Skip to content

chore(deps): bump the dependencies group with 3 updates#186

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-32c5d805ba
Jul 16, 2026
Merged

chore(deps): bump the dependencies group with 3 updates#186
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-32c5d805ba

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 3 updates: prettier-plugin-tailwindcss, @hono/node-server and @eslint-react/eslint-plugin.

Updates prettier-plugin-tailwindcss from 0.8.0 to 0.8.1

Release notes

Sourced from prettier-plugin-tailwindcss's releases.

v0.8.1

Fixed

  • Don't remove escape sequences when sorting classes in JavaScript string literals, which could produce invalid code in Vue attribute expressions (#461)
  • Restore class sorting in Svelte markup and dynamic class={...} expressions when using prettier-plugin-svelte v4 (#462)
Changelog

Sourced from prettier-plugin-tailwindcss's changelog.

[0.8.1] - 2026-07-15

Fixed

  • Don't remove escape sequences when sorting classes in JavaScript string literals, which could produce invalid code in Vue attribute expressions (#461)
  • Restore class sorting in Svelte markup and dynamic class={...} expressions when using prettier-plugin-svelte v4 (#462)
Commits

Updates @hono/node-server from 2.0.9 to 2.0.10

Release notes

Sourced from @​hono/node-server's releases.

v2.0.10

Security fixes

This release includes a fix for the following security issue:

Unauthenticated memory-leak DoS via aborted WebSocket handshake

Affects: upgradeWebSocket. A WebSocket upgrade request with a missing or malformed Sec-WebSocket-Key header leaked the request's IncomingMessage and left a promise pending, even though no connection was established. Since the route is reachable pre-handshake without authentication, an attacker could flood it to gradually exhaust memory. GHSA-9mqv-5hh9-4cgg


Users of upgradeWebSocket are encouraged to upgrade to this version.

Commits

Updates @eslint-react/eslint-plugin from 5.14.10 to 5.16.1

Release notes

Sourced from @​eslint-react/eslint-plugin's releases.

v5.16.1 (2026-07-16)

What's Changed

🐞 Fixes

  • react-jsx/no-children-prop: React.createElement calls whose props argument is wrapped in a TypeScript type assertion (e.g. { children: "x" } as Props) are now reported; computed property keys written as template literals (e.g. { [children]: "x" }) are now recognized as the children prop; fixed a false positive where a computed identifier key in a createElement props object (e.g. { [propName]: "Children" }) was treated as the static children prop; the suggestion fix now escapes JSX-sensitive characters (<, >, {, }, &) when moving a string children prop value into element content. (#1910)
  • react-jsx/no-children-prop-with-children: same createElement edge-case fixes as no-children-prop. (#1910)
  • react-jsx/no-useless-fragment: allowExpressions: false now only flags fragments with a single expression child, matching the option's documented behavior, instead of flagging any fragment inside a JSX element; fragments with spread attributes (e.g. <Fragment {...props}>) are no longer auto-fixed; the auto-fixer now removes leading indentation when collapsing whitespace-only fragments. (#1910)
  • react-jsx/no-leaked-dollar: $ character references (&[#36](https://github.com/Rel1cx/eslint-react/tree/HEAD/plugins/eslint-plugin/issues/36);, &#x24;) are no longer treated as leaked dollar signs; only a literal $ in the source is reported. (#1910)
  • react-jsx/no-leaked-semicolon: leaked semicolons followed by spaces or tabs before a newline, including CRLF line endings, are now detected. (#1910)
  • react-x/immutability: added useHistory to known navigation hooks, so navigation methods such as .push() are not treated as in-place mutations inside frozen callbacks.

🏗️ Internal

  • @eslint-react/ast: added Extract.getStaticPropertyName for resolving static property names from object properties. (#1910)

Full Changelog: Rel1cx/eslint-react@v5.16.0...v5.16.1

Attestation

https://github.com/Rel1cx/eslint-react/attestations/35539568

v5.16.0 (2026-07-16)

What's Changed

✨ New

  • @eslint-react/core: added support for hook calls written as tagged template literals. (#1909)

    const x = useMotionValue(100);
    const transform = useMotionTemplate`transform(${x}px)`;
    //                ^^^ tagged template literal hook call
  • @eslint-react/jsx: findAttribute now resolves nested spread identifiers and nested object expression spreads. (#1908)

🏗️ Internal

  • Added tests and per-rule changelogs for tagged template literal hook calls. (#1909)

Full Changelog: Rel1cx/eslint-react@v5.15.0...v5.16.0

Attestation

https://github.com/Rel1cx/eslint-react/attestations/35506571

... (truncated)

Changelog

Sourced from @​eslint-react/eslint-plugin's changelog.

v5.16.1 (2026-07-16)

🐞 Fixes

  • react-jsx/no-children-prop: React.createElement calls whose props argument is wrapped in a TypeScript type assertion (e.g. { children: "x" } as Props) are now reported; computed property keys written as template literals (e.g. { [children]: "x" }) are now recognized as the children prop; fixed a false positive where a computed identifier key in a createElement props object (e.g. { [propName]: "Children" }) was treated as the static children prop; the suggestion fix now escapes JSX-sensitive characters (<, >, {, }, &) when moving a string children prop value into element content. (#1910)
  • react-jsx/no-children-prop-with-children: same createElement edge-case fixes as no-children-prop. (#1910)
  • react-jsx/no-useless-fragment: allowExpressions: false now only flags fragments with a single expression child, matching the option's documented behavior, instead of flagging any fragment inside a JSX element; fragments with spread attributes (e.g. <Fragment {...props}>) are no longer auto-fixed; the auto-fixer now removes leading indentation when collapsing whitespace-only fragments. (#1910)
  • react-jsx/no-leaked-dollar: $ character references (&[#36](https://github.com/Rel1cx/eslint-react/tree/HEAD/plugins/eslint-plugin/issues/36);, &#x24;) are no longer treated as leaked dollar signs; only a literal $ in the source is reported. (#1910)
  • react-jsx/no-leaked-semicolon: leaked semicolons followed by spaces or tabs before a newline, including CRLF line endings, are now detected. (#1910)
  • react-x/immutability: added useHistory to known navigation hooks, so navigation methods such as .push() are not treated as in-place mutations inside frozen callbacks.

🏗️ Internal

  • @eslint-react/ast: added Extract.getStaticPropertyName for resolving static property names from object properties. (#1910)

Full Changelog: Rel1cx/eslint-react@v5.16.0...v5.16.1

v5.16.0 (2026-07-16)

✨ New

  • @eslint-react/core: added support for hook calls written as tagged template literals. (#1909)

    const x = useMotionValue(100);
    const transform = useMotionTemplate`transform(${x}px)`;
    //                ^^^ tagged template literal hook call
  • @eslint-react/jsx: findAttribute now resolves nested spread identifiers and nested object expression spreads. (#1908)

🏗️ Internal

  • Added tests and per-rule changelogs for tagged template literal hook calls. (#1909)

Full Changelog: Rel1cx/eslint-react@v5.15.0...v5.16.0

v5.15.0 (2026-07-15)

📝 Documentation

  • Added a FAQ entry on improving analyzer accuracy to the website. (#1907)
  • Fixed inconsistencies and omissions in internal documentation.

🏗️ Internal

  • Bumped typescript-eslint to 8.64.0, nx to 23.1.0, eslint-plugin-package-json to 1.6.0, and pnpm to 11.13.0.
  • Enabled strictBooleanExpressions in TSL and synchronized sample rule configurations. (#1907)
  • Removed the website-specific changelog file.
  • Switched CI workflows to use pnpm/action-setup instead of installing pnpm globally via npm.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 3 updates: [prettier-plugin-tailwindcss](https://github.com/tailwindlabs/prettier-plugin-tailwindcss), [@hono/node-server](https://github.com/honojs/node-server) and [@eslint-react/eslint-plugin](https://github.com/Rel1cx/eslint-react/tree/HEAD/plugins/eslint-plugin).


Updates `prettier-plugin-tailwindcss` from 0.8.0 to 0.8.1
- [Release notes](https://github.com/tailwindlabs/prettier-plugin-tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/prettier-plugin-tailwindcss/blob/main/CHANGELOG.md)
- [Commits](tailwindlabs/prettier-plugin-tailwindcss@v0.8.0...v0.8.1)

Updates `@hono/node-server` from 2.0.9 to 2.0.10
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](honojs/node-server@v2.0.9...v2.0.10)

Updates `@eslint-react/eslint-plugin` from 5.14.10 to 5.16.1
- [Release notes](https://github.com/Rel1cx/eslint-react/releases)
- [Changelog](https://github.com/Rel1cx/eslint-react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Rel1cx/eslint-react/commits/v5.16.1/plugins/eslint-plugin)

---
updated-dependencies:
- dependency-name: prettier-plugin-tailwindcss
  dependency-version: 0.8.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: "@hono/node-server"
  dependency-version: 2.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: "@eslint-react/eslint-plugin"
  dependency-version: 5.16.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 16, 2026
@github-actions
github-actions Bot enabled auto-merge July 16, 2026 05:12
@github-actions
github-actions Bot merged commit 791fbdf into main Jul 16, 2026
6 checks passed
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/dependencies-32c5d805ba branch July 16, 2026 05:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants