Skip to content

chore(deps): bump the npm-weekly group across 1 directory with 4 updates#28

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-weekly-00f0fe9248
Open

chore(deps): bump the npm-weekly group across 1 directory with 4 updates#28
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-weekly-00f0fe9248

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Bumps the npm-weekly group with 4 updates in the / directory: @ast-grep/cli, @biomejs/biome, @changesets/cli and vite.

Updates @ast-grep/cli from 0.40.5 to 0.42.1

Release notes

Sourced from @​ast-grep/cli's releases.

0.42.1

0.42.0

... (truncated)

Changelog

Sourced from @​ast-grep/cli's changelog.

0.42.1

0.42.0

15 March 2026

... (truncated)

Commits
  • 917dff2 0.42.1
  • fd7ed35 fix: fix cleaning
  • ee226af feat: Support Dart again (#2534)
  • dabd337 chore(deps): update dependency oxlint to v1.58.0 (#2569)
  • 8156edc chore(deps): update rust crate toml_edit to v0.25.10 (#2571)
  • c3091af fix(deps): update rust crate similar to v3 (#2574)
  • c98ea7d chore(deps): update rust crate tokio to v1.51.0 (#2578)
  • ef7fc1a refactor: some code clean up for no-suppress
  • ed1da9d feat: add new built in rule no-suppress-all
  • 0a61071 fix: use less aggressive stack size for x86 mac
  • Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.11 to 2.4.12

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.12

2.4.12

Patch Changes

  • #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

    describe("foo", () => {});
describe("foo", () => {
  // invalid: same title as previous describe block
  test("baz", () => {});
  test("baz", () => {}); // invalid: same title as previous test case
});

  • #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

  • #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

    For example, the following snippets trigger the rule:

    function createComponent(label) {
  function MyComponent() {
    return <div>{label}</div>;
  }
  return MyComponent;
}
    function Parent() {
  function Child() {
    return <div />;
  }
  return <Child />;
}

  • #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

  • #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

  • #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

  • #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

  • #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.12

Patch Changes

  • #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

    describe("foo", () => {});
describe("foo", () => {
  // invalid: same title as previous describe block
  test("baz", () => {});
  test("baz", () => {}); // invalid: same title as previous test case
});

  • #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

  • #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

    For example, the following snippets trigger the rule:

    function createComponent(label) {
  function MyComponent() {
    return <div>{label}</div>;
  }
  return MyComponent;
}
    function Parent() {
  function Child() {
    return <div />;
  }
  return <Child />;
}

  • #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

  • #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

  • #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

  • #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

  • #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

  • #9966 322675e Thanks @​siketyan! - Fixed #9113: Biome now parses and formats @media and other conditional blocks correctly inside embedded CSS snippets.

... (truncated)

Commits

Updates @changesets/cli from 2.30.0 to 2.31.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.31.0

Minor Changes

  • #1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

  • #1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

  • d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

  • #1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

  • #1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

  • #1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

  • Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

    • @​changesets/assemble-release-plan@​6.0.10
    • @​changesets/get-dependents-graph@​2.1.4
    • @​changesets/apply-release-plan@​7.1.1
    • @​changesets/get-release-plan@​4.0.16
    • @​changesets/config@​3.1.4
Commits
  • 9cce6db Version Packages (#1897)
  • d2121dc Fix npm auth for path-based registries during publish by preserving configure...
  • 036fdd4 Fix several changeset version issues with workspace protocol dependencies (...
  • 5c4731f Gracefully handle stale npm info data leading to duplicate publish attempts...
  • 96ca062 Error on unsupported flags for individual CLI commands (#1889)
  • 42943b7 fix(cli): respond to --help on all subcommands (#1873)
  • f61e716 Improved detection for published state of prerelease-only packages without ...
  • See full diff in compare view

Updates vite from 8.0.8 to 8.0.9

Release notes

Sourced from vite's releases.

v8.0.9

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.9 (2026-04-20)

Features

Bug Fixes

  • allow binding when strictPort is set but wildcard port is in use (#22150) (dfc8aa5)
  • build: emptyOutDir should happen for watch rebuilds (#22207) (ee52267)
  • bundled-dev: reject requests to HMR patch files in non potentially trustworthy origins (#22269) (868f141)
  • css: use unique key for cssEntriesMap to prevent same-basename collision (#22039) (374bb5d)
  • deps: update all non-major dependencies (#22219) (4cd0d67)
  • deps: update all non-major dependencies (#22268) (c28e9c1)
  • detect Deno workspace root (fix #22237) (#22238) (1b793c0)
  • dev: handle errors in watchChange hook (#22188) (fc08bda)
  • optimizer: handle more chars that will be sanitized (#22208) (3f24533)
  • skip fallback sourcemap generation for ?raw imports (#22148) (3ec9cda)

Documentation

Miscellaneous Chores

  • deps: update dependency dotenv-expand to v13 (#22271) (0a3887d)
Commits
  • ce729f5 release: v8.0.9
  • 605bb97 docs: update build CLI defaults (#22261)
  • c28e9c1 fix(deps): update all non-major dependencies (#22268)
  • 0a3887d chore(deps): update dependency dotenv-expand to v13 (#22271)
  • 868f141 fix(bundled-dev): reject requests to HMR patch files in non potentially trust...
  • 3ec9cda fix: skip fallback sourcemap generation for ?raw imports (#22148)
  • 3f24533 fix(optimizer): handle more chars that will be sanitized (#22208)
  • 1b793c0 fix: detect Deno workspace root (fix #22237) (#22238)
  • fc08bda fix(dev): handle errors in watchChange hook (#22188)
  • 374bb5d fix(css): use unique key for cssEntriesMap to prevent same-basename collision...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the npm-weekly group across 1 directory with 4 updates
7130864 
Bumps the npm-weekly group with 4 updates in the / directory: [@ast-grep/cli](https://github.com/ast-grep/ast-grep), [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome), [@changesets/cli](https://github.com/changesets/changesets) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `@ast-grep/cli` from 0.40.5 to 0.42.1
- [Release notes](https://github.com/ast-grep/ast-grep/releases)
- [Changelog](https://github.com/ast-grep/ast-grep/blob/main/CHANGELOG.md)
- [Commits](ast-grep/ast-grep@0.40.5...0.42.1)

Updates `@biomejs/biome` from 2.4.11 to 2.4.12
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.12/packages/@biomejs/biome)

Updates `@changesets/cli` from 2.30.0 to 2.31.0
- [Release notes](https://github.com/changesets/changesets/releases)
- [Commits](https://github.com/changesets/changesets/compare/@changesets/cli@2.30.0...@changesets/cli@2.31.0)

Updates `vite` from 8.0.8 to 8.0.9
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.9/packages/vite)

---
updated-dependencies:
- dependency-name: "@ast-grep/cli"
  dependency-version: 0.42.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-weekly
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-weekly
- dependency-name: "@changesets/cli"
  dependency-version: 2.31.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-weekly
- dependency-name: vite
  dependency-version: 8.0.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-weekly
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 28, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 28, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​ast-grep/​cli@​0.40.5 ⏵ 0.42.1891006693100
Updatedvite@​8.0.8 ⏵ 8.0.999 +110082 +199 +1100
Updated@​changesets/​cli@​2.30.0 ⏵ 2.31.096 +1100100 +193 -1100
Updated@​biomejs/​biome@​2.4.11 ⏵ 2.4.12100 +110010098 -1100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants