Skip to content

chore(deps-dev): bump the dev-minor group with 2 updates#11

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/dev-minor-16a290d585
Apr 20, 2026
Merged

chore(deps-dev): bump the dev-minor group with 2 updates#11
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/dev-minor-16a290d585

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps the dev-minor group with 2 updates: @biomejs/biome and signet-protocol.

Updates @biomejs/biome from 2.4.11 to 2.4.12

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.12

2.4.12

Patch Changes

  • #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

    describe("foo", () => {});
describe("foo", () => {
  // invalid: same title as previous describe block
  test("baz", () => {});
  test("baz", () => {}); // invalid: same title as previous test case
});

  • #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

  • #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

    For example, the following snippets trigger the rule:

    function createComponent(label) {
  function MyComponent() {
    return <div>{label}</div>;
  }
  return MyComponent;
}
    function Parent() {
  function Child() {
    return <div />;
  }
  return <Child />;
}

  • #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

  • #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

  • #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

  • #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

  • #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.12

Patch Changes

  • #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

    describe("foo", () => {});
describe("foo", () => {
  // invalid: same title as previous describe block
  test("baz", () => {});
  test("baz", () => {}); // invalid: same title as previous test case
});

  • #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

  • #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

    For example, the following snippets trigger the rule:

    function createComponent(label) {
  function MyComponent() {
    return <div>{label}</div>;
  }
  return MyComponent;
}
    function Parent() {
  function Child() {
    return <div />;
  }
  return <Child />;
}

  • #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

  • #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

  • #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

  • #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

  • #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

  • #9966 322675e Thanks @​siketyan! - Fixed #9113: Biome now parses and formats @media and other conditional blocks correctly inside embedded CSS snippets.

... (truncated)

Commits

Updates signet-protocol from 1.2.1 to 1.6.0

Release notes

Sourced from signet-protocol's releases.

v1.6.0

Features

  • cross-device Sign-in-with-Signet via relay delivery

Bug Fixes

  • validate sessionPubkey and enforce pairing with relay (qr-router)

Reproducible build: byte-identical output verified across two independent CI runners.

Artefact integrity

file:      signet-protocol-1.6.0.tgz
size:      221835 bytes
sha256:    88a562ab8c13d01aaaac318f9d773802399819deb230f8723054f22a39521fcf
sha512-PsheTmJOo6/1MCj1P2yoCKX5lApix83kay4qAj2tW9SUFa33iQJGXzqyZrl3umFmxgu/Z5JRlZZbaxHOc4rJBw==

Verify against the registry tarball:

curl -sLO https://registry.npmjs.org/signet-protocol/-/signet-protocol-1.6.0.tgz
shasum -a 256 signet-protocol-1.6.0.tgz

v1.2.3

Bug Fixes

  • deterministic tamper in ring-signature test to eliminate 1/256 flake

Reproducible build: byte-identical output verified across two independent CI runners.

Artefact integrity

file:      signet-protocol-1.2.3.tgz
size:      220562 bytes
sha256:    f4e1b804040c77962a040ac994c20a78e1e24ba2e7ac29f2172c5deb2dcb042c
sha512-0lmC2P/NroFPw5X4roDMeEQ+CkO/956hCz75a0c7NH2zJtbVipyx0NwC2GF04tAOg+FJFH8w9/plxOvYXFcDYg==

Verify against the registry tarball:

curl -sLO https://registry.npmjs.org/signet-protocol/-/signet-protocol-1.2.3.tgz
shasum -a 256 signet-protocol-1.2.3.tgz
</tr></table>

... (truncated)

Changelog

Sourced from signet-protocol's changelog.

1.2.1 (2026-04-12)

Bug Fixes

  • deps: bump vite, picomatch, and esbuild across manifests (security) (0d3db23)

1.2.0 (2026-04-12)

1.6.0 (2026-04-18)

Features

  • cross-device Sign-in-with-Signet via relay delivery

Bug Fixes

  • validate sessionPubkey and enforce pairing with relay (qr-router)

1.5.0 (2026-04-18)

Features

  • cross-device Sign-in-with-Signet via relay delivery

1.4.0 (2026-04-18)

Features

  • cross-device Sign-in-with-Signet via relay delivery

1.3.0 (2026-04-18)

Features

  • cross-device Sign-in-with-Signet via relay delivery

1.2.3 (2026-04-16)

Bug Fixes

  • deterministic tamper in ring-signature test to eliminate 1/256 flake

... (truncated)

Commits
  • 06ad4e7 chore(release): 1.6.0
  • f6fdb3b fix(qr-router): validate sessionPubkey and enforce pairing with relay
  • 831b340 chore(release): 1.5.0
  • 47a8d64 chore: remove vestigial app/ directory
  • d2f9490 chore(release): 1.4.0
  • 4b082c7 refactor: move auth event from kind 27235 to kind 21236
  • fbc254b chore(release): 1.3.0
  • 0c58429 feat: cross-device Sign-in-with-Signet via relay delivery
  • f9041f0 chore(release): 1.2.3
  • 731b3f1 fix: deterministic tamper in ring-signature test to eliminate 1/256 flake
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the dev-minor group with 2 updates
dbd2a1d 
Bumps the dev-minor group with 2 updates: [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) and [signet-protocol](https://github.com/forgesworn/signet).


Updates `@biomejs/biome` from 2.4.11 to 2.4.12
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.12/packages/@biomejs/biome)

Updates `signet-protocol` from 1.2.1 to 1.6.0
- [Release notes](https://github.com/forgesworn/signet/releases)
- [Changelog](https://github.com/forgesworn/signet/blob/main/CHANGELOG.md)
- [Commits](forgesworn/signet@v1.2.1...v1.6.0)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-minor
- dependency-name: signet-protocol
  dependency-version: 1.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 20, 2026
@github-actions github-actions Bot merged commit b8f1d30 into main Apr 20, 2026
4 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/dev-minor-16a290d585 branch April 20, 2026 23:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants