update(deps-dev): bump eslint from 9.39.2 to 10.0.2

[dependabot]

Bumps eslint from 9.39.2 to 10.0.2.

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits

• 55122d6 10.0.2
• 80f1e29 Build: changelog update for 10.0.2
• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
• 98cbf6b docs: update migration guide per Program range change (#20534)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

[devin-ai-integration]

Devin Review found 3 potential issues.

[devin-ai-integration]

🟡 @eslint/js not bumped to v10 alongside eslint v10 major upgrade

The PR bumps eslint from ^9.39.2 to ^10.0.2 (a major version change) but leaves @eslint/js at ^9.39.2. These two packages are designed to be used in lockstep at the same major version.

Root Cause and Impact

ESLint 10's release notes explicitly include the commit chore: add eslint to peerDependencies of @eslint/js (#20467), meaning @eslint/js v10 now declares eslint as a peer dependency to enforce version alignment. Additionally, feat!: add name to configs (#20015) added name properties to built-in configs in @eslint/js v10 — the v9 configs used by this repo (js.configs.recommended at eslint.config.js:6) lack these names.

The lockfile confirms the mismatch: eslint resolves to 10.0.2 while @eslint/js resolves to 9.39.2. While the simple recommended-rules config in this repo may happen to work at runtime (since ESLint 10 didn't remove built-in rules), this is an unsupported version combination. It may cause issues with config naming/identification features new in ESLint 10, and could break on future minor updates of either package.

Fix: Bump @eslint/js in package.json from "^9.39.2" to "^10.0.2" to match the eslint major version.

Prompt for agents

In package.json, line 8, update @eslint/js from "^9.39.2" to "^10.0.2" to match the eslint major version bump. Then regenerate the package-lock.json by running npm install. The two packages are designed to be used at the same major version, and ESLint 10's @eslint/js adds peer dependency enforcement and config naming features that the v9 package lacks.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🚩 ESLint 10 Node.js engine requirement may affect CI

The lockfile shows ESLint 10 requires node: ^20.19.0 || ^22.13.0 || >=24. This is stricter than ESLint 9 which supported ^18.18.0 || ^20.9.0 || >=21.1.0. If any CI workflows or contributor machines run Node 18.x, npm install will fail or eslint will refuse to run. This isn't a code bug per se, but the reviewer should verify that all CI environments and the documented Node version meet this requirement.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

📝 Info: eslint-config-prettier remains compatible with ESLint 10

The lockfile shows eslint-config-prettier v10.1.8 declares peerDependencies: { eslint: '>=7.0.0' }, which covers ESLint 10. Since this package (eslint.config.js:7) only disables formatting rules and doesn't use any removed ESLint APIs, it remains fully compatible. No action needed.

---

Was this helpful? React with 👍 or 👎 to provide feedback.