Skip to content

chore(deps): bump the npm-weekly group with 6 updates#35

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-weekly-eb27819b8d
Open

chore(deps): bump the npm-weekly group with 6 updates#35
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-weekly-eb27819b8d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps the npm-weekly group with 6 updates:

Package From To
@ast-grep/cli 0.40.5 0.44.0
@biomejs/biome 2.4.11 2.5.0
@changesets/cli 2.30.0 2.31.0
tsx 4.21.0 4.22.4
vite 8.0.8 8.0.16
vitest 4.1.4 4.1.9

Updates @ast-grep/cli from 0.40.5 to 0.44.0

Release notes

Sourced from @​ast-grep/cli's releases.

0.44.0

... (truncated)

Changelog

Sourced from @​ast-grep/cli's changelog.

0.44.0

... (truncated)

Commits
  • e34ce66 0.44.0
  • e27fc74 chore: move outline docs and benchmarks out of repo (#2763)
  • 8a0be7e chore(deps): update dependency smol-toml to v1.7.0 (#2762)
  • 6213351 Add JavaScript outline rules and stream JSON files (#2761)
  • 01f05a1 fix: update edge case fallback behavior
  • b8f220c fix: improve root multi meta var error
  • a8b7061 fix: reject root multi-metavariable patterns (#2727)
  • 58efe19 fix: don't leak metavar bindings across siblings in nthChild ofRule (#2677)
  • d5ee2c2 fix: extract python from-import modules in outline (#2758)
  • af979e6 fix: match go outline types by declaration (#2759)
  • Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.11 to 2.5.0

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.0

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.

  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
<div onclick="handleClick()">Click me</div>
<!-- Valid: has keyboard handler -->
<div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
<!-- Valid: inherently keyboard-accessible -->
<button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
<html>
  <head>
    <style>
      .button {
        color: blue;
      }
    </style>
  </head>
  <body>
    <div class="button typo"></div>
  </body>
</html>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.

  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
<div onclick="handleClick()">Click me</div>
<!-- Valid: has keyboard handler -->
<div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
<!-- Valid: inherently keyboard-accessible -->
<button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
<html>
  <head>
    <style>
      .button {
        color: blue;
      }
    </style>
  </head>
  <body>
    <div class="button typo"></div>
  </body>
</html>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

    /* styles.css — .ghost is never used in any importing file */

... (truncated)

Commits

Updates @changesets/cli from 2.30.0 to 2.31.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.31.0

Minor Changes

  • #1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

  • #1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

  • d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

  • #1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

  • #1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

  • #1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

  • Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

    • @​changesets/assemble-release-plan@​6.0.10
    • @​changesets/get-dependents-graph@​2.1.4
    • @​changesets/apply-release-plan@​7.1.1
    • @​changesets/get-release-plan@​4.0.16
    • @​changesets/config@​3.1.4
Commits
  • 9cce6db Version Packages (#1897)
  • d2121dc Fix npm auth for path-based registries during publish by preserving configure...
  • 036fdd4 Fix several changeset version issues with workspace protocol dependencies (...
  • 5c4731f Gracefully handle stale npm info data leading to duplicate publish attempts...
  • 96ca062 Error on unsupported flags for individual CLI commands (#1889)
  • 42943b7 fix(cli): respond to --help on all subcommands (#1873)
  • f61e716 Improved detection for published state of prerelease-only packages without ...
  • See full diff in compare view

Updates tsx from 4.21.0 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

  • resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

This release is also available on:

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

  • decode typed loader source (dce02fc)
  • preserve entrypoint with TypeScript preload hooks (68f72f3)

This release is also available on:

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

  • preserve CJS JSON require in ESM hooks (35b700b)
  • preserve named exports from CommonJS TypeScript (11de737)
  • support module.exports require(esm) interop (cf8f199)

This release is also available on:

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

  • resolve tsconfig path aliases containing a colon (#780) (6979f28)

This release is also available on:

... (truncated)

Commits
  • 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
  • dce02fc fix: decode typed loader source
  • 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
  • 69455cf test: cover package exports for ambiguous ESM reexports
  • 35b700b fix: preserve CJS JSON require in ESM hooks
  • ef807db chore: update testing dependencies
  • 3917090 test: document compatibility test taxonomy
  • de8113f refactor: centralize Node capability facts
  • c1f62db test: consolidate tsconfig path edge coverage
  • 4e08174 test: consolidate loader hook coverage
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.


Updates vite from 8.0.8 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

  • capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
  • deps: update all non-major dependencies (#22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22471) (98b8163)
  • dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
  • html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
  • optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

  • deps: update rolldown-related dependencies (#22470) (7cb728e)
  • remove irrelevant commits from changelog (2c69495)

Code Refactoring

  • glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

Updates vitest from 4.1.4 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

... (truncated)

Commits
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • `@dep...

Description has been truncated

@dependabot
chore(deps): bump the npm-weekly group with 6 updates
c74fd65 
Bumps the npm-weekly group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@ast-grep/cli](https://github.com/ast-grep/ast-grep) | `0.40.5` | `0.44.0` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.11` | `2.5.0` |
| [@changesets/cli](https://github.com/changesets/changesets) | `2.30.0` | `2.31.0` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.8` | `8.0.16` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.4` | `4.1.9` |


Updates `@ast-grep/cli` from 0.40.5 to 0.44.0
- [Release notes](https://github.com/ast-grep/ast-grep/releases)
- [Changelog](https://github.com/ast-grep/ast-grep/blob/main/CHANGELOG.md)
- [Commits](ast-grep/ast-grep@0.40.5...0.44.0)

Updates `@biomejs/biome` from 2.4.11 to 2.5.0
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.0/packages/@biomejs/biome)

Updates `@changesets/cli` from 2.30.0 to 2.31.0
- [Release notes](https://github.com/changesets/changesets/releases)
- [Commits](https://github.com/changesets/changesets/compare/@changesets/cli@2.30.0...@changesets/cli@2.31.0)

Updates `tsx` from 4.21.0 to 4.22.4
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.21.0...v4.22.4)

Updates `vite` from 8.0.8 to 8.0.16
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

Updates `vitest` from 4.1.4 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

---
updated-dependencies:
- dependency-name: "@ast-grep/cli"
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-weekly
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-weekly
- dependency-name: "@changesets/cli"
  dependency-version: 2.31.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-weekly
- dependency-name: tsx
  dependency-version: 4.22.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-weekly
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-weekly
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-weekly
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@socket-security

socket-security Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​ast-grep/​cli@​0.44.0901006895100
Addedvitest@​4.1.9981007998100
Addedtsx@​4.22.41001008291100
Addedvite@​8.0.16991008298100
Added@​changesets/​cli@​2.31.09710010095100
Added@​biomejs/​biome@​2.5.010010010099100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants