chore(deps-dev): bump the minor-development-deps group with 5 updates

[dependabot]

Bumps the minor-development-deps group with 5 updates:

Package	From	To
@biomejs/biome	2.3.8	2.3.10
knip	5.71.0	5.78.0
oclif	4.22.52	4.22.61
prettier	3.7.3	3.7.4
vitest	4.0.14	4.0.16

Updates @biomejs/biome from 2.3.8 to 2.3.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.10

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

What's Changed

• feat: new Turborepo domain and noUndeclaredEnvVars rule by @​anthonyshew in biomejs/biome#8426
• fix(noExtraNonNullAssertion): fix regression by @​dyc3 in biomejs/biome#8477
• fix(analyze/js): index ts constructor methods in semantic model (regression) by @​dyc3 in biomejs/biome#8479
• fix(lint): lint/suspicous/noRedeclare should not report redeclarations for infer type in conditional types by @​taga3s in biomejs/biome#8417
• fix(noLeakedRender): eslint rule name fix by @​vsn4ik in biomejs/biome#8420
• chore: add kraken as bronze sponsor by @​dyc3 in biomejs/biome#8486
• fix(linter): improve Vue defineProps handling in noVueReservedKeys by @​mdevils in biomejs/biome#8448
• fix(cli): colors with multi-codepoints characters by @​ematipico in biomejs/biome#8410
• feat(lint): implement noAmbiguousAnchorText by @​Netail in biomejs/biome#8372
• ci: release by @​github-actions[bot] in biomejs/biome#8474
• docs: fix typos for assist/actions/organize-imports by @​sergioness in biomejs/biome#8490

New Contributors

• @​taga3s made their first contribution in biomejs/biome#8417
• @​vsn4ik made their first contribution in biomejs/biome#8420
• @​sergioness made their first contribution in biomejs/biome#8490

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

... (truncated)

Commits

• fd279f3 ci: release (#8474)
• b352ee4 feat(lint): implement noAmbiguousAnchorText (#8372)
• 67546bc chore: add kraken as bronze sponsor (#8486)
• 285d932 feat: new Turborepo domain and noUndeclaredEnvVars rule (#8426)
• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• Additional commits viewable in compare view

Updates knip from 5.71.0 to 5.78.0

Release notes

Sourced from knip's releases.

Release 5.78.0

• Allow subpath entries in webpack plugin (resolve #1164) (9bc9f87d463e0d3c5f764a4478a855a9f30ae7b3)
• Improve graphql-codegen plugin → package mapping (resolve #1194) (ae6035eeb88c1114ada9310304fd98ec6b52e5e6)
• Move config pattern → entry (resolve #1213, close #1252) (c6fe20eb9c708092aad8f6e84ad6de96c2802ac1)
• Support arrays for moonrepo commands (resolve #1228, close #1232) (216ffe0db50c1e216c370273e3b3345497d01352)
• Improve Astro "compiler" a bit (close #1245) (65f90096e9c57b78b3c5a4afbfbb123d252fb3c6)
• Consider exported type used in exported interface used (resolve #1250) (2ec95f762a01a0b7ec09837c8823373cc81a27cc)
• Improve/loosen up source mapping (resolve #1256) (af536ca6c3a732be8f59824d7d4a09840dd9aa1e)
• Accept node_modules/ specifiers in deferred entries (resolve #1271) (5c1f0beebc11b46a9bb4ede49c1243b8c6bd5942)
• Fix up a few lint issues (5cb4c304811d3798da8449f2c7b6b5788c4e978f)
• Fix Workspace Circular Symlink (#1319) (bffae524e5fdacbc2ba11d4f1ed7240febc2c169) - thanks @​mattietea!
• Remove unused imports/vars (fc965951212423bffc964f078c27ddccc9590088)
• Add support for git worktree (resolve #990, close #991) (b7bf92abd17cc28146019bc5c65b27fd8b21b382)
• Fix TS issues with config-as-a-function (6dc082e9083a73d56aa7f80622d15dfb754dcc41)
• Dear CI, please accept my offer (a0138b5cbf060d1ddcd34cd957337ec1775b86e5)
• Allow negated ignore patterns to filter issues (resolve #1420) (b2cbbd5a2bd5e345a0e124906cc1be90d9583842)
• Apply fixes after running preprocessors (#763 #1420) (10f5bd2599297848ce051da086c10251c3e8f793)
• Add more hints to AGENTS.md (0ca7881b6374c3673b89cc5f8766fb4be164e58f)
• Remove unused export ✂️ (bd685bb57ffac6b7e5198511eff3272e3be870b0)

Release 5.77.4

• Go process.chdir and defer process.cwd() usage (a83d858789e48eb4c00ac809fd1093ae5967611c)
• Improve error logging (36785fe45e9c56974cf3e8c17c0a5eb16b067bac)

Release 5.77.3

• Safe config hints set → array (for json-rpc serialization) (b0ce4ddfde76b5020814be3bf2b3a32f08072b33)
• Remove unused session method (b624c9763ae52d05e522c37f09afa949cdfbffd5)
• Remove unused export (942086701fc565dcaa5c382304a68bfa8aff885c)

Release 5.77.2

• Fix missing import in mcp server (f725d411f0b531460102f73d9bbc9ade53cd9324)
• Update READMEs (56277d3353ae1bd3faaf81593f5b7c320e52caeb)
• Upgrade release-it (478d6fc8118005856d6d309fad52790f9eed362c)
• Improve release sequence (8900e70d7256634ad1ed2eb63ef53f7dc1b6fba6)

Release 5.77.1

• Fix docs in MCP (31029ecc)
• Improve a few notes here & there (f0fdef45)
• Patch create-typescript-app (7827890f)
• Exposed WorkspaceConfig (#1417) (3d8d88d1)
• Fix plugin title (eafb9d4d)
• Complete the release flow (431d530a)

Release 5.77.0

• read options after help or version (#1412) (9120432e1c274b3a421975796019191018fdfc14) - thanks @​GameRoMan!
• #1355 vitepress plugin (#1414) (dc5bb2a683e17011cb159130e5c8a3bea5be97b6) - thanks @​AlexanderKaran!
• Improve config hints for redundant entry patterns (2a3b456bbda188030daa4085ff97ef9f83c5736e)
• Add a few notes here & there (f2f4986b14f2fa2e3c7540409c6c39b388e6d1f0)
• Fix lint/format issues (3cc5bc2c5c877d35beeed6ed57520d988cd3d648)
• Use release-it to publish all the things (a009cb38489a774e94d0c6cd3c06c496e1a0ed20)

Commits

• feb2583 Release knip@5.78.0
• bd685bb Remove unused export ✂️
• 10f5bd2 Apply fixes after running preprocessors (#763 #1420)
• b2cbbd5 Allow negated ignore patterns to filter issues (resolve #1420)
• a0138b5 Dear CI, please accept my offer
• 6dc082e Fix TS issues with config-as-a-function
• b7bf92a Add support for git worktree (resolve #990, close #991)
• fc96595 Remove unused imports/vars
• bffae52 Fix Workspace Circular Symlink (#1319)
• 5cb4c30 Fix up a few lint issues
• Additional commits viewable in compare view

Updates oclif from 4.22.52 to 4.22.61

Release notes

Sourced from oclif's releases.

4.22.61

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.956.0 to 3.958.0 (4e920ed)

4.22.60

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.956.0 to 3.958.0 (b663f72)

4.22.59

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.948.0 to 3.956.0 (c6fa942)

4.22.58

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.948.0 to 3.956.0 (6f00e91)

4.22.57

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.946.0 to 3.948.0 (63f7536)

4.22.56

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.946.0 to 3.948.0 (f8592c6)

4.22.55

Bug Fixes

• initialize oclif object when building tarballs (58f1921), closes #1904

4.22.54

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.940.0 to 3.946.0 (cdd14a4)

4.22.53

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.940.0 to 3.946.0 (b38f8ab)

Changelog

Sourced from oclif's changelog.

4.22.61 (2025-12-28)

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.956.0 to 3.958.0 (4e920ed)

4.22.60 (2025-12-28)

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.956.0 to 3.958.0 (b663f72)

4.22.59 (2025-12-21)

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.948.0 to 3.956.0 (c6fa942)

4.22.58 (2025-12-21)

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.948.0 to 3.956.0 (6f00e91)

4.22.57 (2025-12-15)

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.946.0 to 3.948.0 (63f7536)

4.22.56 (2025-12-14)

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.946.0 to 3.948.0 (f8592c6)

4.22.55 (2025-12-12)

Bug Fixes

• initialize oclif object when building tarballs (58f1921), closes #1904

4.22.54 (2025-12-07)

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.940.0 to 3.946.0 (cdd14a4)

4.22.53 (2025-12-07)

... (truncated)

Commits

• 38214bf chore(release): 4.22.61 [skip ci]
• 8a3721d Merge pull request #1940 from oclif/dependabot-npm_and_yarn-aws-sdk-client-s3...
• 4e920ed fix(deps): bump @​aws-sdk/client-s3 from 3.956.0 to 3.958.0
• 91e359b chore(release): 4.22.60 [skip ci]
• 86c1237 Merge pull request #1941 from oclif/dependabot-npm_and_yarn-aws-sdk-client-cl...
• f456b5d Merge pull request #1942 from oclif/dependabot-npm_and_yarn-eslint-config-ocl...
• 64b4c20 chore(dev-deps): bump eslint-config-oclif from 6.0.126 to 6.0.127
• b663f72 fix(deps): bump @​aws-sdk/client-cloudfront from 3.956.0 to 3.958.0
• 32c310e chore(release): 4.22.59 [skip ci]
• 34b8ca7 Merge pull request #1937 from oclif/dependabot-npm_and_yarn-aws-sdk-client-cl...
• Additional commits viewable in compare view

Updates prettier from 3.7.3 to 3.7.4

Release notes

Sourced from prettier's releases.

3.7.4

What's Changed

• Fix comment in union type gets duplicated by @​fisker in prettier/prettier#18393
• Fix unstable comment print in union type by @​fisker in prettier/prettier#18395
• Avoid quote around LWC interpolations by @​kovsu in prettier/prettier#18383

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.7.4

diff

LWC: Avoid quote around interpolations (#18383 by @​kovsu)

<!-- Input -->
<div foo={bar}>   </div>
<!-- Prettier 3.7.3 (--embedded-language-formatting off) -->
<div foo="{bar}"></div>
<!-- Prettier 3.7.4 (--embedded-language-formatting off) -->
<div foo={bar}></div>

TypeScript: Fix comment inside union type gets duplicated (#18393 by @​fisker)

// Input
type Foo = (/** comment */ a | b) | c;
// Prettier 3.7.3
type Foo = /** comment / (/* comment */ a | b) | c;
// Prettier 3.7.4
type Foo = /** comment */ (a | b) | c;

TypeScript: Fix unstable comment print in union type comments (#18395 by @​fisker)

// Input
type X = (A | B) & (
  // comment
  A | B
);
// Prettier 3.7.3 (first format)
type X = (A | B) &
(// comment
A | B);
// Prettier 3.7.3 (second format)
type X = (
| A
</tr></table>

... (truncated)

Commits

• 7848357 Release 3.7.4
• 7686c59 Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.3
• fe49434 Remove dead code checking union/intersection types length (#18396)
• ca02b37 Fix unstable comment print (#18395)
• 7efb988 Fix comment in union type get duplicated (#18393)
• cfa92c1 Update dependency @​angular/compiler to v21.0.2 (#18392)
• 1de2737 Update dependency yaml to v2.8.2 (#18391)
• 706aa4e Switch js parse postprocess to onEnter (#18382)
• d3eb2b2 Reuse arrays in visitor keys (#18386)
• c45fef1 Fix LWC attribute with --embedded-language-formatting off (#18383)
• Additional commits viewable in compare view

Updates vitest from 4.0.14 to 4.0.16

Release notes

Sourced from vitest's releases.

v4.0.16

   🐞 Bug Fixes

• Fix browser mode default testTimeout back to 15 seconds  -  by @​hi-ogawa in vitest-dev/vitest#9167 (da0ad)
• Avoid crashing on process.versions stub  -  by @​AriPerkkio in vitest-dev/vitest#9174 (78cfb)
• Reject calling suite function inside test  -  by @​hi-ogawa in vitest-dev/vitest#9198 (1a259)
• Allow inlining fully dynamic import  -  by @​hi-ogawa in vitest-dev/vitest#9137 (56851)
• Fix module graph UI on html reporter with headless browser mode  -  by @​hi-ogawa in vitest-dev/vitest#9219 (60642)
• Log deprecated test.poolOptions if it's set  -  by @​sheremet-va in vitest-dev/vitest#9226 (f7f6a)
• browser:
  • Import recordArtifact from the vitest package  -  by @​macarie in vitest-dev/vitest#9186 (01c56)
  • Fix import.meta.env define  -  by @​hi-ogawa in vitest-dev/vitest#9205 (01a9a)
  • String formatting bug when including placeholders in console.log  -  by @​michael-debs and @​hi-ogawa in vitest-dev/vitest#9030 and vitest-dev/vitest#9131 (84a30)
• coverage:
  • Istanbul untested files source maps are off  -  by @​AriPerkkio in vitest-dev/vitest#9208 (372e8)
• experimental:
  • Export setupEnvironment for custom pools  -  by @​AriPerkkio in vitest-dev/vitest#9187 (5d26b)

    View changes on GitHub

v4.0.15

   🚀 Experimental Features

• cache: Add opt-out on a plugin level, fix internal root cache  -  by @​sheremet-va in vitest-dev/vitest#9154 (a68f7)
• reporters: Print import duration breakdown  -  by @​sheremet-va in vitest-dev/vitest#9105 (122ff)

   🐞 Bug Fixes

• Keep built-in id as is in bun and deno  -  by @​sheremet-va in vitest-dev/vitest#9117 (075ab)
• Use optimizeDeps.rolldownOptions to fix depreated warning + fix ssr.external: true  -  by @​hi-ogawa in vitest-dev/vitest#9121 (fd8bd)
• Fix external behavior with deps.optimizer  -  by @​hi-ogawa in vitest-dev/vitest#9125 (4c754)
• Very minor typo in "Chrome DevTools Protocol"  -  by @​HowToTestFrontend in vitest-dev/vitest#9146 (20997)
• browser: Run toMatchScreenshot only once when used with expect.element  -  by @​macarie in vitest-dev/vitest#9132 (0d2e7)
• coverage: Istanbul provider to not break source maps  -  by @​AriPerkkio in vitest-dev/vitest#9040 (e4ca9)
• deps: Update dependency tinyexec to v1  -  in vitest-dev/vitest#9122 (fd786)
• docs: Remove --browser.provider from docs  -  by @​sheremet-va in vitest-dev/vitest#9115 (120b3)
• expect: Preserve currentTestName in extended matchers  -  by @​macarie in vitest-dev/vitest#9106 (e4345)
• pool: Terminate workers on CTRL+c forceful exits  -  by @​AriPerkkio in vitest-dev/vitest#9140 (d57d8)
• reporters: Show project in github reporter  -  by @​sheremet-va in vitest-dev/vitest#9138 (bb65e)
• spy: Do not mock overriden method, if parent was automocked  -  by @​sheremet-va in vitest-dev/vitest#9116 (1a246)
• web-worker: MessagePort objects passed to Worker.postMessage work when clone === "native"  -  by @​whitphx in vitest-dev/vitest#9118 (deee8)

    View changes on GitHub

Commits

• b46d744 chore: release v4.0.16
• 84a3062 fix(browser): string formatting bug when including placeholders in console.lo...
• f7f6aa8 fix: log deprecated test.poolOptions if it's set (#9226)
• 568513c fix: allow inlining fully dynamic import (#9137)
• 5d26b87 fix(experimental): export setupEnvironment for custom pools (#9187)
• f17eb42 refactor: avoid using isFileServingAllowed from Vite (#9160)
• 78cfbf9 fix: avoid crashing on process.versions stub (#9174)
• da0ade2 fix: fix browser mode default testTimeout back to 15 seconds (#9167)
• eb1abf0 chore: release v4.0.15
• a68f74e feat(cache): add opt-out on a plugin level, fix internal root cache (#9154)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions