Skip to content

chore(deps): bump the all-dependencies group across 1 directory with 9 updates#256

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/all-dependencies-3eed8ac88b
Open

chore(deps): bump the all-dependencies group across 1 directory with 9 updates#256
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/all-dependencies-3eed8ac88b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026

Bumps the all-dependencies group with 9 updates in the / directory:

Package From To
@biomejs/biome 2.4.6 2.4.10
@commitlint/cli 20.4.3 20.5.0
@commitlint/config-conventional 20.4.3 20.5.0
turbo 2.8.14 2.9.4
axios 1.13.6 1.14.0
ws 8.19.0 8.20.0
@types/node 25.3.5 25.5.2
dotenv 17.3.1 17.4.1
@openapitools/openapi-generator-cli 2.30.2 2.31.0

Updates @biomejs/biome from 2.4.6 to 2.4.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.10

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

... (truncated)

Commits

Updates @commitlint/cli from 20.4.3 to 20.5.0

Release notes

Sourced from @​commitlint/cli's releases.

v20.5.0

20.5.0 (2026-03-15)

Bug Fixes

Features

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.4...v20.5.0

v20.4.4

20.4.4 (2026-03-12)

Bug Fixes

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.3...v20.4.4

Changelog

Sourced from @​commitlint/cli's changelog.

20.5.0 (2026-03-15)

Bug Fixes

  • cli: validate that --cwd directory exists before execution (#4658) (cf80f75), closes #4595

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/cli

Commits

Updates @commitlint/config-conventional from 20.4.3 to 20.5.0

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.5.0

20.5.0 (2026-03-15)

Bug Fixes

Features

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.4...v20.5.0

v20.4.4

20.4.4 (2026-03-12)

Bug Fixes

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.3...v20.4.4

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.5.0 (2026-03-15)

Note: Version bump only for package @​commitlint/config-conventional

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/config-conventional

Commits

Updates turbo from 2.8.14 to 2.9.4

Release notes

Sourced from turbo's releases.

Turborepo v2.9.4

What's Changed

@​turbo/codemod

Examples

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.3...v2.9.4

Turborepo v2.9.4-canary.8

What's Changed

Changelog

New Contributors

Full Changelog: vercel/turborepo@v2.9.4-canary.7...v2.9.4-canary.8

Turborepo v2.9.4-canary.7

What's Changed

Changelog

Full Changelog: vercel/turborepo@v2.9.4-canary.6...v2.9.4-canary.7

... (truncated)

Commits
  • 5f7a52c publish 2.9.4 to registry
  • 01802b4 release(turborepo): 2.9.4-canary.8 (#12558)
  • 1254916 fix: Respect dirty .gitignore patterns during task input hashing (#12557)
  • 0346076 fix: Bun workspace lockfile pruning producing invalid output (#12548)
  • b7d89a4 release(turborepo): 2.9.4-canary.7 (#12546)
  • a4b943e fix: Retain microfrontend proxy tasks when using filterUsingTasks (#12545)
  • 0e763f8 release(turborepo): 2.9.4-canary.6 (#12544)
  • f214dc8 fix(config): Deep-merge nested OTEL config across priority sources (#12513)
  • 98ab3b6 feat: Allow --affected and --filter to be combined (#12543)
  • 81b39a5 fix: Preserve prerelease info in schema URL during codemod migration (#12542)
  • Additional commits viewable in compare view

Updates axios from 1.13.6 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

  • Runtime Features: No new end-user features were introduced in this release.
  • Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

  • Headers: Trim trailing CRLF in normalised header values. (#7456)
  • HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
  • Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
  • Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
  • CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

  • Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
  • Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
  • Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
  • Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

Full Changelog: v1.13.6...v1.14.0

Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates ws from 8.19.0 to 8.20.0

Release notes

Sourced from ws's releases.

8.20.0

Features

  • Added exports for the PerMessageDeflate class and utilities for the Sec-WebSocket-Extensions and Sec-WebSocket-Protocol headers (d3503c1f).
Commits
  • 8439255 [dist] 8.20.0
  • d3503c1 [minor] Export the PerMessageDeflate class and header utils
  • 3ee5349 [api] Convert the isServer and maxPayload parameters to options
  • 91707b4 [doc] Add missing space
  • 8b55319 [pkg] Update eslint to version 10.0.1
  • ca533a5 [pkg] Update globals to version 17.0.0
  • See full diff in compare view

Updates @types/node from 25.3.5 to 25.5.2

Commits

Updates dotenv from 17.3.1 to 17.4.1

Changelog

Sourced from dotenv's changelog.

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)
Commits

Updates @openapitools/openapi-generator-cli from 2.30.2 to 2.31.0

Release notes

Sourced from @​openapitools/openapi-generator-cli's releases.

v2.31.0

2.31.0 (2026-03-24)

Features

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all-dependencies group across 1 directory with …
3c3e73a 
…9 updates

Bumps the all-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.6` | `2.4.10` |
| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.4.3` | `20.5.0` |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.4.3` | `20.5.0` |
| [turbo](https://github.com/vercel/turborepo) | `2.8.14` | `2.9.4` |
| [axios](https://github.com/axios/axios) | `1.13.6` | `1.14.0` |
| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.20.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.5` | `25.5.2` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.3.1` | `17.4.1` |
| [@openapitools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli) | `2.30.2` | `2.31.0` |



Updates `@biomejs/biome` from 2.4.6 to 2.4.10
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)

Updates `@commitlint/cli` from 20.4.3 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.4.3 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/config-conventional)

Updates `turbo` from 2.8.14 to 2.9.4
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.8.14...v2.9.4)

Updates `axios` from 1.13.6 to 1.14.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.6...v1.14.0)

Updates `ws` from 8.19.0 to 8.20.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.19.0...8.20.0)

Updates `@types/node` from 25.3.5 to 25.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `dotenv` from 17.3.1 to 17.4.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.3.1...v17.4.1)

Updates `@openapitools/openapi-generator-cli` from 2.30.2 to 2.31.0
- [Release notes](https://github.com/OpenAPITools/openapi-generator-cli/releases)
- [Commits](OpenAPITools/openapi-generator-cli@v2.30.2...v2.31.0)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: "@commitlint/cli"
  dependency-version: 20.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 20.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: turbo
  dependency-version: 2.9.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: axios
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: ws
  dependency-version: 8.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: "@openapitools/openapi-generator-cli"
  dependency-version: 2.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update dependencies label Apr 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants