Bump the js-version-updates group across 1 directory with 5 updates

[dependabot]

Bumps the js-version-updates group with 5 updates in the / directory:

Package	From	To
pyright	1.1.406	1.1.407
@types/node	24.9.1	24.9.2
esbuild	0.25.11	0.25.12
oxlint	1.24.0	1.25.0
vitest	3.2.4	4.0.6

Updates pyright from 1.1.406 to 1.1.407

Release notes

Sourced from pyright's releases.

Published 1.1.407

Changes:

• 276448f4d1f9bef30601a5efaf112b0df9e40f10 Fixed package-lock files
• 783ee6761a96b0668476dec953196d1ff11daa98 Published 1.1.407
• f9fc2aa85a9a606b689e90bf9555bbbf41f1bb4f Updated typeshed stubs to the latest version (#11051)
• 5f599f92719e68b852f0dea3cffcfae3a19f2db5 Added error reporting for unknown or unsupported config settings. This addresses #11040. (#11045)
• cadded6f4a2d04ad18f5ffa4133f0adee39476b4 Fixed regression that results in --createstub doing nothing. This addresses #11043. (#11044)
• 538053da7a6007b5b121f612a443e6ccb83675ed Fixed bug that causes a false negative when a TypedDict overrides a parent with extra_items that are not ReadOnly with a ReadOnly field. This addresses #11037. (#11038)
• ba3f0d4313dae034f0d6a6b57c772052b80662d3 Fixed bug that results in a false positive when a namedtuple functional form is used with a field starting with an underscore and rename=True. This addresses #11033. (#11034)
• 80eb0dccbe69361b95b0c3f821af8c3719c5b51d Fixed bug in type narrowing for literal patterns. The runtime uses equality checks, so matching against the pattern 3 cannot necessarily narrow the type to Literal[3]. This addresses #11026. (#11028)
• b1c9ae2bb843043987486bb9914ece57484d29df Fixed bug that results in a false positive error when a with statement has a single parenthesized context manager. This addresses #11020. (#11024)
• 346f74cb92e1258c26adbf029ffab1240655753b Fixed a bug that causes a @dataclass_transform to fail if the decorator returns a callback protocol rather than a Callable. This addresses #11015. (#11018)

• 20aa20a100027682203bc17d78c809a2959f6cf2 Pull Pylance with Pyright 1.1.406 (#11010)
• 9ed33cf7be6150dc53244e8d4009c06e4daedeae Fixed bug that results in a spurious error when running pyright on Python 3.14 but configured for Python 3.13 or earlier. This addresses #11003. (#11006)
• 6e877ddb100364e5249f4248aa81def5de63e4e6 Changed default Python version from 3.13 to 3.14 to reflect new stable version (#11004)
• 69a5d849618443d8833d8626afd8f99a1ba6d91f Fixed bug that omit **kwargs parameter with an unpacked TypedDict with extra items. (#10997) [ #10996 ]
• ed83d58de9314533c9f577edd72bd709242235e5 Eagerly exit isEnumClassWithMembers (#10990)
• 17f24b348073681e24c845539e6afa01bc98b293 Updated diagnostic message to include "standard" mode. This addresses #10988. (#10989)
• 30db40b689e325d3451a644e4361b3df71d33a15 Add users to notification list for manual validation (#10984)

This list of changes was auto generated.

Commits

• 276448f Fixed package-lock files
• 783ee67 Published 1.1.407
• See full diff in compare view

Updates @types/node from 24.9.1 to 24.9.2

Commits

• See full diff in compare view

Updates esbuild from 0.25.11 to 0.25.12

Release notes

Sourced from esbuild's releases.

v0.25.12

• Fix a minification regression with CSS media queries (#4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

  // This can now be tree-shaken by esbuild:
  class ExampleIterator extends Iterator {}

• Add support for the new @view-transition CSS rule (#4313)

  With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

  /* Original code */
  @view-transition {
    navigation: auto;
    types: check;
  }
  /* Old output */
  @​view-transition { navigation: auto; types: check; }
  /* New output */
  @​view-transition {
  navigation: auto;
  types: check;

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.25.12

• Fix a minification regression with CSS media queries (#4315)

  The previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for @media <media-type> and <media-condition-without-or> { ... } was missing an equality check for the <media-condition-without-or> part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.

• Update the list of known JavaScript globals (#4310)

  This release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global Array property is considered to be side-effect free but accessing the global scrollY property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:

  From ES2017:

  • Atomics
  • SharedArrayBuffer

  From ES2020:

  • BigInt64Array
  • BigUint64Array

  From ES2021:

  • FinalizationRegistry
  • WeakRef

  From ES2025:

  • Float16Array
  • Iterator

  Note that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from Iterator:

  // This can now be tree-shaken by esbuild:
  class ExampleIterator extends Iterator {}

• Add support for the new @view-transition CSS rule (#4313)

  With this release, esbuild now has improved support for pretty-printing and minifying the new @view-transition rule (which esbuild was previously unaware of):

  /* Original code */
  @view-transition {
    navigation: auto;
    types: check;
  }
  /* Old output */
  @​view-transition { navigation: auto; types: check; }
  /* New output */
  @​view-transition {
  navigation: auto;

... (truncated)

Commits

• 208f539 publish 0.25.12 to npm
• 5f03afd update release notes
• 6b2ee78 minify: remove css rules containing empty :is()
• f361deb add some additional known static methods
• 07aa646 automatically mark "RegExp.escape()" calls as pure
• 9039c46 simplify some call expression checks
• 188944d add some additional known static methods
• d3c67f9 fix #4310: add Iterator and other known globals
• 4a51f0b fix: escape dev server breadcrumb hrefs properly (#4316)
• 26b29ed fix #4315: @media deduplication bug edge case
• Additional commits viewable in compare view

Updates oxlint from 1.24.0 to 1.25.0

Release notes

Sourced from oxlint's releases.

oxlint v1.25.0

[1.25.0] - 2025-10-30

💥 BREAKING CHANGES

• 659fd37 linter: [BREAKING] tsgolint: request fixes when necessary (#15048) (camchenry)

🚀 Features

• ed24d60 linter: Expose tsgolint program diagnostics (#15080) (camc314)
• 23660c9 linter: tsgolint: handle omitted fixes and suggestions (#15047) (camchenry)
• f7bef73 linter/plugins: Scope manager API (#14890) (Arsh)
• 3e15cdd linter/strict-boolean-expression: Add rule (#14930) (camc314)
• bd74603 linter: Add support for vitest/valid-title rule (#12085) (Tyler Earls)

🐛 Bug Fixes

• e41dee5 linter/consistent-type-definition: Skip comments when looking for token (#14909) (camc314)
• 806f9ba linter: Search system PATH for tsgolint executable (#14861) (magic-akari)
• ee68089 linter: Normalize JS plugin names (#15010) (Peter Wagenet)
• 597340e ast-tools: Use oxfmt to format generated code (#15064) (camc314)
• 5eaaa8e linter: Prevent underflow in count_comment_lines for JSX files (#15026) (ityuany)
• 88577a8 import/no-namespace: Remove dot special case (#15032) (Arsh)
• 55ee962 linter/vars-on-top: False positive with typescript declare block (#14952) (Hamir Mahal)
• 2de9f39 linter/plugins: Fall back to package name if meta.name is missing (#14938) (Peter Wagenet)
• 5ace84b linter/no-empty-object-type: Parse "allowWithName" as regular expressions (#14943) (Arsh)
• 5a2832d editor: Stop client when delete .oxlintrc.json with oxc.requireConfig (#14897) (Liang Mi)
• 3e29d23 linter: Use aliases when parsing cli rules (#14912) (Arsh)
• b94b6aa linter/explicit-module-boundary-types: False negative with export default function (#14905) (camc314)
• 7060863 linter/no-standaline-expect: False positive with expect in callback (#14902) (camc314)
• dc5a71b linter/no-accumulating-spread: False positive in nested callbacks within reduce (#14898) (camc314)

🚜 Refactor

• 8d8d508 editor: Flatten flags options (#15006) (Sysix)
• b1e1531 language_server: Extract library interface from main.rs (#15036) (Boshen)
• 5de99c2 formatter: Export unified way to get_parse_options (#15027) (leaysgur)
• b55df7f language_server: Move sub option for flags to the root + deprecate flags (#14933) (Sysix)

📚 Documentation

• e15c91c linter: Add configuration option docs for eslint/init-declarations rule. (#15085) (Connor Shea)
• f4505bc linter: Add configuration option docs for eslint/id-length rule. (#15083) (Connor Shea)
• dd4c9d2 linter: Add configuration option docs for eslint/getter-return rule. (#15081) (Connor Shea)
• 008e67a linter: Add configuration option docs for jest/no-large-snapshots rule. (#15079) (Connor Shea)
• 31daf79 linter: Add configuration option docs for import/no-commonjs rule. (#15077) (Connor Shea)
• 9bf8ebe linter: Add configuration option docs for jsdoc/check-tag-names rule. (#15076) (Connor Shea)
• 491ab5e linter: Add configuration option docs for jsdoc/no-defaults rule. (#15074) (Connor Shea)
• 2602d7e linter: Add configuration option docs for jsdoc/empty-tags rule. (#15072) (Connor Shea)
• c3a92e0 linter: Add configuration option docs for oxc/no-rest-spread-properties rule. (#15070) (Connor Shea)

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.25.0] - 2025-10-30

🚀 Features

• bd74603 linter: Add support for vitest/valid-title rule (#12085) (Tyler Earls)

Commits

• d5b2794 release(oxlint): v1.25.0 (#15087)
• 1f8f979 chore(deps): update dependency oxlint-tsgolint to v0.4.0 (#15082)
• a8e5181 chore(infra): dogfooding oxfmt (#14979)
• 010c88f chore(deps): update dependency oxlint-tsgolint to v0.3.0 (#14931)
• bd74603 feat(linter): add support for vitest/valid-title rule (#12085)
• See full diff in compare view

Updates vitest from 3.2.4 to 4.0.6

Release notes

Sourced from vitest's releases.

v4.0.6

   🐞 Bug Fixes

• Don't merge errors with different diffs for reporting  -  by @​hi-ogawa in vitest-dev/vitest#8871 (3e19f)
• Do not throw when importing a type from an external package  -  by @​sheremet-va in vitest-dev/vitest#8875 (7e6c3)
• Improve spying types  -  by @​sheremet-va in vitest-dev/vitest#8878 (ca041)
• Reuse the same environment when isolate and fileParallelism are false  -  by @​sheremet-va in vitest-dev/vitest#8889 (31706)
• browser:
  • Support module tracking  -  by @​sheremet-va in vitest-dev/vitest#8877 (9e24a)
  • Ensure setup files are re-evaluated on each test run  -  by @​yjaaidi in vitest-dev/vitest#8883 and vitest-dev/vitest#8884 (f50ea)
• coverage:
  • Prevent filtering out virtual files before remapping to sources  -  by @​AriPerkkio in vitest-dev/vitest#8860 (e3b77)
• happy-dom:
  • Properly teardown additional keys  -  by @​sheremet-va in vitest-dev/vitest#8888 (10a06)
• jsdom:
  • Pass down Node.js FormData to Request  -  by @​sheremet-va in vitest-dev/vitest#8880 (197ca)

    View changes on GitHub

v4.0.5

   🐞 Bug Fixes

• Respect ssr.noExternal when externalizing dependencies, fix Svelte and Astro  -  by @​sheremet-va in vitest-dev/vitest#8862 (a4f86)
• Allow module in --config  -  by @​sheremet-va in vitest-dev/vitest#8864 (b9521)
• browser: Allow Locator type in selectOptions element parameter  -  by @​rzzf and @​sheremet-va in vitest-dev/vitest#8848 (7ee28)
• module-runner: Don't return node builtins for getBuiltins unconditionally  -  by @​sapphi-red in vitest-dev/vitest#8863 (0e858)
• pool: Rename groupId to groupOrder in error message  -  by @​Yohannfra in vitest-dev/vitest#8856 (b9aab)

   🏎 Performance

• Pass testfiles at once when --no-isolate --maxWorkers=1  -  by @​AriPerkkio in vitest-dev/vitest#8835 (584aa)
• expect: Optimize checking the input type  -  by @​Connormiha in vitest-dev/vitest#8840 (06968)

    View changes on GitHub

v4.0.4

   🐞 Bug Fixes

• browser:
  • Correct typo  -  by @​benmccann in vitest-dev/vitest#8796 (ede1f)
  • Publish a missing context file for webdriverio  -  by @​sheremet-va in vitest-dev/vitest#8824 (7c7b6)
• mocker:
  • Support mocking builtins without node: prefix  -  by @​sheremet-va in vitest-dev/vitest#8829 (06208)
• pool:
  • Runner's error listener causing MaxListenersExceededWarning  -  by @​AriPerkkio in vitest-dev/vitest#8820 (d1bff)
  • Capture workers stdio to logger  -  by @​AriPerkkio in vitest-dev/vitest#8809 (fb95f)
• spy:
  • Allow classes in vi.mocked utility  -  by @​sheremet-va in vitest-dev/vitest#8839 (f8756)
• worker:
  • Rpc listener leak when isolate: false  -  by @​AriPerkkio in vitest-dev/vitest#8821 (573dc)

... (truncated)

Commits

• 2e7b2b8 chore: release v4.0.6
• 31706df fix: reuse the same environment when isolate and fileParallelism are fals...
• 10a06d8 fix(happy-dom): properly teardown additional keys (#8888)
• 197caf2 fix(jsdom): pass down Node.js FormData to Request (#8880)
• ca041f5 fix: improve spying types (#8878)
• e3b7775 fix(coverage): prevent filtering out virtual files before remapping to source...
• 7e6c37a fix: do not throw when importing a type from an external package (#8875)
• 3e19f27 fix: don't merge errors with different diffs for reporting (#8871)
• ed9fc71 chore: release v4.0.5
• b9521e0 fix: allow module in --config (#8864)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.