Bump the dev-deps group across 1 directory with 6 updates

[dependabot]

Bumps the dev-deps group with 4 updates in the / directory: @biomejs/biome, @cloudflare/vitest-pool-workers, tsup and typescript.

Updates @biomejs/biome from 2.2.3 to 2.3.6

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.6

2.3.6

Patch Changes

• #8100 82b9a8e Thanks @​Netail! - Added the nursery rule useFind. Enforce the use of Array.prototype.find() over Array.prototype.filter() followed by [0] when looking for a single result.

  Invalid:

  [1, 2, 3].filter((x) => x > 1)[0];
  [1, 2, 3].filter((x) => x > 1).at(0);

• #8118 dbc7021 Thanks @​hirokiokada77! - Fixed #8117: useValidLang now accepts valid BCP 47 language tags with script subtags.

  Valid:

  <html lang="zh-Hans-CN"></html>

• #7672 f1d5725 Thanks @​Netail! - Added the nursery rule useConsistentGraphqlDescriptions, requiring all descriptions to follow the same style (either block or inline) inside GraphQL files.

  Invalid:

  enum EnumValue {
    "this is a description"
    DEFAULT
  }

  Valid:

  enum EnumValue {
    """
    this is a description
    """
    DEFAULT
  }

• #8026 f102661 Thanks @​matanshavit! - Fixed #8004: noParametersOnlyUsedInRecursion now correctly detects recursion by comparing function bindings instead of just names.

  Previously, the rule incorrectly flagged parameters when a method had the same name as an outer function but called the outer function (not itself):

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.6

Patch Changes

• #8100 82b9a8e Thanks @​Netail! - Added the nursery rule useFind. Enforce the use of Array.prototype.find() over Array.prototype.filter() followed by [0] when looking for a single result.

  Invalid:

  [1, 2, 3].filter((x) => x > 1)[0];
  [1, 2, 3].filter((x) => x > 1).at(0);

• #8118 dbc7021 Thanks @​hirokiokada77! - Fixed #8117: useValidLang now accepts valid BCP 47 language tags with script subtags.

  Valid:

  <html lang="zh-Hans-CN"></html>

• #7672 f1d5725 Thanks @​Netail! - Added the nursery rule useConsistentGraphqlDescriptions, requiring all descriptions to follow the same style (either block or inline) inside GraphQL files.

  Invalid:

  enum EnumValue {
    "this is a description"
    DEFAULT
  }

  Valid:

  enum EnumValue {
    """
    this is a description
    """
    DEFAULT
  }

• #8026 f102661 Thanks @​matanshavit! - Fixed #8004: noParametersOnlyUsedInRecursion now correctly detects recursion by comparing function bindings instead of just names.

  Previously, the rule incorrectly flagged parameters when a method had the same name as an outer function but called the outer function (not itself):

  function notRecursive(arg) {

... (truncated)

Commits

• 166d95b ci: release (#8076)
• 6976d03 chore: schema regression rule domains (#8133)
• 5fc5416 feat(lint/vue): add noVueVIfWithVFor, useVueHyphenatedAttributes (#8097)
• fb8e3e7 fix(noInvalidUseBeforeDeclaration): handle class, enum, import-equals (#8113)
• 0f0a658 feat(analyze): implement noSyncScripts (#8108)
• 82b9a8e feat(js_analyze): implement useFind (#8100)
• 1fdcaf0 feat(schema): add docs URLs to rule description (#8098)
• b406db6 feat: add useSpread rule (#7681)
• 6bcc9d2 chore: regression schemars v1 (#8092)
• 0c0edd4 feat(graphql_analyze): add useUniqueGraphqlOperationName (#8013)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates @cloudflare/vitest-pool-workers from 0.8.70 to 0.10.7

Release notes

Sourced from @​cloudflare/vitest-pool-workers's releases.

@​cloudflare/vitest-pool-workers@​0.10.7

Patch Changes

• Updated dependencies [43fe9f3, 3908162, 305ffb3, 14d79f2, dfc6513, 46ccf0e]:
  • [email protected]
  • [email protected]

@​cloudflare/vitest-pool-workers@​0.10.6

Patch Changes

• Updated dependencies [5286309, 2d16610, dd7d584, 4259256, 63defa2, 5cf8a39, 70d3d4a, 38396ed, 8abc789, cdcecfc, e85f965, 88aa707]:
  • [email protected]
  • [email protected]

@​cloudflare/vitest-pool-workers@​0.10.5

Patch Changes

• Updated dependencies [240ebeb, 05440a1, 1ae020d, 53b0fce, c3ed531, 305d7bf, b55a3c7, c3ed531, 5d7c4c2, c3ed531]:
  • [email protected]
  • [email protected]

@​cloudflare/vitest-pool-workers@​0.10.4

Patch Changes

• Updated dependencies [8ffbd17, 77ed7e2, bb00f9d, ed666a1, 14f60e8, 22f25fd]:
  • [email protected]
  • [email protected]

@​cloudflare/vitest-pool-workers@​0.10.3

Patch Changes

• Updated dependencies [6822aaf, bce8142]:
  • [email protected]

@​cloudflare/vitest-pool-workers@​0.10.1

Patch Changes

• Updated dependencies [d0208fe, dbe51c1, d4f2daf]:
  • [email protected]

@​cloudflare/vitest-pool-workers@​0.10.0

Minor Changes

• #11047 0ff1964 Thanks @​petebacondarwin! - Infer latest locally available compatibility date if none is provided in the test configuration

Patch Changes

• #10919 ca6c010 Thanks @​Caio-Nogueira! - migrate workflow to use a wrapped binding

• #11047 0ff1964 Thanks @​petebacondarwin! - ensure that vitest specific nodejs polyfills override native modules

... (truncated)

Changelog

Sourced from @​cloudflare/vitest-pool-workers's changelog.

0.10.7

Patch Changes

• Updated dependencies [43fe9f3, 3908162, 305ffb3, 14d79f2, dfc6513, 46ccf0e]:
  • [email protected]
  • [email protected]

0.10.6

Patch Changes

• Updated dependencies [5286309, 2d16610, dd7d584, 4259256, 63defa2, 5cf8a39, 70d3d4a, 38396ed, 8abc789, cdcecfc, e85f965, 88aa707]:
  • [email protected]
  • [email protected]

0.10.5

Patch Changes

• Updated dependencies [240ebeb, 05440a1, 1ae020d, 53b0fce, c3ed531, 305d7bf, b55a3c7, c3ed531, 5d7c4c2, c3ed531]:
  • [email protected]
  • [email protected]

0.10.4

Patch Changes

• Updated dependencies [8ffbd17, 77ed7e2, bb00f9d, ed666a1, 14f60e8, 22f25fd]:
  • [email protected]
  • [email protected]

0.10.3

Patch Changes

• Updated dependencies [6822aaf, bce8142]:
  • [email protected]

0.10.2

Patch Changes

• Updated dependencies [55657eb, d47f166]:
  • [email protected]

0.10.1

Patch Changes

... (truncated)

Commits

• a72f6dc Version Packages (#11237)
• c193d0e Version Packages (#11198)
• 4be581a Use eslint flat file config (#11207)
• dd7d584 Bump the workerd-and-workers-types group across 1 directory with 2 updates (#...
• cabbaf1 Version Packages (#11175)
• a586c03 Version Packages (#11141)
• 8445f29 Version Packages (#11131)
• 6958fa7 Version Packages (#11115)
• cb47614 Version Packages (#11085)
• a5eb513 Version Packages (#11054)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​cloudflare/vitest-pool-workers since your current version.

Updates @cloudflare/workers-types from 4.20250906.0 to 4.20251117.0

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​cloudflare/workers-types since your current version.

Updates tsup from 8.5.0 to 8.5.1

Release notes

Sourced from tsup's releases.

v8.5.1

   🐞 Bug Fixes

• Add script tag validation  -  by @​benhoad in egoist/tsup#1314 (df736)
• Update esbuild to fix sourcemap source issue  -  by @​ArcherGu and @​sxzz in egoist/tsup#1316 (fb8ae)

    View changes on GitHub

Commits

• 1ecb6a5 chore: release v8.5.1
• e92ba64 chore: upgrade esbuild
• fb8ae7d fix: update esbuild to fix sourcemap source issue (#1316)
• db7cfaa chore: upgrade pnpm
• df7360b fix: add script tag validation (#1314)
• 65e8547 chore: bump source-map to 0.7.6 (#1358)
• f127e57 ci: switch to trusted publisher
• 8b6907d chore: add maintenance info in README (#1332)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tsup since your current version.

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Updates wrangler from 4.34.0 to 4.48.0

Release notes

Sourced from wrangler's releases.

[email protected]

Minor Changes

• #11212 3908162 Thanks @​dario-piotrowicz! - Add autoconfig changes summary for wrangler deploy --x-autoconfig with the option for users to cancel the operation

• #11229 14d79f2 Thanks @​dario-piotrowicz! - Enables experimental-deploy-remote-diff-check flag by default (the flag is still present for now so that users can turn it off if needed) and improves the remote config diffing logic (to include less noise in the diff presented to the user)

• #11245 dfc6513 Thanks @​vicb! - Change how Wrangler selects default ports for dev sessions.

  If no port is specified, Wrangler now probes the default port and the 10 consecutive ports after it before falling back to a random port. This will help getting a stable port number across dev sessions. Both the http server and inspector ports are affected.

Patch Changes

• #11177 43fe9f3 Thanks @​MattieTK! - Added bun detection to package manager analytics

• Updated dependencies [305ffb3, 46ccf0e]:

  • [email protected]

[email protected]

Minor Changes

• #11201 5286309 Thanks @​avenceslau! - Add wrangler workflows instances restart command

• #11214 5cf8a39 Thanks @​penalosa! - Add the experimental wrangler setup command to run autoconfig outside of the deploy flow.

• #11187 8abc789 Thanks @​dario-piotrowicz! - Add possibility for users to edit their project settings during autoconfig

  When running wrangler deploy --experimental-autoconfig, after the automatic project settings detection Wrangler will now present users the opportunity to customize the auto-detected project's settings

Patch Changes

• #11143 2d16610 Thanks @​FlorentCollin! - Improve the formatting of the D1 execute command to always show the duration in milliseconds with two decimal places.

• #11178 63defa2 Thanks @​ascorbic! - Log a more helpful error when attempting to "r2 object put" a non-existent file

• #11199 70d3d4a Thanks @​penalosa! - Add telemetry to autoconfig

• #11186 38396ed Thanks @​hoodmane! - Removed warning when deploying a Python worker

• #11024 cdcecfc Thanks @​devin-ai-integration! - Use the native node:trace_events module when available

  It is enabled when the enable_nodejs_trace_events_module compatibility flag is set.

• #11195 e85f965 Thanks @​ascorbic! - Ignores .dev.vars if --env-file has been explicitly passed

  Previously, .dev.vars would always be read first, and then any file passed with --env-file would override variables in .dev.vars. This meant there was no way to ignore .dev.vars if you wanted to use a different env file. Now, if --env-file is passed, .dev.vars will be ignored entirely.

• #11181 88aa707 Thanks @​petebacondarwin! - add more logging around Wrangler authentication to help diagnose issues

... (truncated)

Changelog

Sourced from wrangler's changelog.

4.48.0

Minor Changes

• #11212 3908162 Thanks @​dario-piotrowicz! - Add autoconfig changes summary for wrangler deploy --x-autoconfig with the option for users to cancel the operation

• #11229 14d79f2 Thanks @​dario-piotrowicz! - Enables experimental-deploy-remote-diff-check flag by default (the flag is still present for now so that users can turn it off if needed) and improves the remote config diffing logic (to include less noise in the diff presented to the user)

• #11245 dfc6513 Thanks @​vicb! - Change how Wrangler selects default ports for dev sessions.

  If no port is specified, Wrangler now probes the default port and the 10 consecutive ports after it before falling back to a random port. This will help getting a stable port number across dev sessions. Both the http server and inspector ports are affected.

Patch Changes

• #11177 43fe9f3 Thanks @​MattieTK! - Added bun detection to package manager analytics

• Updated dependencies [305ffb3, 46ccf0e]:

  • [email protected]

4.47.0

Minor Changes

• #11201 5286309 Thanks @​avenceslau! - Add wrangler workflows instances restart command

• #11214 5cf8a39 Thanks @​penalosa! - Add the experimental wrangler setup command to run autoconfig outside of the deploy flow.

• #11187 8abc789 Thanks @​dario-piotrowicz! - Add possibility for users to edit their project settings during autoconfig

  When running wrangler deploy --experimental-autoconfig, after the automatic project settings detection Wrangler will now present users the opportunity to customize the auto-detected project's settings

Patch Changes

• #11143 2d16610 Thanks @​FlorentCollin! - Improve the formatting of the D1 execute command to always show the duration in milliseconds with two decimal places.

• #11178 63defa2 Thanks @​ascorbic! - Log a more helpful error when attempting to "r2 object put" a non-existent file

• #11199 70d3d4a Thanks @​penalosa! - Add telemetry to autoconfig

• #11186 38396ed Thanks @​hoodmane! - Removed warning when deploying a Python worker

• #11024 cdcecfc Thanks @​devin-ai-integration! - Use the native node:trace_events module when available

  It is enabled when the enable_nodejs_trace_events_module compatibility flag is set.

• #11195 e85f965 Thanks @​ascorbic! - Ignores .dev.vars if --env-file has been explicitly passed

  Previously, .dev.vars would always be read first, and then any file passed with --env-file would override variables in .dev.vars. This meant there was no way to ignore .dev.vars if you wanted to use a different env file. Now, if --env-file is passed, .dev.vars will be ignored entirely.

... (truncated)

Commits

• a72f6dc Version Packages (#11237)
• 8a5824b Remove logging of package manager support (#11252)
• 14d79f2 Enable better conflict management for deployment by default (#11229)
• d7a2037 Change constructWranglerConfig() to take the types expected by dash (#11146)
• dfc6513 Change ports selection for wrangler dev sessions. (#11245)
• 43fe9f3 feat: add bun package manager detection (#11177)
• 3908162 Add autoconfig changes summary for wrangler deploy --x-autoconfig with the ...
• c193d0e Version Packages (#11198)
• 4259256 Bump the workerd-and-workers-types group with 2 updates (#11232)
• 5cf8a39 wrangler setup (#11214)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions