Skip to content

chore(deps-dev): bump the dev-dependencies group with 8 updates#44

Merged
willfarrell merged 2 commits into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-9af352def9
May 28, 2026
Merged

chore(deps-dev): bump the dev-dependencies group with 8 updates#44
willfarrell merged 2 commits into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-9af352def9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Bumps the dev-dependencies group with 8 updates:

Package From To
@biomejs/biome 2.4.14 2.4.15
@commitlint/cli 21.0.0 21.0.1
@commitlint/config-conventional 21.0.0 21.0.1
@types/node 25.6.2 25.7.0
fast-check 4.7.0 4.8.0
protobufjs 8.0.3 8.2.0
vite 8.0.11 8.0.12
wrangler 4.90.0 4.90.1

Updates @biomejs/biome from 2.4.14 to 2.4.15

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.15

2.4.15

Patch Changes

  • #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

  • #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

    For example, the following snippet triggers the rule:

    import { nextTick } from "vue";
nextTick(() => {
updateDom();
});

  • #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

    For example, the following snippet triggers the rule:

    <input @keyup.13="submit" />

  • #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

  • #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

  • #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

  • #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

  • #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

    The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

    {
  "assist": {
    "actions": {
      "source": {
        "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
      }
    }
  }
}

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.15

Patch Changes

  • #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

  • #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

    For example, the following snippet triggers the rule:

    import { nextTick } from "vue";
nextTick(() => {
updateDom();
});

  • #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

    For example, the following snippet triggers the rule:

    <input @keyup.13="submit" />

  • #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

  • #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

  • #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

  • #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

  • #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

    The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

    {
  "assist": {
    "actions": {
      "source": {
        "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
      }
    }
  }
}

... (truncated)

Commits

Updates @commitlint/cli from 21.0.0 to 21.0.1

Release notes

Sourced from @​commitlint/cli's releases.

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

Changelog

Sourced from @​commitlint/cli's changelog.

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/cli

Commits

Updates @commitlint/config-conventional from 21.0.0 to 21.0.1

Release notes

Sourced from @​commitlint/config-conventional's releases.

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

CI

New Contributors

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

Changelog

Sourced from @​commitlint/config-conventional's changelog.

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/config-conventional

Commits

Updates @types/node from 25.6.2 to 25.7.0

Commits

Updates fast-check from 4.7.0 to 4.8.0

Release notes

Sourced from fast-check's releases.

New arbitrary to chain in a loop fashion

[Code][Diff]

Features

  • (PR#6678) Add chainUntil arbitrary for iterative chaining

Fixes

  • (PR#6965) Bug: Restore ability not to use skipLibCheck
  • (PR#6877) CI: Lowercase discussion_category_name to "announcements"
  • (PR#6878) CI: Scope permissions of clean-caches
  • (PR#6880) CI: Add PR-authoring guidance for Claude
  • (PR#6887) CI: Delete CLAUDE.md
  • (PR#6888) CI: Use tilde ranges for security dependency overrides
  • (PR#6891) CI: Disable Renovate updates on pnpm overrides
  • (PR#6899) CI: Scope Claude hooks to $CLAUDE_PROJECT_DIR
  • (PR#6905) CI: Enable pnpm global virtual store
  • (PR#6933) CI: Pin pnpm in npm install commands
  • (PR#6932) CI: Grant discussions: write to release jobs
  • (PR#6935) CI: Skip PR template check for dubzzz
  • (PR#6937) CI: Mirror the repo to tangled
  • (PR#6938) CI: Add missing runs-on for tangled
  • (PR#6889) Doc: Add release notes for fast-check 4.7.0
  • (PR#6900) Doc: Fix broken API reference links
  • (PR#6844) Doc: Extract manual setup guide into dedicated page
  • (PR#6845) Doc: Add index pages for documentation sections
  • (PR#6918) Doc: Fix Documentation link to point to first doc page
  • (PR#6939) Doc: Link to Tangled mirror of fast-check
  • (PR#6934) Test: Tolerate \p{...} value drift in docs tests
  • (PR#6951) Test: Fix poisoning tests for latest Node
Changelog

Sourced from fast-check's changelog.

4.8.0

New arbitrary to chain in a loop fashion [Code][Diff]

Features

  • (PR#6678) Add chainUntil arbitrary for iterative chaining

Fixes

  • (PR#6965) Bug: Restore ability not to use skipLibCheck
  • (PR#6877) CI: Lowercase discussion_category_name to "announcements"
  • (PR#6878) CI: Scope permissions of clean-caches
  • (PR#6880) CI: Add PR-authoring guidance for Claude
  • (PR#6887) CI: Delete CLAUDE.md
  • (PR#6888) CI: Use tilde ranges for security dependency overrides
  • (PR#6891) CI: Disable Renovate updates on pnpm overrides
  • (PR#6899) CI: Scope Claude hooks to $CLAUDE_PROJECT_DIR
  • (PR#6905) CI: Enable pnpm global virtual store
  • (PR#6933) CI: Pin pnpm in npm install commands
  • (PR#6932) CI: Grant discussions: write to release jobs
  • (PR#6935) CI: Skip PR template check for dubzzz
  • (PR#6937) CI: Mirror the repo to tangled
  • (PR#6938) CI: Add missing runs-on for tangled
  • (PR#6889) Doc: Add release notes for fast-check 4.7.0
  • (PR#6900) Doc: Fix broken API reference links
  • (PR#6844) Doc: Extract manual setup guide into dedicated page
  • (PR#6845) Doc: Add index pages for documentation sections
  • (PR#6918) Doc: Fix Documentation link to point to first doc page
  • (PR#6939) Doc: Link to Tangled mirror of fast-check
  • (PR#6934) Test: Tolerate \p{...} value drift in docs tests
  • (PR#6951) Test: Fix poisoning tests for latest Node
Commits
  • c0da76f 🔖 Update CHANGELOG.md for fast-check@4.8.0, @​fast-check/ava@​3.0.1 (#6967)
  • df6f4c1 🐛 Restore ability not to use skipLibCheck (#6965)
  • af612c5 ⬆️ Update dependency @​types/node to ^24.12.3 (#6952)
  • 917dda4 ✅ Fix poisoning tests for latest Node (#6951)
  • acb5c6f ✅ Tolerate \p{...} value drift in docs tests (#6934)
  • 26cab19 ✨ Add chainUntil arbitrary for iterative chaining (#6678)
  • 16f65f6 ⬆️ Update dependency oxlint to ^1.60.0 (#6856)
  • 0a8ce9a ⬆️ Update dependency @​microsoft/api-extractor to ^7.58.7 (#6898)
  • debb9b6 📝 Fix broken API reference links (#6900)
  • 642e651 ⬆️ Update dependency typescript to ~6.0.3 (#6886)
  • Additional commits viewable in compare view

Updates protobufjs from 8.0.3 to 8.2.0

Release notes

Sourced from protobufjs's releases.

protobufjs: v8.2.0

8.2.0 (2026-05-09)

Features

Bug Fixes

Performance Improvements

Changelog

Sourced from protobufjs's changelog.

8.2.0 (2026-05-09)

Features

Bug Fixes

Performance Improvements

8.1.0 (skipped)

This version was skipped. Note that the 8.1.x-experimental line has diverged and should not be used.

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.


Updates vite from 8.0.11 to 8.0.12

Release notes

Sourced from vite's releases.

v8.0.12

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.12 (2026-05-11)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22420) (2be6000)
  • module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#22369) (f5a22e6)
  • refer to rolldownOptions instead of deprecated rollupOptions in messages (#22400) (b675c7b)
  • worker: apply build.target to worker bundle (#22404) (3c93fde)
  • worker: forward define to worker bundle transform (#22408) (d4838a0)

Miscellaneous Chores

Commits
  • 4dce8b4 release: v8.0.12
  • b675c7b fix: refer to rolldownOptions instead of deprecated rollupOptions in mess...
  • 66b9eb3 chore(deps): update rolldown-related dependencies (#22421)
  • 2fe7bd2 chore(deps): update dependency eslint-plugin-n to v18 (#22423)
  • 2be6000 fix(deps): update all non-major dependencies (#22420)
  • d4838a0 fix(worker): forward define to worker bundle transform (#22408)
  • cf0ff41 feat: update rolldown to 1.0.0 (#22401)
  • 3c93fde fix(worker): apply build.target to worker bundle (#22404)
  • f5a22e6 fix(module-runner): prevent partial-exports race on concurrent imports of in-...
  • See full diff in compare view

Updates wrangler from 4.90.0 to 4.90.1

Release notes

Sourced from wrangler's releases.

wrangler@4.90.1

Patch Changes

  • #13866 4e44ce6 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260507.1 1.20260508.1

  • #13837 b0cee1d Thanks @​matingathani! - Fix beta/open-beta status message ignoring printBanner: false — when a command sets printBanner: (args) => !args.json, the status banner no longer appears in JSON output

  • #13887 d878e13 Thanks @​apeacock1991! - Fix wrangler dev hanging on shutdown when remote bindings are present

    startDev() registers dev hotkeys before authenticating the user. During interactive dev sessions, the auth callback re-registers hotkeys, which updates the local unregisterHotKeys variable to a new cleanup function. However, the unregisterHotKeys value returned to callers was captured as a direct reference to the initial registration, so it would call the stale cleanup function instead of the current one.

    This has been fixed by returning a wrapper function () => unregisterHotKeys?.() instead of the variable directly. The wrapper evaluates unregisterHotKeys at call time, ensuring it always invokes the latest cleanup function even after re-registration.

  • #13867 971dfe3 Thanks @​petebacondarwin! - Fix race in RemoteProxySession.updateBindings so it waits for the remote worker to finish reloading with the new bindings before resolving

    Previously, updateBindings resolved as soon as the config update event was dispatched, long before the remote worker had been re-uploaded and the local proxy worker had unpaused. Callers that issued requests immediately afterwards could see flaky failures — typically "WebSocket connection failed" for JSRPC bindings such as service bindings or dispatch namespaces — because the local proxy worker was still in its paused state during the reload window. updateBindings now waits for the next reloadComplete event and for the local proxy worker's runtime-message queue to drain before returning, so callers can safely issue requests after await session.updateBindings(...). If the reload fails, the rejection from updateBindings carries the underlying error.

  • #13867 971dfe3 Thanks @​petebacondarwin! - Fix unhandled AbortError from wrangler dev's remote tail WebSocket when the bundle rebuilds or the dev session shuts down

    The remote-runtime tail-logs WebSocket (#activeTail in RemoteRuntimeController) was constructed with the same AbortSignal that onBundleStart aborts to cancel in-flight preview-session operations. The abort destroyed the WebSocket's underlying upgrade request with AbortError, which had no error listener attached and propagated as an unhandled exception. We now attach an error listener at WebSocket construction that ignores errors (logging at debug level), matching the safeguards already present on the terminate paths in #previewToken and teardown().

  • Updated dependencies [4e44ce6, 5d936c5]:

    • miniflare@4.20260508.0
Commits
  • b7d79a9 Version Packages (#13859)
  • b0cee1d [wrangler] fix: suppress status badge when printBanner returns false (#13837)
  • d878e13 [wrangler] Fix remote bindings hanging on shutdown (#13887)
  • 4e44ce6 chore(deps): bump the workerd-and-workers-types group with 2 updates (#13866)
  • 971dfe3 [wrangler] Fix races in RemoteProxySession reload and remote tail WebSocket (...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the speci...

Description has been truncated

@dependabot
chore(deps-dev): bump the dev-dependencies group with 8 updates
908f996 
Bumps the dev-dependencies group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.14` | `2.4.15` |
| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `21.0.0` | `21.0.1` |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `21.0.0` | `21.0.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.2` | `25.7.0` |
| [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) | `4.7.0` | `4.8.0` |
| [protobufjs](https://github.com/protobufjs/protobuf.js) | `8.0.3` | `8.2.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.11` | `8.0.12` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.90.0` | `4.90.1` |


Updates `@biomejs/biome` from 2.4.14 to 2.4.15
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.15/packages/@biomejs/biome)

Updates `@commitlint/cli` from 21.0.0 to 21.0.1
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.1/@commitlint/cli)

Updates `@commitlint/config-conventional` from 21.0.0 to 21.0.1
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v21.0.1/@commitlint/config-conventional)

Updates `@types/node` from 25.6.2 to 25.7.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `fast-check` from 4.7.0 to 4.8.0
- [Release notes](https://github.com/dubzzz/fast-check/releases)
- [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md)
- [Commits](https://github.com/dubzzz/fast-check/commits/v4.8.0/packages/fast-check)

Updates `protobufjs` from 8.0.3 to 8.2.0
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v8.0.3...protobufjs-v8.2.0)

Updates `vite` from 8.0.11 to 8.0.12
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.12/packages/vite)

Updates `wrangler` from 4.90.0 to 4.90.1
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.90.1/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@commitlint/cli"
  dependency-version: 21.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 21.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: fast-check
  dependency-version: 4.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: protobufjs
  dependency-version: 8.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: vite
  dependency-version: 8.0.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: wrangler
  dependency-version: 4.90.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 28, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 28, 2026
@willfarrell willfarrell enabled auto-merge May 28, 2026 01:25
@willfarrell willfarrell merged commit 64fa552 into main May 28, 2026
14 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-9af352def9 branch May 28, 2026 01:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gordonagnew gordonagnew gordonagnew approved these changes

@jonathanstumm jonathanstumm jonathanstumm approved these changes

@willfarrell willfarrell Awaiting requested review from willfarrell willfarrell is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gordonagnew @jonathanstumm @willfarrell