chore(deps): bump the dependencies group in /pkg/js with 8 updates

[dependabot]

Bumps the dependencies group in /pkg/js with 8 updates:

Package	From	To
yaml	2.8.0	2.8.1
@jest/globals	29.7.0	30.0.5
@types/node	24.1.0	24.3.0
@typescript-eslint/eslint-plugin	8.38.0	8.39.1
@typescript-eslint/parser	8.38.0	8.39.1
jest	29.7.0	30.0.5
ts-jest	29.4.0	29.4.1
typescript	5.8.3	5.9.2

Updates yaml from 2.8.0 to 2.8.1

Release notes

Sourced from yaml's releases.

v2.8.1

• Preserve empty block literals (#634)

Commits

• 1dc3c3b 2.8.1
• 5bbb1cb chore: Add explicit jest-resolve@29 dev dependency to keep Node.js 15 compati...
• b3ba632 chore: Refresh lockfile
• de8a0ab fix: Preserve empty block literals (#634)
• 81eb3bf docs: Update site intro
• ef23196 docs: Update README & docs/CONTRIBUTING
• aa29f42 docs: Note that schema can be a Schema
• cad823e docs: Update instructions on vulnerability reporting
• See full diff in compare view

Updates @jest/globals from 29.7.0 to 30.0.5

Release notes

Sourced from @​jest/globals's releases.

30.0.2

What's Changed

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#15689)
• [jest-util] Make garbage collection protection property writable (#15689)

Full Changelog: https://github.com/jestjs/jest/blob/main/CHANGELOG.md

Jest 30.0.1

What's Changed

Features

• [jest-resolver] Implement the defaultAsyncResolver (#15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#15683)
• [jest-environment-node, jest-util] Avoid setting globals cleanup protection symbol when feature is off (#15684)

Chore & Maintenance

• [*] Remove and deprecate jest-repl package (#15673)
• [jest-resolver] Replace custom isBuiltinModule with node's isBuiltin (#15685)

New Contributors

• @​vovkasm made their first contribution in jestjs/jest#15687

Full Changelog: https://github.com/jestjs/jest/blob/main/CHANGELOG.md

Jest 30

Today we are happy to announce the release of Jest 30. This release features a substantial number of changes, fixes, and improvements. While it is one of the largest major releases of Jest ever, we admit that three years for a major release is too long. In the future, we are aiming to make more frequent major releases to keep Jest great for the next decade.

If you want to skip all the news and just get going, run npm install jest@^30.0.0 and follow the migration guide: Upgrading from Jest 29 to 30.

Read the full blog post

Features

• [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
• [expect] Add ArrayOf asymmetric matcher for validating array elements. (#15567)
• [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#15164)
• [expect] Revert #15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#15508)
• [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #14315 (#14681)
• [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#14738)
• [jest-circus] Add a retryImmediately option to jest.retryTimes (#14696)
• [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#10962)
• [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#15145)

... (truncated)

Changelog

Sourced from @​jest/globals's changelog.

30.0.5

Features

• [jest-config] Allow testMatch to take a string value
• [jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes

Fixes

• [expect] Fix bigint error (#15702)

30.0.4

Features

• [expect] The Inverse type is now exported (#15714)
• [expect] feat: support async functions in toBe (#15704)

Fixes

• [jest] jest --onlyFailures --listTests now correctly lists only failed tests (#15700)
• [jest-snapshot] Handle line endings in snapshots (#15708)

30.0.3

Fixes

• [jest-config] Fix ESM TS config loading in a CJS project (#15694)
• [jest-core] jest --onlyFailures --listTests now correctly lists only failed tests(#15700)

Features

• [jest-diff] Show non-printable control characters to diffs (#15696)

30.0.2

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#15689)
• [jest-util] Make garbage collection protection property writable (#15689)

30.0.1

Features

• [jest-resolver] Implement the defaultAsyncResolver (#15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#15683)

... (truncated)

Commits

• 22236cf v30.0.5
• f4296d2 v30.0.4
• d4a6c94 v30.0.3
• 393acbf v30.0.2
• 5ce865b v30.0.1
• 469f665 v30.0.0
• ce14203 v30.0.0-rc.1
• ac334c0 v30.0.0-beta.8
• 7c799e5 v30.0.0-beta.7
• 4f96449 v30.0.0-beta.6
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by cpojer, a new releaser for @​jest/globals since your current version.

Updates @types/node from 24.1.0 to 24.3.0

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.38.0 to 8.39.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.39.1

8.39.1 (2025-08-11)

🩹 Fixes

• typescript-eslint: handle file:// urls in stack trace when inferring tsconfigRootDir (#11464)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

v8.39.0

8.39.0 (2025-08-04)

🚀 Features

• update to TypeScript 5.9.2 (#11445)
• eslint-plugin: [naming-convention] add enumMember PascalCase default option (#11127)
• eslint-plugin: add no-unnecessary-type-conversion to strict-type-checked ruleset (#11427)
• eslint-plugin: [only-throw-error] support yield/await expressions (#11417)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] ignore check option for most RHS of a chain (#11272)
• eslint-plugin: [no-unsafe-assignment] add an unsafeObjectPattern message (#11403)

❤️ Thank You

• Brad Zacher @​bradzacher
• James Garbutt @​43081j
• Kim Sang Du @​developer-bandi
• Sasha Kondrashov
• tao
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.39.1 (2025-08-11)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.39.0 (2025-08-04)

🚀 Features

• eslint-plugin: [only-throw-error] support yield/await expressions (#11417)
• eslint-plugin: add no-unnecessary-type-conversion to strict-type-checked ruleset (#11427)
• update to TypeScript 5.9.2 (#11445)
• eslint-plugin: [naming-convention] add enumMember PascalCase default option (#11127)

🩹 Fixes

• eslint-plugin: [no-unsafe-assignment] add an unsafeObjectPattern message (#11403)
• eslint-plugin: [prefer-optional-chain] ignore check option for most RHS of a chain (#11272)

❤️ Thank You

• Brad Zacher @​bradzacher
• James Garbutt @​43081j
• Kim Sang Du @​developer-bandi
• Sasha Kondrashov
• tao
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Commits

• b2ee794 chore(release): publish 8.39.1
• fee2bc6 chore: update eslint-plugin-eslint-plugin (#11449)
• c98d513 chore(release): publish 8.39.0
• a8def4b fix(eslint-plugin): [no-unsafe-assignment] add an unsafeObjectPattern messa...
• 422e3e2 feat(eslint-plugin): [only-throw-error] support yield/await expressions (#11417)
• e901ad8 fix(eslint-plugin): revert #11127 (#11447)
• 8dc8340 feat(eslint-plugin): add no-unnecessary-type-conversion to strict-type-checke...
• 2112d58 feat: update to TypeScript 5.9.2 (#11445)
• b872e2b feat(eslint-plugin): [naming-convention] add enumMember PascalCase default op...
• 757f9ee fix(eslint-plugin): [prefer-optional-chain] ignore check option for most RH...
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.38.0 to 8.39.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.39.1

8.39.1 (2025-08-11)

🩹 Fixes

• typescript-eslint: handle file:// urls in stack trace when inferring tsconfigRootDir (#11464)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

v8.39.0

8.39.0 (2025-08-04)

🚀 Features

• update to TypeScript 5.9.2 (#11445)
• eslint-plugin: [naming-convention] add enumMember PascalCase default option (#11127)
• eslint-plugin: add no-unnecessary-type-conversion to strict-type-checked ruleset (#11427)
• eslint-plugin: [only-throw-error] support yield/await expressions (#11417)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] ignore check option for most RHS of a chain (#11272)
• eslint-plugin: [no-unsafe-assignment] add an unsafeObjectPattern message (#11403)

❤️ Thank You

• Brad Zacher @​bradzacher
• James Garbutt @​43081j
• Kim Sang Du @​developer-bandi
• Sasha Kondrashov
• tao
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.39.1 (2025-08-11)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.39.0 (2025-08-04)

🚀 Features

• update to TypeScript 5.9.2 (#11445)

❤️ Thank You

• Brad Zacher @​bradzacher

You can read about our versioning strategy and releases on our website.

Commits

• b2ee794 chore(release): publish 8.39.1
• c98d513 chore(release): publish 8.39.0
• 2112d58 feat: update to TypeScript 5.9.2 (#11445)
• See full diff in compare view

Updates jest from 29.7.0 to 30.0.5

Release notes

Sourced from jest's releases.

30.0.2

What's Changed

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#15689)
• [jest-util] Make garbage collection protection property writable (#15689)

Full Changelog: https://github.com/jestjs/jest/blob/main/CHANGELOG.md

Jest 30.0.1

What's Changed

Features

• [jest-resolver] Implement the defaultAsyncResolver (#15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#15683)
• [jest-environment-node, jest-util] Avoid setting globals cleanup protection symbol when feature is off (#15684)

Chore & Maintenance

• [*] Remove and deprecate jest-repl package (#15673)
• [jest-resolver] Replace custom isBuiltinModule with node's isBuiltin (#15685)

New Contributors

• @​vovkasm made their first contribution in jestjs/jest#15687

Full Changelog: https://github.com/jestjs/jest/blob/main/CHANGELOG.md

Jest 30

Today we are happy to announce the release of Jest 30. This release features a substantial number of changes, fixes, and improvements. While it is one of the largest major releases of Jest ever, we admit that three years for a major release is too long. In the future, we are aiming to make more frequent major releases to keep Jest great for the next decade.

If you want to skip all the news and just get going, run npm install jest@^30.0.0 and follow the migration guide: Upgrading from Jest 29 to 30.

Read the full blog post

Features

• [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
• [expect] Add ArrayOf asymmetric matcher for validating array elements. (#15567)
• [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#15164)
• [expect] Revert #15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#15508)
• [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #14315 (#14681)
• [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#14738)
• [jest-circus] Add a retryImmediately option to jest.retryTimes (#14696)
• [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#10962)
• [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#15145)

... (truncated)

Changelog

Sourced from jest's changelog.

30.0.5

Features

• [jest-config] Allow testMatch to take a string value
• [jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes

Fixes

• [expect] Fix bigint error (#15702)

30.0.4

Features

• [expect] The Inverse type is now exported (#15714)
• [expect] feat: support async functions in toBe (#15704)

Fixes

• [jest] jest --onlyFailures --listTests now correctly lists only failed tests (#15700)
• [jest-snapshot] Handle line endings in snapshots (#15708)

30.0.3

Fixes

• [jest-config] Fix ESM TS config loading in a CJS project (#15694)
• [jest-core] jest --onlyFailures --listTests now correctly lists only failed tests(#15700)

Features

• [jest-diff] Show non-printable control characters to diffs (#15696)

30.0.2

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#15689)
• [jest-util] Make garbage collection protection property writable (#15689)

30.0.1

Features

• [jest-resolver] Implement the defaultAsyncResolver (#15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#15683)

... (truncated)

Commits

• 22236cf v30.0.5
• f4296d2 v30.0.4
• d4a6c94 v30.0.3
• 393acbf v30.0.2
• 5ce865b v30.0.1
• 469f665 v30.0.0
• ce14203 v30.0.0-rc.1
• 0ab14ba v30.0.0-beta.9
• ac334c0 v30.0.0-beta.8
• 7c799e5 v30.0.0-beta.7
• Additional commits viewable in compare view

Updates ts-jest from 29.4.0 to 29.4.1

Release notes

Sourced from ts-jest's releases.

v29.4.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.1 (2025-08-03)

Bug Fixes

• fix: replace ejs with handlebars due to security issues (899c9b7), closes #4969

Commits

• 9099745 chore(release): 29.4.1
• 9f0b9f2 build(deps): Update dependency @​types/handlebars to ^4.1.0
• 322a3c7 ci: add code scanning workflow
• 899c9b7 fix: replace ejs with handlebars due to security issues
• 953f239 build(deps): Update dependency memfs to ^4.36.0
• 8459897 build(deps): Update dependency memfs to ^4.35.0
• 3c41410 build(deps): Update dependency memfs to ^4.34.0
• d50ff1e build(deps): Update dependency memfs to ^4.32.0
• 5984f70 build(deps): Update dependency memfs to ^4.30.1
• 18b9665 build(deps): Update Jest packages to ^30.0.5
• Additional commits viewable in compare view

Updates typescript from 5.8.3 to 5.9.2

Release notes

Sourced from typescript's releases.

TypeScript 5.9

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

TypeScript 5.9 RC

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

• npm

TypeScript 5.9 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

• npm

Commits

• be86783 Give more specific errors for verbatimModuleSyntax (#62113)
• 22ef577 LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250714...
• d5a414c Don't use noErrorTruncation when printing types with maximumLength set (#...
• f14b5c8 Remove unused and confusing dom.iterable.d.ts file (#62037)
• 2778e84 Restore AbortSignal.abort (#62086)
• 65cb4bd LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250710...
• 9e20e03 Clear out checker-level stacks on pop (#62016)
• 87740bc Fix for Issue 61081 (#61221)
• 833a8d4 Fix Symbol completion priority and cursor positioning (#61945)
• 0018c9f LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250702...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​jest/​globals@​29.7.0 ⏵ 30.1.2	+1		+1
	npm/​jest@​29.7.0 ⏵ 30.1.3	+1		+1
	npm/​@​typescript-eslint/​parser@​8.38.0 ⏵ 8.44.0
	npm/​@​typescript-eslint/​eslint-plugin@​8.38.0 ⏵ 8.44.0	+1		+1
	npm/​@​types/​node@​24.1.0 ⏵ 24.5.2	+1		+2	+1
	npm/​yaml@​2.8.0 ⏵ 2.8.1
	npm/​typescript@​5.8.3 ⏵ 5.9.2	+1		+1
	npm/​ts-jest@​29.4.0 ⏵ 29.4.4	+1		+1	+3

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		npm/[email protected] has a License Policy Violation. License: MIT-Khronos-old (package/ThirdPartyNoticeText.txt) License: CC-BY-4.0 (package/ThirdPartyNoticeText.txt) From: pkg/js/package-lock.json → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[rhamzeh]

We have been avoiding it for the longest time but we should discuss dropping support for node < 18 and possibly node < 20.

This would allow us to:

• Use newer versions of test dependencies
• Make use of newer language features and possibly drop some of the test dependencies we use

https://nodejs.org/en/about/previous-releases

cc @dyeam0 @aaguiarz FYI

[dyeam0]

Definitely in favor of dropping Node 18. We can probably wait on Node 20 until it gets closer to the end of maintenance at the end of April 2026.

[rhamzeh]

We can probably wait on Node 20 until it gets closer to the end of maintenance at the end of April 2026.

Yeah - not advocating for dropping 20, 16 mainly and 18 if all OK with it.

We should also work on publicizing our support policy