chore(deps-dev): bump the npm-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the npm-dependencies group with 8 updates in the / directory:

Package	From	To
@biomejs/biome	2.4.11	2.4.15
@commitlint/cli	20.5.0	21.0.0
@commitlint/config-conventional	20.5.0	21.0.0
bun-types	1.3.12	1.3.13
lefthook	2.1.5	2.1.6
typescript	6.0.2	6.0.3
typescript-language-server	5.1.3	5.2.0
vitest	4.1.4	4.1.6

Updates @biomejs/biome from 2.4.11 to 2.4.15

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.15

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Commits

• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• e0a54cc feat(lint/js/vue): add useVueNextTickPromise (#10254)
• 1110256 feat(lint/vue): add noVueImportCompilerMacros (#10238)
• 7f7419c fix: grammar in extends docstring (#10263)
• 0ae5840 feat(lint/js): add useThisForClassMethods (#9807)
• 83f7385 feat(lint/js): add noBaseToString (#9838)
• 64aee45 feat(lint/html/vue): add noVueVOnNumberValues (#10219)
• 46393e0 ci: release (#10100)
• Additional commits viewable in compare view

Updates @commitlint/cli from 20.5.0 to 21.0.0

Release notes

Sourced from @​commitlint/cli's releases.

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

21.0.0 (2026-05-08)

Breaking

• chore!: minimum node version v22 by @​escapedcat in #4679
• feat!: show input from a new line by @​knocte in #4727 (adds --legacy-output flag)

Fixes

• fix: widen cz-commitlint inquirer peer dep to support v9–v12 by @​escapedcat in #4682 — closes #4554

Internals (Node 22 cleanup)

• chore: replace dependencies with Node 22 built-ins by @​escapedcat in #4681 — drops glob, fast-glob, import-meta-resolve, minimist, fs-extra
• refactor: replace read-pkg with native fs.readFile + JSON.parse by @​escapedcat in #4742
• chore: update dependency yargs to v18 by @​escapedcat in #4686
• chore: remove cross-env, move env vars to vitest config by @​escapedcat in #4684

Dependency updates

• chore: update dependency @​types/node to v22.19.17 by @​renovate[bot] in #4739
• chore: update dependency @​swc/core to v1.15.33 by @​renovate[bot] in #4743

Full Changelog: conventional-changelog/commitlint@v20.5.3...v21.0.0

v20.5.3

20.5.3 (2026-04-30)

Refactor

• refactor: replace all lodash.* dependencies with es-toolkit/compat by @​debuggingfuture in conventional-changelog/commitlint#4734

Docs

• docs: use nodejs commands for creating files on Windows (#4728) by @​festoney8 in conventional-changelog/commitlint#4730

New Contributors

• @​festoney8 made their first contribution in conventional-changelog/commitlint#4730
• @​debuggingfuture made their first contribution in conventional-changelog/commitlint#4734

Full Changelog: conventional-changelog/commitlint@v20.5.2...v20.5.3

v20.5.2

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

21.0.0 (2026-05-08)

• chore!: minimum node version v22 (#4679) (ac2b3f4), closes #4679

BREAKING CHANGES

• drop node v18 and v20 support

• Bump engines to >=v22 in all 39 package.json files
• Update @​types/node to ^22.0.0
• Update CI matrix to [22, 24]
• Update Ubuntu baseline job to ubuntu:26.04
• Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
• Update pre-commit hook to use --ignore-engines
• Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/cli

20.5.2 (2026-04-25)

Note: Version bump only for package @​commitlint/cli

Commits

• f081a8e v21.0.0
• 40d7e36 feat!: show input from a new line (#4727)
• 44c3174 chore: update dependency yargs to v18 #4432 (#4686)
• ac01464 chore: replace dependencies with Node 22 built-ins (#4681)
• ac2b3f4 chore!: minimum node version v22 (#4679)
• 31e959a v20.5.3
• e3d2c9d refactor: replace all lodash.* dependencies with es-toolkit/compat (#4734)
• 7fe86b2 v20.5.2
• See full diff in compare view

Updates @commitlint/config-conventional from 20.5.0 to 21.0.0

Release notes

Sourced from @​commitlint/config-conventional's releases.

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

21.0.0 (2026-05-08)

Breaking

• chore!: minimum node version v22 by @​escapedcat in #4679
• feat!: show input from a new line by @​knocte in #4727 (adds --legacy-output flag)

Fixes

• fix: widen cz-commitlint inquirer peer dep to support v9–v12 by @​escapedcat in #4682 — closes #4554

Internals (Node 22 cleanup)

• chore: replace dependencies with Node 22 built-ins by @​escapedcat in #4681 — drops glob, fast-glob, import-meta-resolve, minimist, fs-extra
• refactor: replace read-pkg with native fs.readFile + JSON.parse by @​escapedcat in #4742
• chore: update dependency yargs to v18 by @​escapedcat in #4686
• chore: remove cross-env, move env vars to vitest config by @​escapedcat in #4684

Dependency updates

• chore: update dependency @​types/node to v22.19.17 by @​renovate[bot] in #4739
• chore: update dependency @​swc/core to v1.15.33 by @​renovate[bot] in #4743

Full Changelog: conventional-changelog/commitlint@v20.5.3...v21.0.0

v20.5.3

20.5.3 (2026-04-30)

Refactor

• refactor: replace all lodash.* dependencies with es-toolkit/compat by @​debuggingfuture in conventional-changelog/commitlint#4734

Docs

• docs: use nodejs commands for creating files on Windows (#4728) by @​festoney8 in conventional-changelog/commitlint#4730

New Contributors

• @​festoney8 made their first contribution in conventional-changelog/commitlint#4730
• @​debuggingfuture made their first contribution in conventional-changelog/commitlint#4734

Full Changelog: conventional-changelog/commitlint@v20.5.2...v20.5.3

v20.5.2

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

21.0.0 (2026-05-08)

• chore!: minimum node version v22 (#4679) (ac2b3f4), closes #4679

BREAKING CHANGES

• drop node v18 and v20 support

• Bump engines to >=v22 in all 39 package.json files
• Update @​types/node to ^22.0.0
• Update CI matrix to [22, 24]
• Update Ubuntu baseline job to ubuntu:26.04
• Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
• Update pre-commit hook to use --ignore-engines
• Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

20.5.3 (2026-04-30)

Note: Version bump only for package @​commitlint/config-conventional

Commits

• f081a8e v21.0.0
• 44c3174 chore: update dependency yargs to v18 #4432 (#4686)
• ac2b3f4 chore!: minimum node version v22 (#4679)
• 31e959a v20.5.3
• See full diff in compare view

Updates bun-types from 1.3.12 to 1.3.13

Release notes

Sourced from bun-types's releases.

Bun v1.3.13

To install Bun v1.3.13

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.13:

bun upgrade

Read Bun v1.3.13's release notes on Bun's blog

Thanks to 8 contributors!

• @​alii
• @​ant-kurt
• @​chrislloyd
• @​cirospaciari
• @​dylan-conway
• @​jarred-sumner
• @​robobun
• @​sosukesuzuki

Commits

• See full diff in compare view

Updates lefthook from 2.1.5 to 2.1.6

Release notes

Sourced from lefthook's releases.

v2.1.6

Changelog

• bf73ea2f1ea5468c9af7a6f06b5ef8cd43e66040 fix(packaging): do not pipe stdout and stderr (#1382)
• 04da00697cd8a6241023c1962feb720eeaa62698 fix(windows): normalize lefthook path for sh script (#1383)
• de9597a1bf456d2cf0fbcb8816858b6e5cf6b609 fix: log full scoped name for skipped jobs (#1291)
• eb3e70dbbd2442200ec8ff2140a3ee9daa7d9e70 fix: normalize root to always include trailing slash before path replacement (#1381)
• f90f3f570ef9227ddf345a79cec687dac41a5d31 fix: skip pty allocation when stdout is not a terminal (#1393)

Changelog

Sourced from lefthook's changelog.

2.1.6 (2026-04-16)

• fix: normalize lefthook path for sh script (#1383) by @​AndrewKahr
• fix: normalize root to always include trailing slash before path replacement (#1381) by @​Copilot
• fix: skip pty allocation when stdout is not a terminal (#1393) by @​technicalpickles
• docs: upgrade docmd (#1391) by @​mrexox
• fix: log full scoped name for skipped jobs (#1291) by @​scop
• fix: do not pipe stdout and stderr (#1382) by @​mrexox

Commits

• 679ce27 2.1.6: fixes for Windows and AI tools execution
• 04da006 fix(windows): normalize lefthook path for sh script (#1383)
• eb3e70d fix: normalize root to always include trailing slash before path replacemen...
• f90f3f5 fix: skip pty allocation when stdout is not a terminal (#1393)
• 1481e9d docs: upgrade docmd (#1391)
• de9597a fix: log full scoped name for skipped jobs (#1291)
• bf73ea2 fix(packaging): do not pipe stdout and stderr (#1382)
• See full diff in compare view

Updates typescript from 6.0.2 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).
• fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

• npm

Commits

• 050880c Bump version to 6.0.3 and LKG
• eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
• ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
• 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
• See full diff in compare view

Updates typescript-language-server from 5.1.3 to 5.2.0

Release notes

Sourced from typescript-language-server's releases.

v5.2.0

5.2.0 (2026-05-10)

Features

• add opt-in eager diagnostic clearing on didChange (#1064) (d3acbf4)
• Add support for client-side file watcher (#1057) (b962129)
• update implicit project defaults (#1077) (7ff6ede)

Refactors

• pass ITypeScriptServiceClient around instead of TsClient (e91bd52)

Changelog

Sourced from typescript-language-server's changelog.

5.2.0 (2026-05-10)

Features

• add opt-in eager diagnostic clearing on didChange (#1064) (d3acbf4)
• Add support for client-side file watcher (#1057) (b962129)
• update implicit project defaults (#1077) (7ff6ede)

Refactors

• pass ITypeScriptServiceClient around instead of TsClient (e91bd52)

Commits

• c87fe95 chore(master): release 5.2.0 (#1086)
• 659201a chore: auto-fix some npm errors
• d56f502 chore: use trusted publishing
• d3acbf4 feat: add opt-in eager diagnostic clearing on didChange (#1064)
• eeb420e chore: add node 24 to testing in CI (#1083)
• b962129 feat: Add support for client-side file watcher (#1057)
• 24c9419 chore(deps): update all non-major dependencies (#1081)
• 5b7270a chore(deps): lock file maintenance (package.json) (#1080)
• d6d8825 chore(deps): update devdependency fs-extra to ^11.3.5 (#1078)
• 7a61ca3 chore(deps): update react monorepo to ^19.2.6 (#1079)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for typescript-language-server since your current version.

Updates vitest from 4.1.4 to 4.1.6

Release notes

Sourced from vitest's releases.

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

• a8fd24c chore: release v4.1.6
• 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
• 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
• e399846 chore: release v4.1.5
• 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
• 9787ded fix: respect diff config options in soft assertions (#8696)
• 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
• 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
• 663b99f fix: alias agent reporter to minimal (#10157)
• 122c25b fix: fix vi.defineHelper called as object method (#10163)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions