Bump the dev-dependencies group across 1 directory with 10 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the dev-dependencies group with 10 updates in the / directory:

Package	From	To
@cap-js/audit-logging	1.2.0	1.2.1
@cap-js/cds-typer	0.38.0	0.39.1
@cap-js/cds-types	0.16.0	0.17.0
@cap-js/sqlite	2.2.0	2.4.0
@sap/cds-dk	9.8.3	9.9.1
eslint	10.2.0	10.4.0
mocha	11.7.5	11.7.6
prettier	3.8.1	3.8.3
tsx	4.21.0	4.22.3
typescript-eslint	8.58.0	8.59.4

Updates @cap-js/audit-logging from 1.2.0 to 1.2.1

Release notes

Sourced from @​cap-js/audit-logging's releases.

v1.2.1

Fixed

• Updated the audit log service plan detection logic to support the new URL format
• The absence of req.target does not lead to an error

Changelog

Sourced from @​cap-js/audit-logging's changelog.

Version 1.2.1 - 2026-05-13

Fixed

• Updated the audit log service plan detection logic to support the new URL format
• The absence of req.target does not lead to an error

Commits

• 690b2f3 chore: prep v1.3.0 (#206)
• c83b5fa req.target is not always given (#204)
• 429dca0 [ALS-9774] [ALS v2] Align CAP Plugins with the new Service Binding Structure ...
• 9f792f4 chore: bump the github-actions group with 5 updates (#205)
• 7736e2b chore: versions, align CI workflows, prettier everything and align lint and p...
• 9482aad fix: test late reject in batch (#199)
• See full diff in compare view

Updates @cap-js/cds-typer from 0.38.0 to 0.39.1

Release notes

Sourced from @​cap-js/cds-typer's releases.

v0.39.1

Added

Changed

Deprecated

Removed

Fixed

• Properly import entities from other services that are used in arrays/ compositions of many/ associations to many

Security

v0.39.0

Added

• Added flag cds.env.typer.branded_primitive_types for branding CDS type definitions aliasing primitive TS types
• Added support for non-ASCII identifiers in .cds files. Non-ASCII characters in identifiers are sanitised to valid TypeScript names. Identifiers consisting entirely of non-ASCII characters (e.g., Kanji) are replaced with random hashes. All affected identifiers are exported under their sanitised/hashed name and also as an alias preserving the original name. To use the original name, import it with import ... as '...' syntax.

Changed

Deprecated

Removed

Fixed

• Association keys pointing to entities with inline enum types are now correctly typed in service projections across namespace boundaries

Security

Changelog

Sourced from @​cap-js/cds-typer's changelog.

[0.39.1] - 2026-05-19

Added

Changed

Deprecated

Removed

Fixed

• Properly import entities from other services that are used in arrays/ compositions of many/ associations to many

Security

[0.39.0] - 2026-05-11

Added

• Added flag cds.env.typer.branded_primitive_types for branding CDS type definitions aliasing primitive TS types
• Added support for non-ASCII identifiers in .cds files. Non-ASCII characters in identifiers are sanitised to valid TypeScript names. Identifiers consisting entirely of non-ASCII characters (e.g., Kanji) are replaced with random hashes. All affected identifiers are exported under their sanitised/hashed name and also as an alias preserving the original name. To use the original name, import it with import ... as '...' syntax.

Changed

Deprecated

Removed

Fixed

• Association keys pointing to entities with inline enum types are now correctly typed in service projections across namespace boundaries

Security

Commits

• 5e1d5c4 chore(version): patch version 0.39.1 (#613)
• 46a6105 fix: Properly resolve remote entities in arrays (#612)
• 162b15d chore(version): minor version 0.39.0 (#609)
• c5cbf13 fix: export inline enums so they are accessible cross-namespace in service pr...
• cec179a feat: Non-alpha identifiers (#581)
• cc18bc6 chore(deps): Bump path-to-regexp from 0.1.12 to 0.1.13 (#604)
• b484218 chore(deps): Bump yaml from 2.5.0 to 2.8.3 (#603)
• 748e6f6 chore(deps-dev): Bump flatted from 3.3.1 to 3.4.2 (#598)
• 5738837 chore(deps-dev): Bump brace-expansion from 1.1.12 to 1.1.14 (#605)
• 43fff45 chore(deps-dev): Bump picomatch from 4.0.3 to 4.0.4 (#602)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​cap-js/cds-typer since your current version.

Updates @cap-js/cds-types from 0.16.0 to 0.17.0

Release notes

Sourced from @​cap-js/cds-types's releases.

v0.17.0

Added

• Types for nested .where and .having predicates
• Passing events generated by cds-typer into service.on now offers code completion for the event's properties in the handler
• Allow all events that can be used in service.on to be used in service.once as well

Changed

• ResultHandler now returns unknown instead of void, to accommodate asynchronous functions when having @typescript-eslint/strict-void-return activated
• Documentation for cds.test.axios mentioning that @cap-js/cds-test@1 now returns an axios facade in absence of axios.
• made cds.context.locale optional
• cds.tx(ƒ) now returns the return type of ƒ

Deprecated

• cds.test.chai, cds.test.assert pointing to either cds.test.expect or a custom import of chai.
• cds.test.axios in favor of cds.test.defaults

Removed

Fixed

Security

Changelog

Sourced from @​cap-js/cds-types's changelog.

[0.17.0] - 2026-05-11

Added

• Types for nested .where and .having predicates
• Passing events generated by cds-typer into service.on now offers code completion for the event's properties in the handler
• Allow all events that can be used in service.on to be used in service.once as well

Changed

• ResultHandler now returns unknown instead of void, to accommodate asynchronous functions when having @typescript-eslint/strict-void-return activated
• Documentation for cds.test.axios mentioning that @cap-js/cds-test@1 now returns an axios facade in absence of axios.
• made cds.context.locale optional
• cds.tx(ƒ) now returns the return type of ƒ

Deprecated

• cds.test.chai, cds.test.assert pointing to either cds.test.expect or a custom import of chai.
• cds.test.axios in favor of cds.test.defaults

Removed

Fixed

Security

Commits

• 5c4e0a0 chore(version): minor version 0.17.0 (#554)
• 0b9140c build(deps-dev): bump fast-uri from 3.1.0 to 3.1.2 (#552)
• f9c9a86 build(deps-dev): bump axios from 1.15.1 to 1.16.0 (#551)
• fe0045f fix: add missing once events (#550)
• 8358aff Revert "Allow on events in once"
• 4d70141 Allow on events in once
• 2d54f7a feat: Add code completion for custom events in handlers (#547)
• 662aeb7 fix(test): add cds.test.defaults, deprecate .axios (#545)
• adcf9ba feat: Strong type where condition predicates (#503)
• 0111641 fix: signature of cds.tx (#544)
• Additional commits viewable in compare view

Updates @cap-js/sqlite from 2.2.0 to 2.4.0

Release notes

Sourced from @​cap-js/sqlite's releases.

db-service: v2.4.0

2.4.0 (2025-08-27)

Added

• tuple expansion: allow structs with exactly one element/fk in comparison (#1291) (75ea826)
• cds.db.foreach uses real object mode streaming (#1318) (cd28b53)

Fixed

• assoc2join: target side access detection (#1282) (6f9befa)
• cqn4sql: only consider own property [@cds](https://github.com/cds).persistence.skip (#1324) (bd1f52f)
• exists: do not loose custom where (#1322) (644918c)
• arithmetic operators can only be used with scalar operands (#1307) (d58d335)
• detect path expression inside nested xpr after exists (#1292) (852d915), closes #1225
• reject comparison of two empty structures (#1306) (d97304d)

hana: v2.4.0

2.4.0 (2025-11-26)

Added

• error standard function (#1421) (b1b0fca)
• show default pool configuration in env (#1422) (89b397a)

Fixed

• deps: update dependency hdb to v2 (#1266) (742a784)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​cap-js/db-service bumped from ^2.6.0 to ^2.7.0

sqlite: v2.4.0

2.4.0 (2026-04-29)

Added

• supersede potentially compromised release (#1590) (3be4044)

Dependencies

... (truncated)

Commits

• f9d6ece chore: release main (#1403)
• 6e924c9 fix: reject nested projection if duplicated (#1411)
• 31766cd fix: LimitedRank with compositions (#1391)
• 89b397a feat: show default pool configuration in env (#1422)
• f6ef6e0 chore(deps): update actions/checkout action to v6 (#1425)
• 565633e chore(deps): lock file maintenance (#1427)
• b1b0fca feat: error standard function (#1421)
• 6c4a4f0 chore: $main (#1397)
• 2a10d2c chore(deps): lock file maintenance (#1419)
• be54935 chore: enable provenance, remove obsolete NPM token (#1416)
• Additional commits viewable in compare view

Updates @sap/cds-dk from 9.8.3 to 9.9.1

Updates eslint from 10.2.0 to 10.4.0

Release notes

Sourced from eslint's releases.

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

Chores

• 6616856 chore: upgrade knip to v6 (#20875) (Pixel998)
• d13b084 ci: ensure auto-created PRs run CI (#20860) (lumir)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)
• 24db8cb test: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)
• 2ef0549 chore: update ecosystem plugins (#20857) (github-actions[bot])
• a429791 ci: remove eslint-webpack-plugin types integration test (#20668) (Milos Djermanovic)
• 9e37386 chore: replace recast with range approach in code-sample-minimizer (#20682) (Copilot)
• 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#20845) (Francesco Trotta)
• 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#20716) (Pixel998)
• 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#20800) (xbinaryx)
• f1dfbc9 chore: update ecosystem plugins (#20836) (github-actions[bot])
• c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])
• 5b817d6 test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)
• 1c13ae3 test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)

... (truncated)

Commits

• 452c401 10.4.0
• b6417e8 Build: changelog update for 10.4.0
• 6616856 chore: upgrade knip to v6 (#20875)
• d13b084 ci: ensure auto-created PRs run CI (#20860)
• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862)
• 544c0c3 fix: escape code path DOT labels in debug output (#20866)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865)
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863)
• 9084664 docs: Update README
• Additional commits viewable in compare view

Updates mocha from 11.7.5 to 11.7.6

Release notes

Sourced from mocha's releases.

v11.7.6

11.7.6 (2026-02-14)

🩹 Fixes

• make describe().timeout() work (aafe6fd)
• test: replace wmic usage with native Windows API (#5694) (73ebdfa)

🧹 Chores

• format all code (#5629) (0696784)
• remove Netlify (#5630) (8d01d33)

Changelog

Sourced from mocha's changelog.

11.7.6 (2026-02-14)

🩹 Fixes

• make describe().timeout() work (aafe6fd)
• test: replace wmic usage with native Windows API (#5694) (73ebdfa)

🧹 Chores

• format all code (#5629) (0696784)
• remove Netlify (#5630) (8d01d33)

Commits

• 3765ba0 chore(v11.x): release 11.7.6 (#5632)
• 73ebdfa fix(test): replace wmic usage with native Windows API (#5694)
• aafe6fd fix: make describe().timeout() work
• 0696784 chore: format all code (#5629)
• 8d01d33 chore: remove Netlify (#5630)
• See full diff in compare view

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates tsx from 4.21.0 to 4.22.3

Release notes

Sourced from tsx's releases.

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

• decode typed loader source (dce02fc)
• preserve entrypoint with TypeScript preload hooks (68f72f3)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

• preserve CJS JSON require in ESM hooks (35b700b)
• preserve named exports from CommonJS TypeScript (11de737)
• support module.exports require(esm) interop (cf8f199)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

• resolve tsconfig path aliases containing a colon (#780) (6979f28)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.0

4.22.0 (2026-05-14)

Features

• upgrade esbuild to 0.28 (#789) (b29f6ee)

---

This release is also available on:

• npm package (@​latest dist-tag)

... (truncated)

Commits

• dce02fc fix: decode typed loader source
• 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
• 69455cf test: cover package exports for ambiguous ESM reexports
• 35b700b fix: preserve CJS JSON require in ESM hooks
• ef807db chore: update testing dependencies
• 3917090 test: document compatibility test taxonomy
• de8113f refactor: centralize Node capability facts
• c1f62db test: consolidate tsconfig path edge coverage
• 4e08174 test: consolidate loader hook coverage
• 674bb30 test: consolidate tsImport commonjs mts coverage
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates typescript-eslint from 8.58.0 to 8.59.4

Release notes

Sourced from typescript-eslint's releases.

v8.59.4

8.59.4 (2026-05-18)

🩹 Fixes

• eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#12294)
• project-service: throw error cause in getParsedConfigFileFromTSServer (#12321)
• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

8.59.3 (2026-05-11)

This was a version bump only, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

8.59.1 (2026-04-27)

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.59.4 (2026-05-18)

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.3 (2026-05-11)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.2 (2026-05-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.1 (2026-04-27)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.0 (2026-04-20)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.2 (2026-04-13)

🩹 Fixes

... (truncated)

Commits

• ca6ca14 chore(release): publish 8.59.4
• 4b927c6 fix(typescript-eslint): export Compatible* types from typescript-eslint to re...
• 48e13c0 chore(release): publish 8.59.3
• 44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
• 2ec35f1 chore(release): publish 8.59.2
• 5245793 chore(release): publish 8.59.1
• ea9ae4f chore(release): publish 8.59.0
• 90c2803 chore(release): publish 8.58.2
• b3315fd chore: convert import eslint to import js - followup (#12100)
• be6b49a fix: remove tsbuildinfo cache file from published packages (#12187)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud