Skip to content

chore(deps): bump the dev-dependencies group across 1 directory with 8 updates#10

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-dependencies-0b269633cc
Open

chore(deps): bump the dev-dependencies group across 1 directory with 8 updates#10
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-dependencies-0b269633cc

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026
edited
Loading

Bumps the dev-dependencies group with 8 updates in the / directory:

Package From To
@biomejs/biome 2.4.7 2.4.10
@evilmartians/lefthook 2.1.3 2.1.5
@size-limit/preset-small-lib 12.0.0 12.0.1
@types/node 25.3.3 25.5.2
@vitest/coverage-v8 4.0.18 4.1.2
size-limit 12.0.0 12.0.1
tsdown 0.21.2 0.21.7
vitest 4.0.18 4.1.2

Updates @biomejs/biome from 2.4.7 to 2.4.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.10

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

... (truncated)

Commits

Updates @evilmartians/lefthook from 2.1.3 to 2.1.5

Release notes

Sourced from @​evilmartians/lefthook's releases.

v2.1.5

Changelog

  • afac466157f88b5a5f9d03eb28acc90b095a4b5d chore(golangci-lint): upgrade to 2.11.4 (#1362)
  • f8e73b947e2eefd6950d6a19c20bbde19070809d chore: fix golangci-lint version lookup
  • 4564da343b1497f73f8a82f6104e1b5903f8a081 chore: move golangci-lint version to .tool-versions (#1349)
  • 236a5bd07c650aaa882963d68ab5e5e654a47681 chore: small cleanup (#1370)
  • 5ddf2206dd23e826c5434392e034fa7db523cd3d deps: April 2026 (#1375)
  • e26c719f5a85e8ff35871e9724649714d6f05c13 fix: git repository merge issue (#1372)
  • 3503a3b102c2b41c298e1e7dc6549181508518a6 fix: prevent lefthook run from overwriting global hooks (#1371)
  • f3fc175f6c638fd54ab49b8d7c060898f936c934 fix: use pre-push stdin for push file detection (#1368)

v2.1.4

Changelog

  • 21479f941dcf73bd826cd169088983320fdc31d6 fix: bring back {lefthook_job_name} template (#1347)
  • c586f14d15cbef841c988420da6e21d903859764 fix: separate more commands' non-option args with -- (#1339)
  • 8dcd4aef558c1676d0ac724e220d241a71e6a861 pkg: fix scripts (#1348)
  • 2fac7285db9090f0e88478fdcb50353452250655 pkg: make it easier to read (#1340)
  • 32af36b1b832891df7dfb7411b4c2e273aefc3d7 pkg: refactor packaging (2) (#1346)
  • 5354773b454a8c5e7a916d909782661bc6b1f896 pkg: refactor packaging scripts (#1308)
Changelog

Sourced from @​evilmartians/lefthook's changelog.

2.1.5 (2026-04-06)

2.1.4 (2026-03-12)

Commits
  • 4cec579 2.1.5: prevent overwriting global hooks and fix pre-push for sha256 repos
  • 5ddf220 deps: April 2026 (#1375)
  • 0c16199 docs: update documentation and docs for claude (#1373)
  • e26c719 fix: git repository merge issue (#1372)
  • f3fc175 fix: use pre-push stdin for push file detection (#1368)
  • 236a5bd chore: small cleanup (#1370)
  • 3503a3b fix: prevent lefthook run from overwriting global hooks (#1371)
  • afac466 chore(golangci-lint): upgrade to 2.11.4 (#1362)
  • f8e73b9 chore: fix golangci-lint version lookup
  • 4564da3 chore: move golangci-lint version to .tool-versions (#1349)
  • Additional commits viewable in compare view

Updates @size-limit/preset-small-lib from 12.0.0 to 12.0.1

Release notes

Sourced from @​size-limit/preset-small-lib's releases.

12.0.1

Changelog

Sourced from @​size-limit/preset-small-lib's changelog.

12.0.1

Commits

Updates @types/node from 25.3.3 to 25.5.2

Commits

Updates @vitest/coverage-v8 from 4.0.18 to 4.1.2

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

... (truncated)

Commits

Updates size-limit from 12.0.0 to 12.0.1

Release notes

Sourced from size-limit's releases.

12.0.1

Changelog

Sourced from size-limit's changelog.

12.0.1

Commits

Updates tsdown from 0.21.2 to 0.21.7

Release notes

Sourced from tsdown's releases.

v0.21.7

   🚀 Features

  • Add module option for attw and publint to allow passing imported modules directly  -  by @​sxzz (31e90)

   🐞 Bug Fixes

  • deps: Add skipNodeModulesBundle dep subpath e2e tests and fix docs  -  by @​sxzz (deff7)
    View changes on GitHub

v0.21.6

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v0.21.5

   🚀 Features

   🐞 Bug Fixes

... (truncated)

Commits
  • 42467bd chore: release v0.21.7
  • 88d73a7 chore: upgrade deps
  • 5b1535e chore: remove jsr
  • 5d32818 docs: fix dead external links in docs and skills
  • c7483a0 docs: update link to Rolldown plugin development guide (#874)
  • deff72c fix(deps): add skipNodeModulesBundle dep subpath e2e tests and fix docs
  • 31e90c1 feat: add module option for attw and publint to allow passing imported modu...
  • 375a51c chore: release v0.21.6
  • e1403c0 chore: upgrade deps
  • 0005096 fix(entry): correctly output relative paths in logger output
  • Additional commits viewable in compare view

Updates vitest from 4.0.18 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

... (truncated)

Commits

@dependabot
chore(deps): bump the dev-dependencies group across 1 directory with …
7c6e1df 
…8 updates

Bumps the dev-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.7` | `2.4.10` |
| [@evilmartians/lefthook](https://github.com/evilmartians/lefthook) | `2.1.3` | `2.1.5` |
| [@size-limit/preset-small-lib](https://github.com/ai/size-limit) | `12.0.0` | `12.0.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.3` | `25.5.2` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.0.18` | `4.1.2` |
| [size-limit](https://github.com/ai/size-limit) | `12.0.0` | `12.0.1` |
| [tsdown](https://github.com/rolldown/tsdown) | `0.21.2` | `0.21.7` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.18` | `4.1.2` |



Updates `@biomejs/biome` from 2.4.7 to 2.4.10
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)

Updates `@evilmartians/lefthook` from 2.1.3 to 2.1.5
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](evilmartians/lefthook@v2.1.3...v2.1.5)

Updates `@size-limit/preset-small-lib` from 12.0.0 to 12.0.1
- [Release notes](https://github.com/ai/size-limit/releases)
- [Changelog](https://github.com/ai/size-limit/blob/main/CHANGELOG.md)
- [Commits](ai/size-limit@12.0.0...12.0.1)

Updates `@types/node` from 25.3.3 to 25.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitest/coverage-v8` from 4.0.18 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/coverage-v8)

Updates `size-limit` from 12.0.0 to 12.0.1
- [Release notes](https://github.com/ai/size-limit/releases)
- [Changelog](https://github.com/ai/size-limit/blob/main/CHANGELOG.md)
- [Commits](ai/size-limit@12.0.0...12.0.1)

Updates `tsdown` from 0.21.2 to 0.21.7
- [Release notes](https://github.com/rolldown/tsdown/releases)
- [Commits](rolldown/tsdown@v0.21.2...v0.21.7)

Updates `vitest` from 4.0.18 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@evilmartians/lefthook"
  dependency-version: 2.1.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@size-limit/preset-small-lib"
  dependency-version: 12.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: size-limit
  dependency-version: 12.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: tsdown
  dependency-version: 0.21.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: vitest
  dependency-version: 4.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 6, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants