Bump eslint-plugin-jsdoc from 62.5.0 to 62.7.1

[dependabot]

Bumps eslint-plugin-jsdoc from 62.5.0 to 62.7.1.

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v62.7.1

62.7.1 (2026-02-24)

Bug Fixes

• require-property: err if user blocks [@property](https://github.com/property); fixes #1634 (23a9f1d)

v62.7.0

62.7.0 (2026-02-20)

Features

• support ESLint 10 (d8599fb)

v62.6.1

62.6.1 (2026-02-19)

Bug Fixes

• check-param-names: only fire on TSPropertySignature if with TSFunctionNode; fixes #1663 (951d354)

v62.6.0

62.6.0 (2026-02-18)

Features

• tag-lines: add startLinesWithNoTags option; fixes #1661 (b36a67a)

v62.5.5

62.5.5 (2026-02-15)

Bug Fixes

• check-param-names: check arrow function properties in interfaces (TSPropertySignature); fixes #1657 (c7b132f)

v62.5.4

62.5.4 (2026-02-07)

Bug Fixes

• no-undefined-types: avoid treating infer type identifier as undefined; fixes #1654 (da44046)
• no-undefined-types: ensure template tags are defined; fixes #1655 (bfef848)

v62.5.3

... (truncated)

Commits

• 23a9f1d fix(require-property): err if user blocks @property; fixes #1634
• bd90efd Merge pull request #1668 from gajus/dependabot/npm_and_yarn/ajv-6.14.0
• eca3090 chore(deps): bump ajv from 6.12.6 to 6.14.0
• 86bd0be Merge pull request #1666 from gajus/gajus-patch-1
• ba0c8af Update funding to brettz9
• 35c5745 Merge pull request #1659 from brettz9/eslint10
• d8599fb feat: support ESLint 10
• 951d354 fix(check-param-names): only fire on TSPropertySignature if with `TSFunct...
• b36a67a feat(tag-lines): add startLinesWithNoTags option; fixes #1661
• c7b132f fix(check-param-names): check arrow function properties in interfaces (TSPr...
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
eslint-plugin-jsdoc	[>= 50.3.a, < 50.4]
eslint-plugin-jsdoc	[< 50.5, > 50.4.1]
eslint-plugin-jsdoc	[>= 50.6.a, < 50.7]
eslint-plugin-jsdoc	[< 51.4, > 51.3.1]
eslint-plugin-jsdoc	[>= 51.4.a, < 51.5]
eslint-plugin-jsdoc	[>= 52.0.a, < 52.1]
eslint-plugin-jsdoc	[>= 54.1.a, < 54.2]
eslint-plugin-jsdoc	[< 61.2, > 61.1.5]
eslint-plugin-jsdoc	[< 61.5, > 61.4.0]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the current package.json to see what version of eslint-plugin-jsdoc is currently used
# and what other dependencies might be affected
fd -t f "package.json" --exec cat {}

Length of output: 6179

---

🌐 Web query:

eslint-plugin-jsdoc vulnerabilities CVE 62.7.1

💡 Result:

• “CVE 62.7.1” isn’t a valid CVE identifier (CVE IDs look like CVE-YYYY-NNNNN). 62.7.1 is a package version of eslint-plugin-jsdoc (released 2026-02-24). [2]
• Known CVEs/vulnerabilities for eslint-plugin-jsdoc (including v62.x): major public vulnerability databases currently show no known direct vulnerabilities/CVEs for eslint-plugin-jsdoc. [1] [3]
• If you actually meant a recent ESLint-related supply-chain CVE: CVE-2025-54313 is about compromised releases of eslint-config-prettier (and some related packages like eslint-plugin-prettier, synckit, etc.), not eslint-plugin-jsdoc. [4] [5]

Sources:
[1] Snyk – eslint-plugin-jsdoc vulnerabilities page (no known direct vulnerabilities) (security.snyk.io)
[2] NewReleases – eslint-plugin-jsdoc v62.7.1 release notes/date (newreleases.io)
[3] ReversingLabs – eslint-plugin-jsdoc vulnerability listing (none found) (secure.software)
[4] StepSecurity – confirmed affected packages/versions for the eslint-config-prettier compromise (stepsecurity.io)
[5] Tenable (Nessus) – CVE-2025-54313 affected packages/versions summary (tenable.com)

Citations:

• 1: https://security.snyk.io/package/npm/eslint-plugin-jsdoc?utm_source=openai
• 2: https://newreleases.io/project/github/gajus/eslint-plugin-jsdoc/release/v62.7.1?utm_source=openai
• 3: https://secure.software/npm/packages/eslint-plugin-jsdoc/vulnerabilities/51.0.0?utm_source=openai
• 4: https://www.stepsecurity.io/blog/supply-chain-security-alert-eslint-config-prettier-package-shows-signs-of-compromise?utm_source=openai
• 5: https://www.tenable.com/plugins/nessus/245592?utm_source=openai

---

🌐 Web query:

ajv 6.14.0 vulnerabilities CVE security

💡 Result:

As of March 3, 2026, ajv@6.14.0 has no known direct vulnerabilities listed in Snyk’s database (i.e., no CVEs currently mapped to that exact version there). [1]

Key CVEs people commonly associate with Ajv do not affect 6.14.0:

• CVE-2020-15366 (prototype pollution / possible code execution via crafted schema): affects Ajv 6.12.2 (and generally versions < 6.12.3); fixed starting 6.12.3, so 6.14.0 is not affected. [2]
• CVE-2025-69873 (ReDoS when $data option is enabled and attacker can inject regex via pattern): Snyk’s affected range includes Ajv versions < 6.14.0 (and later branches until 8.18.0), meaning 6.14.0 is the fixed 6.x version for this issue. [3][4]

Recommendation: If you must stay on Ajv v6, 6.14.0 is the safe endpoint within v6 for the CVEs above; otherwise upgrade to the latest Ajv 8.x if feasible. [3]

Sources:
[1] Snyk page for ajv@6.14.0 (no direct vulns) (security.snyk.io)
[2] NVD entry for CVE-2020-15366 (nvd.nist.gov)
[3] Snyk vulnerability ranges showing fixes including ajv@6.14.0 (security.snyk.io)
[4] NVD entry for CVE-2025-69873 (nvd.nist.gov)

Citations:

• 1: https://security.snyk.io/package/npm/ajv%406.14.0?utm_source=openai
• 2: https://nvd.nist.gov/vuln/detail/cve-2020-15366?utm_source=openai
• 3: https://security.snyk.io/package/npm/ajv/6.9.1?utm_source=openai
• 4: https://nvd.nist.gov/vuln/detail/CVE-2025-69873?utm_source=openai

---

@ericcornelissen I've reviewed the eslint-plugin-jsdoc update from 62.5.0 to 62.7.1. Here's what you should know:

Security & Vulnerabilities ✅

No known vulnerabilities exist for eslint-plugin-jsdoc in these versions. Additionally, there's good news regarding transitive dependencies:

• The transitive update of ajv from 6.12.6 to 6.14.0 fixes CVE-2025-69873, a ReDoS vulnerability that affected versions < 6.14.0. This is a positive security improvement.

Breaking Changes ❌

No breaking changes identified. All updates appear to be features and bug fixes.

Interesting Features & Changes 🎯

1. ESLint 10 Support (v62.7.0): Future-proofing for when you upgrade from ESLint 9.39.0 to ESLint 10.

2. New Option (v62.6.0): The tag-lines rule now has a startLinesWithNoTags option if you need more control over JSDoc formatting.

3. Bug Fixes: Multiple improvements including:

   • check-param-names: Better handling of TypeScript arrow function properties in interfaces
   • require-property: Fixed handling when users block @property tags
   • no-undefined-types: Better handling of infer types and template tags

Maliciousness Check ✅

No signs of malicious activity detected. The package maintainer and commit history appear legitimate.

Recommendation

This update is safe to merge. It brings bug fixes, future compatibility, and a security improvement via the ajv transitive update.

---

🧠 Learnings used

Learnt from: ericcornelissen
Repo: ericcornelissen/shescape PR: 2137
File: config/eslint.js:94-94
Timestamp: 2025-08-23T18:29:34.225Z
Learning: The user ericcornelissen's ESLint configuration in the shescape project uses eslint-plugin-jsdoc version 53.0.1 successfully, and all JSDoc rules referenced in config/eslint.js including jsdoc/lines-before-block, jsdoc/no-blank-blocks, and jsdoc/check-syntax are valid and working rules in that version.