chore(deps-dev): bump cspell from 9.8.0 to 10.0.0

[dependabot]

Bumps cspell from 9.8.0 to 10.0.0.

Release notes

Sourced from cspell's releases.

v10.0.0

Features

fix: upgrade import-fresh from v3 to v4 (#8786)

Summary

Upgrades import-fresh from v3 to v4.

API changes in v4

• v3: Synchronous default export — importFresh(modulePath) returns the module directly
• v4: Factory pattern — createImportFresh(parentURL) returns an async function; v4 is ESM-only and uses Node.js module loader hooks instead of manipulating the require cache

Changes

• packages/cspell-lib/package.json: bump import-fresh to ^4.0.0; remove clear-module dependency (no longer needed since v4 uses module loader hooks instead of Node's require cache)
• packages/cspell-lib/src/lib/Settings/Controller/pnpLoader.ts:
  • Import createImportFresh factory; call createImportFresh(pnpFileUrl) at use time inside loadPnp(), bound to the pnp file's own URL so each load is correctly scoped to the file being loaded
  • Make loadPnp and loadPnpIfNeeded async
  • Change cachedPnpImportsSync → cachedPnpImports (now stores Promise<LoaderResult>)
  • Remove clearModule.single usage (v4 cache-busts via loader hooks; clearing the require cache is no longer applicable)
  • Pass a file URL (toFileUrl(pnpFile).href) to importFresh since v4 uses import() under the hood, which requires URLs or relative specifiers for absolute paths
  • Use optional chaining on the module's default export to handle edge cases
• test-packages/cspell-lib/test-cspell-lib-rollup/package.json: bump import-fresh to ^4.0.0
• test-packages/cspell-lib/test-cspell-lib-webpack/package.json: bump import-fresh to ^4.0.0

Testing

All 91 test files (1584 tests) pass, including the 10 dedicated pnpLoader tests.

---

feat!: Drop support for Node 20 (#8779)

Pull request overview

This PR updates the monorepo to require Node.js 22.18+ (dropping Node 20 support), aligning package engine constraints, CI matrices, and documentation with the new baseline.

Changes:

• Bump engines.node across packages/test-packages to >=22.18.0 and update root @types/node to ^22.19.15.
• Update CI workflows to test Node 22/24/25 and adjust integration update workflow to Node 22.
• Remove eslint-plugin-n “unsupported node builtins” disables now that the minimum Node version includes those built-ins.

... (truncated)

Changelog

Sourced from cspell's changelog.

v10.0.0 (2026-04-06)

Features

fix: upgrade import-fresh from v3 to v4 (#8786)

Summary

Upgrades import-fresh from v3 to v4.

API changes in v4

• v3: Synchronous default export — importFresh(modulePath) returns the module directly
• v4: Factory pattern — createImportFresh(parentURL) returns an async function; v4 is ESM-only and uses Node.js module loader hooks instead of manipulating the require cache

Changes

• packages/cspell-lib/package.json: bump import-fresh to ^4.0.0; remove clear-module dependency (no longer needed since v4 uses module loader hooks instead of Node's require cache)
• packages/cspell-lib/src/lib/Settings/Controller/pnpLoader.ts:
  • Import createImportFresh factory; call createImportFresh(pnpFileUrl) at use time inside loadPnp(), bound to the pnp file's own URL so each load is correctly scoped to the file being loaded
  • Make loadPnp and loadPnpIfNeeded async
  • Change cachedPnpImportsSync → cachedPnpImports (now stores Promise<LoaderResult>)
  • Remove clearModule.single usage (v4 cache-busts via loader hooks; clearing the require cache is no longer applicable)
  • Pass a file URL (toFileUrl(pnpFile).href) to importFresh since v4 uses import() under the hood, which requires URLs or relative specifiers for absolute paths
  • Use optional chaining on the module's default export to handle edge cases
• test-packages/cspell-lib/test-cspell-lib-rollup/package.json: bump import-fresh to ^4.0.0
• test-packages/cspell-lib/test-cspell-lib-webpack/package.json: bump import-fresh to ^4.0.0

Testing

All 91 test files (1584 tests) pass, including the 10 dedicated pnpLoader tests.

---

feat!: Drop support for Node 20 (#8779)

Pull request overview

This PR updates the monorepo to require Node.js 22.18+ (dropping Node 20 support), aligning package engine constraints, CI matrices, and documentation with the new baseline.

Changes:

... (truncated)

Commits

• 6ddfd57 v10.0.0
• 9ab431c chore: Prepare Release v10.0.0 (auto-deploy) (#8781)
• ef406ee feat!: Drop support for Node 20 (#8779)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Assignees

The following users could not be added as assignees: agungmml. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

	Fails
🚫	Danger failed to run dangerfile.js.

Error ReferenceError

Cannot access 'danger' before initialization
ReferenceError: Cannot access 'danger' before initialization
    at resolveDangerApi (dangerfile.js:17:3)
    at Object.<anonymous> (dangerfile.js:46:51)
    at Module._compile (node:internal/modules/cjs/loader:1521:14)
    at requireFromString (/home/runner/work/geeto/geeto/node_modules/require-from-string/index.js:28:4)
    at /home/runner/work/geeto/geeto/node_modules/danger/distribution/runner/runners/inline.js:183:68
    at step (/home/runner/work/geeto/geeto/node_modules/danger/distribution/runner/runners/inline.js:56:23)
    at Object.next (/home/runner/work/geeto/geeto/node_modules/danger/distribution/runner/runners/inline.js:37:53)
    at /home/runner/work/geeto/geeto/node_modules/danger/distribution/runner/runners/inline.js:31:71
    at new Promise (<anonymous>)
    at __awaiter (/home/runner/work/geeto/geeto/node_modules/danger/distribution/runner/runners/inline.js:27:12)

Dangerfile

12| // Resolve Danger API from multiple possible sources:
13| // 1. Global injected symbols (when runner provides them)
14| // 2. require('danger') when available in node_modules
15| function resolveDangerApi() {
16|   // If Danger globals are injected, use them
-----^
17|   if (typeof danger !== 'undefined' || typeof message !== 'undefined') {
18|     return {
19|       danger: typeof danger !== 'undefined' ? danger : undefined,
20|       fail: typeof fail !== 'undefined' ? fail : undefined,

Generated by 🚫 dangerJS against 292e665

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cspell@​9.8.0 ⏵ 10.0.0				+2

View full report