Skip to content

chore(deps-dev): bump the development group across 1 directory with 7 updates#496

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-00f5cbac0a
Open

chore(deps-dev): bump the development group across 1 directory with 7 updates#496
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-00f5cbac0a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the development group with 7 updates in the / directory:

Package From To
@biomejs/biome 2.3.11 2.5.0
@playwright/test 1.58.0 1.60.0
@types/node 25.6.0 25.9.3
@typescript/native-preview 7.0.0-dev.20260122.3 7.0.0-dev.20260612.1
tsx 4.21.0 4.22.4
typescript 5.9.3 6.0.3
vite-plugin-mkcert 1.17.12 2.1.0

Updates @biomejs/biome from 2.3.11 to 2.5.0

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.0

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.

  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
<div onclick="handleClick()">Click me</div>
<!-- Valid: has keyboard handler -->
<div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
<!-- Valid: inherently keyboard-accessible -->
<button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
<html>
  <head>
    <style>
      .button {
        color: blue;
      }
    </style>
  </head>
  <body>
    <div class="button typo"></div>
  </body>
</html>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.

  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
<div onclick="handleClick()">Click me</div>
<!-- Valid: has keyboard handler -->
<div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
<!-- Valid: inherently keyboard-accessible -->
<button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
<html>
  <head>
    <style>
      .button {
        color: blue;
      }
    </style>
  </head>
  <body>
    <div class="button typo"></div>
  </body>
</html>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

    /* styles.css — .ghost is never used in any importing file */

... (truncated)

Commits

Updates @playwright/test from 1.58.0 to 1.60.0

Release notes

Sourced from @​playwright/test's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits

Updates @types/node from 25.6.0 to 25.9.3

Commits

Updates @typescript/native-preview from 7.0.0-dev.20260122.3 to 7.0.0-dev.20260612.1

Commits

Updates tsx from 4.21.0 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

  • resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

This release is also available on:

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

  • decode typed loader source (dce02fc)
  • preserve entrypoint with TypeScript preload hooks (68f72f3)

This release is also available on:

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

  • preserve CJS JSON require in ESM hooks (35b700b)
  • preserve named exports from CommonJS TypeScript (11de737)
  • support module.exports require(esm) interop (cf8f199)

This release is also available on:

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

  • resolve tsconfig path aliases containing a colon (#780) (6979f28)

This release is also available on:

... (truncated)

Commits
  • 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
  • dce02fc fix: decode typed loader source
  • 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
  • 69455cf test: cover package exports for ambiguous ESM reexports
  • 35b700b fix: preserve CJS JSON require in ESM hooks
  • ef807db chore: update testing dependencies
  • 3917090 test: document compatibility test taxonomy
  • de8113f refactor: centralize Node capability facts
  • c1f62db test: consolidate tsconfig path edge coverage
  • 4e08174 test: consolidate loader hook coverage
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.


Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Updates vite-plugin-mkcert from 1.17.12 to 2.1.0

Release notes

Sourced from vite-plugin-mkcert's releases.

v2.1.0

2.1.0 (2026-06-03)

Features

  • Avoid shell execution for mkcert hosts (#124) (b7541de)

v2.0.0

2.0.0 (2026-04-09)

Bug Fixes

  • plugin: relax request generic default type (0c62aed)

Features

  • plugin: add ipv6 hosts to default list (8dfc9f7), closes #116
  • plugin: add apply option for plugin execution (9a58063), closes #112
  • plugin: detect mkcert binary from path (de2702c), closes #96
  • plugin: improve logger control and download progress (23f8cd4)
  • plugin: support proxy download and improve request handling (06f74b4)

BREAKING CHANGES

  • plugin: require Node.js >= 22.19.0.
Changelog

Sourced from vite-plugin-mkcert's changelog.

2.1.0 (2026-06-03)

Features

  • Avoid shell execution for mkcert hosts (#124) (b7541de)

2.0.0 (2026-04-09)

Bug Fixes

  • plugin: relax request generic default type (0c62aed)

Features

  • add ipv6 hosts to default list (8dfc9f7), closes #116
  • plugin: add apply option for plugin execution (9a58063), closes #112
  • plugin: detect mkcert binary from path (de2702c), closes #96
  • plugin: improve logger control and download progress (23f8cd4)
  • plugin: support proxy download and improve request handling (06f74b4)

BREAKING CHANGES

  • plugin: require Node.js >= 22.19.0.
Commits
  • 97c68a4 chore(release): 2.1.0 [skip ci]
  • ef6f49a chore: update
  • b7541de feat: Avoid shell execution for mkcert hosts (#124)
  • 0b2eeee chore(release): 2.0.0 [skip ci]
  • de2702c feat(plugin): detect mkcert binary from path
  • 9a58063 feat(plugin): add apply option for plugin execution
  • 0c62aed fix(plugin): relax request generic default type
  • a1e8e90 refactor(plugin): split lib helpers into utils modules
  • 450a402 docs(plugin): add vite compatibility badge
  • 23f8cd4 feat(plugin): improve logger control and download progress
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@vercel

vercel Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
tempo-docs Ready Ready Preview, Comment Jun 19, 2026 1:07pm

Request Review

@socket-security

socket-security Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​node@​25.9.31001008195100
Addedtsx@​4.22.41001008292100
Added@​typescript/​native-preview@​7.0.0-dev.20260612.110010082100100
Updatedtypescript@​5.9.3 ⏵ 6.0.3100 +110090 +19790
Addedvite-plugin-mkcert@​2.1.09910010090100
Added@​biomejs/​biome@​2.5.010010010099100
Added@​playwright/​test@​1.60.010010010099100

View full report

@dependabot
chore(deps-dev): bump the development group across 1 directory with 7…
f44064b 
… updates

Bumps the development group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.3.11` | `2.5.0` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.58.0` | `1.60.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.6.0` | `25.9.3` |
| [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260122.3` | `7.0.0-dev.20260612.1` |
| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [vite-plugin-mkcert](https://github.com/liuweiGL/vite-plugin-mkcert) | `1.17.12` | `2.1.0` |



Updates `@biomejs/biome` from 2.3.11 to 2.5.0
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.0/packages/@biomejs/biome)

Updates `@playwright/test` from 1.58.0 to 1.60.0
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.58.0...v1.60.0)

Updates `@types/node` from 25.6.0 to 25.9.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript/native-preview` from 7.0.0-dev.20260122.3 to 7.0.0-dev.20260612.1
- [Changelog](https://github.com/microsoft/typescript-go/blob/main/CHANGES.md)
- [Commits](https://github.com/microsoft/typescript-go/commits)

Updates `tsx` from 4.21.0 to 4.22.4
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.21.0...v4.22.4)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `vite-plugin-mkcert` from 1.17.12 to 2.1.0
- [Release notes](https://github.com/liuweiGL/vite-plugin-mkcert/releases)
- [Changelog](https://github.com/liuweiGL/vite-plugin-mkcert/blob/main/CHANGELOG.md)
- [Commits](liuweiGL/vite-plugin-mkcert@v1.17.12...v2.1.0)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.16
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development
- dependency-name: "@playwright/test"
  dependency-version: 1.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development
- dependency-name: "@types/node"
  dependency-version: 25.9.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development
- dependency-name: "@typescript/native-preview"
  dependency-version: 7.0.0-dev.20260608.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development
- dependency-name: tsx
  dependency-version: 4.22.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development
- dependency-name: vite-plugin-mkcert
  dependency-version: 2.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/development-00f5cbac0a branch from 7d2e665 to f44064b Compare June 19, 2026 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants