build: bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: @biomejs/biome, @types/node, @vercel/node and vercel.

Updates @biomejs/biome from 2.3.8 to 2.3.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.10

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

What's Changed

• feat: new Turborepo domain and noUndeclaredEnvVars rule by @​anthonyshew in biomejs/biome#8426
• fix(noExtraNonNullAssertion): fix regression by @​dyc3 in biomejs/biome#8477
• fix(analyze/js): index ts constructor methods in semantic model (regression) by @​dyc3 in biomejs/biome#8479
• fix(lint): lint/suspicous/noRedeclare should not report redeclarations for infer type in conditional types by @​taga3s in biomejs/biome#8417
• fix(noLeakedRender): eslint rule name fix by @​vsn4ik in biomejs/biome#8420
• chore: add kraken as bronze sponsor by @​dyc3 in biomejs/biome#8486
• fix(linter): improve Vue defineProps handling in noVueReservedKeys by @​mdevils in biomejs/biome#8448
• fix(cli): colors with multi-codepoints characters by @​ematipico in biomejs/biome#8410
• feat(lint): implement noAmbiguousAnchorText by @​Netail in biomejs/biome#8372
• ci: release by @​github-actions[bot] in biomejs/biome#8474
• docs: fix typos for assist/actions/organize-imports by @​sergioness in biomejs/biome#8490

New Contributors

• @​taga3s made their first contribution in biomejs/biome#8417
• @​vsn4ik made their first contribution in biomejs/biome#8420
• @​sergioness made their first contribution in biomejs/biome#8490

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

... (truncated)

Commits

• fd279f3 ci: release (#8474)
• b352ee4 feat(lint): implement noAmbiguousAnchorText (#8372)
• 67546bc chore: add kraken as bronze sponsor (#8486)
• 285d932 feat: new Turborepo domain and noUndeclaredEnvVars rule (#8426)
• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• Additional commits viewable in compare view

Updates @types/node from 24.10.1 to 25.0.3

Commits

• See full diff in compare view

Updates @vercel/node from 5.5.13 to 5.5.16

Release notes

Sourced from @​vercel/node's releases.

@​vercel/node@​5.5.16

Patch Changes

• Updated dependencies [c55475f865ecf22f27b8b17f6fc98b9e1455ab5d]:
  • @​vercel/build-utils@​13.2.4

@​vercel/node@​5.5.15

Patch Changes

• Use workspace:* for workspace dependencies (#14396)

• Updated dependencies [6bdbf9e170507a973a53bd881c8c7ecbaa3a930c]:

  • @​vercel/build-utils@​13.2.3

@​vercel/node@​5.5.14

Patch Changes

• Bump NFT dependency (#14373)

• Updated dependencies [f9b8fb23d1d2f873c5c3a0534b12d1e463689bb6]:

  • @​vercel/build-utils@​13.2.2

Changelog

Sourced from @​vercel/node's changelog.

5.5.16

Patch Changes

• Updated dependencies [c55475f865ecf22f27b8b17f6fc98b9e1455ab5d]:
  • @​vercel/build-utils@​13.2.4

5.5.15

Patch Changes

• Use workspace:* for workspace dependencies (#14396)

• Updated dependencies [6bdbf9e170507a973a53bd881c8c7ecbaa3a930c]:

  • @​vercel/build-utils@​13.2.3

5.5.14

Patch Changes

• Bump NFT dependency (#14373)

• Updated dependencies [f9b8fb23d1d2f873c5c3a0534b12d1e463689bb6]:

  • @​vercel/build-utils@​13.2.2

Commits

• 354f717 Version Packages (#14498)
• e20dc6a Version Packages (#14395)GG
• 6bdbf9e Use workspace deps (#14396)
• bc70fd3 Version Packages (#14379)
• f9b8fb2 Bump NFT dependency (#14373)
• See full diff in compare view

Updates vercel from 48.12.0 to 50.1.3

Release notes

Sourced from vercel's releases.

vercel@50.1.3

Patch Changes

• Run install command earlier for vercel.ts (#14504)

• [python] only create api builders for .py files that export an app or handler (#14493)

• Remove vercel.ts feature flag (#14501)

• Updated dependencies [f8e79cd385e3635a5d8227cb357af381b883d053, c55475f865ecf22f27b8b17f6fc98b9e1455ab5d]:

  • @​vercel/ruby@​2.2.4
  • @​vercel/build-utils@​13.2.4
  • @​vercel/python@​6.1.5
  • @​vercel/backends@​0.0.17
  • @​vercel/elysia@​0.1.15
  • @​vercel/express@​0.1.21
  • @​vercel/fastify@​0.1.18
  • @​vercel/go@​3.2.4
  • @​vercel/h3@​0.1.24
  • @​vercel/hono@​0.2.18
  • @​vercel/hydrogen@​1.3.3
  • @​vercel/nestjs@​0.2.19
  • @​vercel/next@​4.15.9
  • @​vercel/node@​5.5.16
  • @​vercel/redwood@​2.4.6
  • @​vercel/remix-builder@​5.5.6
  • @​vercel/rust@​1.0.4
  • @​vercel/static-build@​2.8.15

vercel@50.1.2

Patch Changes

• Remove content-encoding response header for CLI extensions proxy (#14489)

vercel@50.1.1

Patch Changes

• Revert env pull conditional quoting changes (#14485)

vercel@50.1.0

Minor Changes

• Bugfix: handle json values with newlines when pulling environment variables (#14479)

• Add out to deploy command for aliasing production domains (#14458)

Patch Changes

• Add support for customErrorPage configuration in vercel.json to customize pages for platform errors. (#14466)

... (truncated)

Changelog

Sourced from vercel's changelog.

50.1.3

Patch Changes

• Run install command earlier for vercel.ts (#14504)

• [python] only create api builders for .py files that export an app or handler (#14493)

• Remove vercel.ts feature flag (#14501)

• Updated dependencies [f8e79cd385e3635a5d8227cb357af381b883d053, c55475f865ecf22f27b8b17f6fc98b9e1455ab5d]:

  • @​vercel/ruby@​2.2.4
  • @​vercel/build-utils@​13.2.4
  • @​vercel/python@​6.1.5
  • @​vercel/backends@​0.0.17
  • @​vercel/elysia@​0.1.15
  • @​vercel/express@​0.1.21
  • @​vercel/fastify@​0.1.18
  • @​vercel/go@​3.2.4
  • @​vercel/h3@​0.1.24
  • @​vercel/hono@​0.2.18
  • @​vercel/hydrogen@​1.3.3
  • @​vercel/nestjs@​0.2.19
  • @​vercel/next@​4.15.9
  • @​vercel/node@​5.5.16
  • @​vercel/redwood@​2.4.6
  • @​vercel/remix-builder@​5.5.6
  • @​vercel/rust@​1.0.4
  • @​vercel/static-build@​2.8.15

50.1.2

Patch Changes

• Remove content-encoding response header for CLI extensions proxy (#14489)

50.1.1

Patch Changes

• Revert env pull conditional quoting changes (#14485)

50.1.0

Minor Changes

• Bugfix: handle json values with newlines when pulling environment variables (#14479)

• Add out to deploy command for aliasing production domains (#14458)

... (truncated)

Commits

• 354f717 Version Packages (#14498)
• 06b53ed [cli] remove early compilation in get-config for vercel.ts projects (#14504)
• 377d0ce [cli] remove vercel_ts_config_enabled feature flag (#14501)
• c55475f [python] only create api builders for .py files that export an app or handl...
• b56ac07 Version Packages (#14492)
• a69145d fix(cli): remove content-encoding header in extension proxy (#14489)
• 37f469f Version Packages (#14486)
• d57adfa [cli] Revert env pull conditional quoting changes (#14485)
• ce718d0 Version Packages (#14470)
• d2951f3 [CICD-DX] Fix JSON formatting in env values to prevent double-escaping (#14479)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
personal-api	Ready	Preview, Comment	Jan 18, 2026 1:41pm