Skip to content

Bump globals from 16.4.0 to 16.5.0 #236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump globals from 16.4.0 to 16.5.0 #236

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 3, 2025
edited
Loading

Bumps globals from 16.4.0 to 16.5.0.

Release notes

Sourced from globals's releases.

v16.5.0

  • Update globals (2025-11-01) (#316) 6d441ca
  • Add Vue, Svelte, and Astro globals (#314) ea31521

sindresorhus/globals@v16.4.0...v16.5.0

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 3, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 3, 2025 04:24
@dependabot dependabot bot requested a review from tjugdev November 3, 2025 04:24
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 3, 2025
@fossabot
Copy link

fossabot bot commented Nov 3, 2025
edited
Loading

fossabot is Thinking

@fossabot
Copy link

fossabot bot commented Nov 3, 2025
edited
Loading

✓ Safe to upgrade

I recommend merging this upgrade because it is a minor version bump in a development-only ESLint configuration dependency that adds new global variable definitions without breaking existing functionality. The package is exclusively used in the ESLint configuration to define JavaScript runtime environments (Node.js, Mocha, and browser globals), and since the upgrade only adds new features without modifying or removing existing globals, there is no risk to the action's runtime behavior or code quality checks. This is a purely additive update to the global variable definitions database.

What we checked

  • The globals package is declared as a devDependency at version ^16.5.0, confirming it only affects development-time linting and does not impact runtime behavior [1]
  • The globals package is imported and used exclusively in ESLint configuration [2]
  • Usage limited to accessing globals.browser (disabled), globals.node, and globals.mocha properties for defining valid runtime variables in linting rules [3]
  • Version 16.5.0 is properly resolved in the lock file with integrity hash, indicating successful installation without conflicts [4]

Dependency Usage

The globals package is used exclusively in ESLint configuration to define JavaScript runtime environments for code quality checks. It configures the linting system to recognize Node.js, Mocha test framework, and browser globals (disabled), ensuring proper validation of runtime-specific variables throughout this GitHub Action's TypeScript codebase. This is a development-time dependency that supports code quality enforcement but does not affect the action's runtime behavior or license compliance scanning functionality.

  • The globals package is imported and used exclusively in ESLint configuration

    fossa-action/eslint.config.mjs

    Line 6 in c84c53b

    import globals from "globals";
  • Usage limited to accessing globals.browser (disabled), globals.node, and globals.mocha properties for defining valid runtime variables in linting rules

    fossa-action/eslint.config.mjs

    Line 39 in c84c53b

    ...Object.fromEntries(Object.entries(globals.browser).map(([key]) => [key, "off"])),

Changes

The globals package adds support for Vue, Svelte, and Astro environments, expanding the available global variable definitions for these frameworks. Internal improvements include automated PR title formatting and updates to the Puppeteer testing dependency.

  • Update Puppeteer (#310) (b777f09) (v16.5.0, changelog)
  • Add date to automated PR title (#311) (fa8aaae) (v16.5.0, changelog)
  • Add Vue, Svelte, and Astro globals (#314) (ea31521) (v16.5.0, changelog)
View 3 more changes
  • Add test for keys and values (#315) (d323da6) (v16.5.0, changelog)
  • Update globals (2025-11-01) (#316) (6d441ca) (v16.5.0, changelog)
  • 16.5.0 (46fdf18) (v16.5.0, changelog)
References (4)

[1]: The globals package is declared as a devDependency at version ^16.5.0, confirming it only affects development-time linting and does not impact runtime behavior

fossa-action/package.json

Line 34 in c84c53b

"globals": "^16.5.0",

[2]: The globals package is imported and used exclusively in ESLint configuration

fossa-action/eslint.config.mjs

Line 6 in c84c53b

import globals from "globals";

[3]: Usage limited to accessing globals.browser (disabled), globals.node, and globals.mocha properties for defining valid runtime variables in linting rules

fossa-action/eslint.config.mjs

Line 39 in c84c53b

...Object.fromEntries(Object.entries(globals.browser).map(([key]) => [key, "off"])),

[4]: Version 16.5.0 is properly resolved in the lock file with integrity hash, indicating successful installation without conflicts

fossa-action/yarn.lock

Line 1263 in c84c53b

globals@^16.5.0:

fossabot analyzed this PR using dependency research.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/globals-16.5.0 branch 2 times, most recently from 8e66cf9 to dae34f1 Compare November 3, 2025 19:30
@dependabot
Bump globals from 16.4.0 to 16.5.0
e3a644c 
Bumps [globals](https://github.com/sindresorhus/globals) from 16.4.0 to 16.5.0.
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v16.4.0...v16.5.0)

---
updated-dependencies:
- dependency-name: globals
  dependency-version: 16.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/globals-16.5.0 branch from dae34f1 to e3a644c Compare November 4, 2025 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tjugdev tjugdev Awaiting requested review from tjugdev tjugdev is a code owner automatically assigned from fossas/analysis

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants