chore(deps)(deps-dev): bump the dev-dependencies group with 3 updates

[dependabot]

Bumps the dev-dependencies group with 3 updates: @biomejs/biome, vitest and wrangler.

Updates @biomejs/biome from 2.3.8 to 2.3.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.10

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

What's Changed

• feat: new Turborepo domain and noUndeclaredEnvVars rule by @​anthonyshew in biomejs/biome#8426
• fix(noExtraNonNullAssertion): fix regression by @​dyc3 in biomejs/biome#8477
• fix(analyze/js): index ts constructor methods in semantic model (regression) by @​dyc3 in biomejs/biome#8479
• fix(lint): lint/suspicous/noRedeclare should not report redeclarations for infer type in conditional types by @​taga3s in biomejs/biome#8417
• fix(noLeakedRender): eslint rule name fix by @​vsn4ik in biomejs/biome#8420
• chore: add kraken as bronze sponsor by @​dyc3 in biomejs/biome#8486
• fix(linter): improve Vue defineProps handling in noVueReservedKeys by @​mdevils in biomejs/biome#8448
• fix(cli): colors with multi-codepoints characters by @​ematipico in biomejs/biome#8410
• feat(lint): implement noAmbiguousAnchorText by @​Netail in biomejs/biome#8372
• ci: release by @​github-actions[bot] in biomejs/biome#8474
• docs: fix typos for assist/actions/organize-imports by @​sergioness in biomejs/biome#8490

New Contributors

• @​taga3s made their first contribution in biomejs/biome#8417
• @​vsn4ik made their first contribution in biomejs/biome#8420
• @​sergioness made their first contribution in biomejs/biome#8490

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

... (truncated)

Commits

• fd279f3 ci: release (#8474)
• b352ee4 feat(lint): implement noAmbiguousAnchorText (#8372)
• 67546bc chore: add kraken as bronze sponsor (#8486)
• 285d932 feat: new Turborepo domain and noUndeclaredEnvVars rule (#8426)
• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• Additional commits viewable in compare view

Updates vitest from 4.0.15 to 4.0.16

Release notes

Sourced from vitest's releases.

v4.0.16

   🐞 Bug Fixes

• Fix browser mode default testTimeout back to 15 seconds  -  by @​hi-ogawa in vitest-dev/vitest#9167 (da0ad)
• Avoid crashing on process.versions stub  -  by @​AriPerkkio in vitest-dev/vitest#9174 (78cfb)
• Reject calling suite function inside test  -  by @​hi-ogawa in vitest-dev/vitest#9198 (1a259)
• Allow inlining fully dynamic import  -  by @​hi-ogawa in vitest-dev/vitest#9137 (56851)
• Fix module graph UI on html reporter with headless browser mode  -  by @​hi-ogawa in vitest-dev/vitest#9219 (60642)
• Log deprecated test.poolOptions if it's set  -  by @​sheremet-va in vitest-dev/vitest#9226 (f7f6a)
• browser:
  • Import recordArtifact from the vitest package  -  by @​macarie in vitest-dev/vitest#9186 (01c56)
  • Fix import.meta.env define  -  by @​hi-ogawa in vitest-dev/vitest#9205 (01a9a)
  • String formatting bug when including placeholders in console.log  -  by @​michael-debs and @​hi-ogawa in vitest-dev/vitest#9030 and vitest-dev/vitest#9131 (84a30)
• coverage:
  • Istanbul untested files source maps are off  -  by @​AriPerkkio in vitest-dev/vitest#9208 (372e8)
• experimental:
  • Export setupEnvironment for custom pools  -  by @​AriPerkkio in vitest-dev/vitest#9187 (5d26b)

    View changes on GitHub

Commits

• b46d744 chore: release v4.0.16
• 84a3062 fix(browser): string formatting bug when including placeholders in console.lo...
• f7f6aa8 fix: log deprecated test.poolOptions if it's set (#9226)
• 568513c fix: allow inlining fully dynamic import (#9137)
• 5d26b87 fix(experimental): export setupEnvironment for custom pools (#9187)
• f17eb42 refactor: avoid using isFileServingAllowed from Vite (#9160)
• 78cfbf9 fix: avoid crashing on process.versions stub (#9174)
• da0ade2 fix: fix browser mode default testTimeout back to 15 seconds (#9167)
• See full diff in compare view

Updates wrangler from 4.54.0 to 4.56.0

Release notes

Sourced from wrangler's releases.

wrangler@4.56.0

Minor Changes

• #11196 171cfd9 Thanks @​emily-shen! - For containers being created in a FedRAMP high environment, registry credentials are encrypted by the container platform. Update wrangler to correctly send a request to configure a registry for FedRAMP containers.

• #11646 472cf72 Thanks @​vovacf201! - feat: add R2 Data Catalog snapshot expiration commands

  Adds new commands to manage automatic snapshot expiration for R2 Data Catalog tables:

  • wrangler r2 bucket catalog snapshot-expiration enable - Enable automatic snapshot expiration
  • wrangler r2 bucket catalog snapshot-expiration disable - Disable automatic snapshot expiration

  Snapshot expiration helps manage storage costs by automatically removing old table snapshots while keeping a minimum number of recent snapshots for recovery purposes.

  Example usage:

  # Enable snapshot expiration for entire catalog (keep 10 snapshots, expire after 5 days)
  wrangler r2 bucket catalog snapshot-expiration enable my-bucket --token $R2_CATALOG_TOKEN --max-age 7200 --min-count 10
  Enable for specific table
  wrangler r2 bucket catalog snapshot-expiration enable my-bucket my-namespace my-table --token $R2_CATALOG_TOKEN --max-age 2880 --min-count 5
  Disable snapshot expiration
  wrangler r2 bucket catalog snapshot-expiration disable my-bucket

Patch Changes

• #11649 428ae9e Thanks @​ascorbic! - fix: respect TypeScript path aliases when resolving non-JS modules with module rules

  When importing non-JavaScript files (like .graphql, .txt, etc.) using TypeScript path aliases defined in tsconfig.json, Wrangler's module-collection plugin now correctly resolves these imports. Previously, path aliases were only respected for JavaScript/TypeScript files, causing imports like import schema from '~lib/schema.graphql' to fail when using module rules.

• #11647 c0e249e Thanks @​dario-piotrowicz! - The auto-configuration logic present in wrangler setup and wrangler deploy --x-autoconfig cannot reliably handle Hono projects, so in these cases make sure to properly error saying that automatically configuring such projects is not supported.

• #11694 3853200 Thanks @​dario-piotrowicz! - fix: improve the open-next detection that wrangler deploy performs to eliminate false positives for non open-next projects

• Updated dependencies [ae1ad22, 737c0f4]:

  • miniflare@4.20251217.0

wrangler@4.55.0

Minor Changes

• #11301 6c590a0 Thanks @​dario-piotrowicz! - Make wrangler deploy run opennextjs-cloudflare deploy when executed in an open-next project

• #11045 12a63ef Thanks @​edmundhung! - Add an internal unstable_printBindings API for vite plugin integration

• #11590 7d8d4a6 Thanks @​pombosilva! - Add Workflows send-event to wrangler commands.

... (truncated)

Commits

• 6be9321 Version Packages (#11666)
• 3853200 fix: improve the open-next detection that wrangler deploy performs to elimi...
• 171cfd9 Add way to configure image registries without secret store integration for `f...
• c0e249e Properly error on Hono projects in auto-config (#11647)
• 472cf72 [R2 Data Catalog] Add wrangler commands for the R2 Data Catalog snaps… (#11646)
• ae1ad22 chore(deps): bump the workerd-and-workers-types group with 2 updates (#11679)
• 428ae9e fix: respect TypeScript path aliases when resolving non-JS modules with modul...
• 8ba87a0 Version Packages (#11602)
• 90c0676 move patchConfig tests from wrangler to workers-utils, also add wrangler-co...
• 7d8d4a6 [Wrangler] Add Workflows sendEvent wrangler command (#11590)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: aicodingstack/maintainers. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	aicodingstack	caac5ac	Dec 22 2025, 06:28 AM