chore(deps): bump the dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
axios	1.9.0	1.11.0
jose	5.10.0	6.0.12
@types/node	22.15.2	24.1.0
@typescript-eslint/eslint-plugin	8.31.0	8.38.0
jest	29.7.0	30.0.5
@types/jest	29.5.14	30.0.0
nock	14.0.4	14.0.8
ts-jest	29.3.2	29.4.1
typescript	5.8.3	5.9.2

Updates axios from 1.9.0 to 1.11.0

Release notes

Sourced from axios's releases.

Release v1.11.0

Release notes:

Bug Fixes

• form-data npm pakcage (#6970) (e72c193)
• prevent RangeError when using large Buffers (#6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

Release v1.10.0

Release notes:

Bug Fixes

• adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
• package: add module entry point for React Native; (#6933) (3d343b8)

Features

• types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

Changelog

Sourced from axios's changelog.

1.11.0 (2025-07-22)

Bug Fixes

• form-data npm pakcage (#6970) (e72c193)
• prevent RangeError when using large Buffers (#6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

1.10.0 (2025-06-14)

Bug Fixes

• adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
• package: add module entry point for React Native; (#6933) (3d343b8)

Features

• types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

Commits

• b76c4ac chore(release): v1.11.0 (#6974)
• e72c193 fix: form-data npm pakcage (#6970)
• 8517aa1 fix(types): resolve type discrepancies between ESM and CJS TypeScript declara...
• a2214ca fix: prevent RangeError when using large Buffers (#6961)
• 6161947 refactor: use spread operator instead of '.apply()' (#6938)
• a1d16dd refactor: use an object spread instead of Object.assign (#6939)
• 07183cd chore(sponsor): update sponsor block (#6952)
• ef36347 docs(CONTRIBUTING): update docs link for accuracy (#6894)
• b29bd6a chore(sponsor): update sponsor block (#6948)
• a406a93 chore(sponsor): update sponsor block (#6937)
• Additional commits viewable in compare view

Updates jose from 5.10.0 to 6.0.12

Release notes

Sourced from jose's releases.

v6.0.12

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

• createPublicKey is not a constructor (61ded78)
• update asn1.ts helper functions (b2b611c)

v6.0.11

Fixes

• typ checking edge-cases when it contains a slash (/) character (31e4baf)

v6.0.10

Refactor

• removed unused claims methods (74719cf)
• reorganize jwt claim set utils (1f12d88)

v6.0.9

Documentation

• add more symbol document, ignore ts-private fields (8b73687)
• bump typedoc (6163a8b)
• drop cdnjs links in README (a910038)
• drop denoland/x links in README and add jsr (3662b9e)
• fix key export links from docs/README.md (c8edfc2)

Refactor

• always assume structuredClone is present (f7898a9)
• hide internal private fields and drop ProduceJWT inheritance (ab18881)
• less objects when JWE JWT Replicated Header Parameters are used (c763a0e)

v6.0.8

Fixes

• export [customFetch] symbol from the default entrypoint (1615614), closes #762

v6.0.7

Documentation

• improve generate key/secret and import function descriptions (cd06359)

... (truncated)

Changelog

Sourced from jose's changelog.

6.0.12 (2025-07-15)

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

• createPublicKey is not a constructor (61ded78)
• update asn1.ts helper functions (b2b611c)

6.0.11 (2025-05-05)

Fixes

• typ checking edge-cases when it contains a slash (/) character (31e4baf)

6.0.10 (2025-03-12)

Refactor

• removed unused claims methods (74719cf)
• reorganize jwt claim set utils (1f12d88)

6.0.9 (2025-03-11)

Documentation

• add more symbol document, ignore ts-private fields (8b73687)
• bump typedoc (6163a8b)
• drop cdnjs links in README (a910038)
• drop denoland/x links in README and add jsr (3662b9e)
• fix key export links from docs/README.md (c8edfc2)

Refactor

• always assume structuredClone is present (f7898a9)
• hide internal private fields and drop ProduceJWT inheritance (ab18881)
• less objects when JWE JWT Replicated Header Parameters are used (c763a0e)

6.0.8 (2025-02-26)

... (truncated)

Commits

• 03f9940 chore(release): 6.0.12
• b2b611c refactor: update asn1.ts helper functions
• 61ded78 refactor: createPublicKey is not a constructor
• 6274d5a docs: mention the apu/apv parameter names in setKeyManagementParameters
• 2f44381 docs: update compact setKeyManagementParameters
• 746ca64 chore: bump packages
• e271ab6 chore: bump packages
• a67d67b chore: lock prettier until 3.6.0 issues with prettier-plugin-jsdoc get resolved
• 406797e ci: uninstall GitHubSecurityLab/actions-permissions
• 5e5e525 ci: uninstall GitHubSecurityLab/actions-permissions from build.yml
• Additional commits viewable in compare view

Updates @types/node from 22.15.2 to 24.1.0

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.31.0 to 8.38.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.38.0

8.38.0 (2025-07-21)

🚀 Features

• typescript-estree: forbid optional chain in TemplateTaggedLiteral (#11391)

🩹 Fixes

• disallow extra properties in rule options (#11397)
• eslint-plugin: [consistent-generic-constructors] resolve conflict with isolatedDeclarations if enabled in constructor option (#11351)
• typescript-eslint: infer tsconfigRootDir with v8 API (#11412)
• typescript-eslint: error on nested extends in tseslint.config() (#11361)
• typescript-estree: ensure the token type of the property name is Identifier (#11329)

❤️ Thank You

• Andrew Kazakov @​andreww2012
• Kirk Waiblinger @​kirkwaiblinger
• MK @​asdf93074
• tao
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

v8.37.0

8.37.0 (2025-07-14)

🚀 Features

• typescript-estree: infer tsconfigRootDir from call stack (#11370)

🩹 Fixes

• eslint-plugin: [unified-signatures] fix false positives for ignoreOverloadsWithDifferentJSDoc option (#11381)
• type-utils: add missing 'types' dependency to 'type-utils' (#11383)
• type-utils: handle namespaced exports in specifier matching (#11380)

❤️ Thank You

• Bill Collins
• Josh Goldberg ✨
• René @​Renegade334
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.36.0

8.36.0 (2025-07-07)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.38.0 (2025-07-21)

🩹 Fixes

• disallow extra properties in rule options (#11397)
• eslint-plugin: [consistent-generic-constructors] resolve conflict with isolatedDeclarations if enabled in constructor option (#11351)

❤️ Thank You

• Andrew Kazakov @​andreww2012
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

8.37.0 (2025-07-14)

🩹 Fixes

• eslint-plugin: [unified-signatures] fix false positives for ignoreOverloadsWithDifferentJSDoc option (#11381)

❤️ Thank You

• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

8.36.0 (2025-07-07)

This was a version bump only for eslint-plugin to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.35.1 (2025-06-30)

🩹 Fixes

• remove prettier from eslint-plugin (#11339)

❤️ Thank You

• Abhijeet Singh @​cseas

You can read about our versioning strategy and releases on our website.

8.35.0 (2025-06-23)

🚀 Features

• eslint-plugin: [no-base-to-string] add checkUnknown Option (#11128)

... (truncated)

Commits

• d11e79e chore(release): publish 8.38.0
• 5ec8c58 fix: disallow extra properties in rule options (#11397)
• 0e884c7 fix(eslint-plugin): [consistent-generic-constructors] resolve conflict with `...
• 816be17 chore(release): publish 8.37.0
• e1b310c fix(eslint-plugin): [unified-signatures] fix false positives for ignoreOverlo...
• 16c344e docs(website): remove stale list of checked expressions (#11384)
• 84b7a2e chore(release): publish 8.36.0
• d1388fc fix(eslint-plugin): [no-deprecated] should allow ignoring of deprecated value...
• 4a60d3e docs(eslint-plugin): [only-throw-error] document options (#11348)
• 1ca81c1 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.31.0 to 8.38.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.38.0

8.38.0 (2025-07-21)

🚀 Features

• typescript-estree: forbid optional chain in TemplateTaggedLiteral (#11391)

🩹 Fixes

• disallow extra properties in rule options (#11397)
• eslint-plugin: [consistent-generic-constructors] resolve conflict with isolatedDeclarations if enabled in constructor option (#11351)
• typescript-eslint: infer tsconfigRootDir with v8 API (#11412)
• typescript-eslint: error on nested extends in tseslint.config() (#11361)
• typescript-estree: ensure the token type of the property name is Identifier (#11329)

❤️ Thank You

• Andrew Kazakov @​andreww2012
• Kirk Waiblinger @​kirkwaiblinger
• MK @​asdf93074
• tao
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

v8.37.0

8.37.0 (2025-07-14)

🚀 Features

• typescript-estree: infer tsconfigRootDir from call stack (#11370)

🩹 Fixes

• eslint-plugin: [unified-signatures] fix false positives for ignoreOverloadsWithDifferentJSDoc option (#11381)
• type-utils: add missing 'types' dependency to 'type-utils' (#11383)
• type-utils: handle namespaced exports in specifier matching (#11380)

❤️ Thank You

• Bill Collins
• Josh Goldberg ✨
• René @​Renegade334
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.36.0

8.36.0 (2025-07-07)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.38.0 (2025-07-21)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.37.0 (2025-07-14)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.36.0 (2025-07-07)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.35.1 (2025-06-30)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.35.0 (2025-06-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.34.1 (2025-06-16)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.34.0 (2025-06-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.33.1 (2025-06-02)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.33.0 (2025-05-26)

... (truncated)

Commits

• d11e79e chore(release): publish 8.38.0
• 816be17 chore(release): publish 8.37.0
• 84b7a2e chore(release): publish 8.36.0
• e2ecca6 chore: fix issues introduced by updated nx configuration (#11230)
• f9bd7d8 chore(release): publish 8.35.1
• d19c9f3 chore(release): publish 8.35.0
• ccd0791 chore(release): publish 8.34.1
• 8915a47 chore(release): publish 8.34.0
• 936f350 chore(release): publish 8.33.1
• dca57b3 chore(release): publish 8.33.0
• Additional commits viewable in compare view

Updates jest from 29.7.0 to 30.0.5

Release notes

Sourced from jest's releases.

30.0.2

What's Changed

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#15689)
• [jest-util] Make garbage collection protection property writable (#15689)

Full Changelog: https://github.com/jestjs/jest/blob/main/CHANGELOG.md

Jest 30.0.1

What's Changed

Features

• [jest-resolver] Implement the defaultAsyncResolver (#15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#15683)
• [jest-environment-node, jest-util] Avoid setting globals cleanup protection symbol when feature is off (#15684)

Chore & Maintenance

• [*] Remove and deprecate jest-repl package (#15673)
• [jest-resolver] Replace custom isBuiltinModule with node's isBuiltin (#15685)

New Contributors

• @​vovkasm made their first contribution in jestjs/jest#15687

Full Changelog: https://github.com/jestjs/jest/blob/main/CHANGELOG.md

Jest 30

Today we are happy to announce the release of Jest 30. This release features a substantial number of changes, fixes, and improvements. While it is one of the largest major releases of Jest ever, we admit that three years for a major release is too long. In the future, we are aiming to make more frequent major releases to keep Jest great for the next decade.

If you want to skip all the news and just get going, run npm install jest@^30.0.0 and follow the migration guide: Upgrading from Jest 29 to 30.

Read the full blog post

Features

• [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
• [expect] Add ArrayOf asymmetric matcher for validating array elements. (#15567)
• [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#15164)
• [expect] Revert #15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#15508)
• [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #14315 (#14681)
• [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#14738)
• [jest-circus] Add a retryImmediately option to jest.retryTimes (#14696)
• [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#10962)
• [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#15145)

... (truncated)

Changelog

Sourced from jest's changelog.

30.0.5

Features

• [jest-config] Allow testMatch to take a string value
• [jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes

Fixes

• [expect] Fix bigint error (#15702)

30.0.4

Features

• [expect] The Inverse type is now exported (#15714)
• [expect] feat: support async functions in toBe (#15704)

Fixes

• [jest] jest --onlyFailures --listTests now correctly lists only failed tests (#15700)
• [jest-snapshot] Handle line endings in snapshots (#15708)

30.0.3

Fixes

• [jest-config] Fix ESM TS config loading in a CJS project (#15694)
• [jest-core] jest --onlyFailures --listTests now correctly lists only failed tests(#15700)

Features

• [jest-diff] Show non-printable control characters to diffs (#15696)

30.0.2

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#15689)
• [jest-util] Make garbage collection protection property writable (#15689)

30.0.1

Features

• [jest-resolver] Implement the defaultAsyncResolver (#15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#15683)

... (truncated)

Commits

• 22236cf v30.0.5
• f4296d2 v30.0.4
• d4a6c94 v30.0.3
• 393acbf v30.0.2
• 5ce865b v30.0.1
• 469f665 v30.0.0
• ce14203 v30.0.0-rc.1
• 0ab14ba v30.0.0-beta.9
• ac334c0 v30.0.0-beta.8
• 7c799e5 v30.0.0-beta.7
• Additional commits viewable in compare view

Updates @types/jest from 29.5.14 to 30.0.0

Commits

• See full diff in compare view

Updates nock from 14.0.4 to 14.0.8

Release notes

Sourced from nock's releases.

v14.0.8

14.0.8 (2025-08-01)

Bug Fixes

• ClientRequest: support http.Agent instances as agents for https requests (#2896) (e4390b8)

v14.0.7

14.0.7 (2025-07-26)

Bug Fixes

• address timeout issue with mocked timers (#2880) (fb112f3)

v14.0.6

14.0.6 (2025-07-19)

Bug Fixes

• upgrade interceptors (2bcaf0f)

v14.0.5

14.0.5 (2025-05-30)

Bug Fixes

• use of a fetch() recording that uses gzip compression is missing the headers, Possible EventEmitter memory leak when used together with MongoDBContainer (#2869) (90b2a04)

Commits

• e4390b8 fix(ClientRequest): support http.Agent instances as agents for https requests...
• fb112f3 fix: address timeout issue with mocked timers (#2880)
• 0db794b fix
• eeb0924 fix
• b77f865 test
• b4514ca fix
• 07647fb fix
• 2bcaf0f fix: upgrade interceptors
• cc0466c update contributing for new test runner (#2886)
• cedeafb docs: Explain workaround for ES module namespace imports (#2811)
• Additional commits viewable in compare view

Updates ts-jest from 29.3.2 to 29.4.1

Release notes

Sourced from ts-jest's releases.

v29.4.1

Please refer to CHANGELOG.md for details.

v29.4.0

Please refer to CHANGELOG.md for details.

v29.3.4

Please refer to CHANGELOG.md for details.

v29.3.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.1 (2025-08-03)

Bug Fixes

• fix: replace ejs with handlebars due to security issues (899c9b7), closes #4969

29.4.0 (2025-06-11)

Features

• feat: support Jest 30 (84e093e)

29.3.4 (2025-05-16)

Bug Fixes

• fix: fix TsJestTransformerOptions type (3b11e29), closes #4247
• fix(cli): fix wrong path for preset creator fns (249eb2c)
• fix(config): disable rewriteRelativeImportExtensions always (9b1f472), closes #4855

29.3.3 (2025-05-14)

Bug Fixes

• fix(cli): init config with preset creator functions (cdd3039), closes #4840
• fix(config): disable isolatedDeclarations (5d6b35f), closes #4847

Commits

• 9099745 chore(release): 29.4.1
• 9f0b9f2 build(deps): Update dependency @​types/handlebars to ^4.1.0
• 322a3c7 ci: add code scanning workflow
• 899c9b7 fix: replace ejs with handlebars due to security issues
• 953f239 build(deps): Update dependency memfs to ^4.36.0
• 8459897 build(deps): Update dependency memfs to ^4.35.0
• 3c41410 build(deps): Update dependency memfs to ^4.34.0
• d50ff1e build(deps): Update dependency memfs to ^4.32.0
• 5984f70 build(deps): Update dependency memfs to ^4.30.1
• 18b9665 build(deps): Update Jest packages to ^30.0.5
• Additional commits viewable in compare view

Updates typescript from 5.8.3 to 5.9.2

Release notes

Sourced from typescript's releases.

TypeScript 5.9

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

TypeScript 5.9 RC

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

• npm

TypeScript 5.9 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

• npm

Commits

• be86783 Give more specific errors for verbatimModuleSyntax (#62113)
• 22ef577 LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250714...
• d5a414c Don't use noErrorTruncation when printing types with maximumLength set (#...
• f14b5c8 Remove unused and confusing dom.iterable.d.ts file (#62037)
• 2778e84 Restore AbortSignal.abort (#62086)
• 65cb4bd LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250710...
• 9e20e03 Clear out checker-level stacks on pop (#62016)
• 87740bc Fix for Issue 61081 (#61221)
• 833a8d4 Fix Symbol completion priority and cursor positioning (#61945)
• 0018c9f LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250702...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jest@​29.7.0 ⏵ 30.0.5	+1		+1
	@​typescript-eslint/​parser@​8.31.0 ⏵ 8.39.0
	@​types/​jest@​29.5.14 ⏵ 30.0.0
	@​typescript-eslint/​eslint-plugin@​8.31.0 ⏵ 8.39.0	+1		+1
	@​types/​node@​22.15.2 ⏵ 24.2.0	+1		+1
	typescript@​5.8.3 ⏵ 5.9.2	+1		+1
	jose@​6.0.12
	ts-jest@​29.3.2 ⏵ 29.4.1				+5
	axios@​1.9.0 ⏵ 1.11.0	+1
	nock@​14.0.4 ⏵ 14.0.8	+1		+1	+2

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		[email protected] has a License Policy Violation. License: CC-BY-4.0 (npm metadata) License: CC-BY-4.0 (package/LICENSE) License: CC-BY-4.0 (package/package.json) From: package-lock.json → npm/[email protected] → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has a License Policy Violation. License: MIT-Khronos-old (package/ThirdPartyNoticeText.txt) License: CC-BY-4.0 (package/ThirdPartyNoticeText.txt) From: package-lock.json → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[rhamzeh]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.