDefault to use jiti's default (#19697) (sethamus)
• 72d16e3 fix: avoid false positive in no-unassigned-vars for declare module (#19746) (Azat S.)
• 81c3c93 fix: curly types (#19750) (Eli)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.29.0 - June 13, 2025

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837) (ntnyq)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833) (Nicholas C. Zakas)
• 19cdd22 feat: prune suppressions for non-existent files (#19825) (TKDev7)
• b3d720f feat: add ES2025 globals (#19835) (fisker Cheung)
• 677a283 feat: add auto-accessor fields support to class-methods-use-this (#19789) (sethamus)
• 3aed075 docs: Update README (GitHub Actions Bot)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer)
• a2f888d docs: enhance documentation with links and fix typos (#19761) (루밀LuMir)
• dbba058 feat: allow global type declaration in no-var (#19714) (Remco Haszing)
• 152ed51 test: switch to flat config mode in code path analysis tests (#19824) (Milos Djermanovic)
• b647239 chore: Update first-party dependencies faster with Renovate (#19822) (Nicholas C. Zakas)
• 7abe42e refactor: SafeEmitter -> SourceCodeVisitor (#19708) (Nicholas C. Zakas)
• 342bd29 feat: ignore type annotations in no-restricted-globals (#19781) (sethamus)
• e392895 perf: improve time complexity of getLocFromIndex (#19782) (루밀LuMir)
• 1ba3318 fix: add language and dialects to no-use-before-define (#19808) (Francesco Trotta)
• 786bcd1 feat: add allowProperties option to no-restricted-properties (#19772) (sethamus)
• 05b66d0 feat: add sourceCode.isGlobalReference(node) method (#19695) (Nitin Kumar)
• 53c3235 docs: update to clarify prompt usage (#19748) (Jennifer Davis)
• 0ed289c chore: remove accidentally committed file (#19807) (Francesco Trotta)

v9.28.0 - May 30, 2025

• 175b7b8 chore: upgrade to @eslint/[email protected] (#19802) (Francesco Trotta)
• 844f5a6 chore: package.json update for @​eslint/js release (Jenkins)
• b0674be feat: Customization of serialization for languageOptions (#19760) (Nicholas C. Zakas)
• 3ec2082 docs: Nested arrays in files config entry (#19799) (Nicholas C. Zakas)
• 89a65b0 docs: clarify how config arrays can apply to subsets of files (#19788) (Shais Ch)
• 2ba8a0d docs: Add description of meta.namespace to plugin docs (#19798) (Nicholas C. Zakas)
• eea3e7e fix: Remove configured global variables from GlobalScope#implicit (#19779) (Milos Djermanovic)
• a95721f feat: Add --pass-on-unpruned-suppressions CLI option (#19773) (Milos Djermanovic)
• a467de3 fix: update context.report types (#19751) (Nitin Kumar)
• 59dd7e6 docs: update func-style with examples (#19793) (Tanuj Kanti)
• 62b1c1b chore: update globals to v16 (#19791) (Nitin Kumar)
• bfd0e7a feat: support TypeScript syntax in no-use-before-define (#19566) (Tanuj Kanti)
• 68c61c0 feat: support TS syntax in no-shadow (#19565) (Nitin Kumar)
• e8a1cb8 chore: ignore jiti-v2.0 & jiti-v2.1 for renovate (#19786) (Nitin Kumar)
• 0f773ef feat: support TS syntax in no-magic-numbers (#19561) (Nitin Kumar)
• 43d3975 chore: Add Copilot Instructions file (#19753) (Nicholas C. Zakas)
• c4a6b60 feat: add allowTypeAnnotation to func-style (#19754) (sethamus)
• fd467bb fix: remove interopDefault to use jiti's default (#19697) (sethamus)
• 2dfb5eb test: update SourceCodeTraverser tests (#19763) (Milos Djermanovic)
• b03ad17 feat: add TypeScript support to prefer-arrow-callback (#19678) (Tanuj Kanti)
• e9129e0 docs: add global scope's implicit field to Scope Manager docs (#19770) (Milos Djermanovic)

... (truncated)

Commits

• edf232b 9.29.0
• c2414b6 Build: changelog update for 9.29.0
• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851)
• acf2201 chore: package.json update for @​eslint/js release
• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832)
• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845)
• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833)
• 19cdd22 feat: prune suppressions for non-existent files (#19825)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Software Supply Chain Report of ericcornelissen/eslint-plugin-top - 1eac975 → 410d85c

How to read the results 📖

Dirty-waters has analyzed your project dependencies and found different categories for each of them:

• ⚠️⚠️⚠️ : high severity

• ⚠️⚠️: medium severity

• ⚠️: low severity

Total packages in the supply chain: 2

🔒 Packages with signature changes (⚠️⚠️⚠️): 0

❗ Downgraded packages (⚠️⚠️): 1

👽 Commits made by both New Authors and Reviewers (⚠️⚠️): 0

🙈 Commits approved by New Reviewers (⚠️⚠️): 0

😐 Commits made by New Authors (⚠️): 0

Fine grained information

🐬 For further information about software supply chain smells in your project, take a look at the following tables.

❗ Downgraded packages (⚠️⚠️) (1)

package_name	repo_link	category	old_version	new_version
tsx	https://github.com/privatenumber/tsx	Downgraded package	4.20.3	4.19.4

Call to Action:

👻What do I do now?

For packages with signature changes:

• Why? Changes in code signatures could indicate tampering with the package or compromised build processes, potentially introducing malicious code.

1. This means that a dependency either had code signature and now does not, or that the signature was valid and now it's not.
2. This could be a security risk, and you should halt the project until you can verify the changes.

For downgraded dependencies:

• Why? Downgrading packages may reintroduce known security vulnerabilities that were fixed in newer versions.

1. Check the release notes of the new version to see if the downgrade is intentional. If the new version is more than one release ahead, verify whether any breaking changes in between apply to your project.
2. If the downgrade is unintentional, consider updating the package to a version that is compatible with your project.

For commits made by both new authors and reviewers:

• Why? When both authors and reviewers are new to a project, there's a higher risk of malicious code being introduced due to lack of established trust and project knowledge.

1. Verify, as best as you can, that the new authors and reviewers are not malicious actors.
2. If you are unsure, consider reverting the changes.

For commits approved by new reviewers:

• Why? New reviewers may not be familiar with the project's security requirements or may not have the expertise to identify malicious code.

1. Verify, as best as you can, that the new reviewers are not malicious actors.

For commits made by new authors:

• Why? New contributors could potentially introduce security vulnerabilities, either accidentally or intentionally.

1. Verify, as best as you can, that the new authors are not malicious actors.
2. The fact that the reviewers are not new to the repository is a good sign.

---

Report created by dirty-waters.

Report created on 2025-06-16 05:58:24

• Tool version: 601adbfe
• Project Name: ericcornelissen/eslint-plugin-top
• Compared project versions: 1eac975 & 410d85c