Skip to content

chore(deps-dev): bump the dev-dependencies group across 1 directory with 10 updates#377

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/dev-dependencies-5b3ce4c313
Open

chore(deps-dev): bump the dev-dependencies group across 1 directory with 10 updates#377
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/dev-dependencies-5b3ce4c313

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 10 updates in the / directory:

Package From To
@biomejs/biome 2.4.16 2.5.3
@types/node 25.9.1 25.9.5
esbuild 0.25.12 0.28.1
gitnexus 1.6.6 1.6.9
turbo 2.9.16 2.10.5
vitest 4.1.8 4.1.10
concurrently 9.2.1 9.2.4
electron 42.4.0 42.7.0
vite 7.3.2 7.3.6
@types/vscode 1.120.0 1.125.0

Updates @biomejs/biome from 2.4.16 to 2.5.3

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.3

2.5.3

Patch Changes

  • #10815 86613d5 Thanks @​WaterWhisperer! - Fixed a parser panic reported in #10708: Biome now recovers when unsupported CSS Modules @value rules or scoped @keyframes names end at EOF.

  • #10534 da9b403 Thanks @​Mokto! - Fixed noUnusedVariables false positives in Svelte files: Svelte store subscriptions ($store references in templates now keep the underlying store binding from being flagged), and $bindable() props that are only written to in the script block (write-only is intentional for bindable props) are no longer reported as unused.

  • #10827 098ba41 Thanks @​Aqu1bp! - Fixed #10698: The noUnsafeOptionalChaining rule now reports unsafe optional chains wrapped in TypeScript as, satisfies, type assertion, and instantiation expressions, such as new (value?.constructor as Constructor)().

  • #10773 3c6513d Thanks @​otkrickey! - Fixed #10772: useVueValidVOn no longer reports a missing handler for v-on directives using a verb modifier (.stop / .prevent) without an expression, e.g. <div @click.stop></div>. The rule also accepts the arg-less object syntax <div v-on="$listeners"></div> instead of reporting a missing event name.

  • #10721 d83c66b Thanks @​minseong0324! - Improved type-aware lint rule inference for built-in globals and indexed function calls. Biome now resolves Error(...), new Error(...), optional Error#stack, and calls through indexed function values such as handlers[0](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/0) more accurately.

  • #10865 6450276 Thanks @​ematipico! - Fixed #10845. Biome Language Server no longer goes in deadlock when the scanner is enabled.

  • #10853 93d8e53 Thanks @​Netail! - Fixed #10840: Astro shorthand attribute syntax is now correctly being parsed from embedded nodes.

  • #10820 bba3092 Thanks @​JamBalaya56562! - Fixed #10619: noProcessEnv now also reports computed (bracket) member access. Previously only dot access was checked, so process["env"] and env["NODE_ENV"] (where env is imported from node:process) were missed. Both static and computed accesses are now reported.

  • #10835 3447b2f Thanks @​dyc3! - Fixed #10824: useDomQuerySelector now supports an ignore option for receiver identifiers that should not be reported.

  • #10875 b12e486 Thanks @​dyc3! - Fixed #10795: --profile-rules now reports timings for each plugin separately as plugin/<pluginName>, matching the naming used by plugin suppressions, instead of aggregating all plugins under a single plugin/plugin entry.

  • #10877 d6bc447 Thanks @​ematipico! - Fixed biome-zed#164: Biome no longer inserts stray whitespace when format-on-type runs after closing delimiters such as ), ], and }.

  • #10867 a21463e Thanks @​dyc3! - Fixed #10864: Biome no longer crashes when checking or linting HTML files with unquoted attribute values such as <textarea rows=4></textarea>.

What's Changed

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.3

Patch Changes

  • #10815 86613d5 Thanks @​WaterWhisperer! - Fixed a parser panic reported in #10708: Biome now recovers when unsupported CSS Modules @value rules or scoped @keyframes names end at EOF.

  • #10534 da9b403 Thanks @​Mokto! - Fixed noUnusedVariables false positives in Svelte files: Svelte store subscriptions ($store references in templates now keep the underlying store binding from being flagged), and $bindable() props that are only written to in the script block (write-only is intentional for bindable props) are no longer reported as unused.

  • #10827 098ba41 Thanks @​Aqu1bp! - Fixed #10698: The noUnsafeOptionalChaining rule now reports unsafe optional chains wrapped in TypeScript as, satisfies, type assertion, and instantiation expressions, such as new (value?.constructor as Constructor)().

  • #10773 3c6513d Thanks @​otkrickey! - Fixed #10772: useVueValidVOn no longer reports a missing handler for v-on directives using a verb modifier (.stop / .prevent) without an expression, e.g. <div @click.stop></div>. The rule also accepts the arg-less object syntax <div v-on="$listeners"></div> instead of reporting a missing event name.

  • #10721 d83c66b Thanks @​minseong0324! - Improved type-aware lint rule inference for built-in globals and indexed function calls. Biome now resolves Error(...), new Error(...), optional Error#stack, and calls through indexed function values such as handlers[0](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/0) more accurately.

  • #10865 6450276 Thanks @​ematipico! - Fixed #10845. Biome Language Server no longer goes in deadlock when the scanner is enabled.

  • #10853 93d8e53 Thanks @​Netail! - Fixed #10840: Astro shorthand attribute syntax is now correctly being parsed from embedded nodes.

  • #10820 bba3092 Thanks @​JamBalaya56562! - Fixed #10619: noProcessEnv now also reports computed (bracket) member access. Previously only dot access was checked, so process["env"] and env["NODE_ENV"] (where env is imported from node:process) were missed. Both static and computed accesses are now reported.

  • #10835 3447b2f Thanks @​dyc3! - Fixed #10824: useDomQuerySelector now supports an ignore option for receiver identifiers that should not be reported.

  • #10875 b12e486 Thanks @​dyc3! - Fixed #10795: --profile-rules now reports timings for each plugin separately as plugin/<pluginName>, matching the naming used by plugin suppressions, instead of aggregating all plugins under a single plugin/plugin entry.

  • #10877 d6bc447 Thanks @​ematipico! - Fixed biome-zed#164: Biome no longer inserts stray whitespace when format-on-type runs after closing delimiters such as ), ], and }.

  • #10867 a21463e Thanks @​dyc3! - Fixed #10864: Biome no longer crashes when checking or linting HTML files with unquoted attribute values such as <textarea rows=4></textarea>.

2.5.2

Patch Changes

  • #10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #10752 f62fb8b Thanks @​ematipico! - Fixed #10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #10796 f1b3ab2 Thanks @​ematipico! - Fixed #10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

... (truncated)

Commits

Updates @types/node from 25.9.1 to 25.9.5

Commits

Updates esbuild from 0.25.12 to 0.28.1

Release notes

Sourced from esbuild's releases.

v0.28.1

  • Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

    This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

    Thanks to @​dellalibera for reporting this issue.

  • Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

    The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

    Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

    Thanks to @​sondt99 for reporting this issue.

  • Avoid inlining using and await using declarations (#4482)

    Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

    // Original code
    {
      using x = new Resource()
      x.activate()
    }
    // Old output (with --minify)
    new Resource().activate();
    // New output (with --minify)
    {using e=new Resource;e.activate()}

  • Fix module evaluation when an error is thrown (#4461, #4467)

    If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if import() or require() is used to import a module multiple times. The thrown error is supposed to be thrown by every call to import() or require(), not just the first. With this release, esbuild will now throw the same error every time you call import() or require() on a module that throws during its evaluation.

  • Fix some edge cases around the new operator (#4477)

    Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a new expression (specifically an optional chain and/or a tagged template literal). The generated code for the new target was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap the new target in parentheses. Here is an example of some affected code:

    // Original code
    new (foo()`bar`)()
    new (foo()?.bar)()
    // Old output
    new foo()bar();
    new (foo())?.bar();

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2025

This changelog documents all esbuild versions published in the year 2025 (versions 0.25.0 through 0.27.2).

0.27.2

  • Allow import path specifiers starting with #/ (#4361)

    Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

    This change was contributed by @​hybrist.

  • Automatically add the -webkit-mask prefix (#4357, #4358)

    This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

    /* Original code */
    main {
      mask: url(x.png) center/5rem no-repeat
    }
    /* Old output (with --target=chrome110) */
    main {
    mask: url(x.png) center/5rem no-repeat;
    }
    /* New output (with --target=chrome110) */
    main {
    -webkit-mask: url(x.png) center/5rem no-repeat;
    mask: url(x.png) center/5rem no-repeat;
    }

    This change was contributed by @​BPJEnnova.

  • Additional minification of switch statements (#4176, #4359)

    This release contains additional minification patterns for reducing switch statements. Here is an example:

    // Original code
    switch (x) {
      case 0:
        foo()
        break
      case 1:
      default:
        bar()
    }

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for esbuild since your current version.


Updates gitnexus from 1.6.6 to 1.6.9

Release notes

Sourced from gitnexus's releases.

v1.6.9

GitNexus v1.6.9

The multi-repo API-tracing release. group now resolves HTTP routes and consumers across files, frameworks, and repos — including a cross-repo call trace over the PDG — while the default workspace index quietly follows whatever branch you have checked out, and taint modeling rounds out Java and Python.

✨ Highlights

  • 🌐 Cross-repo call trace over the PDGgroup can trace the shortest call path across a ContractLink between two repositories, not just within one. (#2269)
  • 🔗 HTTP handler resolution goes cross-file and inline for group — named handlers defined in another file, and inline provider handlers resolved by call-site line. (#2275, #2277, #2276, #2282)
  • 🍃 HTTP route/consumer extraction rounded out — Java and Kotlin HTTP consumer extraction expanded with Kotlin Spring provider parity, Django route extraction for multi-repo group, and a Spring DI resolver for @Autowired List<T> injection. (#2268, #2254, #1836, #2200)
  • 🌱 Taint source/sink models added for Java and Python, alongside the intra/inter-procedural taint engine shipped in 1.6.8. (#2267, #2253)
  • 🌿 The default (non-multi-branch) workspace index now follows the checked-out branch instead of staying pinned to whichever branch it was created on. (#2364)
  • 🔍 Search gets sharper — opt-in CJK bigram segmentation for FTS, a configurable FTS stemmer and vector distance threshold, and more compact, description-forward embedding text. (#2339, #2307, #2330, #2333, #2334)

🚀 Added

  • Flat workspace index follows the checked-out branch — the default (non-multi-branch) index now tracks git checkout instead of staying pinned to the branch it was created on (#2364)
  • Spring DI resolver for @Autowired List<T> injection — collection-typed constructor/field injection resolves to all matching bean implementations (#2200)
  • Opt-in CJK bigram segmentation for FTS search — improves search relevance over Chinese/Japanese/Korean text (#2339)
  • Compact, description-forward embedding text — shorter, more targeted embedding input for symbol search (#2333, #2334)
  • Route nodes get a (method, url) identity — distinct HTTP verbs on the same URL are no longer merged into one node (#2289, #2302)
  • Nuxt/Nitro auto-imports resolved in the TypeScript scope resolver (#2026)
  • Doc comments searchable across all languages via FTS (#2286)
  • Cross-file and inline HTTP handler resolution for group — named handlers across files (#2275, #2277) and inline provider handlers via call-site line (#2276, #2282)
  • Cross-repo call trace using PDG for group (#2269)
  • Java and Python conservative taint source/sink models (#2267, #2253)
  • Java and Kotlin HTTP consumer extraction expanded, with Kotlin Spring provider parity (#2268, #2254, #1888)
  • Django route extraction for multi-repo group (#1836)
  • Kilo Code + GitNexus MCP setup guide (#2259)

🐛 Fixed

  • Index metadata renamed to gitnexus.json with dual-write compatibility for existing indexes (#2363)
  • Java call graph — cast-wrapped and this.method() receivers now resolve call edges (#2357)
  • Icon imports consolidated — fixes stale refs and a package-name collision (#2343)
  • Embeddings — CUDA 13 hosts now use a system-matched onnxruntime-node build for GPU acceleration (#2341)
  • Ladybug single-writer transaction contention now retries instead of failing (#2342)
  • --limit CLI flag — i18n-safe, guards 0/negative values, and truncates at the correct path (#2310)
  • Ladybug pinned to 0.18.0, validating the multi-writer deadlock fix (#2340)
  • Full text file content stays searchable in the FTS index (#2323)
  • Vector distance threshold made configurable (#2330)
  • LadybugDB-incompatible multi-label Cypher replaced in group queries (#2325, #2327)
  • Windows @group reopen — read-only bridge handle is cached to fix repeated reopen failures (#2274, #2313)
  • FTS stemmer made configurable (#2307)
  • FastAPI APIRouter constructor prefixes applied to nested routes (#2312)
  • MCP api_impact response shape stabilized for same-URL multi-verb routes (#2308, #2309)
  • Generator function declarations indexed (#2305)
  • FTS indexes the description field so doc comments are keyword-searchable (#2300)

... (truncated)

Changelog

Sourced from gitnexus's changelog.

[1.6.9] - 2026-07-04

Added

  • Flat workspace index follows the checked-out branch — the default (non-multi-branch) index now tracks git checkout instead of staying pinned to the branch it was created on (#2364)
  • Spring DI resolver for @Autowired List<T> injection — collection-typed constructor/field injection resolves to all matching bean implementations (#2200)
  • Opt-in CJK bigram segmentation for FTS search — improves search relevance over Chinese/Japanese/Korean text (#2339)
  • Compact, description-forward embedding text — shorter, more targeted embedding input for symbol search (#2333, #2334)
  • Route nodes get a (method, url) identity — distinct HTTP verbs on the same URL are no longer merged into one node (#2289, #2302)
  • Nuxt/Nitro auto-imports resolved in the TypeScript scope resolver (#2026)
  • Doc comments searchable across all languages via FTS (#2286)
  • Cross-file and inline HTTP handler resolution for group — named handlers across files (#2275, #2277) and inline provider handlers via call-site line (#2276, #2282)
  • Cross-repo call trace using PDG for group (#2269)
  • Java and Python conservative taint source/sink models (#2267, #2253)
  • Java and Kotlin HTTP consumer extraction expanded, with Kotlin Spring provider parity (#2268, #2254, #1888)
  • Django route extraction for multi-repo group (#1836)
  • Kilo Code + GitNexus MCP setup guide (#2259)

Fixed

  • Index metadata renamed to gitnexus.json with dual-write compatibility for existing indexes (#2363)
  • Java call graph — cast-wrapped and this.method() receivers now resolve call edges (#2357)
  • Icon imports consolidated — fixes stale refs and a package-name collision (#2343)
  • Embeddings — CUDA 13 hosts now use a system-matched onnxruntime-node build for GPU acceleration (#2341)
  • Ladybug single-writer transaction contention now retries instead of failing (#2342)
  • --limit CLI flag — i18n-safe, guards 0/negative values, and truncates at the correct path (#2310)
  • Ladybug pinned to 0.18.0, validating the multi-writer deadlock fix (#2340)
  • Full text file content stays searchable in the FTS index (#2323)
  • Vector distance threshold made configurable (#2330)
  • LadybugDB-incompatible multi-label Cypher replaced in group queries (#2325, #2327)
  • Windows @group reopen — read-only bridge handle is cached to fix repeated reopen failures (#2274, #2313)
  • FTS stemmer made configurable (#2307)
  • FastAPI APIRouter constructor prefixes applied to nested routes (#2312)
  • MCP api_impact response shape stabilized for same-URL multi-verb routes (#2308, #2309)
  • Generator function declarations indexed (#2305)
  • FTS indexes the description field so doc comments are keyword-searchable (#2300)
  • Spring interface-inherited routes resolved (#2288, #2290)
  • Spring method-level array-form route mappings recognized (#2281)
  • MCP impact callgraph mode tolerates adapter-materialized line:0 (#2279, #2283)
  • Kotlin fun interface extraction via a tree-sitter-kotlin re-vendor (#2271)
  • --pdg analyze double-free fixed — LadybugDB close-destructor crash avoided and connection serialization hardened (#2264)

Changed

  • Root README restructured and all READMEs fact-checked (#2360)
  • Bundled skill reference drift fixed in docs (#2362)

Performance

  • group/HTTP route extraction skips source parsing for files already covered by the graph (#2138 Part 2, #2265)

... (truncated)

Commits
  • 4227194 chore: release v1.6.9 (#2367)
  • eed2d69 chore(deps)(deps): bump node-addon-api from 8.8.0 to 8.9.0 in /gitnexus (#2366)
  • e46b87f feat: flat workspace index follows the checked-out branch (#2364)
  • d546fa3 fix(storage): rename index metadata to gitnexus.json with dual-write compatib...
  • 6e42040 docs: fix bundled skill reference drift (#2362)
  • 0005574 docs: restructure root README, fact-check all READMEs (#2360)
  • 1029a8d feat: add Spring DI resolver for @​Autowired List<T> injection (#2200)
  • fa8ebf6 fix: Java cast-wrapped and this.method() call edges (#2357)
  • 6ef173f fix: consolidate icon imports, fix stale refs and package name collision (#2343)
  • 5aada28 fix(embeddings): use system-matched onnxruntime-node CUDA build so CUDA 13 ho...
  • Additional commits viewable in compare view
Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.


Updates turbo from 2.9.16 to 2.10.5

Release notes

Sourced from turbo's releases.

Turborepo v2.10.5

What's Changed

Changelog

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 24, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-5b3ce4c313 branch from 1313deb to 1b0d212 Compare July 8, 2026 03:57
…ith 10 updates

Bumps the dev-dependencies group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.16` | `2.5.3` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.1` | `25.9.5` |
| [esbuild](https://github.com/evanw/esbuild) | `0.25.12` | `0.28.1` |
| [gitnexus](https://github.com/abhigyanpatwari/GitNexus/tree/HEAD/gitnexus) | `1.6.6` | `1.6.9` |
| [turbo](https://github.com/vercel/turborepo) | `2.9.16` | `2.10.5` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.10` |
| [concurrently](https://github.com/open-cli-tools/concurrently) | `9.2.1` | `9.2.4` |
| [electron](https://github.com/electron/electron) | `42.4.0` | `42.7.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.2` | `7.3.6` |
| [@types/vscode](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/vscode) | `1.120.0` | `1.125.0` |



Updates `@biomejs/biome` from 2.4.16 to 2.5.3
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.3/packages/@biomejs/biome)

Updates `@types/node` from 25.9.1 to 25.9.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `esbuild` from 0.25.12 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md)
- [Commits](evanw/esbuild@v0.25.12...v0.28.1)

Updates `gitnexus` from 1.6.6 to 1.6.9
- [Release notes](https://github.com/abhigyanpatwari/GitNexus/releases)
- [Changelog](https://github.com/abhigyanpatwari/GitNexus/blob/main/gitnexus/CHANGELOG.md)
- [Commits](https://github.com/abhigyanpatwari/GitNexus/commits/v1.6.9/gitnexus)

Updates `turbo` from 2.9.16 to 2.10.5
- [Release notes](https://github.com/vercel/turborepo/releases)
- [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md)
- [Commits](vercel/turborepo@v2.9.16...v2.10.5)

Updates `vitest` from 4.1.8 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

Updates `concurrently` from 9.2.1 to 9.2.4
- [Release notes](https://github.com/open-cli-tools/concurrently/releases)
- [Commits](open-cli-tools/concurrently@v9.2.1...v9.2.4)

Updates `electron` from 42.4.0 to 42.7.0
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](electron/electron@v42.4.0...v42.7.0)

Updates `vite` from 7.3.2 to 7.3.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.6/packages/vite)

Updates `@types/vscode` from 1.120.0 to 1.125.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/vscode)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-version: 25.9.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@types/vscode"
  dependency-version: 1.125.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: concurrently
  dependency-version: 9.2.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: electron
  dependency-version: 42.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: gitnexus
  dependency-version: 1.6.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: turbo
  dependency-version: 2.9.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dev-dependencies-5b3ce4c313 branch from 1b0d212 to 4157e3b Compare July 15, 2026 03:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants