chore(deps-dev): bump the development-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the development-dependencies group with 9 updates in the / directory:

Package	From	To
@changesets/changelog-github	0.6.0	0.7.0
@changesets/cli	2.30.0	2.31.0
@stylistic/stylelint-plugin	5.1.0	5.2.0
@types/node	25.5.2	26.0.0
eslint-plugin-jsdoc	62.9.0	63.0.7
pkg-ok	3.0.0	4.0.0
stylelint	17.6.0	17.13.0
undici	8.0.2	8.5.0
vite	8.0.16	8.1.0

Updates @changesets/changelog-github from 0.6.0 to 0.7.0

Release notes

Sourced from @​changesets/changelog-github's releases.

@​changesets/changelog-github@​0.7.0

Minor Changes

• #1255 94578cf Thanks @​Kauhsa! - Added disableThanks option

Commits

• d1ef2d8 Version Packages (#1950)
• 7af5876 Restrict publish job to the npm env (#1972)
• ff767d2 Sync config-file-options documentation with schema.json and source code (#1683)
• 951094b fix: pin 2 unpinned action(s) (#1915)
• 94578cf Added disableThanks option (#1255)
• d87334d Support dark mode banner in readme (#1943)
• 87472a7 Update .vscode/settings.json (#1944)
• 317a373 Disable publish_pr job
• 9cce6db Version Packages (#1897)
• d2121dc Fix npm auth for path-based registries during publish by preserving configure...
• Additional commits viewable in compare view

Updates @changesets/cli from 2.30.0 to 2.31.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.31.0

Minor Changes

• #1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

• #1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

• d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

• #1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

• #1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

• #1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

• Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

  • @​changesets/assemble-release-plan@​6.0.10
  • @​changesets/get-dependents-graph@​2.1.4
  • @​changesets/apply-release-plan@​7.1.1
  • @​changesets/get-release-plan@​4.0.16
  • @​changesets/config@​3.1.4

Commits

• 9cce6db Version Packages (#1897)
• d2121dc Fix npm auth for path-based registries during publish by preserving configure...
• 036fdd4 Fix several changeset version issues with workspace protocol dependencies (...
• 5c4731f Gracefully handle stale npm info data leading to duplicate publish attempts...
• 96ca062 Error on unsupported flags for individual CLI commands (#1889)
• 42943b7 fix(cli): respond to --help on all subcommands (#1873)
• f61e716 Improved detection for published state of prerelease-only packages without ...
• See full diff in compare view

Updates @stylistic/stylelint-plugin from 5.1.0 to 5.2.0

Release notes

Sourced from @​stylistic/stylelint-plugin's releases.

Release v5.2.0

Added

• The declaration-block-semicolon-newline-before rule is now autofixable.

Fixed

• An exception for an empty custom property value has been added to the declaration-block-semicolon-newline-before and declaration-colon-space-after rules: the --custom-prop: ; and --custom-prop:; variants are now considered valid (see #50).

Changelog

Sourced from @​stylistic/stylelint-plugin's changelog.

[5.2.0] — 2026–05–20

Added

• The declaration-block-semicolon-newline-before rule is now autofixable.

Fixed

• An exception for an empty custom property value has been added to the declaration-block-semicolon-newline-before and declaration-colon-space-after rules: the --custom-prop: ; and --custom-prop:; variants are now considered valid (see #50).

Commits

• 19b1128 5.2.0
• 555c336 Add Makefile
• 6734a82 Add more colors to GitHub CI
• 21caa34 Upgrade pnpm to 11 version
• b57ac70 Add integration test for empty custom property
• c9de629 Add an exception to declaration-colon-space-after related to an empty custo...
• b77b3ca Make declaration-block-semicolon-newline-before rule autofixable
• 71b2694 Add an exception to declaration-block-semicolon-newline-before related to a...
• ab47833 Remove pretest hook
• a4146bd Fix pre-commit hook
• Additional commits viewable in compare view

Updates @types/node from 25.5.2 to 26.0.0

Commits

• See full diff in compare view

Updates eslint-plugin-jsdoc from 62.9.0 to 63.0.7

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v63.0.7

63.0.7 (2026-06-21)

Bug Fixes

• no-undefined-types: predefine Iterable/Iterator types; fixes #1712 (804a13d)

v63.0.6

63.0.6 (2026-06-17)

Bug Fixes

• iterateAllJsdocs free comments after each file (ebe0d08)

v63.0.5

63.0.5 (2026-06-17)

Bug Fixes

• no-undefined-types: check descendant scopes for variables; fixes #1704 (a50f71f)

v63.0.4

63.0.4 (2026-06-16)

Bug Fixes

• ensure tsModule check can catch multiple modules (b993425)

v63.0.3

63.0.3 (2026-06-16)

Bug Fixes

• no-undefined-types: treat TS module vars as defined; fixes #1701 (d8f4738)

v63.0.2

63.0.2 (2026-06-06)

Bug Fixes

• allow typedef returns that may be void; fixes #1390 (#1699) (319e84b)

v63.0.1

63.0.1 (2026-06-01)

... (truncated)

Commits

• 804a13d fix(no-undefined-types): predefine Iterable/Iterator types; fixes #1712
• ebe0d08 fix: iterateAllJsdocs free comments after each file
• a50f71f fix(no-undefined-types): check descendant scopes for variables; fixes #1704
• b993425 fix: ensure tsModule check can catch multiple modules
• d8f4738 fix(no-undefined-types): treat TS module vars as defined; fixes #1701
• 50a7fbc chore: update semver and devDeps.
• 6041995 docs: fix in output
• 319e84b fix: allow typedef returns that may be void; fixes #1390 (#1699)
• 938a1f0 fix(empty-tags): preserve start and ending delimiters to avoid erros with s...
• 1f857a9 chore: update jsdoccomment, comment-parser, object-deep-merge, semver, devDeps.
• Additional commits viewable in compare view

Updates pkg-ok from 3.0.0 to 4.0.0

Changelog

Sourced from pkg-ok's changelog.

4.0.0

• Require Node 20, 22, or 24

Commits

• c4bf4e9 Merge pull request #173 from abraham/copilot/remove-husky-package
• b5b9ad6 chore: remove husky and pre-commit hook
• 8ed0ae6 Merge pull request #171 from abraham/abraham-patch-1
• 65a7813 Initial plan
• 4ad7c3e npm run format
• 0ecc782 Add GitHub Actions workflow to publish package
• 41718cd Merge pull request #170 from abraham/abraham-patch-1
• cae00cb Bump version from 3.0.0 to 4.0.0
• b24240c Revise Node.js support in CHANGELOG
• e420bf1 Merge pull request #168 from abraham/copilot/update-meow-to-v14
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for pkg-ok since your current version.

Updates stylelint from 17.6.0 to 17.13.0

Release notes

Sourced from stylelint's releases.

17.13.0

It fixes 3 bugs, including a false negative one.

• Fixed: declaration-block-no-duplicate-properties false negatives for interleaved non-consecutive duplicates with ignore: ["consecutive-duplicates(-*)"] (#9324) (@​sarathfrancis90).
• Fixed: selector-max-type false positives for nested selectors (#9319) (@​romainmenke).
• Fixed: selector-type-no-unknown false positives for install (#9308) (@​Mouvedia).

17.12.0

It fixes 3 bugs, including a false negative one.

• Fixed: block-no-empty reported range when using comments (#9294) (@​romainmenke).
• Fixed: declaration-property-value-no-unknown false negatives for custom properties defined in reference files (#9292) (@​romainmenke).
• Fixed: value-keyword-layout-mappings false positives for caption-side (#9293) (@​romainmenke).

17.11.1

It fixes 2 bugs.

• Fixed: node_modules ignore for codeFilename paths containing a dot-prefixed directory (#9282) (@​tuhtah).
• Fixed: declaration-block-no-redundant-longhand-properties range for contiguous redundant longhand properties (#9273) (@​pamelalozano16).

17.11.0

It adds 2 features, including a loader property to referenceFiles: {} for when the order of appearance in the reference styles matters.

• Added: loader to experimental referenceFiles: {} (#9251) (@​romainmenke).
• Added: autofixed to the result object (#8771) (@​Rob--W).

17.10.0

It adds 3 rules and fixes 4 bugs. You can use the *-layout-mappings rules to enforce logical or physical properties, units and keywords.

• Added: selector-no-invalid rule (#9232) (@​jeddy3).
• Added: unit-layout-mappings rule (#9229) (@​jeddy3).
• Added: value-keyword-layout-mappings rule (#9233) (@​jeddy3).
• Fixed: inconsistent error messages when module is not found (#9260) (@​ybiquitous).
• Fixed: property-layout-mappings false negatives for property names in declaration values (#9222) (@​jeddy3).
• Fixed: property-layout-mappings false positives for @page properties (#9223) (@​jeddy3).
• Fixed: selector-pseudo-class-no-unknown false positives for nested webkit-scrollbar part (#9259) (@​rkdfx).

17.9.1

It fixes 4 bugs. We also documented the messageArgs each rule provides to the message configuration property.

• Fixed: ConfigurationError regression for custom syntaxes (#9245) (@​jeddy3).
• Fixed: MD5 hash algorithm to SHA256 for caching (#9241) (@​rkdfx).
• Fixed: property-no-deprecated autofix for page-break-*: always (#9214) (@​rkdfx).
• Fixed: selector-no-deprecated false positives for ::part() (#9227) (@​SaekiTominaga).

17.9.0

It adds 3 new features. Adding the referenceFiles property to your configuration object makes the no-unknown-animations, no-unknown-custom-media and no-unknown-custom-properties rules more useful.

• Added: experimental referenceFiles to configuration object (#9179) (@​jeddy3).
• Added: experimental abortSignal option to Node.js API for cancellation support (#9213) (@​adalinesimonian).

... (truncated)

Changelog

Sourced from stylelint's changelog.

17.13.0 - 2026-06-06

It fixes 3 bugs, including a false negative one.

• Fixed: declaration-block-no-duplicate-properties false negatives for interleaved non-consecutive duplicates with ignore: ["consecutive-duplicates(-*)"] (#9324) (@​sarathfrancis90).
• Fixed: selector-max-type false positives for nested selectors (#9319) (@​romainmenke).
• Fixed: selector-type-no-unknown false positives for install (#9308) (@​Mouvedia).

17.12.0 - 2026-05-20

It fixes 3 bugs, including a false negative one.

• Fixed: block-no-empty reported range when using comments (#9294) (@​romainmenke).
• Fixed: declaration-property-value-no-unknown false negatives for custom properties defined in reference files (#9292) (@​romainmenke).
• Fixed: value-keyword-layout-mappings false positives for caption-side (#9293) (@​romainmenke).

17.11.1 - 2026-05-14

It fixes 2 bugs.

• Fixed: node_modules ignore for codeFilename paths containing a dot-prefixed directory (#9282) (@​tuhtah).
• Fixed: declaration-block-no-redundant-longhand-properties range for contiguous redundant longhand properties (#9273) (@​pamelalozano16).

17.11.0 - 2026-05-05

It adds 2 features, including a loader property to referenceFiles: {} for when the order of appearance in the reference styles matters.

• Added: loader to experimental referenceFiles: {} (#9251) (@​romainmenke).
• Added: autofixed to the result object (#8771) (@​Rob--W).

17.10.0 - 2026-05-03

It adds 3 rules and fixes 4 bugs. You can use the *-layout-mappings rules to enforce logical or physical properties, units and keywords.

• Added: selector-no-invalid rule (#9232) (@​jeddy3).
• Added: unit-layout-mappings rule (#9229) (@​jeddy3).
• Added: value-keyword-layout-mappings rule (#9233) (@​jeddy3).
• Fixed: inconsistent error messages when module is not found (#9260) (@​ybiquitous).
• Fixed: property-layout-mappings false negatives for property names in declaration values (#9222) (@​jeddy3).
• Fixed: property-layout-mappings false positives for @page properties (#9223) (@​jeddy3).
• Fixed: selector-pseudo-class-no-unknown false positives for nested webkit-scrollbar part (#9259) (@​rkdfx).

17.9.1 - 2026-04-27

It fixes 4 bugs. We also documented the messageArgs each rule provides to the message configuration property.

• Fixed: ConfigurationError regression for custom syntaxes (#9245) (@​jeddy3).
• Fixed: MD5 hash algorithm to SHA256 for caching (#9241) (@​rkdfx).
• Fixed: property-no-deprecated autofix for page-break-*: always (#9214) (@​rkdfx).
• Fixed: selector-no-deprecated false positives for ::part() (#9227) (@​SaekiTominaga).

... (truncated)

Commits

• 7fcee2b Release 17.13.0 (#9342)
• 3b7287b Refactor to reuse shared utilities (#9337)
• 8e889c3 Bump lint-staged from 17.0.4 to 17.0.5 (#9334)
• a74aab4 Bump the stylelint-actions group with 5 updates (#9333)
• 74c6448 Fix declaration-block-no-duplicate-properties false negatives for interleav...
• 1cd26ac Skip changeset verification on fork PRs CI (#9331)
• 712b986 Fix vulnerable dependencies via npm audit fix (#9328)
• 27196b7 Fix CI badge in README.md (#9329)
• 179bba2 Refactor to use @import over @typedef for simple imports (#9326)
• 94eab54 Document using our PR template (#9327)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates undici from 8.0.2 to 8.5.0

Release notes

Sourced from undici's releases.

v8.5.0

⚠️ Security Release

This release line addresses 8 security advisories. Most are fixed in v8.5.0; the SOCKS5 pool-reuse issue was fixed earlier in v8.2.0.

Action required: Upgrade to undici 8.5.0 or later.

npm install undici@^8.5.0

Summary

Advisory	CVE	Severity (CVSS)	Fixed in	Fix commit
GHSA-vxpw-j846-p89q	CVE-2026-12151	High (7.5)	8.5.0	32dbf0b3
GHSA-38rv-x7px-6hhq	CVE-2026-9675	High (7.5)	8.5.0	b4c287b3
GHSA-vmh5-mc38-953g	CVE-2026-9697	High (7.4)	8.5.0	42d49559
GHSA-hm92-r4w5-c3mj	CVE-2026-6734	High (7.5)	8.2.0	a516f870
GHSA-pr7r-676h-xcf6	CVE-2026-9678	Moderate (5.9)	8.5.0	cb105d7c
GHSA-p88m-4jfj-68fv	CVE-2026-9679	Moderate (5.9)	8.5.0	5655ea43
GHSA-g8m3-5g58-fq7m	CVE-2026-11525	Low (3.7)	8.5.0	5655ea43
GHSA-35p6-xmwp-9g52	CVE-2026-6733	Low (3.7)	8.5.0	6ea54ef8

---

High severity

WebSocket DoS via fragment count bypass — CVE-2026-12151

GHSA-vxpw-j846-p89q · CWE-400, CWE-770 Fix: 32dbf0b3 websocket: limit the number of fragments in a message (also c5ed7875 handle empty fragments and stream limits)

A malicious WebSocket server can stream a large number of small or empty continuation frames. Undici enforced a limit on cumulative payload size but did not limit the number of fragments per message, leading to unbounded memory growth and denial of service.

• Affected: applications using new WebSocket(...) or WebSocketStream against untrusted endpoints.
• Workaround: none — upgrade is required.

WebSocket DoS via cumulative fragment bypass — CVE-2026-9675

GHSA-38rv-x7px-6hhq · CWE-400, CWE-770 Fix: b4c287b3 fix(websocket): enforce max payload size across fragments

Undici validated the size of individual frames but did not track cumulative size across a fragmented message. An attacker could send many small fragments that each pass per-frame validation but collectively exceed the configured limit, causing memory exhaustion. This is a regression introduced in 8.1.0 (the

... (truncated)

Commits

• a0806e1 Bumped v8.5.0 (#5429)
• 8a0392c test: detect available python command in wpt runner (#5427)
• f4045b9 ci: increase Node.js workflow timeout (#5426)
• 363e44f chore: removed repro-h2-pipelining-default.mjs and lint (#5420)
• c5ed787 websocket: handle empty fragments and stream limits
• e114e77 align EventSource with spec (#5418)
• 6df53c5 fix: preserve h2 queue on out-of-order completion (#5410)
• 32dbf0b websocket: limit the number of fragments in a message
• 0d6ecc5 add bodymixin.textStream() (#5416)
• 42d4955 fix: honor requestTls when proxy is SOCKS5
• Additional commits viewable in compare view

Updates vite from 8.0.16 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

• extend server.fs.deny list with common files (#22707) (61ba8fd)
• update rolldown to 1.1.2 (#22695) (4f008a6)
• use ~ for Rolldown (#22693) (9928722)

Bug Fixes

• bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
• cache falsy values in perEnvironmentState (#22715) (0e91e79)
• glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
• html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
• optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
• resolved build options should be kept as a getter (#22691) (3527191)
• server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
• use literal envPrefix queries for Vite Task (#22706) (da72733)
• warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

• client: inline dev-id value in CSS selector (#22736) (57f59bc)
• remove unused removeRawQuery util (#22724) (403cc60)
• use rolldownOptions property for chunkImportMap (#22692) (8e8816c)

8.1.0-beta.0 (2026-06-15)

Features

• import.meta.glob support caseSensitive option (#21707) (2ad6737)
• add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
• build: chunk importmap (#21580) (e180312)
• css: support lightningcss plugin dependency (#21748) (0b7aaed)
• deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
• html: add html.additionalAssetSources option (#21412) (a41404b)
• integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
• rename server.hmr options to server.ws options (#21357) (9ce3036)
• server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
• track dependencies when loading config with native (#22602) (a7e2da8)
• types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
• update rolldown to 1.1.1 (#22593) (8a13d63)
• wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

• apply correct fs restrictions for pnpm gvs (#22415) (092320b)
• css: support external CSS with lightningcss (#18389) (d64a1a5)
• deps: update all non-major dependencies (#22637) (44bb9d9)
• deps: update all non-major dependencies (#22681) (f4f0633)
• html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
• optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

• 5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
• 39a0a15 chore(deps): update rolldown-related dependencies (#21095)
• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: 76428ca

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​changesets/​changelog-github@​0.6.0 ⏵ 0.7.0	+1		+1
	npm/​@​types/​node@​25.5.2 ⏵ 26.0.0
	npm/​vite@​8.0.16 ⏵ 8.1.0			+1
	npm/​@​stylistic/​stylelint-plugin@​5.1.0 ⏵ 5.2.0
	npm/​eslint-plugin-jsdoc@​62.9.0 ⏵ 63.0.7
	npm/​@​changesets/​cli@​2.30.0 ⏵ 2.31.0	+1		+1
	npm/​undici@​8.0.2 ⏵ 8.5.0		+40	+1
	npm/​stylelint@​17.6.0 ⏵ 17.13.0				+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/vite@8.1.0 → npm/@emnapi/runtime@1.11.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm eslint-plugin-jsdoc is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/eslint-plugin-jsdoc@63.0.7 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jsdoc@63.0.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report