chore: bump the dev-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the dev-dependencies group with 11 updates in the / directory:

Package	From	To
@changesets/changelog-github	0.5.2	0.7.0
@changesets/cli	2.29.8	2.31.0
@modelcontextprotocol/inspector	0.17.5	0.21.2
@types/node	25.0.2	25.8.0
c8	10.1.3	11.0.0
eslint	9.39.2	10.4.0
eslint-plugin-security	3.0.1	4.0.0
lint-staged	16.2.7	17.0.5
lockfile-lint	4.14.1	5.0.0
neostandard	0.12.2	0.13.0
tsx	4.21.0	4.22.1

Updates @changesets/changelog-github from 0.5.2 to 0.7.0

Release notes

Sourced from @​changesets/changelog-github's releases.

@​changesets/changelog-github@​0.7.0

Minor Changes

• #1255 94578cf Thanks @​Kauhsa! - Added disableThanks option

@​changesets/changelog-github@​0.6.0

Minor Changes

• #1850 fd0bc2e Thanks @​mixelburg! - Linkify issue references in changelog entries.

Patch Changes

• #1810 27fd8f4 Thanks @​hirasso! - Replace deprecated String.prototype.trimRight with String.prototype.trimEnd

• Updated dependencies [d4b8ad8, e462d89]:

  • @​changesets/get-github-info@​0.8.0

Commits

• d1ef2d8 Version Packages (#1950)
• 7af5876 Restrict publish job to the npm env (#1972)
• ff767d2 Sync config-file-options documentation with schema.json and source code (#1683)
• 951094b fix: pin 2 unpinned action(s) (#1915)
• 94578cf Added disableThanks option (#1255)
• d87334d Support dark mode banner in readme (#1943)
• 87472a7 Update .vscode/settings.json (#1944)
• 317a373 Disable publish_pr job
• 9cce6db Version Packages (#1897)
• d2121dc Fix npm auth for path-based registries during publish by preserving configure...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​changesets/changelog-github since your current version.

Updates @changesets/cli from 2.29.8 to 2.31.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.31.0

Minor Changes

• #1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

• #1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

• d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

• #1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

• #1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

• #1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

• Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

  • @​changesets/assemble-release-plan@​6.0.10
  • @​changesets/get-dependents-graph@​2.1.4
  • @​changesets/apply-release-plan@​7.1.1
  • @​changesets/get-release-plan@​4.0.16
  • @​changesets/config@​3.1.4

@​changesets/cli@​2.30.0

Minor Changes

• #1840 057cca2 Thanks @​wotan-allfather! - Add --since flag to add command

  The add command now supports a --since flag that allows you to specify which branch, tag, or git ref to use when detecting changed packages. This is useful for gitflow workflows where you have multiple target branches and the baseBranch config option doesn't cover all use cases.

  Example: changeset add --since=develop

  If not provided, the command falls back to the baseBranch value in your .changeset/config.json.

• #1845 2b4a66a Thanks @​Andarist! - Delegate OTP prompting to the package manager instead of handling it in-process. This allows Changesets to use the package manager's native web auth support.

• #1774 667fe5a Thanks @​bluwy! - Support importing custom commit option ES module. Previously, it used require() which only worked for CJS modules, however now it uses import() which supports both CJS and ES modules.

• #1839 73b1809 Thanks @​leochiu-a! - Add a --message (-m) flag to changeset add (and default changeset) so the changeset summary can be provided from the command line. When --message is present, the summary prompt is skipped while the final confirmation step is kept.

• #1806 0e8e01e Thanks @​luisadame! - Changeset CLI can now be run from the nested directories in the project, where the .changeset directory has to be found in one of the parent directories

Patch Changes

• #1849 9dc3230 Thanks @​Andarist! - Compute the terminal's size lazily to avoid spurious stderr output in non-interactive mode

• #1857 2a73025 Thanks @​mixelburg! - Fix confusing prompt labels when entering changeset summary after external editor fallback

• #1842 6df3a5e Thanks @​RodrigoHamuy! - Allow private packages to depend on skipped packages without requiring them to also be skipped. Private packages are not published to npm, so it is safe for them to have dependencies on ignored or unversioned packages.

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​changesets/cli since your current version.

Updates @modelcontextprotocol/inspector from 0.17.5 to 0.21.2

Release notes

Sourced from @​modelcontextprotocol/inspector's releases.

0.21.2

What's Changed

• Fix decimal typing behavior for number inputs in tools form by @​MumuTW in modelcontextprotocol/inspector#1127
• fix: ensure DCR always registers both redirect URIs by @​asoorm in modelcontextprotocol/inspector#1173
• fix: add horizontal scrolling for long values in json view by @​Dinesht04 in modelcontextprotocol/inspector#1177
• Inspector client: Added proxy fetch for use by auth (to avoid CORS issues) by @​BobDickinson in modelcontextprotocol/inspector#1047
• chore(deps): bump hono from 4.12.1 to 4.12.2 in the npm_and_yarn group across 1 directory by @​dependabot[bot] in modelcontextprotocol/inspector#1117
• chore(deps): bump actions/upload-artifact from 6 to 7 by @​dependabot[bot] in modelcontextprotocol/inspector#1125
• chore(deps): bump actions/attest-build-provenance from 3 to 4 by @​dependabot[bot] in modelcontextprotocol/inspector#1126
• chore(deps): bump docker/setup-buildx-action from 3 to 4 by @​dependabot[bot] in modelcontextprotocol/inspector#1136
• chore(deps): bump docker/login-action from 3 to 4 by @​dependabot[bot] in modelcontextprotocol/inspector#1137
• chore(deps): bump docker/metadata-action from 5 to 6 by @​dependabot[bot] in modelcontextprotocol/inspector#1138
• fix: validate serverInfo.websiteUrl before rendering as link by @​cliffhall in modelcontextprotocol/inspector#1186
• fix(server): sanitize error responses to prevent stack trace exposure by @​cliffhall in modelcontextprotocol/inspector#1187
• chore: bump version to 0.21.2 by @​olaservo in modelcontextprotocol/inspector#1194
• ci: switch npm publish to OIDC trusted publishing by @​pcarleton in modelcontextprotocol/inspector#1199
• Update package.json to contain repository.url in for npm trusted publisher setup by @​cliffhall in modelcontextprotocol/inspector#1201
• fix: add repository field to workspace package.json files for npm trusted publishing by @​cliffhall in modelcontextprotocol/inspector#1202

New Contributors

• @​MumuTW made their first contribution in modelcontextprotocol/inspector#1127
• @​Dinesht04 made their first contribution in modelcontextprotocol/inspector#1177

Full Changelog: modelcontextprotocol/inspector@0.21.1...0.21.2-hotfix-3

0.21.1

What's Changed

• fix: include server/static in published package files by @​jwoods02 in modelcontextprotocol/inspector#1113
• Remove misleading structured content compatibility warning by @​olaservo in modelcontextprotocol/inspector#1098
• chore: bump version to 0.21.1 by @​Copilot in modelcontextprotocol/inspector#1116

New Contributors

• @​jwoods02 made their first contribution in modelcontextprotocol/inspector#1113

Full Changelog: modelcontextprotocol/inspector@0.21.0...0.21.1

0.21.0

What's Changed

• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in modelcontextprotocol/inspector#1057
• Bump actions/upload-artifact from 4 to 6 by @​dependabot[bot] in modelcontextprotocol/inspector#1058
• Bump actions/attest-build-provenance from 2 to 3 by @​dependabot[bot] in modelcontextprotocol/inspector#1059
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in modelcontextprotocol/inspector#1060
• Bump actions/github-script from 7 to 8 by @​dependabot[bot] in modelcontextprotocol/inspector#1061
• fix: display tool title field in Inspector UI by @​olaservo in modelcontextprotocol/inspector#1054
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in modelcontextprotocol/inspector#1079
• fix: enhance resolution and enum handling in anyOf schemas by @​Edison-A-N in modelcontextprotocol/inspector#901
• fix: include LICENSE file in published npm packages by @​olaservo in modelcontextprotocol/inspector#1055
• feat(client): display tool annotations in Tools tab by @​olaservo in modelcontextprotocol/inspector#1066
• Bump qs from 6.14.1 to 6.14.2 in the npm_and_yarn group across 1 directory by @​dependabot[bot] in modelcontextprotocol/inspector#1088
• fix: add missing tool result to AppsRenderer by @​infoxicator in modelcontextprotocol/inspector#1075

... (truncated)

Commits

• 996f02c Merge pull request #1194 from olaservo/chore/bump-version-0.21.2
• 509f4ab Merge branch 'main' into chore/bump-version-0.21.2
• 4df1191 fix(server): sanitize error responses to prevent stack trace exposure (#1187)
• 8f60747 chore: bump version to 0.21.2
• 0d7757e fix: validate serverInfo.websiteUrl before rendering as link (#1186)
• a809c2a Merge pull request #1138 from modelcontextprotocol/dependabot/github_actions/...
• c180bab Merge pull request #1137 from modelcontextprotocol/dependabot/github_actions/...
• b99c8b8 Merge pull request #1136 from modelcontextprotocol/dependabot/github_actions/...
• afd785b Merge pull request #1126 from modelcontextprotocol/dependabot/github_actions/...
• 5f1eb0a Merge pull request #1125 from modelcontextprotocol/dependabot/github_actions/...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​modelcontextprotocol/inspector since your current version.

Updates @types/node from 25.0.2 to 25.8.0

Commits

• See full diff in compare view

Updates c8 from 10.1.3 to 11.0.0

Release notes

Sourced from c8's releases.

v11.0.0

11.0.0 (2026-02-22)

⚠ BREAKING CHANGES

• deps: transitive deps require 20 || >=22

Bug Fixes

• deps: pull newer minimatch addressing CVE-2026-26996 (#576) (678eeca)

Changelog

Sourced from c8's changelog.

11.0.0 (2026-02-22)

⚠ BREAKING CHANGES

• deps: transitive deps require 20 || >=22

Bug Fixes

• deps: pull newer minimatch addressing CVE-2026-26996 (#576) (678eeca)

Commits

• ce78df4 chore(main): release 11.0.0 (#577)
• 678eeca fix(deps)!: pull newer minimatch addressing CVE-2026-26996 (#576)
• ec4c5e4 chore: .editorconfig to avoid unintended mods to .snap files (#556)
• See full diff in compare view

Updates eslint from 9.39.2 to 10.4.0

Release notes

Sourced from eslint's releases.

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

Chores

• 6616856 chore: upgrade knip to v6 (#20875) (Pixel998)
• d13b084 ci: ensure auto-created PRs run CI (#20860) (lumir)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)
• 24db8cb test: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)
• 2ef0549 chore: update ecosystem plugins (#20857) (github-actions[bot])
• a429791 ci: remove eslint-webpack-plugin types integration test (#20668) (Milos Djermanovic)
• 9e37386 chore: replace recast with range approach in code-sample-minimizer (#20682) (Copilot)
• 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#20845) (Francesco Trotta)
• 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#20716) (Pixel998)
• 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#20800) (xbinaryx)
• f1dfbc9 chore: update ecosystem plugins (#20836) (github-actions[bot])
• c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])
• 5b817d6 test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)
• 1c13ae3 test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)

... (truncated)

Commits

• 452c401 10.4.0
• b6417e8 Build: changelog update for 10.4.0
• 6616856 chore: upgrade knip to v6 (#20875)
• d13b084 ci: ensure auto-created PRs run CI (#20860)
• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862)
• 544c0c3 fix: escape code path DOT labels in debug output (#20866)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865)
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863)
• 9084664 docs: Update README
• Additional commits viewable in compare view

Updates eslint-plugin-security from 3.0.1 to 4.0.0

Release notes

Sourced from eslint-plugin-security's releases.

eslint-plugin-security: v4.0.0

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
• switch the recommended config to flat (#118)

Features

• add config recommended-legacy (#132) (13d3f2f)
• Add meta object documentation for all rules (#79) (fb1d9ef)
• detect-bidi-characters rule (#95) (4294d29)
• detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
• extend detect non literal fs filename (#92) (08ba476)
• improve detect-child-process rule (#108) (64ae529)
• non-literal-require: support template literals (#81) (208019b)
• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
• switch the recommended config to flat (#118) (e20a366)

Bug Fixes

• Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
• add name to recommended flat config (#161) (aa1c8c5)
• Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
• Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
• detect-child-process: false positive for destructuring with exec (#102) (657921a)
• detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
• Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
• Ensure everything works with ESLint v9 (#145) (ac50ab4)
• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
• generate provenance statement for release (#168) (eb3ee9c)
• Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
• release-please config (#189) (2443d10)

Changelog

Sourced from eslint-plugin-security's changelog.

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
• switch the recommended config to flat (#118)

Features

• add config recommended-legacy (#132) (13d3f2f)
• Add meta object documentation for all rules (#79) (fb1d9ef)
• detect-bidi-characters rule (#95) (4294d29)
• detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
• extend detect non literal fs filename (#92) (08ba476)
• improve detect-child-process rule (#108) (64ae529)
• non-literal-require: support template literals (#81) (208019b)
• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
• switch the recommended config to flat (#118) (e20a366)

Bug Fixes

• Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
• add name to recommended flat config (#161) (aa1c8c5)
• Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
• Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
• detect-child-process: false positive for destructuring with exec (#102) (657921a)
• detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
• Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
• Ensure everything works with ESLint v9 (#145) (ac50ab4)
• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
• generate provenance statement for release (#168) (eb3ee9c)
• Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
• release-please config (#189) (2443d10)

Commits

• 4b734af chore: release 4.0.0 🚀 (#192)
• 2443d10 fix: release-please config (#189)
• ee73862 chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#187)
• ca182d1 chore(deps): bump serialize-javascript and mocha (#184)
• 7f9ee77 fix: Add ESLint 10 compatibility for context.sourceCode API change (#186)
• 99032c3 ci: trusted publishing (#180)
• 5e096f2 ci(ci): add node 24 to test matrix (#176)
• e060aeb ci: migrate to manifest config (#173)
• fc0af81 chore(.eslint-doc-generatorrc): add missing 'use strict' directive (#170)
• f6a29ef chore(package): explicitly declare js module type (#171)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-plugin-security since your current version.

Updates lint-staged from 16.2.7 to 17.0.5

Release notes

Sourced from lint-staged's releases.

v17.0.5

Patch Changes

• #1792 1f67271 - Correctly set the --max-arg-length default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.

v17.0.4

Patch Changes

• #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

  • after editing <file> it is staged with git add <file>, and then committed with git commit
  • after editing <file> it is committed with git commit --all without explicit git add
  • after editing <file> it is committed with git commit <pathspec> without explicit git add

  There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

v17.0.3

Patch Changes

• #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
  • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
  • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

v17.0.2

Patch Changes

• #1779 88670ca Thanks @​iiroj! - Enable immutable GitHub releases

v17.0.1

Patch Changes

• #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

v17.0.0

Major Changes

• #1745 e244adf Thanks @​iiroj! - Node.js v20 is no longer supported, and the oldest supported version is now 22.22.1, which is an active LTS version at the time of this release. Node.js 20 will be EOL after April 2026. Please upgrade your Node.js version!

• #1676 0584e0b Thanks @​outslept! - Lint-staged now tries to verify the installed Git version is at least 2.32.0, released in 2021. If you're using an even older Git version, you need to upgrade it before running lint-staged!

• #1745 2dcc40a Thanks @​iiroj! - The dependency yaml is now marked as optional and probably won't be installed by default. If you're using a YAML configuration file you should install the package separately:

  npm install --development yaml

  If you're using .lintstagedrc as the config file name (without a file extension), it will be treated as a YAML file. If the conte...

  Description has been truncated

  ---

  Summary by cubic

  Upgrade dev tooling across the repo with 11 dependency updates, including major bumps to eslint, eslint-plugin-security, lint-staged, and c8. Improves linting, coverage, and release workflows, and raises the minimum Node/Git versions for dev and CI.

  • Dependencies

    • Updated: eslint@10.4.0, eslint-plugin-security@4.0.0, lint-staged@17.0.5, c8@11.0.0, @changesets/changelog-github@0.7.0, @changesets/cli@2.31.0, @modelcontextprotocol/inspector@0.21.2, @types/node@25.8.0, lockfile-lint@5.0.0, neostandard@0.13.0, tsx@4.22.1.
    • Breaking notes: lint-staged@17 requires Node >=22.22.1 and Git >=2.32.0; c8@11 requires Node 20 or >=22; eslint-plugin-security@4 requires Node >=18.18 and switches recommended config to flat.

  • Migration

    • Ensure CI and local dev use Node >=22.22.1 and Git >=2.32.0.
    • Run lint/tests; update ESLint config/plugins if needed for ESLint 10 or the plugin’s flat config.

  ^{Written for commit 584ca0d. Summary will update on new commits. Review in cubic}

[cubic-dev-ai]

1 issue found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="package.json">

<violation number="1" location="package.json:84">
P1: `neostandard@^0.13.0` has a peer dependency of `eslint: "^9.0.0"` and does **not** support ESLint 10. Installing both `eslint@^10.4.0` and `neostandard@^0.13.0` will fail with an `ERESOLVE` peer dependency conflict. Either keep ESLint at v9 until neostandard adds ESLint 10 support, or replace neostandard with its constituent plugins that already support ESLint 10.</violation>
</file>

_{Tip: cubic can generate docs of your entire codebase and keep them up to date. Try it here.
Fix all with cubic | Re-trigger cubic}

[cubic-dev-ai]

P1: neostandard@^0.13.0 has a peer dependency of eslint: "^9.0.0" and does not support ESLint 10. Installing both eslint@^10.4.0 and neostandard@^0.13.0 will fail with an ERESOLVE peer dependency conflict. Either keep ESLint at v9 until neostandard adds ESLint 10 support, or replace neostandard with its constituent plugins that already support ESLint 10.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At package.json, line 84:

<comment>`neostandard@^0.13.0` has a peer dependency of `eslint: "^9.0.0"` and does **not** support ESLint 10. Installing both `eslint@^10.4.0` and `neostandard@^0.13.0` will fail with an `ERESOLVE` peer dependency conflict. Either keep ESLint at v9 until neostandard adds ESLint 10 support, or replace neostandard with its constituent plugins that already support ESLint 10.</comment>

<file context>
@@ -71,17 +71,17 @@
-    "neostandard": "^0.12.1",
+    "lint-staged": "^17.0.5",
+    "lockfile-lint": "^5.0.0",
+    "neostandard": "^0.13.0",
     "tsup": "^8.1.0",
     "tsx": "^4.19.4",
</file context>