chore(deps): patch-bump eslint, undici, ws

Three semver-compatible upgrades from `npm update`: - eslint 10.1.0 → 10.2.1 (dev-only, lint rule fixes) - undici 7.24.5 → 7.25.0 (HTTP client used by hoster uploaders) - ws 8.19.0 → 8.20.0 (WebSocket used by remote-server) Lock-file-only update, package.json semver ranges already covered these. 119/119 tests still green; no behaviour changes expected. Remaining outdated entries (chokidar, electron, electron-builder, rcedit) are major bumps and stay deferred until the user explicitly authorizes a breaking-change pass.
2026-04-28 08:39:11 +02:00 · 2026-04-28 08:39:11 +02:00 · f1a3d7d468
commit f1a3d7d468
parent f9cc5305f6
2 changed files with 43 additions and 34 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "multi-hoster-uploader",
-  "version": "3.3.9",
+  "version": "3.3.10",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "multi-hoster-uploader",
-      "version": "3.3.9",
+      "version": "3.3.10",
      "dependencies": {
        "chokidar": "^3.6.0",
        "undici": "^7.16.0",
@ -449,13 +449,13 @@
      }
    },
    "node_modules/@eslint/config-array": {
-      "version": "0.23.3",
+      "version": "0.23.5",
-      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.23.3.tgz",
+      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.23.5.tgz",
-      "integrity": "sha512-j+eEWmB6YYLwcNOdlwQ6L2OsptI/LO6lNBuLIqe5R7RetD658HLoF+Mn7LzYmAWWNNzdC6cqP+L6r8ujeYXWLw==",
+      "integrity": "sha512-Y3kKLvC1dvTOT+oGlqNQ1XLqK6D1HU2YXPc52NmAlJZbMMWDzGYXMiPRJ8TYD39muD/OTjlZmNJ4ib7dvSrMBA==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
-        "@eslint/object-schema": "^3.0.3",
+        "@eslint/object-schema": "^3.0.5",
        "debug": "^4.3.1",
        "minimatch": "^10.2.4"
      },
@ -464,22 +464,22 @@
      }
    },
    "node_modules/@eslint/config-helpers": {
-      "version": "0.5.3",
+      "version": "0.5.5",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.5.3.tgz",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.5.5.tgz",
-      "integrity": "sha512-lzGN0onllOZCGroKJmRwY6QcEHxbjBw1gwB8SgRSqK8YbbtEXMvKynsXc3553ckIEBxsbMBU7oOZXKIPGZNeZw==",
+      "integrity": "sha512-eIJYKTCECbP/nsKaaruF6LW967mtbQbsw4JTtSVkUQc9MneSkbrgPJAbKl9nWr0ZeowV8BfsarBmPpBzGelA2w==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
-        "@eslint/core": "^1.1.1"
+        "@eslint/core": "^1.2.1"
      },
      "engines": {
        "node": "^20.19.0 || ^22.13.0 || >=24"
      }
    },
    "node_modules/@eslint/core": {
-      "version": "1.1.1",
+      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-1.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-1.2.1.tgz",
-      "integrity": "sha512-QUPblTtE51/7/Zhfv8BDwO0qkkzQL7P/aWWbqcf4xWLEYn1oKjdO0gglQBB4GAsu7u6wjijbCmzsUTy6mnk6oQ==",
+      "integrity": "sha512-MwcE1P+AZ4C6DWlpin/OmOA54mmIZ/+xZuJiQd4SyB29oAJjN30UW9wkKNptW2ctp4cEsvhlLY/CsQ1uoHDloQ==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
@ -490,9 +490,9 @@
      }
    },
    "node_modules/@eslint/object-schema": {
-      "version": "3.0.3",
+      "version": "3.0.5",
-      "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-3.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-3.0.5.tgz",
-      "integrity": "sha512-iM869Pugn9Nsxbh/YHRqYiqd23AmIbxJOcpUMOuWCVNdoQJ5ZtwL6h3t0bcZzJUlC3Dq9jCFCESBZnX0GTv7iQ==",
+      "integrity": "sha512-vqTaUEgxzm+YDSdElad6PiRoX4t8VGDjCtt05zn4nU810UIx/uNEV7/lZJ6KwFThKZOzOxzXy48da+No7HZaMw==",
      "dev": true,
      "license": "Apache-2.0",
      "engines": {
@ -500,13 +500,13 @@
      }
    },
    "node_modules/@eslint/plugin-kit": {
-      "version": "0.6.1",
+      "version": "0.7.1",
-      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.6.1.tgz",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.7.1.tgz",
-      "integrity": "sha512-iH1B076HoAshH1mLpHMgwdGeTs0CYwL0SPMkGuSebZrwBp16v415e9NZXg2jtrqPVQjf6IANe2Vtlr5KswtcZQ==",
+      "integrity": "sha512-rZAP3aVgB9ds9KOeUSL+zZ21hPmo8dh6fnIFwRQj5EAZl9gzR7wxYbYXYysAM8CTqGmUGyp2S4kUdV17MnGuWQ==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
-        "@eslint/core": "^1.1.1",
+        "@eslint/core": "^1.2.1",
        "levn": "^0.4.1"
      },
      "engines": {
@ -2856,18 +2856,18 @@
      }
    },
    "node_modules/eslint": {
-      "version": "10.1.0",
+      "version": "10.2.1",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.2.1.tgz",
-      "integrity": "sha512-S9jlY/ELKEUwwQnqWDO+f+m6sercqOPSqXM5Go94l7DOmxHVDgmSFGWEzeE/gwgTAr0W103BWt0QLe/7mabIvA==",
+      "integrity": "sha512-wiyGaKsDgqXvF40P8mDwiUp/KQjE1FdrIEJsM8PZ3XCiniTMXS3OHWWUe5FI5agoCnr8x4xPrTDZuxsBlNHl+Q==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.8.0",
        "@eslint-community/regexpp": "^4.12.2",
-        "@eslint/config-array": "^0.23.3",
+        "@eslint/config-array": "^0.23.5",
-        "@eslint/config-helpers": "^0.5.3",
+        "@eslint/config-helpers": "^0.5.5",
-        "@eslint/core": "^1.1.1",
+        "@eslint/core": "^1.2.1",
-        "@eslint/plugin-kit": "^0.6.1",
+        "@eslint/plugin-kit": "^0.7.1",
        "@humanfs/node": "^0.16.6",
        "@humanwhocodes/module-importer": "^1.0.1",
        "@humanwhocodes/retry": "^0.4.2",
@ -5854,9 +5854,9 @@
      }
    },
    "node_modules/undici": {
-      "version": "7.24.5",
+      "version": "7.25.0",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.5.tgz",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-7.25.0.tgz",
-      "integrity": "sha512-3IWdCpjgxp15CbJnsi/Y9TCDE7HWVN19j1hmzVhoAkY/+CJx449tVxT5wZc1Gwg8J+P0LWvzlBzxYRnHJ+1i7Q==",
+      "integrity": "sha512-xXnp4kTyor2Zq+J1FfPI6Eq3ew5h6Vl0F/8d9XU5zZQf1tX9s2Su1/3PiMmUANFULpmksxkClamIZcaUqryHsQ==",
      "license": "MIT",
      "engines": {
        "node": ">=20.18.1"
@ -6036,9 +6036,9 @@
      "license": "ISC"
    },
    "node_modules/ws": {
-      "version": "8.19.0",
+      "version": "8.20.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.19.0.tgz",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.0.tgz",
-      "integrity": "sha512-blAT2mjOEIi0ZzruJfIhb3nps74PRWTCz1IjglWEEpQl5XS/UNama6u2/rjFkDDouqr4L67ry+1aGIALViWjDg==",
+      "integrity": "sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA==",
      "license": "MIT",
      "engines": {
        "node": ">=10.0.0"
--- a/tasks/todo.md
+++ b/tasks/todo.md
@ -12,6 +12,7 @@
 - ✅ 3.3.8 — queue-cap-prune-Logik nach `lib/queue-prune.js` extrahiert (dual-environment: Node + Browser-global) + 10 Unit-Tests (insertion-order, limit=0, malformed entries, large-queue 5000-job sweep)
 - ✅ 3.3.9 — Throttled-Cache nach `lib/throttled-cache.js` extrahiert (von sortQueueJobs dynamic-throttle genutzt) + 12 Unit-Tests (TTL-Boundary, identity-tracking, fake-clock, peek/clear, refreshMs=0, large-input)
 - ✅ 3.3.10 — `npm audit fix` (non-breaking): 4 vulnerabilities geschlossen (16 → 12), nur Lock-file Update
 - ✅ 3.3.11 — Patch-Bumps `eslint 10.1→10.2`, `undici 7.24→7.25`, `ws 8.19→8.20` (semver-compatible)
 ## Open items (priorisiert)
@ -20,7 +21,15 @@
 - [ ] 12 weitere Vulnerabilities (10 high, 2 low) in electron-builder dev-chain — bräuchten `npm audit fix --force` mit Major-Bump electron-builder@26.8.1 (breaking). Skip bis User explizit ein Major-Update erlaubt.
 ### Loop-Status
-Alle initial im 3.3.0-Audit identifizierten Items sind nun adressiert. Loop kann pausiert werden bis neue User-Beschwerden / neue Audit-Findings auftauchen, oder weiterlaufen für Quality-Improvement-Sweep (z.B. eslint cleanup, comment audit, dead-code).
+Alle initial im 3.3.0-Audit identifizierten Items sind nun adressiert. Beide verbliebenen open items sind explizit deferred (microtask-fake-timer-Setup ist Refactor, audit-fix --force ist Major-Bump und braucht User-OK).
 **Iteration 11 (skipped, no release)**: kein nicht-deferred Item übrig. Loop läuft idle weiter — bei nächstem Cron-Tick prüft er erneut, falls inzwischen neue Issues aufgetaucht sind.
 Sinnvolle nächste Schritte für den User:
 - "Loop stop" wenn nichts mehr passieren soll (CronDelete `01e33ae1`)
 - "Major bump genehmigt" für `npm audit fix --force` (closes 12 deferred vulns, bumpt electron-builder@26)
 - Neue konkrete User-Beschwerden / Bug-Reports
 - Manuelle Anweisung was als nächstes interessant wäre
 ## Loop-Notes
 - Cron-Job `01e33ae1` läuft alle 30min (:07/:37), Session-only.