Bump the npm group across 1 directory with 10 updates

[dependabot]

Bumps the npm group with 9 updates in the / directory:

Package	From	To
js-base64	3.7.7	3.7.8
@biomejs/biome	2.0.6	2.3.10
@rollup/plugin-node-resolve	16.0.1	16.0.3
@rollup/plugin-typescript	12.1.4	12.3.0
jasmine	5.8.0	5.13.0
publint	0.3.12	0.3.16
puppeteer	24.11.2	24.34.0
rollup	4.44.1	4.54.0
typescript	5.8.3	5.9.3

Updates js-base64 from 3.7.7 to 3.7.8

Commits

• 5fd183d version 3.7.8
• fa94481 add permissions section to make CodeQL happy
• fb0b409 add node 24
• f2587cc use unknown instead of any accordingly to Aaron
• 237bffc use unknown instead of any accordingly to Aaron
• 73236ad Merge pull request #187 from Chanran/feat/optimize-atobPolyfill-performance
• 9df6b69 Merge pull request #179 from lifeiscontent/patch-1
• 1b1c84f feat: optimize atobPolyfill performance to avoid minor gc
• 09fde58 Update base64.ts
• df91b05 add node 22
• See full diff in compare view

Updates @biomejs/biome from 2.0.6 to 2.3.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.10

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

What's Changed

• feat: new Turborepo domain and noUndeclaredEnvVars rule by @​anthonyshew in biomejs/biome#8426
• fix(noExtraNonNullAssertion): fix regression by @​dyc3 in biomejs/biome#8477
• fix(analyze/js): index ts constructor methods in semantic model (regression) by @​dyc3 in biomejs/biome#8479
• fix(lint): lint/suspicous/noRedeclare should not report redeclarations for infer type in conditional types by @​taga3s in biomejs/biome#8417
• fix(noLeakedRender): eslint rule name fix by @​vsn4ik in biomejs/biome#8420
• chore: add kraken as bronze sponsor by @​dyc3 in biomejs/biome#8486
• fix(linter): improve Vue defineProps handling in noVueReservedKeys by @​mdevils in biomejs/biome#8448
• fix(cli): colors with multi-codepoints characters by @​ematipico in biomejs/biome#8410
• feat(lint): implement noAmbiguousAnchorText by @​Netail in biomejs/biome#8372
• ci: release by @​github-actions[bot] in biomejs/biome#8474
• docs: fix typos for assist/actions/organize-imports by @​sergioness in biomejs/biome#8490

New Contributors

• @​taga3s made their first contribution in biomejs/biome#8417
• @​vsn4ik made their first contribution in biomejs/biome#8420
• @​sergioness made their first contribution in biomejs/biome#8490

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

... (truncated)

Commits

• fd279f3 ci: release (#8474)
• b352ee4 feat(lint): implement noAmbiguousAnchorText (#8372)
• 67546bc chore: add kraken as bronze sponsor (#8486)
• 285d932 feat: new Turborepo domain and noUndeclaredEnvVars rule (#8426)
• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates @rollup/plugin-node-resolve from 16.0.1 to 16.0.3

Changelog

Sourced from @​rollup/plugin-node-resolve's changelog.

v16.0.3

2025-10-13

Bugfixes

• fix: resolve bare targets of package "imports" using export maps; avoid fileURLToPath(null) (#1908)

v16.0.2

2025-10-04

Bugfixes

• fix: error thrown with empty entry (#1893)

Commits

• 764910a chore(release): node-resolve v16.0.3
• 3569720 fix(node-resolve): resolve bare targets of package "imports" using export map...
• 516ed1d chore(release): node-resolve v16.0.2
• 7ad5057 fix(node-resolve): error thrown with empty entry (#1893)
• See full diff in compare view

Updates @rollup/plugin-typescript from 12.1.4 to 12.3.0

Changelog

Sourced from @​rollup/plugin-typescript's changelog.

v12.3.0

2025-10-23

Features

• feat: expose latest Program to transformers in watch mode (#1923)

v12.2.0

2025-10-22

Features

• feat: process .js when allowJs is enabled (#1920)

Commits

• 973054d chore(release): typescript v12.3.0
• b6f027b feat(typescript): expose latest Program to transformers in watch mode (#1923)
• a9cdbb5 chore(release): typescript v12.2.0
• 89fa680 feat(typescript): process .js when allowJs is enabled (#1920)
• See full diff in compare view

Updates jasmine from 5.8.0 to 5.13.0

Release notes

Sourced from jasmine's releases.

v5.13.0

Please see the release notes.

v5.12.0

Please see the release notes.

v5.11.0

Please see the release notes.

v5.10.0

Please see the release notes.

v5.9.0

Please see the release notes.

Commits

• 3a52df9 Bump version to 5.13.0
• 2e50eb9 Bump version to 5.12.0
• d6adaff Bump version to 5.11.0
• 6fd6b39 Revert "Allow glob 11.x in addition to 10.x"
• 8295f17 Allow glob 11.x in addition to 10.x
• 7aefc26 Use boot(true) where possible
• 401cc17 Fix duplicate names in own tests
• e1e9411 Bump version to 5.10.0
• 2712681 Fixed release notes
• 642b38c Bump version to 5.9.0
• Additional commits viewable in compare view

Updates jasmine-core from 5.8.0 to 5.13.0

Release notes

Sourced from jasmine-core's releases.

v5.13.0

Please see the release notes.

v5.12.1

Please see the release notes.

v5.12.0

Please see the release notes.

v5.11.0

Please see the release notes.

v5.10.0

Please see the release notes.

v5.9.0

Please see the release notes.

Commits

• 9cf9b85 Bump version to 5.13.0
• db6c142 Copy 6.0.0-beta.0 release notes from branch
• 1e691b2 Prettier
• c5555dd Better debug logging for spec that occasionally fails in FF
• 78c14f8 Copy 6.0.0-alpha.2 release notes from branch
• 56e2832 Add manual and cron triggers to Safari build
• 9a9d399 Add Safari 26 to supported browsers
• ff9feb2 Configurable spec/suite filename detection
• fee7e6e Merge branch 'jonahd-g-main'
• 18d4d38 Fix version number in 5.12.1 release notes
• Additional commits viewable in compare view

Updates publint from 0.3.12 to 0.3.16

Release notes

Sourced from publint's releases.

publint@0.3.16

Patch Changes

• Re-enable file existence checks for TS and TSX files if they do not use custom conditions. In v0.3.10, this was done unconditionally instead which missed catching possible file typos if only common conditions are used. (7b1408e)

publint@0.3.15

Patch Changes

• Skip file existence checks when crawling subpath imports as they may be dev-only and not used after bundling or publish. This check may be improved in the future when publint can scan for files to see if the subpath imports are used. (0d72997)

• Handle exports["default"] and exports['default'] for CJS_WITH_ESMODULE_DEFAULT_EXPORT rule (8285f77)

publint@0.3.14

Patch Changes

• Add a new warning when an entrypoint is exported as CJS-only, has a default export, and has the __esModule marker. This setup has different interpretations by bundlers and runtimes, and implicit handling detection that may not be obvious for both package authors and users, hence it is discouraged. (#201)

publint@0.3.13

Patch Changes

• Improve message for "main" field with empty value and has missing files (0499518)

• Update fallback arrays message for CLI output (37b9dd5)

Changelog

Sourced from publint's changelog.

0.3.16

Patch Changes

• Re-enable file existence checks for TS and TSX files if they do not use custom conditions. In v0.3.10, this was done unconditionally instead which missed catching possible file typos if only common conditions are used. (7b1408e)

0.3.15

Patch Changes

• Skip file existence checks when crawling subpath imports as they may be dev-only and not used after bundling or publish. This check may be improved in the future when publint can scan for files to see if the subpath imports are used. (0d72997)

• Handle exports["default"] and exports['default'] for CJS_WITH_ESMODULE_DEFAULT_EXPORT rule (8285f77)

0.3.14

Patch Changes

• Add a new warning when an entrypoint is exported as CJS-only, has a default export, and has the __esModule marker. This setup has different interpretations by bundlers and runtimes, and implicit handling detection that may not be obvious for both package authors and users, hence it is discouraged. (#201)

0.3.13

Patch Changes

• Improve message for "main" field with empty value and has missing files (0499518)

• Update fallback arrays message for CLI output (37b9dd5)

Commits

• 9ef31c5 Release packages (#210)
• 7fb8483 Set prettier printWidth to 100
• 6e45f1e Update dependencies
• 7b1408e Re-enable TS file existence check for common conditions
• d02eb46 Improve repo parse
• 849f435 Update dependencies
• fa7e5a5 Release packages (#206)
• 0d72997 Skip file existence checks for subpath imports
• f5de690 Warn CJS with default export and __esModule marker using `exports.["default...
• d4bed91 Release packages (#204)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for publint since your current version.

Updates puppeteer from 24.11.2 to 24.34.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.34.0

24.34.0 (2025-12-19)

🎉 Features

• publish page.resize() (#14525) (ee31c21)

🛠️ Fixes

• roll to Chrome 143.0.7499.169 (#14529) (40c73cd)
• roll to Firefox 146.0.1 (#14530) (f0c7e57)

puppeteer: v24.34.0

24.34.0 (2025-12-19)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.33.1 to 24.34.0

puppeteer-core: v24.33.1

24.33.1 (2025-12-18)

🛠️ Fixes

• DevTools worker targets should not end up as DevToolsTarget (#14505) (e37f1a4)
• roll to Chrome 143.0.7499.146 (#14519) (0fe8e2c)
• webdriver: emit response event on network.responseStarted (#14513) (cdd358f)

puppeteer: v24.33.1

24.33.1 (2025-12-18)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

... (truncated)

Changelog

Sourced from puppeteer's changelog.

24.34.0 (2025-12-19)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.33.1 to 24.34.0

🎉 Features

• publish page.resize() (#14525) (ee31c21)

🛠️ Fixes

• roll to Chrome 143.0.7499.169 (#14529) (40c73cd)
• roll to Firefox 146.0.1 (#14530) (f0c7e57)

24.33.1 (2025-12-18)

♻️ Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.33.0 to 24.33.1

🛠️ Fixes

• DevTools worker targets should not end up as DevToolsTarget (#14505) (e37f1a4)
• roll to Chrome 143.0.7499.146 (#14519) (0fe8e2c)
• webdriver: emit response event on network.responseStarted (#14513) (cdd358f)

24.33.0 (2025-12-11)

... (truncated)

Commits

• 7d750c2 chore: release main (#14526)
• f0c7e57 fix: roll to Firefox 146.0.1 (#14530)
• c1cb7b6 docs: add full screen request guide and correct typos (#14527)
• 40c73cd fix: roll to Chrome 143.0.7499.169 (#14529)
• ee31c21 feat: publish page.resize() (#14525)
• 5aab24c docs: patch failed release generation (#14524)
• edf5f9e chore: release main (#14506)
• c369b65 docs: add new guides to the sidebar (#14523)
• 73acfc0 test: add a keep alive fetch interception test (#14522)
• b177004 docs: added screen configuration and window management examples (#14521)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for puppeteer since your current version.

Updates rollup from 4.44.1 to 4.54.0

Release notes

Sourced from rollup's releases.

v4.54.0

4.54.0

2025-12-20

Features

• Enable tree-shaking for Symbol.hasInstance, Symbol.dispose and Symbol.asyncDispose properties if unused (#6046)

Bug Fixes

• Ensure that well-known-Symbol-valued properties are not tree-shaken except in select cases (#6046)
• Ensure namespace properties are included when referenced only from a try-catch (#6216)

Pull Requests

• #6046: fix: correctly handle wellknown protocols (@​cyyynthia, @​lukastaegert)
• #6201: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6211: chore(deps): update msys2/setup-msys2 digest to 4f806de (@​renovate[bot], @​lukastaegert)
• #6212: chore(deps): update actions/cache action to v5 (@​renovate[bot])
• #6213: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #6214: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6215: chore(deps): lock file maintenance (@​renovate[bot])
• #6216: fix: include namespace variable paths during try-catch deoptimization (@​schwing)

v4.53.5

4.53.5

2025-12-16

Bug Fixes

• Fix wrong semicolon insertion position when using JSX (#6206)
• Generate spec-compliant sourcemaps when sources content is excluded (#6196)

Pull Requests

• #6196: fix: set sourcesContent to undefined instead of null when excluding sources content (@​TrickyPi)
• #6206: Fix semicolon order in JSX (@​TrickyPi)

v4.53.4

4.53.4

2025-12-15

Bug Fixes

• Ensure Symbol.dispose and Symbol.asyncDispose properties are never removed with (await) using declarations. (#6209)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.54.0

2025-12-20

Features

• Enable tree-shaking for Symbol.hasInstance, Symbol.dispose and Symbol.asyncDispose properties if unused (#6046)

Bug Fixes

• Ensure that well-known-Symbol-valued properties are not tree-shaken except in select cases (#6046)
• Ensure namespace properties are included when referenced only from a try-catch (#6216)

Pull Requests

• #6046: fix: correctly handle wellknown protocols (@​cyyynthia, @​lukastaegert)
• #6201: chore(deps): update dependency lru-cache to v11 (@​renovate[bot], @​lukastaegert)
• #6211: chore(deps): update msys2/setup-msys2 digest to 4f806de (@​renovate[bot], @​lukastaegert)
• #6212: chore(deps): update actions/cache action to v5 (@​renovate[bot])
• #6213: chore(deps): update github artifact actions (major) (@​renovate[bot])
• #6214: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #6215: chore(deps): lock file maintenance (@​renovate[bot])
• #6216: fix: include namespace variable paths during try-catch deoptimization (@​schwing)

4.53.5

2025-12-16

Bug Fixes

• Fix wrong semicolon insertion position when using JSX (#6206)
• Generate spec-compliant sourcemaps when sources content is excluded (#6196)

Pull Requests

• #6196: fix: set sourcesContent to undefined instead of null when excluding sources content (@​TrickyPi)
• #6206: Fix semicolon order in JSX (@​TrickyPi)

4.53.4

2025-12-15

Bug Fixes

• Ensure Symbol.dispose and Symbol.asyncDispose properties are never removed with (await) using declarations. (#6209)

Pull Requests

• #6185: chore(deps): update dependency @​inquirer/prompts to v8 (@​renovate[bot], @​lukastaegert)
• #6186: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

... (truncated)

Commits

• 88f1430 4.54.0
• e5e01c1 fix: include namespace variable paths during try-catch deoptimization (#6216)
• 107959c fix: correctly handle wellknown protocols (#6046)
• 160514d chore(deps): lock file maintenance (#6215)
• 59bda58 chore(deps): update msys2/setup-msys2 digest to 4f806de (#6211)
• 9b7ca4d chore(deps): update actions/cache action to v5 (#6212)
• abf1fb5 chore(deps): update github artifact actions (major) (#6213)
• 0dec3ca fix(deps): lock file maintenance minor/patch updates (#6214)
• c3fa50c chore(deps): update dependency lru-cache to v11 (#6201)
• 31bb66e 4.53.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for rollup since your current version.

Updates typescript from 5.8.3 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

TypeScript 5.9

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

TypeScript 5.9 RC

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

• npm

TypeScript 5.9 Beta

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• 5be3346 Bump version to 5.9.2 and LKG
• ad825f2 Bump version to 5.9.1-rc and LKG
• 463a5bf Update LKG
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions