Skip to content

build(deps-dev): bump the development-dependencies group with 8 updates#138

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/development-dependencies-d81af20dd6
Closed

build(deps-dev): bump the development-dependencies group with 8 updates#138
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/development-dependencies-d81af20dd6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 15, 2026

Bumps the development-dependencies group with 8 updates:

Package From To
@biomejs/biome 2.3.11 2.4.10
@effect/vitest 0.27.0 0.29.0
@types/node 25.0.9 25.5.2
dotenv 17.2.3 17.4.1
typedoc 0.28.16 0.28.18
typescript 5.9.3 6.0.2
vite-tsconfig-paths 6.0.4 6.1.1
vitest 4.0.17 4.1.3

Updates @biomejs/biome from 2.3.11 to 2.4.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.10

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

... (truncated)

Commits

Updates @effect/vitest from 0.27.0 to 0.29.0

Release notes

Sourced from @​effect/vitest's releases.

@​effect/vitest@​0.29.0

Patch Changes

@​effect/vitest@​0.28.0

Patch Changes

Changelog

Sourced from @​effect/vitest's changelog.

0.29.0

Patch Changes

0.28.0

Patch Changes

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​effect/vitest since your current version.


Updates @types/node from 25.0.9 to 25.5.2

Commits

Updates dotenv from 17.2.3 to 17.4.1

Changelog

Sourced from dotenv's changelog.

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.
Commits

Updates typedoc from 0.28.16 to 0.28.18

Release notes

Sourced from typedoc's releases.

v0.28.18

Features

  • Support TypeScript 6.0, #3084.

v0.28.17

Bug Fixes

  • Improved handling of comments for type aliases which have been declaration merged with functions, #3064.
  • Fixed anchor link generation to members named $, #3065.
  • Corrected typing of the plugin option to permit functions, #3066.
  • Warnings about unused @param tags will now be properly suppressed when they come from declaration files and the suppressCommentWarningsInDeclarationFiles option is enabled, #3070.
  • Fixed conversion of types referencing type parameters on functions, #3071.

Thanks!

Changelog

Sourced from typedoc's changelog.

v0.28.18 (2026-03-23)

Features

  • Support TypeScript 6.0, #3084.

v0.28.17 (2026-02-13)

Bug Fixes

  • Improved handling of comments for type aliases which have been declaration merged with functions, #3064.
  • Fixed anchor link generation to members named $, #3065.
  • Corrected typing of the plugin option to permit functions, #3066.
  • Warnings about unused @param tags will now be properly suppressed when they come from declaration files and the suppressCommentWarningsInDeclarationFiles option is enabled, #3070.
  • Fixed conversion of types referencing type parameters on functions, #3071.

Thanks!

Commits

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits

Updates vite-tsconfig-paths from 6.0.4 to 6.1.1

Release notes

Sourced from vite-tsconfig-paths's releases.

v6.1.0

Features

  • New importerFilter option: Provides fine-grained control over which files should have their imports resolved by this plugin. (Closes #175, #193)
  • Ignore .d.ts overrides: The plugin now ignores resolutions that point to .d.ts files, avoiding issues when tsconfig is used for opt-in type overrides. (Closes #179, #180)

Performance

  • Hoisted regular expressions out of the hot path in the resolver for better performance.

Internal

  • Added resolvedToDeclarationFile event to the debug log file.
Commits
  • dff2e93 chore: release v6.1.1
  • 947f434 fix: skip .json resolutions in certain cases
  • 457211a chore(docs): mention the importerFilter option
  • 2152461 chore: upgrade vitest
  • c5659ce chore: release v6.1.0
  • 93dd887 chore: add "resolvedToDeclarationFile" event to log file
  • e1e7678 feat: ignore .d.ts-only overrides in tsconfig
  • c8e4ec3 chore(perf): hoist regexes out of hot path
  • d0ad01c feat: add importerFilter option
  • 0b47a6a chore: release v6.0.5
  • Additional commits viewable in compare view

Updates vitest from 4.0.17 to 4.1.3

Release notes

Sourced from vitest's releases.

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

... (truncated)

Commits
  • 2dc0d62 chore: release v4.1.3
  • 7827363 feat: add experimental.preParse flag (#10070)
  • 691d341 fix(snapshot): export custom snapshot matcher helper from vitest (#10042)
  • 59b0e64 feat(experimental/snapshot): support custom snapshot matcher (#9973)
  • 487990a feat(experimental): support browser.locators.exact option (#10013)
  • 146d4f0 fix: add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional de...
  • 3f5bfa3 fix: advance fake timers with expect.poll interval (#10022)
  • 9dbf477 fix(vm): fix external module resolve error with deps optimizer query (#10024)
  • ec20455 fix(expect): don't leak "runner" types (#10004)
  • 66751c9 fix(expect): remove JestExtendError.context from verbose error reporting (#...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps-dev): bump the development-dependencies group with 8 updates
8abf07c 
Bumps the development-dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.3.11` | `2.4.10` |
| [@effect/vitest](https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest) | `0.27.0` | `0.29.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.9` | `25.5.2` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.4.1` |
| [typedoc](https://github.com/TypeStrong/TypeDoc) | `0.28.16` | `0.28.18` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.2` |
| [vite-tsconfig-paths](https://github.com/aleclarson/vite-tsconfig-paths) | `6.0.4` | `6.1.1` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.17` | `4.1.3` |


Updates `@biomejs/biome` from 2.3.11 to 2.4.10
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)

Updates `@effect/vitest` from 0.27.0 to 0.29.0
- [Release notes](https://github.com/Effect-TS/effect/releases)
- [Changelog](https://github.com/Effect-TS/effect/blob/main/packages/vitest/CHANGELOG.md)
- [Commits](https://github.com/Effect-TS/effect/commits/@effect/vitest@0.29.0/packages/vitest)

Updates `@types/node` from 25.0.9 to 25.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `dotenv` from 17.2.3 to 17.4.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.2.3...v17.4.1)

Updates `typedoc` from 0.28.16 to 0.28.18
- [Release notes](https://github.com/TypeStrong/TypeDoc/releases)
- [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md)
- [Commits](TypeStrong/typedoc@v0.28.16...v0.28.18)

Updates `typescript` from 5.9.3 to 6.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.2)

Updates `vite-tsconfig-paths` from 6.0.4 to 6.1.1
- [Release notes](https://github.com/aleclarson/vite-tsconfig-paths/releases)
- [Commits](aleclarson/vite-tsconfig-paths@v6.0.4...v6.1.1)

Updates `vitest` from 4.0.17 to 4.1.3
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.3/packages/vitest)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.10
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@effect/vitest"
  dependency-version: 0.29.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: typedoc
  dependency-version: 0.28.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: typescript
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: vite-tsconfig-paths
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: vitest
  dependency-version: 4.1.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 15, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 15, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@Palbahngmiyine Palbahngmiyine deleted the dependabot/npm_and_yarn/development-dependencies-d81af20dd6 branch April 15, 2026 05:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Palbahngmiyine