chore(deps-dev): bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: @types/node, @typescript-eslint/eslint-plugin, @typescript-eslint/parser and typescript.

Updates @types/node from 24.5.2 to 24.6.2

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.44.0 to 8.45.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.45.0

8.45.0 (2025-09-29)

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#11616)

🩹 Fixes

• disable generating declaration maps (#11627)
• ast-spec: narrow ArrowFunctionExpression.generator to false (#11636)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#11617)
• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#11614)

❤️ Thank You

• Bjorn Lu
• Josh Goldberg ✨
• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.44.1

8.44.1 (2025-09-22)

🩹 Fixes

• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#11597)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#11599)
• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#11611)
• typescript-estree: forbid class property with name constructor (#11590)

❤️ Thank You

• fisker Cheung @​fisker
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.45.0 (2025-09-29)

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#11616)

🩹 Fixes

• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#11614)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#11617)

❤️ Thank You

• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

8.44.1 (2025-09-22)

🩹 Fixes

• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#11611)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#11599)
• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#11597)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

Commits

• 255e9e2 chore(release): publish 8.45.0
• 967764e fix(eslint-plugin): [prefer-nullish-coalescing] ignoreBooleanCoercion should ...
• f2eeb9d feat(eslint-plugin): expose rule name via RuleModule interface (#11616)
• 590fac6 fix(eslint-plugin): [no-base-to-string] check if superclass is ignored (#11617)
• c198052 chore(release): publish 8.44.1
• c392a0d fix(eslint-plugin): [await-thenable] should not report passing values to prom...
• 20c3d97 fix(eslint-plugin): [no-unsafe-enum-comparison] support unions of literals (#...
• 4fde781 fix(eslint-plugin): [no-base-to-string] make ignoredTypeNames match type name...
• See full diff in compare view

Updates @typescript-eslint/parser from 8.44.0 to 8.45.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.45.0

8.45.0 (2025-09-29)

🚀 Features

• eslint-plugin: expose rule name via RuleModule interface (#11616)

🩹 Fixes

• disable generating declaration maps (#11627)
• ast-spec: narrow ArrowFunctionExpression.generator to false (#11636)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#11617)
• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#11614)

❤️ Thank You

• Bjorn Lu
• Josh Goldberg ✨
• mdm317
• Moses Odutusin @​thebolarin
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.44.1

8.44.1 (2025-09-22)

🩹 Fixes

• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#11597)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#11599)
• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#11611)
• typescript-estree: forbid class property with name constructor (#11590)

❤️ Thank You

• fisker Cheung @​fisker
• Kirk Waiblinger @​kirkwaiblinger
• mdm317
• Ronen Amiel

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.45.0 (2025-09-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.44.1 (2025-09-22)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 255e9e2 chore(release): publish 8.45.0
• c198052 chore(release): publish 8.44.1
• See full diff in compare view

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[fossabot]

✓ Safe to upgrade

I recommend merging this upgrade because these are routine minor and patch version updates to development tooling dependencies. The four packages being upgraded (TypeScript compiler, Node.js type definitions, and two TypeScript ESLint packages) are all legitimate packages from official sources with no actual security issues. The security alerts mentioned in the analysis are false positives referring to typosquatting packages with similar names that are NOT present in this project. These updates include bug fixes and maintain compatibility with the project's Node.js requirement of version 16.15.0 or higher. All packages remain within compatible version ranges as confirmed by the TypeScript ESLint compatibility matrix.

What we checked

• Legitimate @​types/node package upgraded from 24.5.2 to 24.6.2 (NOT the malicious 'types-node' typosquat) ^[1]
• Legitimate @​typescript-eslint/eslint-plugin upgraded from 8.44.0 to 8.45.0 (NOT the malicious '@​typescript_eslinter/eslint' typosquat) ^[2]
• TypeScript upgraded from 5.9.2 to 5.9.3 - patch release with bug fixes ^[3]
• Project requires Node.js >=16.15.0, which is compatible with all updated dependencies that support Node.js versions 16, 18, and 20 ^[4]
• Official TypeScript ESLint compatibility matrix confirms TypeScript 5.9.3 is fully compatible with @​typescript-eslint packages version 8.45.0 ^[5]
• Package lock confirms @​types/node version 24.6.2 is installed from official npm registry ^[6]
• Package lock confirms TypeScript version 5.9.3 is installed from official npm registry with Apache-2.0 license ^[7]
• Package lock confirms @​typescript-eslint/eslint-plugin version 8.45.0 is installed from official npm registry ^[8]

Dependency Usage

These four packages are development dependencies that provide the foundational tooling infrastructure for the OpenFGA JavaScript SDK: TypeScript compiles the entire SDK codebase from TypeScript to JavaScript for distribution, @​types/node provides Node.js type definitions used throughout the SDK's source files, and @​typescript-eslint/eslint-plugin and @​typescript-eslint/parser work together in the ESLint configuration to enforce code quality standards across all TypeScript files. These tools support the SDK's build pipeline, linting workflow, and type-safe development experience but do not directly contribute to the authorization and fine-grained access control functionality delivered to end users.

Changes

TypeScript upgraded with bug fixes for known issues. The typescript-eslint packages updated with improvements to several rules including await-thenable now detecting invalid values passed to promise aggregators, no-unnecessary-type-conversion ignoring enum members, and prefer-nullish-coalescing fixing behavior for top-level ternary expressions.

• eslint-plugin: [await-thenable] report invalid (non-promise) values passed to promise aggregator methods (#11267) (v8.44.0, changelog)
• eslint-plugin: [no-unnecessary-type-conversion] ignore enum members (#11490) (v8.44.0, changelog)
• Moses Odutusin @​thebolarin (v8.44.0, changelog)

View 36 more changes

• Ronen Amiel (v8.44.0, changelog)
• eslint-plugin: expose rule name via RuleModule interface (#11616) (v8.45.0, changelog)
• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#11614) (v8.45.0, changelog)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#11617) (v8.45.0, changelog)
• mdm317 (v8.45.0, changelog)
• Yukihiro Hasegawa @​y-hsgw (v8.45.0, changelog)
• disable generating declaration maps (#11627) (vv8.45.0, release notes)
• ast-spec: narrow ArrowFunctionExpression.generator to false (#11636) (vv8.45.0, release notes)
• Bjorn Lu (vv8.45.0, release notes)
• Josh Goldberg ✨ (vv8.45.0, release notes)
• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#11597) (vv8.44.1, release notes)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#11599) (vv8.44.1, release notes)
• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#11611) (vv8.44.1, release notes)
• typescript-estree: forbid class property with name constructor (#11590) (vv8.44.1, release notes)
• fisker Cheung @​fisker (vv8.44.1, release notes)
• Kirk Waiblinger @​kirkwaiblinger (vv8.44.1, release notes)
• eslint-plugin: expose rule name via RuleModule interface (#11616) (vv8.45.0, release notes)
• disable generating declaration maps (#11627) (vv8.45.0, release notes)
• ast-spec: narrow ArrowFunctionExpression.generator to false (#11636) (vv8.45.0, release notes)
• eslint-plugin: [no-base-to-string] check if superclass is ignored (#11617) (vv8.45.0, release notes)
• eslint-plugin: [prefer-nullish-coalescing] ignoreBooleanCoercion should not apply to top-level ternary expressions (#11614) (vv8.45.0, release notes)
• Bjorn Lu (vv8.45.0, release notes)
• Josh Goldberg ✨ (vv8.45.0, release notes)
• mdm317 (vv8.45.0, release notes)
• Moses Odutusin @​thebolarin (vv8.45.0, release notes)
• Yukihiro Hasegawa @​y-hsgw (vv8.45.0, release notes)
• eslint-plugin: [no-base-to-string] make ignoredTypeNames match type names without generics (#11597) (vv8.44.1, release notes)
• eslint-plugin: [no-unsafe-enum-comparison] support unions of literals (#11599) (vv8.44.1, release notes)
• eslint-plugin: [await-thenable] should not report passing values to promise aggregators which may be a promise in an array literal (#11611) (vv8.44.1, release notes)
• typescript-estree: forbid class property with name constructor (#11590) (vv8.44.1, release notes)
• fisker Cheung @​fisker (vv8.44.1, release notes)
• Kirk Waiblinger @​kirkwaiblinger (vv8.44.1, release notes)
• Ronen Amiel (vv8.44.1, release notes)
• fixed issues query for Typescript 5.9.0 (Beta). (vv5.9.3, release notes)
• No specific changes for TypeScript 5.9.2 (Stable) (vv5.9.3, release notes)
• npm (vv5.9.3, release notes)

References (8)

[1]: Legitimate @​types/node package upgraded from 24.5.2 to 24.6.2 (NOT the malicious 'types-node' typosquat)

js-sdk/package.json

Line 32 in dc8cf2e

"@types/node": "^24.2.0",

[2]: Legitimate @​typescript-eslint/eslint-plugin upgraded from 8.44.0 to 8.45.0 (NOT the malicious '@​typescript_eslinter/eslint' typosquat)

js-sdk/package.json

Line 34 in dc8cf2e

"@typescript-eslint/eslint-plugin": "^8.39.0",

[3]: TypeScript upgraded from 5.9.2 to 5.9.3 - patch release with bug fixes

js-sdk/package.json

Line 40 in dc8cf2e

"typescript": "^5.9.2"

[4]: Project requires Node.js >=16.15.0, which is compatible with all updated dependencies that support Node.js versions 16, 18, and 20

js-sdk/package.json

Line 58 in dc8cf2e

"node": ">=16.15.0"

[5]: Official TypeScript ESLint compatibility matrix confirms TypeScript 5.9.3 is fully compatible with @​typescript-eslint packages version 8.45.0 (source link)

[6]: Package lock confirms @​types/node version 24.6.2 is installed from official npm registry

js-sdk/package-lock.json

Line 1381 in dc8cf2e

"version": "24.6.2",

[7]: Package lock confirms TypeScript version 5.9.3 is installed from official npm registry with Apache-2.0 license

js-sdk/package-lock.json

Line 5311 in dc8cf2e

"version": "5.9.3",

[8]: Package lock confirms @​typescript-eslint/eslint-plugin version 8.45.0 is installed from official npm registry

js-sdk/package-lock.json

Line 1422 in dc8cf2e

"version": "8.45.0",

---

fossabot analyzed this PR using dependency research.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​typescript-eslint/​parser@​8.44.0 ⏵ 8.45.0
	@​typescript-eslint/​eslint-plugin@​8.44.0 ⏵ 8.45.0	+1		+1
	@​types/​node@​24.5.2 ⏵ 24.6.2	+1		+1
	typescript@​5.9.2 ⏵ 5.9.3			+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		[email protected] has a License Policy Violation. License: MIT-Khronos-old (package/ThirdPartyNoticeText.txt) License: CC-BY-4.0 (package/ThirdPartyNoticeText.txt) License: LicenseRef-W3C-Community-Final-Specification-Agreement (package/ThirdPartyNoticeText.txt) From: package-lock.json → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Oct 08 2025 to showcase some of the refinements we've made.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}