Skip to content

chore(deps-dev): Bump the npm group with 2 updates#32

Merged
wochinge merged 2 commits into
mainfrom
dependabot/npm_and_yarn/npm-b87da55d04
May 12, 2026
Merged

chore(deps-dev): Bump the npm group with 2 updates#32
wochinge merged 2 commits into
mainfrom
dependabot/npm_and_yarn/npm-b87da55d04

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026

Bumps the npm group with 2 updates: @langfuse/client and eslint.

Updates @langfuse/client from 5.3.0-beta.0 to 5.3.0

Release notes

Sourced from @​langfuse/client's releases.

v5.3.0

What's Changed

Full Changelog: langfuse/langfuse-js@v5.2.0...v5.3.0

Commits

Updates eslint from 10.2.1 to 10.3.0

Release notes

Sourced from eslint's releases.

v10.3.0

Features

  • 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

  • b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

  • 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
  • 7f47937 docs: Update README (GitHub Actions Bot)

Chores

  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)
  • 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818) (Josh Goldberg ✨)
  • 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815) (dependabot[bot])
  • 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811) (renovate[bot])
  • 2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#20810) (renovate[bot])
  • 77add7f chore: add initial ecosystem plugin tests workflow (#19643) (Josh Goldberg ✨)
  • 4023b55 test: Add unit tests for SuppressionsService.prune() (#20797) (kuldeep kumar)
  • 54080da test: add unit tests for ForkContext (#20778) (kuldeep kumar)
  • f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#20765) (kuldeep kumar)
  • a7f0b94 chore: update dependency prettier to v3.8.3 (#20782) (renovate[bot])
  • 7bf93d9 chore: update TypeScript to v6 (#20677) (sethamus)
  • b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#20781) (dependabot[bot])
  • 2b252be test: add unit tests for IdGenerator (#20775) (kuldeep kumar)
Commits
  • 7889204 10.3.0
  • 5b69b4f Build: changelog update for 10.3.0
  • d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826)
  • b6ae5cf fix: handle unavailable require cache (#20812)
  • 3ffb14e chore: clean up typos in comments and JSDoc (#20821)
  • 6fb3685 fix: rule suggestions cause continuation in class body (#20787)
  • 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818)
  • 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815)
  • 379571a feat: add suggestions for no-unused-private-class-members (#20773)
  • 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): Bump the npm group with 2 updates
5280048 
Bumps the npm group with 2 updates: [@langfuse/client](https://github.com/langfuse/langfuse-js/tree/HEAD/packages/client) and [eslint](https://github.com/eslint/eslint).


Updates `@langfuse/client` from 5.3.0-beta.0 to 5.3.0
- [Release notes](https://github.com/langfuse/langfuse-js/releases)
- [Changelog](https://github.com/langfuse/langfuse-js/blob/main/CHANGELOG.md)
- [Commits](https://github.com/langfuse/langfuse-js/commits/v5.3.0/packages/client)

Updates `eslint` from 10.2.1 to 10.3.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.2.1...v10.3.0)

---
updated-dependencies:
- dependency-name: "@langfuse/client"
  dependency-version: 5.3.0
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: eslint
  dependency-version: 10.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 11, 2026
claude[bot]
claude Bot reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, straightforward dependabot bump of two devDependencies (@langfuse/client beta→stable and eslint patch-level minor).

Extended reasoning...

Overview

This PR bumps two devDependencies via dependabot: @langfuse/client from 5.3.0-beta.0 → 5.3.0 (beta → stable release of the same minor version) and eslint from ^10.2.1 → ^10.3.0 (minor bump). Only package.json and pnpm-lock.yaml are touched, and the lockfile changes are mechanical re-resolutions consistent with the package.json updates.

Security risks

Minimal. Both packages are well-known and trusted upstream sources (langfuse and eslint), and the changes only affect dev-time tooling — neither dependency is in the dependencies block, so they are not bundled into the production action artifact. Integrity hashes are updated in the lockfile as expected.

Level of scrutiny

Low. This is a routine dependency bump PR with no logic changes. The @langfuse/client change is effectively pinning to a stable release of an already-vetted beta. The eslint change is a minor version bump with only feature additions, bug fixes, and chores per the release notes — no breaking changes flagged.

Other factors

No bugs were flagged by the bug hunting system. No prior reviewer comments are outstanding. The PR is self-contained and reversible.

@wochinge @claude
chore(deps): refresh dist and patch fast-uri
c8643f3 
Co-Authored-By: Codex Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

Experiment Results: a98c17a

Experiment Status Actions
Uppercase (py) ✅ Pass View GitHub Action Run · View in Langfuse
Uppercase (ts) ✅ Pass View GitHub Action Run · View in Langfuse
Mixed dir (node) ✅ Pass View GitHub Action Run · View in Langfuse
Mixed dir (python) ✅ Pass View GitHub Action Run · View in Langfuse
Regression fixture ❌ Regression View GitHub Action Run · View in Langfuse

Details

✅ Uppercase (py) (Source)
Score Value
avg_accuracy 1.000
Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000
✅ Uppercase (ts) (Source)
Score Value
avg_accuracy 1.000
Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000
✅ Mixed dir (node) (Source)
Score Value
avg_accuracy 1.000
Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000
✅ Mixed dir (python) (Source)
Score Value
avg_accuracy 1.000
Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000
❌ Regression fixture (Source)

RegressionError: synthetic regression triggered by e2e fixture

Item results (3)
Item Input Expected Output exact_match
1 langfuse LANGFUSE LANGFUSE 1.000
2 world WORLD WORLD 1.000
3 hello HELLO HELLO 1.000

@wochinge wochinge enabled auto-merge (squash) May 12, 2026 09:15
@wochinge wochinge disabled auto-merge May 12, 2026 09:20
@wochinge wochinge merged commit a9449af into main May 12, 2026
11 checks passed
@wochinge wochinge deleted the dependabot/npm_and_yarn/npm-b87da55d04 branch May 12, 2026 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wochinge