Skip to content

chore(deps): bump the all-deps group in /templates/express-js with 12 updates#697

Closed
dependabot[bot] wants to merge 4 commits intomainfrom
dependabot/npm_and_yarn/templates/express-js/all-deps-1507178a63
Closed

chore(deps): bump the all-deps group in /templates/express-js with 12 updates#697
dependabot[bot] wants to merge 4 commits intomainfrom
dependabot/npm_and_yarn/templates/express-js/all-deps-1507178a63

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2026
edited by bryan-thompsoncodes
Loading

Manual fix: audit GHSA suppression

Dependabot's dependency bumps introduced transitive vulnerabilities from 3 upstream dependency chains. These are unfixable on our end — only the upstream maintainers can update their pinned transitive dependencies.

18 GHSAs suppressed across express (2), vitest (6), and @typespec/compiler (10). Full details including severity, dependency paths, and remediation TODOs are documented in AUDIT_EXCEPTIONS.md.

Original Dependabot description

Bumps the all-deps group in /templates/express-js with 12 updates:

Package From To
@eslint/js 9.39.2 9.39.4
@types/node 20.19.30 20.19.39
@typespec/compiler 1.5.0 1.11.0
@typespec/http 1.5.0 1.11.0
@typespec/json-schema 1.5.0 1.11.0
@typespec/openapi 1.5.0 1.11.0
@typespec/openapi3 1.5.0 1.11.0
@typespec/rest 0.75.0 0.81.0
@typespec/versioning 0.75.0 0.81.0
@vitest/eslint-plugin 1.6.6 1.6.15
eslint 9.39.2 9.39.4
typescript-eslint 8.54.0 8.58.1

@dependabot
chore(deps): bump the all-deps group
302cee9 
Bumps the all-deps group in /templates/express-js with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.39.2` | `9.39.4` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.30` | `20.19.39` |
| [@typespec/compiler](https://github.com/microsoft/typespec) | `1.5.0` | `1.11.0` |
| [@typespec/http](https://github.com/microsoft/typespec) | `1.5.0` | `1.11.0` |
| [@typespec/json-schema](https://github.com/microsoft/typespec) | `1.5.0` | `1.11.0` |
| [@typespec/openapi](https://github.com/microsoft/typespec) | `1.5.0` | `1.11.0` |
| [@typespec/openapi3](https://github.com/microsoft/typespec) | `1.5.0` | `1.11.0` |
| [@typespec/rest](https://github.com/microsoft/typespec) | `0.75.0` | `0.81.0` |
| [@typespec/versioning](https://github.com/microsoft/typespec) | `0.75.0` | `0.81.0` |
| [@vitest/eslint-plugin](https://github.com/vitest-dev/eslint-plugin-vitest) | `1.6.6` | `1.6.15` |
| [eslint](https://github.com/eslint/eslint) | `9.39.2` | `9.39.4` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.54.0` | `8.58.1` |


Updates `@eslint/js` from 9.39.2 to 9.39.4
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.4/packages/js)

Updates `@types/node` from 20.19.30 to 20.19.39
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typespec/compiler` from 1.5.0 to 1.11.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec-stable@1.5.0...typespec-stable@1.11.0)

Updates `@typespec/http` from 1.5.0 to 1.11.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec-stable@1.5.0...typespec-stable@1.11.0)

Updates `@typespec/json-schema` from 1.5.0 to 1.11.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec-stable@1.5.0...typespec-stable@1.11.0)

Updates `@typespec/openapi` from 1.5.0 to 1.11.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec-stable@1.5.0...typespec-stable@1.11.0)

Updates `@typespec/openapi3` from 1.5.0 to 1.11.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/typespec-stable@1.5.0...typespec-stable@1.11.0)

Updates `@typespec/rest` from 0.75.0 to 0.81.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/@typespec/rest@0.75.0...@typespec/rest@0.81.0)

Updates `@typespec/versioning` from 0.75.0 to 0.81.0
- [Release notes](https://github.com/microsoft/typespec/releases)
- [Commits](https://github.com/microsoft/typespec/compare/@typespec/versioning@0.75.0...@typespec/versioning@0.81.0)

Updates `@vitest/eslint-plugin` from 1.6.6 to 1.6.15
- [Release notes](https://github.com/vitest-dev/eslint-plugin-vitest/releases)
- [Commits](vitest-dev/eslint-plugin-vitest@v1.6.6...v1.6.15)

Updates `eslint` from 9.39.2 to 9.39.4
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.2...v9.39.4)

Updates `typescript-eslint` from 8.54.0 to 8.58.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.39.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: "@types/node"
  dependency-version: 20.19.39
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: "@typespec/compiler"
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: "@typespec/http"
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: "@typespec/json-schema"
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: "@typespec/openapi"
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: "@typespec/openapi3"
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: "@typespec/rest"
  dependency-version: 0.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: "@typespec/versioning"
  dependency-version: 0.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: "@vitest/eslint-plugin"
  dependency-version: 1.6.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: eslint
  dependency-version: 9.39.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: typescript-eslint
  dependency-version: 8.58.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 9, 2026
@github-actions github-actions bot added the typescript Issue or PR related to TypeScript tooling label Apr 9, 2026
This was referenced Apr 10, 2026
Closed
Merged
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 10, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/templates/express-js/all-deps-1507178a63 branch April 10, 2026 20:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file typescript Issue or PR related to TypeScript tooling

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bryan-thompsoncodes