Skip to content

Bump globals from 16.5.0 to 17.3.0#3514

Merged
henrymercer merged 3 commits intomainfrom
dependabot/npm_and_yarn/globals-17.3.0
Feb 27, 2026
Merged

Bump globals from 16.5.0 to 17.3.0#3514
henrymercer merged 3 commits intomainfrom
dependabot/npm_and_yarn/globals-17.3.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 25, 2026

Bumps globals from 16.5.0 to 17.3.0.

Release notes

Sourced from globals's releases.

v17.3.0

  • Update globals (2026-02-01) (#336) 295fba9

sindresorhus/globals@v17.2.0...v17.3.0

v17.2.0

  • jasmine: Add throwUnless and throwUnlessAsync globals (#335) 97f23a7

sindresorhus/globals@v17.1.0...v17.2.0

v17.1.0

  • Add webpack and rspack globals (#333) 65cae73

sindresorhus/globals@v17.0.0...v17.1.0

v17.0.0

Breaking

  • Split audioWorklet environment from browser (#320) 7bc293e

Improvements

  • Update globals (#329) ebe1063
  • Get all browser globals from both chrome and firefox (#321) 59ceff8
  • Add bunBuiltin environment (#324) 1bc6e3b
  • Add denoBuiltin environment (#324) 1bc6e3b
  • Add paintWorklet environment (#323) 4b78f56
  • Add sharedWorker environment (#322) 4a02a85

sindresorhus/globals@v16.5.0...v17.0.0

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump globals from 16.5.0 to 17.3.0
9bdf640 
Bumps [globals](https://github.com/sindresorhus/globals) from 16.5.0 to 17.3.0.
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v16.5.0...v17.3.0)

---
updated-dependencies:
- dependency-name: globals
  dependency-version: 17.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the Rebuild Re-transpile JS & re-generate workflows label Feb 25, 2026
@dependabot dependabot bot requested a review from a team as a code owner February 25, 2026 17:53
@github-actions github-actions bot added size/XS Should be very easy to review and removed Rebuild Re-transpile JS & re-generate workflows labels Feb 25, 2026
@henrymercer henrymercer added the Rebuild Re-transpile JS & re-generate workflows label Feb 26, 2026
@github-actions github-actions bot removed the Rebuild Re-transpile JS & re-generate workflows label Feb 26, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 26, 2026

Pushed a commit to rebuild the Action. Please mark the PR as ready for review to trigger PR checks.

@github-actions github-actions bot marked this pull request as draft February 26, 2026 17:22
@henrymercer henrymercer marked this pull request as ready for review February 26, 2026 17:23
Copilot AI review requested due to automatic review settings February 26, 2026 17:23
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR bumps the globals dev dependency from version 16.5.0 to 17.3.0, which is used by ESLint to define global variables for different JavaScript environments. The codebase only uses globals.node for ESLint configuration, which is not affected by the breaking change in v17.0.0 (the split of audioWorklet from browser environment). The update includes new environment definitions and updated global variable lists that are backward-compatible for the Node.js environment used in this project.

Changes:

  • Updated globals from ^16.5.0 to ^17.3.0 in package.json
  • Updated package-lock.json with new version (17.3.0) and nested dependency for eslint-plugin-github (16.5.0)
  • Regenerated lib/ JavaScript files to reflect the package.json change

Reviewed changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated no comments.

Show a summary per file
File Description
package.json Updated globals dev dependency from ^16.5.0 to ^17.3.0
package-lock.json Updated lockfile with globals@17.3.0 and added nested globals@16.5.0 for eslint-plugin-github
lib/upload-sarif-action.js Auto-generated file reflecting package.json change
lib/upload-sarif-action-post.js Auto-generated file reflecting package.json change
lib/upload-lib.js Auto-generated file reflecting package.json change
lib/start-proxy-action.js Auto-generated file reflecting package.json change
lib/start-proxy-action-post.js Auto-generated file reflecting package.json change
lib/setup-codeql-action.js Auto-generated file reflecting package.json change
lib/resolve-environment-action.js Auto-generated file reflecting package.json change
lib/init-action.js Auto-generated file reflecting package.json change
lib/init-action-post.js Auto-generated file reflecting package.json change
lib/autobuild-action.js Auto-generated file reflecting package.json change
lib/analyze-action.js Auto-generated file reflecting package.json change
lib/analyze-action-post.js Auto-generated file reflecting package.json change

@henrymercer henrymercer added this pull request to the merge queue Feb 26, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 26, 2026
@esbena esbena added this pull request to the merge queue Feb 27, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 27, 2026
@henrymercer henrymercer added this pull request to the merge queue Feb 27, 2026
github-merge-queue bot pushed a commit that referenced this pull request Feb 27, 2026
@henrymercer
Merge pull request #3514 from github/dependabot/npm_and_yarn/globals-…
6c61c1b 
…17.3.0

Bump globals from 16.5.0 to 17.3.0
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 27, 2026
@esbena esbena added this pull request to the merge queue Feb 27, 2026
@henrymercer henrymercer removed this pull request from the merge queue due to the queue being cleared Feb 27, 2026
@esbena
Copy link
Contributor

esbena commented Feb 27, 2026 

/home/runner/work/codeql-action/action/.github/actions/check-codescanning-config/index.ts:30
assert.deepStrictEqual(
       ^
AssertionError [ERR_ASSERTION]: Expected configuration does not match actual configuration
+ actual - expected

+ {}
- {
-   'query-filters': [
-     {
-       exclude: {
-         tags: 'exclude-from-incremental'
-       }
-     }
-   ]
- }

    at Object.<anonymous> (/home/runner/work/codeql-action/action/.github/actions/check-codescanning-config/index.ts:30:8)
    at Module._compile (node:internal/modules/cjs/loader:1804:14)
    at Module.m._compile (/opt/hostedtoolcache/node/24.13.1/x64/lib/node_modules/ts-node/src/index.ts:1618:23)
    at node:internal/modules/cjs/loader:1936:10
    at Object.require.extensions.<computed> [as .ts] (/opt/hostedtoolcache/node/24.13.1/x64/lib/node_modules/ts-node/src/index.ts:1621:12)
    at Module.load (node:internal/modules/cjs/loader:1525:32)
    at Module._load (node:internal/modules/cjs/loader:1327:12)
    at TracingChannel.traceSync (node:diagnostics_channel:328:14)
    at wrapModuleLoad (node:internal/modules/cjs/loader:245:24)
    at Module.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:154:5) {
  generatedMessage: false,
  code: 'ERR_ASSERTION',
  actual: {},
  expected: { 'query-filters': [ [Object] ] },
  operator: 'deepStrictEqual',

how could this start failing?

@henrymercer
Copy link
Contributor

henrymercer commented Feb 27, 2026

This is fixed by #3518

@henrymercer henrymercer added this pull request to the merge queue Feb 27, 2026
Merged via the queue into main with commit 8ab0431 Feb 27, 2026
241 checks passed
@henrymercer henrymercer deleted the dependabot/npm_and_yarn/globals-17.3.0 branch February 27, 2026 13:44
@github-actions github-actions bot mentioned this pull request Feb 27, 2026
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@henrymercer henrymercer henrymercer approved these changes

Assignees

No one assigned

Labels

size/XS Should be very easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@esbena @henrymercer