chore(deps-dev): bump eslint from 10.4.1 to 10.5.0

[dependabot]

Bumps eslint from 10.4.1 to 10.5.0.

Release notes

Sourced from eslint's releases.

v10.5.0

Features

• 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
• b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
• 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
• 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
• f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
• bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
• c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

• 8ae1b5b docs: Update README (GitHub Actions Bot)
• ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)
• f99b47a docs: Update README (GitHub Actions Bot)
• acf03d4 docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)

Chores

• b18bf58 chore: update ecosystem plugins (#20959) (ESLint Bot)
• c2d1444 refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)
• 243b8c5 chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)
• 217b2a9 test: add unit tests for ParserService (#20949) (Taejin Kim)
• 72003e7 test: add location information to error messages in max-statements (#20945) (lumir)
• 7797c26 refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)
• 67c46fa chore: update ecosystem plugins (#20938) (ESLint Bot)
• 95d8c7a chore: update dependency @​eslint/json to v2 (#20934) (renovate[bot])
• cf9e496 chore: update @​arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)
• fb6d396 test: run type tests with TypeScript 7 (#20868) (sethamus)

Commits

• de3b672 10.5.0
• 362a518 Build: changelog update for 10.5.0
• 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973)
• b565783 feat: report no-with violations at the with keyword (#20971)
• 2ce032f feat: report max-lines-per-function violations at function head (#20966)
• 732cb3e feat: report max-nested-callbacks violations at function head (#20967)
• f9c138a feat: report max-depth violations on keywords (#20943)
• 8ae1b5b docs: Update README
• ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962)
• b18bf58 chore: update ecosystem plugins (#20959)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

⚠️ Automated review skipped — CLAUDE_CODE_OAUTH_TOKEN is not set. Add it in Settings → Secrets and variables → Actions to enable AI code review.

[lupinesse]

Verdict: APPROVE

Clean dependency bump with no reviewable source changes and zero blocking issues across all four audits.

---

Summary

Audit	Result
/pr-review	✅ APPROVE — only package.json + package-lock.json changed; no source files
/jsdoc-check	✅ No src/js/ files in scope
/a11y-audit	✅ No .html/.js/.scss files in scope
/scss-audit	✅ No .scss files in scope

Blocking issues: 0 · Non-blocking issues: 0

---

What this PR does

• Bumps eslint from ^10.4.1 → ^10.5.0 (semver-minor, dev dependency only)
• Updates the lockfile with the new resolution and integrity hash
• Bonus fix: the lockfile's root "version" field is corrected from 1.8.9 → 1.9.0, syncing it with package.json which already had 1.9.0 on main. This pre-existing inconsistency is fixed as a side-effect of Dependabot re-running npm install.
• Adds "workspaces": ["packages/*"] to the eslint entry in the lockfile — this is accurate metadata for eslint 10.5.0's internal monorepo structure; it has no effect on consumers.

eslint 10.5.0 notable changes

Seven new features, all improving error-reporting precision (error locations now point to function heads for max-depth, max-statements, max-lines-per-function, max-nested-callbacks; no-with now fires at the with keyword). None add new rules or stricter defaults. No config changes or source-level fixes required.

---

Checklist

Check	Result
No secrets in diff	✅
Build artefacts untouched	✅
package-lock.json committed	✅
Dependency is devDependencies (correct classification)	✅
Semver-minor bump (backward-compatible)	✅
Lockfile integrity hash present	✅

---

Generated by Claude Code