Skip to content
This repository was archived by the owner on Apr 2, 2026. It is now read-only.

chore(deps-dev): bump the minor-development-deps group across 1 directory with 5 updates#29

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/minor-development-deps-cc209dd9c6
Closed

chore(deps-dev): bump the minor-development-deps group across 1 directory with 5 updates#29
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/minor-development-deps-cc209dd9c6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps the minor-development-deps group with 5 updates in the / directory:

Package From To
@biomejs/biome 2.3.13 2.4.10
@oclif/test 4.1.16 4.1.17
@types/node 25.1.0 25.5.0
oclif 4.22.73 4.22.96
vitest 4.0.18 4.1.2

Updates @biomejs/biome from 2.3.13 to 2.4.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.10

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

... (truncated)

Commits

Updates @oclif/test from 4.1.16 to 4.1.17

Release notes

Sourced from @​oclif/test's releases.

4.1.17

Bug Fixes

  • deps: bump flatted from 3.3.2 to 3.4.2 (842792a)
Changelog

Sourced from @​oclif/test's changelog.

4.1.17 (2026-03-21)

Bug Fixes

  • deps: bump flatted from 3.3.2 to 3.4.2 (842792a)
Commits
  • e5371b1 chore(release): 4.1.17 [skip ci]
  • 464b7d1 Merge pull request #868 from oclif/dependabot-npm_and_yarn-flatted-3.4.2
  • 842792a fix(deps): bump flatted from 3.3.2 to 3.4.2
  • 4b1eb43 Merge pull request #864 from oclif/dependabot-npm_and_yarn-eslint-9.39.4
  • 54596c3 chore(dev-deps): bump eslint from 9.39.3 to 9.39.4
  • b988053 Merge pull request #866 from oclif/dependabot-npm_and_yarn-eslint-config-ocli...
  • 6736998 chore(dev-deps): bump eslint-config-oclif from 6.0.140 to 6.0.148
  • a620ec5 Merge pull request #867 from oclif/dependabot-npm_and_yarn-oclif-core-4.9.0
  • ad2b864 chore(dev-deps): bump @​oclif/core from 4.8.0 to 4.9.0
  • 66fec82 Merge pull request #860 from oclif/ew/slack-webhook-secret
  • Additional commits viewable in compare view

Updates @types/node from 25.1.0 to 25.5.0

Commits

Updates oclif from 4.22.73 to 4.22.96

Release notes

Sourced from oclif's releases.

4.22.96

Bug Fixes

  • deps: bump @​oclif/plugin-warn-if-update-available (d12954b)

4.22.95

Bug Fixes

  • deps: bump @​aws-sdk/client-s3 from 3.1009.0 to 3.1014.0 (c075291)

4.22.94

Bug Fixes

  • deps: bump @​oclif/plugin-not-found from 3.2.75 to 3.2.76 (eefdfe3)

4.22.93

Bug Fixes

  • deps: bump flatted from 3.3.1 to 3.4.2 (943ec13)

4.22.92

Bug Fixes

  • deps: bump @​oclif/plugin-not-found from 3.2.74 to 3.2.75 (4eefb02)

4.22.91

Bug Fixes

  • deps: bump @​aws-sdk/client-s3 from 3.1004.0 to 3.1009.0 (da5fc92)

4.22.90

Bug Fixes

  • deps: bump @​oclif/plugin-help from 6.2.37 to 6.2.38 (9a63640)

4.22.89

Bug Fixes

  • deps: bump @​oclif/core from 4.8.3 to 4.9.0 (f56c1db)

4.22.88

Bug Fixes

  • deps: bump @​aws-sdk/client-cloudfront from 3.1004.0 to 3.1009.0 (8af60d6)

4.22.87

Bug Fixes

  • deps: bump @​aws-sdk/client-s3 from 3.1002.0 to 3.1004.0 (14feda5)

... (truncated)

Changelog

Sourced from oclif's changelog.

4.22.96 (2026-03-22)

Bug Fixes

  • deps: bump @​oclif/plugin-warn-if-update-available (d12954b)

4.22.95 (2026-03-22)

Bug Fixes

  • deps: bump @​aws-sdk/client-s3 from 3.1009.0 to 3.1014.0 (c075291)

4.22.94 (2026-03-22)

Bug Fixes

  • deps: bump @​oclif/plugin-not-found from 3.2.75 to 3.2.76 (eefdfe3)

4.22.93 (2026-03-20)

Bug Fixes

  • deps: bump flatted from 3.3.1 to 3.4.2 (943ec13)

4.22.92 (2026-03-16)

Bug Fixes

  • deps: bump @​oclif/plugin-not-found from 3.2.74 to 3.2.75 (4eefb02)

4.22.91 (2026-03-15)

Bug Fixes

  • deps: bump @​aws-sdk/client-s3 from 3.1004.0 to 3.1009.0 (da5fc92)

4.22.90 (2026-03-15)

Bug Fixes

  • deps: bump @​oclif/plugin-help from 6.2.37 to 6.2.38 (9a63640)

4.22.89 (2026-03-15)

Bug Fixes

  • deps: bump @​oclif/core from 4.8.3 to 4.9.0 (f56c1db)

4.22.88 (2026-03-15)

... (truncated)

Commits
  • 86027e0 chore(release): 4.22.96 [skip ci]
  • c7340c3 Merge pull request #2004 from oclif/dependabot-npm_and_yarn-oclif-plugin-warn...
  • 62400a7 chore(release): 4.22.95 [skip ci]
  • 667d795 Merge pull request #2005 from oclif/dependabot-npm_and_yarn-aws-sdk-client-s3...
  • 2289598 Merge pull request #2006 from oclif/dependabot-npm_and_yarn-oclif-test-4.1.17
  • d12954b fix(deps): bump @​oclif/plugin-warn-if-update-available
  • 8d7fc88 chore(release): 4.22.94 [skip ci]
  • a9db936 Merge pull request #2007 from oclif/dependabot-npm_and_yarn-oclif-plugin-not-...
  • eefdfe3 fix(deps): bump @​oclif/plugin-not-found from 3.2.75 to 3.2.76
  • 58b8a99 chore(dev-deps): bump @​oclif/test from 4.1.16 to 4.1.17
  • Additional commits viewable in compare view

Updates vitest from 4.0.18 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

... (truncated)

Commits
  • fc6f482 chore: release v4.1.2
  • 6f97b55 feat: disable colors if agent is detected (#9851)
  • b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
  • 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
  • f54abad chore: add typo-checker skill and fix typos (#9963)
  • 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
  • 1f2d318 chore: release v4.1.1
  • ebfde79 refactor: rename matchesTagsFilter to matchesTags (#9956)
  • 5611500 feat(experimental): introduce experimental.vcsProvider (#9928)
  • eec53d9 feat(experimental): expose matchesTagsFilter to test if the current filter ...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 1, 2026
@dependabot dependabot Bot requested a review from erunion as a code owner April 1, 2026 19:45
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 1, 2026
@dependabot dependabot Bot changed the title chore(deps-dev): bump the minor-development-deps group with 5 updates chore(deps-dev): bump the minor-development-deps group across 1 directory with 5 updates Apr 2, 2026
@dependabot
chore(deps-dev): bump the minor-development-deps group with 5 updates
02b1a9e 
Bumps the minor-development-deps group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.3.13` | `2.4.10` |
| [@oclif/test](https://github.com/oclif/test) | `4.1.16` | `4.1.17` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.1.0` | `25.5.0` |
| [oclif](https://github.com/oclif/oclif) | `4.22.73` | `4.22.96` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.18` | `4.1.2` |


Updates `@biomejs/biome` from 2.3.13 to 2.4.10
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)

Updates `@oclif/test` from 4.1.16 to 4.1.17
- [Release notes](https://github.com/oclif/test/releases)
- [Changelog](https://github.com/oclif/test/blob/main/CHANGELOG.md)
- [Commits](oclif/test@4.1.16...4.1.17)

Updates `@types/node` from 25.1.0 to 25.5.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `oclif` from 4.22.73 to 4.22.96
- [Release notes](https://github.com/oclif/oclif/releases)
- [Changelog](https://github.com/oclif/oclif/blob/main/CHANGELOG.md)
- [Commits](oclif/oclif@4.22.73...4.22.96)

Updates `vitest` from 4.0.18 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.10
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-development-deps
- dependency-name: "@oclif/test"
  dependency-version: 4.1.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-development-deps
- dependency-name: "@types/node"
  dependency-version: 25.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-development-deps
- dependency-name: oclif
  dependency-version: 4.22.96
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-development-deps
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-development-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-development-deps-cc209dd9c6 branch from 185ef8b to 02b1a9e Compare April 2, 2026 02:08
@erunion erunion closed this Apr 2, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 2, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/minor-development-deps-cc209dd9c6 branch April 2, 2026 16:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@erunion erunion Awaiting requested review from erunion erunion is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@erunion