Skip to content

chore(deps-dev): bump the bun group with 9 updates#267

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/bun-c53c4c494f
Open

chore(deps-dev): bump the bun group with 9 updates#267
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/bun-c53c4c494f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown

Bumps the bun group with 9 updates:

Package From To
@biomejs/biome 2.3.6 2.5.0
publint 0.3.18 0.3.21
@types/node 24.10.1 26.0.0
rimraf 6.1.0 6.1.3
tsx 4.20.6 4.22.4
typescript 5.9.3 6.0.3
@parcel/transformer-inline-string 2.16.1 2.16.4
parcel 2.16.1 2.16.4
@napi-rs/cli 3.5.1 3.7.2

Updates @biomejs/biome from 2.3.6 to 2.5.0

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.0

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
    ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
    × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
    × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
    
  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
    <div onclick="handleClick()">Click me</div>
    <!-- Valid: has keyboard handler -->
    <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
    <!-- Valid: inherently keyboard-accessible -->
    <button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
    <html>
      <head>
        <style>
          .button {
            color: blue;
          }
        </style>
      </head>
      <body>
        <div class="button typo"></div>
      </body>
    </html>
  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
    ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
    × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
    × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
    
  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
    <div onclick="handleClick()">Click me</div>
    <!-- Valid: has keyboard handler -->
    <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
    <!-- Valid: inherently keyboard-accessible -->
    <button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
    <html>
      <head>
        <style>
          .button {
            color: blue;
          }
        </style>
      </head>
      <body>
        <div class="button typo"></div>
      </body>
    </html>
  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

    /* styles.css — .ghost is never used in any importing file */

... (truncated)

Commits

Updates publint from 0.3.18 to 0.3.21

Release notes

Sourced from publint's releases.

publint@0.3.21

Patch Changes

  • Suggest adding "sideEffects": false when bundler-oriented package fields or conditions are detected and the field is missing. (#228)

publint@0.3.20

Patch Changes

  • Suggest adding engines.node when it is missing from detected Node.js packages (#226)

  • Loosen "breaking change" wording in lint messages (7bb3f4f)

publint@0.3.19

Patch Changes

  • Add NESTED_PACKAGE_JSON_FIELD_IGNORED to warn when published nested package.json files define "exports" or "imports", which Node.js ignores outside the package root. (#224)

  • Fix internal browser directory traversal logic (#224)

Changelog

Sourced from publint's changelog.

0.3.21

Patch Changes

  • Suggest adding "sideEffects": false when bundler-oriented package fields or conditions are detected and the field is missing. (#228)

0.3.20

Patch Changes

  • Suggest adding engines.node when it is missing from detected Node.js packages (#226)

  • Loosen "breaking change" wording in lint messages (7bb3f4f)

0.3.19

Patch Changes

  • Add NESTED_PACKAGE_JSON_FIELD_IGNORED to warn when published nested package.json files define "exports" or "imports", which Node.js ignores outside the package root. (#224)

  • Fix internal browser directory traversal logic (#224)

Commits

Updates @types/node from 24.10.1 to 26.0.0

Commits

Updates rimraf from 6.1.0 to 6.1.3

Commits

Updates tsx from 4.20.6 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

  • resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

This release is also available on:

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

  • decode typed loader source (dce02fc)
  • preserve entrypoint with TypeScript preload hooks (68f72f3)

This release is also available on:

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

  • preserve CJS JSON require in ESM hooks (35b700b)
  • preserve named exports from CommonJS TypeScript (11de737)
  • support module.exports require(esm) interop (cf8f199)

This release is also available on:

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

  • resolve tsconfig path aliases containing a colon (#780) (6979f28)

This release is also available on:

... (truncated)

Commits
  • 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
  • dce02fc fix: decode typed loader source
  • 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
  • 69455cf test: cover package exports for ambiguous ESM reexports
  • 35b700b fix: preserve CJS JSON require in ESM hooks
  • ef807db chore: update testing dependencies
  • 3917090 test: document compatibility test taxonomy
  • de8113f refactor: centralize Node capability facts
  • c1f62db test: consolidate tsconfig path edge coverage
  • 4e08174 test: consolidate loader hook coverage
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.


Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG
  • af4caac Update LKG
  • 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
  • Additional commits viewable in compare view

Updates @parcel/transformer-inline-string from 2.16.1 to 2.16.4

Release notes

Sourced from @​parcel/transformer-inline-string's releases.

v2.16.4

Fixed

  • Dev server
    • Add --no-cors option to disable CORS headers – Details

v2.16.2

Fixed

  • HTML

    • Fix siblings after <svg> being removed by HTML minifier – Details
  • React Server Components

    • Bump react-server-dom-parcel to ^19.1.1 to fix vulnerability
    • Fix cache key clash in @parcel/packager-react-staticDetails
    • Fix using inline string transformers with @parcel/packager-react-staticDetails
    • Preload CSS as soon as the RSC payload loads, without waiting for it to mount. This is useful for pre-fetching. – Details
Changelog

Sourced from @​parcel/transformer-inline-string's changelog.

[2.16.4] – 2026-02-01

Fixed

  • Dev server
    • Add --no-cors option to disable CORS headers – Details

[2.16.3] – 2025-12-06

Fixed

  • React Server Components
    • Fix react-dom import (bug in 2.16.2)

[2.16.2] – 2025-12-06

Fixed

  • HTML

    • Fix siblings after <svg> being removed by HTML minifier – Details
  • React Server Components

    • Bump react-server-dom-parcel to ^19.1.1 to fix vulnerability
    • Fix cache key clash in @parcel/packager-react-staticDetails
    • Fix using inline string transformers with @parcel/packager-react-staticDetails
    • Preload CSS as soon as the RSC payload loads, without waiting for it to mount. This is useful for pre-fetching. – Details
Commits

Updates parcel from 2.16.1 to 2.16.4

Release notes

Sourced from parcel's releases.

v2.16.4

Fixed

  • Dev server
    • Add --no-cors option to disable CORS headers – Details

v2.16.2

Fixed

  • HTML

    • Fix siblings after <svg> being removed by HTML minifier – Details
  • React Server Components

    • Bump react-server-dom-parcel to ^19.1.1 to fix vulnerability
    • Fix cache key clash in @parcel/packager-react-staticDetails
    • Fix using inline string transformers with @parcel/packager-react-staticDetails
    • Preload CSS as soon as the RSC payload loads, without waiting for it to mount. This is useful for pre-fetching. – Details
Changelog

Sourced from parcel's changelog.

[2.16.4] – 2026-02-01

Fixed

  • Dev server
    • Add --no-cors option to disable CORS headers – Details

[2.16.3] – 2025-12-06

Fixed

  • React Server Components
    • Fix react-dom import (bug in 2.16.2)

[2.16.2] – 2025-12-06

Fixed

  • HTML

    • Fix siblings after <svg> being removed by HTML minifier – Details
  • React Server Components

    • Bump react-server-dom-parcel to ^19.1.1 to fix vulnerability
    • Fix cache key clash in @parcel/packager-react-staticDetails
    • Fix using inline string transformers with @parcel/packager-react-staticDetails
    • Preload CSS as soon as the RSC payload loads, without waiting for it to mount. This is useful for pre-fetching. – Details
Commits

Updates @napi-rs/cli from 3.5.1 to 3.7.2

Release notes

Sourced from @​napi-rs/cli's releases.

@​napi-rs/cli@​3.7.1

What's Changed

New Contributors

Full Changelog: https://github.com/napi-rs/napi-rs/compare/napi-v3.9.0...@​napi-rs/cli@3.7.1

@​napi-rs/cli@​3.6.2

What's Changed

Full Changelog: https://github.com/napi-rs/napi-rs/compare/@​napi-rs/cli@3.6.1...@​napi-rs/cli@3.6.2

Commits
  • ebb3cf8 chore(release): publish
  • 4ec817b chore(deps): group emnapi updates and bump to 1.11.1 (#3326)
  • 0108423 chore(deps): update dependency esbuild to v0.28.1 [security] (#3323)
  • 4931225 fix(cli): emit Node 12 compatible CJS binding loader (#3312)
  • dea608e chore: release (#3306)
  • 670e5d3 chore(release): publish
  • a9abc61 fix(sys): restore napi_create_object_with_properties as compat alias (#3321)
  • 3e5a09f chore(deps): update release-plz/action action to v0.5.130 (#3320)
  • 09c9d97 ci: fix Electron install on Node 24.16+/26, add Node 26 to matrix (#3319)
  • ed5b5ab fix(napi): unify Reference finalize callbacks on Arc (Rc/Arc type confusion) ...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the bun group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.3.6` | `2.5.0` |
| [publint](https://github.com/publint/publint/tree/HEAD/packages/publint) | `0.3.18` | `0.3.21` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.10.1` | `26.0.0` |
| [rimraf](https://github.com/isaacs/rimraf) | `6.1.0` | `6.1.3` |
| [tsx](https://github.com/privatenumber/tsx) | `4.20.6` | `4.22.4` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [@parcel/transformer-inline-string](https://github.com/parcel-bundler/parcel) | `2.16.1` | `2.16.4` |
| [parcel](https://github.com/parcel-bundler/parcel) | `2.16.1` | `2.16.4` |
| [@napi-rs/cli](https://github.com/napi-rs/napi-rs) | `3.5.1` | `3.7.2` |


Updates `@biomejs/biome` from 2.3.6 to 2.5.0
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.0/packages/@biomejs/biome)

Updates `publint` from 0.3.18 to 0.3.21
- [Release notes](https://github.com/publint/publint/releases)
- [Changelog](https://github.com/publint/publint/blob/master/packages/publint/CHANGELOG.md)
- [Commits](https://github.com/publint/publint/commits/publint@0.3.21/packages/publint)

Updates `@types/node` from 24.10.1 to 26.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `rimraf` from 6.1.0 to 6.1.3
- [Changelog](https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md)
- [Commits](isaacs/rimraf@v6.1.0...v6.1.3)

Updates `tsx` from 4.20.6 to 4.22.4
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.20.6...v4.22.4)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `@parcel/transformer-inline-string` from 2.16.1 to 2.16.4
- [Release notes](https://github.com/parcel-bundler/parcel/releases)
- [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md)
- [Commits](parcel-bundler/parcel@v2.16.1...v2.16.4)

Updates `parcel` from 2.16.1 to 2.16.4
- [Release notes](https://github.com/parcel-bundler/parcel/releases)
- [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md)
- [Commits](parcel-bundler/parcel@v2.16.1...v2.16.4)

Updates `@napi-rs/cli` from 3.5.1 to 3.7.2
- [Release notes](https://github.com/napi-rs/napi-rs/releases)
- [Commits](https://github.com/napi-rs/napi-rs/compare/@napi-rs/cli@3.5.1...@napi-rs/cli@3.7.2)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bun
- dependency-name: publint
  dependency-version: 0.3.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun
- dependency-name: "@types/node"
  dependency-version: 26.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: bun
- dependency-name: rimraf
  dependency-version: 6.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun
- dependency-name: tsx
  dependency-version: 4.22.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bun
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: bun
- dependency-name: "@parcel/transformer-inline-string"
  dependency-version: 2.16.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun
- dependency-name: parcel
  dependency-version: 2.16.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: bun
- dependency-name: "@napi-rs/cli"
  dependency-version: 3.7.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: bun
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants