chore(deps-dev): bump the minor-development-deps group across 1 directory with 8 updates

[dependabot]

Bumps the minor-development-deps group with 8 updates in the / directory:

Package	From	To
@biomejs/biome	2.3.2	2.3.8
@oclif/test	4.1.14	4.1.15
@types/node	24.9.2	24.10.1
knip	5.66.4	5.71.0
oclif	4.22.38	4.22.52
prettier	3.6.2	3.7.3
tsx	4.20.6	4.21.0
vitest	4.0.6	4.0.14

Updates @biomejs/biome from 2.3.2 to 2.3.8

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.8

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

  const foo = "Line 1\nLine 2";
  const bar = `Line 1

... (truncated)

Commits

• 0a6b6fb chore: restore version and yaml how they were
• 5d15cd5 chore: revert version
• 59fa146 ci: release (#8263)
• f7e836f feat(biome_js_analyze): implement noProto rule (#8276)
• b537918 feat(js_biome_analyze): implement noDuplicatedSpreadProps (#8116)
• 91484d1 feat(biome_js_analyze): implement noMultiStr rule (#8218)
• 68c052e feat(biome_js_analyze): implement noEqualsToNull rule (#8214)
• 79adaea feat(lint): added new rule no-leaked-render from eslint-react (#8171)
• cd2edd7 feat(js_analyze): implement noTernary (#8201)
• 8e97b89 ci: release (#8161)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates @oclif/test from 4.1.14 to 4.1.15

Release notes

Sourced from @​oclif/test's releases.

4.1.15

Bug Fixes

• deps: bump js-yaml from 4.1.0 to 4.1.1 (f6eb102)

Changelog

Sourced from @​oclif/test's changelog.

4.1.15 (2025-11-15)

Bug Fixes

• deps: bump js-yaml from 4.1.0 to 4.1.1 (f6eb102)

Commits

• 1ce2a8a chore(release): 4.1.15 [skip ci]
• 2f4f177 Merge pull request #836 from oclif/dependabot-npm_and_yarn-js-yaml-4.1.1
• f6eb102 fix(deps): bump js-yaml from 4.1.0 to 4.1.1
• c0e59e7 Merge pull request #834 from oclif/dependabot-npm_and_yarn-eslint-9.39.1
• caefe5c chore(dev-deps): bump eslint from 9.39.0 to 9.39.1
• c53fd03 Merge pull request #835 from oclif/dependabot-npm_and_yarn-eslint-config-ocli...
• c4ae211 chore(dev-deps): bump eslint-config-oclif from 6.0.114 to 6.0.115
• 0cec22f Merge pull request #830 from oclif/dependabot-npm_and_yarn-eslint-9.39.0
• ceffce1 chore(dev-deps): bump eslint from 9.38.0 to 9.39.0
• 7f27f9f Merge pull request #831 from oclif/dependabot-npm_and_yarn-eslint-compat-1.4.1
• Additional commits viewable in compare view

Updates @types/node from 24.9.2 to 24.10.1

Commits

• See full diff in compare view

Updates knip from 5.66.4 to 5.71.0

Release notes

Sourced from knip's releases.

Release 5.71.0

• Add sed to globally ignored binaries (#1365) (ea8d61899fe8d4ba160ec998d564d3c9f5aafd55) - thanks @​jmoses!
• Consider NS in condition referenced (closes #1364) (7a5a8ea2351b31e1cefb1405d33b8dbb464c2ec9)
• Improve dynamic import binding handling (close #1368) (b210b18c18357885b33827fc23a7333615ef7d64)
• Introduce graph explorer (b107af4cfbf034159903cf79c82e6926ff7dd91c)
• Find mdx plugins in next config (resolve #1367) (07c0539dd167681e2f5533bef15a7759bd6a3f5f)
• Filter out subshell function calls (resolve #1369) (97d8f6acc9fda00486b2072f9717789d54b4e225)

Release 5.70.2

• Restore & add TS v5.5.0 workarounds ↻ oh my (fe7ea23981ae1c94118041299b9f1fecceba62d4)
• Extend & refactor Import in module graph (ad25794fc5ed465cf4be151df05fc4196d1589e4)
• Fix TYPE_ONLY instance (b431303d60f84f6abf77f37f93ccf9ab399d4cc9)
• Add side-effect imports as well (ed289ba9e69a030f945a42aef0828029fbe9b734)
• Remove project patterns from astro plugin (ac9e378d2bdf84b70791bdce9febc511bee924b4)
• Don't leak negated entry into project patterns (eab2b892c774c8ed545952997e66cf53719fa68e)
• Run glob sets with negations separately (resolves #1249) (969e3afdb25d9e607ff68f60543c8f1e64be5a69)
• Include all groups to negate entry patterns in production mode (406592dca0e44917703b24cee78c2d85b0a42fb6)

Release 5.70.1

• chore: fix vitest node env recognition (#1360) (9a38e10230b18b256ee8ed03dcc5217029b5298d) - thanks @​jonathansamines!
• Improve some export/import positions (f6f58fa96ef1243c4e5c70e8860b286bd63bed94)
• Add some common hints/FAQs to plugin test template (da7cf84a501321a9bbb3e118e840d36d47abad56)

Release 5.70.0

• Revert "Revive some tests in Bun" (f1406b5d8fc5add850e88ea23619bad745519c97)
• feat(plugins): Add Prisma plugin entry and Prisma schema compiler (#1340) (9f80aa4b09f9c9c5a0e55015a8b0eae9fb2e1812) - thanks @​CHC383!
• Improve some export/import positions (b19282b3ff84d1486820afb9f09e1384d8934bc8)
• Move block to group top-level patterns (bba25f33d489fb1942925d022348536513e4a4dd)
• Improve some naming around module graph (63d61176f0613bb405627f6cab2dc1bbee052df5)
• Minor refactors (a63b0dce0f886f297650185c72003f7c935a9deb)
• Update auto-fix.mdx (#1356) (c64d9056ef9aed63b1b8255dc1bad120a21f311f) - thanks @​skvale!
• Improve side-effects & opaque import call handling (resolve #1352) (e364589d790ce185c9a3b29aa2ea00f2663064d6)
• Add some unit tests for isIdentifierReferenced (f31eab4b443f084ff4af3eab187c352deab27089)
• Add support for awaited import call promise (92cbcef6b0501891e9e62ef6a3ef801b0de945e7)
• Edit and dim tag hints title (e4affd2f0651ba530817bb04805805e6474b0fbe)
• feat(plugins): Add taskfile plugin (#1357) (f64b72c31f0ee47da68a1eff96505dc770c43194) - thanks @​elierotenberg!
• Improve pragmas handling/setup (resolves #1358) (e0f497cc937e5cb5281a84a7e9c2181942b94361)
• Upgrade js-yaml + some others (resolve #1359) (5195888a691c200c971e214f28ad20bf4a395862)
• Clean up (da9440fb6a09222cc8a50093178e6cd69fee3bd6)

Release 5.69.1

• Release @​knip/create-config 1.0.8 (87405169656dbfa8cf931092d516c91647f95529)
• Edit docs (5eb8a6943904505b5630dee1ee58379c7707f72d)
• Apply Next.js page extensions to app directory (#1351) (f9cf9dc0fd44880a515979a104261ed77fa8878d) - thanks @​remcohaszing!
• Refactor fixes & consistently use issue.fixes (d7b45cfebb135881160ecda2acf0ad5239d98441)
• Revive some tests in Bun (74a0bd8ebf6e68e121333489495d2b6d58545fd4)
• Fix import identifier/specifier pos (95d2c04d5400ffb57f9057653c0977967b3ae02e)
• Fix namespace import pos (6b6b80b813d545d16ba74fc68beecd492f1252a2)
• Improve some export/import positions (9b87b1ac20fb33d9f9b5af1de1cbe1d053fa18ff)
• Rely on absolute paths with formatly (npx acts weird) (6653f357074c559f537af1b5563b191372d7901e)

... (truncated)

Commits

• 879a42c Release 5.71.0
• 97d8f6a Filter out subshell function calls (resolve #1369)
• 07c0539 Find mdx plugins in next config (resolve #1367)
• b107af4 Introduce graph explorer
• b210b18 Improve dynamic import binding handling (close #1368)
• 7a5a8ea Consider NS in condition referenced (closes #1364)
• ea8d618 Add sed to globally ignored binaries (#1365)
• 59abdaa Release 5.70.2
• 406592d Include all groups to negate entry patterns in production mode
• 969e3af Run glob sets with negations separately (resolves #1249)
• Additional commits viewable in compare view

Updates oclif from 4.22.38 to 4.22.52

Release notes

Sourced from oclif's releases.

4.22.52

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.937.0 to 3.940.0 (0a8b89f)

4.22.51

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.937.0 to 3.940.0 (0c016f1)

4.22.50

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.927.0 to 3.937.0 (89e76a7)

4.22.49

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.932.0 to 3.937.0 (00fbbcf)

4.22.48

Bug Fixes

• deps: bump @​oclif/plugin-not-found from 3.2.71 to 3.2.73 (6f9d6a3)

4.22.47

Bug Fixes

• deps: bump @​oclif/plugin-help from 6.2.34 to 6.2.36 (40234c1)

4.22.46

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.927.0 to 3.932.0 (00c5913)

4.22.45

Bug Fixes

• deps: bump @​oclif/plugin-warn-if-update-available (35554de)

4.22.44

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.922.0 to 3.927.0 (d85f157)

4.22.43

Bug Fixes

• deps: bump @​oclif/plugin-warn-if-update-available (eacdcfb)

... (truncated)

Changelog

Sourced from oclif's changelog.

4.22.52 (2025-11-30)

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.937.0 to 3.940.0 (0a8b89f)

4.22.51 (2025-11-30)

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.937.0 to 3.940.0 (0c016f1)

4.22.50 (2025-11-23)

Bug Fixes

• deps: bump @​aws-sdk/client-cloudfront from 3.927.0 to 3.937.0 (89e76a7)

4.22.49 (2025-11-23)

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.932.0 to 3.937.0 (00fbbcf)

4.22.48 (2025-11-23)

Bug Fixes

• deps: bump @​oclif/plugin-not-found from 3.2.71 to 3.2.73 (6f9d6a3)

4.22.47 (2025-11-17)

Bug Fixes

• deps: bump @​oclif/plugin-help from 6.2.34 to 6.2.36 (40234c1)

4.22.46 (2025-11-16)

Bug Fixes

• deps: bump @​aws-sdk/client-s3 from 3.927.0 to 3.932.0 (00c5913)

4.22.45 (2025-11-16)

Bug Fixes

• deps: bump @​oclif/plugin-warn-if-update-available (35554de)

4.22.44 (2025-11-09)

... (truncated)

Commits

• 54065c6 chore(release): 4.22.52 [skip ci]
• 0f1543c Merge pull request #1922 from oclif/dependabot-npm_and_yarn-aws-sdk-client-s3...
• 0a8b89f fix(deps): bump @​aws-sdk/client-s3 from 3.937.0 to 3.940.0
• 4abc123 chore(release): 4.22.51 [skip ci]
• c315c9e Merge pull request #1923 from oclif/dependabot-npm_and_yarn-aws-sdk-client-cl...
• 6c2659d Merge pull request #1924 from oclif/dependabot-npm_and_yarn-eslint-config-ocl...
• 0c103ce chore(dev-deps): bump eslint-config-oclif from 6.0.118 to 6.0.119
• 0c016f1 fix(deps): bump @​aws-sdk/client-cloudfront from 3.937.0 to 3.940.0
• d5dea83 Merge pull request #1915 from oclif/dependabot-npm_and_yarn-eslint-config-ocl...
• f7dc3ee Merge pull request #1916 from oclif/dependabot-npm_and_yarn-oclif-test-4.1.15
• Additional commits viewable in compare view

Updates prettier from 3.6.2 to 3.7.3

Release notes

Sourced from prettier's releases.

3.7.3

What's Changed

• Fix prettier.getFileInfo() change that breaks VSCode extension by @​fisker in prettier/prettier#18375

🔗 Changelog

3.7.2

What's Changed

• Fix string print when switching quotes by @​fisker in prettier/prettier#18351
• Preserve quote for embedded HTML attribute values by @​kovsu in prettier/prettier#18352
• Fix comment in empty type literal by @​fisker in prettier/prettier#18364

🔗 Changelog

3.7.1

• Fix performance regression in doc printer (#18342 by @​fisker)

🔗 Changelog

3.7.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.7.3

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

3.7.2

diff

JavaScript: Fix string print when switching quotes (#18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")
// Prettier 3.7.1
console.log('A descriptor\'s .kind must be "method" or "field".');
// Prettier 3.7.2
console.log('A descriptor\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;
// Prettier 3.7.1
const html = /* HTML */ &lt;div class=${styles.banner}&gt;&lt;/div&gt;;
// Prettier 3.7.2
const html = /* HTML */ &lt;div class=&quot;${styles.banner}&quot;&gt;&lt;/div&gt;;

TypeScript: Fix comment in empty type literal (#18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};
// Prettier 3.7.1
</tr></table>

... (truncated)

Commits

• fdfa670 Release 3.7.3
• 2dce3ec Fix typo
• 27d6c64 Revert previous change to getFileInfo (#18375)
• f4a7afa Add types for config related functions (#18376)
• 9266e3e Add resolved test cases (#18358)
• 3bfc014 Bump Prettier dependency to 3.7.2
• 081b846 Clean changelog_unreleased
• 03384c9 Release 3.7.2
• 514e51a Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.2
• 29a11ae Fix comment in empty type literal (#18364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.

Updates tsx from 4.20.6 to 4.21.0

Release notes

Sourced from tsx's releases.

v4.21.0

4.21.0 (2025-11-30)

Features

• upgrade esbuild (#748) (048fb62)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• f6284cd ci: lock in semantic-release v24
• 048fb62 feat: upgrade esbuild (#748)
• See full diff in compare view

Updates vitest from 4.0.6 to 4.0.14

Release notes

Sourced from vitest's releases.

v4.0.14

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in vitest-dev/vitest#9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in vitest-dev/vitest#9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in vitest-dev/vitest#8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in vitest-dev/vitest#9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in vitest-dev/vitest#9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in vitest-dev/vitest#9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in vitest-dev/vitest#9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #9018  -  by @​sheremet-va in vitest-dev/vitest#9072 and vitest-dev/vitest#9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in vitest-dev/vitest#9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in vitest-dev/vitest#9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in vitest-dev/vitest#9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in vitest-dev/vitest#9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in vitest-dev/vitest#9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in vitest-dev/vitest#9057 (acc51)

    View changes on GitHub

v4.0.13

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in vitest-dev/vitest#9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in vitest-dev/vitest#9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in vitest-dev/vitest#9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in vitest-dev/vitest#9076 (6b9a1)

    View changes on GitHub

v4.0.12

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in vitest-dev/vitest#9063 (9a8bc)

... (truncated)

Commits

• 9ca74cf chore: release v4.0.14
• 821aa20 feat(runner): Add full names to tasks (#9087)
• 1256b5c fix: rename collect to import, remove prepare (#9091)
• 3326cc9 fix: collect the duration of external imports (#9097)
• 379185b fix(pool): init VITEST_POOL_ID + VITEST_WORKER_ID before environment setu...
• 2c468ee fix(jsdom): reuse abort signals if possible (#9090)
• e1b2e08 fix: externalize before caching (#9077)
• acc5152 perf: replace debug with obug (#9057)
• 73b54ce chore: release v4.0.13
• b27e002 perf: avoid fetchModule roundtrip if the module is cached (#9075)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions