Bump the dependencies group with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates:

Package	From	To
@types/jquery	3.5.33	4.0.0
eslint	9.39.2	10.0.2
dotenv	17.2.3	17.3.1
cspell	9.6.2	9.7.0
webpack	5.104.1	5.105.3
lint-staged	16.2.7	16.3.0
sass-loader	16.0.6	16.0.7
typescript-eslint	8.54.0	8.56.1
@stylistic/eslint-plugin	5.7.1	5.9.0

Updates @types/jquery from 3.5.33 to 4.0.0

Commits

• See full diff in compare view

Updates eslint from 9.39.2 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits

• 55122d6 10.0.2
• 80f1e29 Build: changelog update for 10.0.2
• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
• 98cbf6b docs: update migration guide per Program range change (#20534)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• Additional commits viewable in compare view

Updates dotenv from 17.2.3 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• 7bc16a4 17.3.1
• 27303fd update README-es
• 6379eb2 update README
• b6d7339 fix spelling
• 5febe35 17.3.0
• f61f383 changelog 🪵
• dec94ad update README
• 4856950 update README
• 6351887 update README
• 23bd017 update README
• Additional commits viewable in compare view

Updates cspell from 9.6.2 to 9.7.0

Release notes

Sourced from cspell's releases.

v9.7.0

Features

feat: Substitution Part 4 - enable substitutions during document check (#8630)

Pull request overview

This PR enables substitution-based text transformations during document spell checking, allowing configured text patterns to be replaced before validation occurs.

Changes:

• Added substitution transformer support to the text validation pipeline
• Enhanced SubstitutionTransformer to handle both string and MappedText inputs with source map merging
• Refactored settingsToValidateOptions to explicitly map all validation option fields

---

feat: Substitution Part 3 (#8616)

Pull request overview

This PR updates the SourceMap encoding/handling to use relative span-length pairs (instead of absolute offset pairs) so transformations can be composed more reliably, while updating affected parsers, mappers, and tests across the monorepo.

Changes:

• Redefines SourceMap documentation/usage to represent relative [srcSpanLen, dstSpanLen] segments (with non-linear segment semantics).
• Introduces new SourceMap utilities in cspell-lib and refactors TextMap/mapping code and tests to use them.
• Updates TypeScript grammar parsing/mappers to emit relative maps and adjusts fixtures/tests accordingly.

[!CAUTION] Internal breaking: SourceMaps are now span lengths instead of being offsets. This makes them invariant during translation, making concatenation, and slicing much easier. A minor version change was chosen instead of a major version change since it was only used with the experimental TypeScript parser.

---

feat: Substitution Part 2 (#8599)

Pull request overview

... (truncated)

Changelog

Sourced from cspell's changelog.

v9.7.0 (2026-02-23)

Features

feat: Substitution Part 4 - enable substitutions during document check (#8630)

Pull request overview

This PR enables substitution-based text transformations during document spell checking, allowing configured text patterns to be replaced before validation occurs.

Changes:

• Added substitution transformer support to the text validation pipeline
• Enhanced SubstitutionTransformer to handle both string and MappedText inputs with source map merging
• Refactored settingsToValidateOptions to explicitly map all validation option fields

---

feat: Substitution Part 3 (#8616)

Pull request overview

This PR updates the SourceMap encoding/handling to use relative span-length pairs (instead of absolute offset pairs) so transformations can be composed more reliably, while updating affected parsers, mappers, and tests across the monorepo.

Changes:

• Redefines SourceMap documentation/usage to represent relative [srcSpanLen, dstSpanLen] segments (with non-linear segment semantics).
• Introduces new SourceMap utilities in cspell-lib and refactors TextMap/mapping code and tests to use them.
• Updates TypeScript grammar parsing/mappers to emit relative maps and adjusts fixtures/tests accordingly.

[!CAUTION] Internal breaking: SourceMaps are now span lengths instead of being offsets. This makes them invariant during translation, making concatenation, and slicing much easier. A minor version change was chosen instead of a major version change since it was only used with the experimental TypeScript parser.

---

feat: Substitution Part 2 (#8599)

... (truncated)

Commits

• 48f64e0 v9.7.0
• d894739 chore: Prepare Release v9.7.0 (auto-deploy) (#8635)
• 143bfed chore: Prepare Release v9.7.0 (auto-deploy) (#8521)
• 20c13d3 ci: Workflow Bot -- Update ALL Dependencies (main) (#8614)
• d9ed169 fix: cspell-rpc - reduce the size of an RPC result. (#8574)
• 96b88e3 ci: Workflow Bot -- Update ALL Dependencies (main) (#8529)
• 26ef8e3 v9.6.4
• 17290fa chore: Prepare Release v9.6.4 (auto-deploy) (#8502)
• 57371df fix: add --no-dictionary option to lint command (#8514)
• cdf3f4d chore: Update README.md (#8509)
• Additional commits viewable in compare view

Updates webpack from 5.104.1 to 5.105.3

Release notes

Sourced from webpack's releases.

v5.105.3

Patch Changes

• Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

• Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

• Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

• Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

• Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

• Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

• Fix some types. (by @​alexander-akait in #20412)

• Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

• Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

• Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

• Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

• Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

v5.105.2

Patch Changes

• Fixed WebpackPluginInstance type regression. (by @​alexander-akait in #20440)

v5.105.1

Patch Changes

• Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @​xiaoxiaojx in #20424)

• Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @​hai-x in #20433)

• Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @​hai-x in #20433)

v5.105.0

Minor Changes

• Allow resolving worker module by export condition name when using new Worker() (by @​hai-x in #20353)

• Detect conditional imports to avoid compile-time linking errors for non-existent exports. (by @​hai-x in #20320)

• Added the tsconfig option for the resolver options (replacement for tsconfig-paths-webpack-plugin). Can be false (disabled), true (use the default tsconfig.json file to search for it), a string path to tsconfig.json, or an object with configFile and references options. (by @​alexander-akait in #20400)

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.3

Patch Changes

• Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

• Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

• Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

• Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

• Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

• Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

• Fix some types. (by @​alexander-akait in #20412)

• Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

• Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

• Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

• Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

• Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

5.105.2

Patch Changes

• Fixed WebpackPluginInstance type regression. (by @​alexander-akait in #20440)

5.105.1

Patch Changes

• Fix VirtualUrlPlugin Windows compatibility by sanitizing cache keys and filenames. Cache keys now use toSafePath to replace colons (:) with double underscores (__) and sanitize other invalid characters, ensuring compatibility with Windows filesystem restrictions. (by @​xiaoxiaojx in #20424)

• Revert part of the createRequire generation behavior for require("node:...") to keep compatibility with those modules exports, e.g. const EventEmitter = require("node:events");. (by @​hai-x in #20433)

• Skip guard collection when exports-presence mode is disabled to improve parsing performance. (by @​hai-x in #20433)

5.105.0

Minor Changes

• Allow resolving worker module by export condition name when using new Worker() (by @​hai-x in #20353)

... (truncated)

Commits

• 714a0e3 chore(release): new release (#20448)
• c323b39 chore(deps-dev): bump nyc from 17.1.0 to 18.0.0 (#20539)
• 8a01dfe refactor: deduplicate export presence logic in Harmony dependency classes (#2...
• b9fc7b3 chore(deps): bump test/test262-cases in the dependencies group (#20541)
• f8a5ac3 test: add coverage for nwjs exports condition and CSS modules with webworker ...
• 59bf024 test: add coverage for external script in EnvironmentNotSupportAsyncWarning (...
• 4c79ac2 test: add missing coverage for formatLocation and formatSize (#20534)
• 4f5c0a8 fix: mark asset module as side-effect-free when futureDefaults (#20535)
• 87987ca test: add test
• 67c5aae test: add configCase for ESM prefetch/preload under neutral target (#20524)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.

Updates lint-staged from 16.2.7 to 16.3.0

Release notes

Sourced from lint-staged's releases.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Changelog

Sourced from lint-staged's changelog.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Commits

• 9aa2cd7 chore(changeset): release
• 0c387bc test: make long-running task longer because of GitHub Actions slowness
• 87467aa refactor: detect incorrect brace expansion exhaustively
• dceabc6 ci: run npm audit in GitHub Actions
• d0e4c2a build(deps): update dependencies
• 93cf144 docs: add tip about lint-staged.sh
• 9809fee test: adjust integration test logging setup for concurrency
• cc432df feat: use tinyexec to spawn tasks
• feda37a feat: use tinyexec for Git commands
• e15178a docs: fix typos in example comments for environment variables (#1721)
• Additional commits viewable in compare view

Updates sass-loader from 16.0.6 to 16.0.7

Release notes

Sourced from sass-loader's releases.

v16.0.7

16.0.7 (2026-02-05)

Bug Fixes

• update peer dependency for @​rspack/core v2 (#1291) (24d12ec)

Changelog

Sourced from sass-loader's changelog.

16.0.7 (2026-02-05)

Bug Fixes

• update peer dependency for @​rspack/core v2 (#1291) (24d12ec)

Commits

• 694c8d9 chore(release): 16.0.7
• 147d6ab ci: lint fix (#1294)
• 24d12ec fix: update peer dependency for @​rspack/core v2 (#1291)
• 068201f docs: fix link (#1287)
• See full diff in compare view

Updates typescript-eslint from 8.54.0 to 8.56.1

Release notes

Sourced from typescript-eslint's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.55.0

8.55.0 (2026-02-09)

🚀 Features

• utils: deprecate defaultOptions in favor of meta.defaultOptions (#11992)

🩹 Fixes

• eslint-plugin: [no-unused-vars] remove trailing newline when removing entire import (#11990)
• eslint-plugin: [no-useless-default-assignment] require strictNullChecks (#11966, #12000)
• eslint-plugin: [no-useless-default-assignment] report unnecessary defaults in ternary expressions (#11984)
• eslint-plugin: [no-useless-default-assignment] reduce param index to ts this handling (#11949)
• typescript-estree: forbid invalid modifier in object expression (#11931)

❤️ Thank You

• Christian Rose @​chrros95
• fisker Cheung @​fisker
• Josh Goldberg
• Maria Solano @​MariaSolOs

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.56.1 (2026-02-23)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• fedfe86 chore(release): publish 8.55.0
• b931f8c chore: use workspace refs for workspace deps (#12018)
• 1f17a79 chore: migrate to pnpm (#11248)
• See full diff in compare view

Updates @stylistic/eslint-plugin from 5.7.1 to 5.9.0

Release notes

Sourced from @​stylistic/eslint-plugin's releases.

v5.9.0

5.9.0 (2026-02-19)

Features

• no-trailing-spaces: support more file types (#1138) (501e838)
• padding-line-between-statements: support selector-based statement matchers (#1134) (8f5cc9e)
• support ESLint 10 (#1066) (5d99706)
• update deps (#1141) (f29fcff)

Bug Fixes

• comma-dangle: check tsx file correctly (#1127) (271da42)
• comma-dangle: prevent crash when linting non-js files (#1140) (4a96eae)
• indent: ignore when source code is not ESTree (#1139) (9e7f422)
• no-extra-parens: don't report jsdoc type assertion by default (#1100) (cfb6296)
• object-curly-spacing: correctly handle object patterns with type annotations (#1129) (5aaaec6)

Chores

• lines-around-comment: improve extensibility of allow boundary checks (#1136) (18b961e)
• no-extra-parens: simplify fixer (#1133) (3504e1f)
• on-var-declaration-per-line: simplify fixer (#1132) (c827fde)

v5.8.0

5.8.0 (2026-02-09)

Features

• list-style: support if statement (#1119) (23b25ab)
• new rule jsx-props-style (#1118) (dc9cc1b)
• space-unary-ops: allow override ts-non-null (#1120) (faca500)
• upgrade deps (#1122) (773da95)

Bug Fixes

• list-style: correctly get ( for optional call expressions (#1114) (2090a72)

Changelog

Sourced from @​stylistic/eslint-plugin's changelog.

5.9.0 (2026-02-19)

Features

• no-trailing-spaces: support more file types (#1138) (501e838)
• padding-line-between-statements: support selector-based statement matchers (#1134) (8f5cc9e)
• support ESLint 10 (#1066) (5d99706)
• update deps (#1141) (f29fcff)

Bug Fixes

• comma-dangle: check tsx file correctly (#1127) (271da42)
• comma-dangle: prevent crash when linting non-js files (#1140) (4a96eae)
• indent: ignore when source code is not ESTree (#1139) (9e7f422)
• no-extra-parens: don't report jsdoc type assertion by default (#1100) (cfb6296)
• object-curly-spacing: correctly handle object patterns with type annotations (#1129) (5aaaec6)

Chores

• lines-around-comment: improve extensibility of allow boundary checks (#1136) (18b961e)
• no-extra-parens: simplify fixer (#1133) (3504e1f)
• on-var-declaration-per-line: simplify fixer (#1132) (c827fde)

5.8.0 (2026-02-09)

Features

• list-style: support if statement (#1119) (23b25ab)
• new rule jsx-props-style (#1118) (dc9cc1b)
• space-unary-ops: allow override ts-non-null (#1120) (faca500)
• upgrade deps (#1122) (

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml