Skip to content

chore(deps): bump the minor-patch group across 1 directory with 7 updates#55

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-patch-911480385e
Open

chore(deps): bump the minor-patch group across 1 directory with 7 updates#55
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-patch-911480385e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the minor-patch group with 6 updates in the / directory:

Package From To
@modelcontextprotocol/sdk 1.27.1 1.29.0
fuse.js 7.1.0 7.4.2
zod 4.3.6 4.4.3
@biomejs/biome 2.4.7 2.5.0
@types/node 25.5.0 25.9.3
@vitest/coverage-v8 4.1.0 4.1.8

Updates @modelcontextprotocol/sdk from 1.27.1 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

Commits

Updates fuse.js from 7.1.0 to 7.4.2

Release notes

Sourced from fuse.js's releases.

v7.4.2

Bug Fixes

  • types: ship CommonJS type declarations (.d.cts) so consumers on moduleResolution: node16/nodenext no longer hit TS1479 ("masquerading as ESM") when importing the package from a CommonJS project. The lib entries now resolve to a runtime-accurate export = declaration and the worker to its named declaration, via the require exports condition. (#780)

Full Changelog: krisk/Fuse@v7.4.1...v7.4.2

v7.4.1

Bug Fixes

  • types: ship TypeScript declarations for fuse.js/worker (572ad1e), closes #828
  • types: add TypeScript declarations for fuse.js/worker-script (6ef6c33), closes #828

Both worker subpaths now resolve types under node16/nodenext and bundler module resolution.

v7.4.0

First stable on the 7.4 line. Aggregates everything from the 7.4.0-beta.17.4.0-beta.8 cycle. See CHANGELOG.md for the per-beta breakdown.

Features

  • FuseWorker — parallel search via Web Workers (9ba192c). New FuseWorker class shards the collection across workers, runs searches in parallel, and preserves the same result ordering as Fuse. See the Web Workers guide.
  • token-search: tokenMatch: 'all' | 'any' option for AND/OR semantics (#827, 9f979d0). Default 'any' preserves existing behavior; 'all' requires every query word to match somewhere in a record (term-centric AND), useful for filter-style queries.
  • token-search: customizable tokenizer with unicode-aware default (#821, 8e55cae). New tokenize?: RegExp | (text: string) => string[] option; the default regex now segments CJK, Cyrillic, Greek, Arabic, etc. out of the box.

Bug Fixes

  • matches: report array-path keys as dotted strings (acd54e8). Previously match.key leaked a raw string[] for keys declared as path arrays (e.g. keys: [['author', 'firstName']]), contradicting the documented FuseResultMatch.key: string type. Now emits the canonical dotted string ('author.firstName'). Behavior change: consumers relying on the array shape need to update.
  • bitap: restrict highlight indices to matched window (#792, 622f105). Closes #505, #611, #691, #793.
  • index: correct doc-index alignment for Fuse<string> with blank docs (0b8e3ca).
  • core: invalidate searcher cache on collection mutation (fcf4228).
  • token-search: renumber inverted index after doc removal (ea9356d).
  • workers: preserve global refIndex across shards (e4217f9), match Fuse ordering and reject non-cloneable options (d571390), reject useTokenSearch in FuseWorker (8c6183d).
  • match: explicitly reject useTokenSearch in Fuse.match (3959d91).
  • correct fieldCount accounting and add reverse lookup in inverted index (54e702c).
  • guard against empty-string crash in fieldNorm (e550ab1); skip consecutive spaces in fieldNorm word counting (5929af6).
  • types: resolve typecheck errors and align KeyStore types (dbc115d).
  • docs: reflect data edits in playground demo (#825, 6eff909).

Performance

  • reuse bit arrays in Bitap search instead of allocating per error level (ec9b446)
  • replace forEach with for loops in search hot paths (1945f49)
  • fast-path Math.pow when exponent is 1 in computeScore (c82de57)
  • pre-allocate records array and use for loops in FuseIndex.create (5800036)
  • replace regex with loop for word counting in fieldNorm (5517a9b)
  • use filter instead of reverse-splice in removeAll / remove (c74823b, 8372b0a)
  • token-search: drop unused postings from inverted index (5ea216f)

Internal

... (truncated)

Changelog

Sourced from fuse.js's changelog.

7.4.2 (2026-06-05)

Bug Fixes

  • types: emit CommonJS declarations (.d.cts) for node16/nodenext (#780) (33f5d29)

7.4.1 (2026-06-02)

Bug Fixes

  • types: add TypeScript declarations for fuse.js/worker-script (6ef6c33), closes #828
  • types: ship TypeScript declarations for fuse.js/worker (572ad1e), closes #828

7.4.0 (2026-05-30)

7.4.0-beta.8 (2026-05-25)

Bug Fixes

  • matches: report array-path keys as dotted strings (acd54e8)

7.4.0-beta.7 (2026-05-22)

Features

  • token-search: add tokenMatch 'all' | 'any' for AND/OR (#827) (9f979d0)

Bug Fixes

  • docs: reflect data edits in playground demo (#825) (6eff909)

7.4.0-beta.6 (2026-05-14)

Bug Fixes

7.4.0-beta.5 (2026-05-10)

Features

  • token-search: add customizable tokenizer with unicode-aware default (8e55cae), closes #821

... (truncated)

Commits
  • 9e63058 chore(release): 7.4.2
  • 33f5d29 fix(types): emit CommonJS declarations (.d.cts) for node16/nodenext (#780)
  • 7c6af4e build: replace rollup/babel/terser build with tsdown
  • 50f6b24 chore(deps): pin fast-uri to ^3.1.2 via overrides
  • 9e6ec22 chore(build): exit non-zero when a build step fails
  • ff51f6b chore: source docs version from package.json, not npm view
  • 08b77d9 chore: bump doc versions to 7.4.1
  • ce75998 chore(release): 7.4.1
  • e842baf test(types): guard that every exports subpath resolves to declarations
  • 6ef6c33 fix(types): add TypeScript declarations for fuse.js/worker-script
  • Additional commits viewable in compare view

Updates zod from 4.3.6 to 4.4.3

Release notes

Sourced from zod's releases.

v4.4.3

Commits:

  • 4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo
  • 2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern
  • 9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)
  • b8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • c2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (#5941)
  • f3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3
  • 1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md

v4.4.2

Commits:

  • 0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (#5901)
  • 20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps
  • 6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (#5791)
  • 4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing
  • bbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents
  • cf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint
  • 292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor
  • 1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion
  • 1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance
  • e20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes
  • e58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights
  • 905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing
  • bf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md
  • 8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch
  • 02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (#5929)
  • 88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated baseUrl from tsconfig
  • c59d4474e3b4cad1b323462186cf607178ce8267 4.4.2

v4.4.1

Commits:

  • 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
  • 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
  • cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
  • edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
  • 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

... (truncated)

Commits
  • 1fb56a5 docs: document release procedure in AGENTS.md
  • f3c9ec0 4.4.3
  • c2be4f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent...
  • 1cab693 fix(v4): restore catch handling for absent object keys (#5937) (#5939)
  • b8dffe9 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)
  • 9195250 docs: remove Mintlify from bronze sponsors (churned)
  • 2c70332 docs: normalize bronze sponsor logos to github avatar pattern
  • 7391be8 docs: prune lapsed silver/bronze sponsors and add active ones
  • 2aeec83 docs: prune lapsed gold sponsors and rebalance logo sizing
  • 4c2fa95 docs: use Zernio primary wordmark for gold sponsor logo
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.


Updates @biomejs/biome from 2.4.7 to 2.5.0

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.0

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.

  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
<div onclick="handleClick()">Click me</div>
<!-- Valid: has keyboard handler -->
<div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
<!-- Valid: inherently keyboard-accessible -->
<button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
<html>
  <head>
    <style>
      .button {
        color: blue;
      }
    </style>
  </head>
  <body>
    <div class="button typo"></div>
  </body>
</html>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.

  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
<div onclick="handleClick()">Click me</div>
<!-- Valid: has keyboard handler -->
<div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
<!-- Valid: inherently keyboard-accessible -->
<button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
<html>
  <head>
    <style>
      .button {
        color: blue;
      }
    </style>
  </head>
  <body>
    <div class="button typo"></div>
  </body>
</html>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

    /* styles.css — .ghost is never used in any importing file */

... (truncated)

Commits

Updates @types/node from 25.5.0 to 25.9.3

Commits

Updates @vitest/coverage-v8 from 4.1.0 to 4.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

... (truncated)

Commits

Updates vitest from 4.1.0 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

... (truncated)

Commits
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • a09d472 chore: release v4.1.7
  • a8fd24c chore: release v4.1.6
  • 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
  • 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
  • e399846 chore: release v4.1.5
  • 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
  • 9787ded fix: respect diff config options in soft assertions (#8696)
  • 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 4, 2026
@vercel

vercel Bot commented Jun 4, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
tokencost Ready Ready Preview, Comment Jun 12, 2026 4:17pm

Request Review

@dependabot
chore(deps): bump the minor-patch group across 1 directory with 7 upd…
c9cf446 
…ates

Bumps the minor-patch group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.27.1` | `1.29.0` |
| [fuse.js](https://github.com/krisk/Fuse) | `7.1.0` | `7.4.2` |
| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.7` | `2.5.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.0` | `25.9.3` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.0` | `4.1.8` |



Updates `@modelcontextprotocol/sdk` from 1.27.1 to 1.29.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@v1.27.1...v1.29.0)

Updates `fuse.js` from 7.1.0 to 7.4.2
- [Release notes](https://github.com/krisk/Fuse/releases)
- [Changelog](https://github.com/krisk/Fuse/blob/main/CHANGELOG.md)
- [Commits](krisk/Fuse@v7.1.0...v7.4.2)

Updates `zod` from 4.3.6 to 4.4.3
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v4.3.6...v4.4.3)

Updates `@biomejs/biome` from 2.4.7 to 2.5.0
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.0/packages/@biomejs/biome)

Updates `@types/node` from 25.5.0 to 25.9.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitest/coverage-v8` from 4.1.0 to 4.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/coverage-v8)

Updates `vitest` from 4.1.0 to 4.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: "@types/node"
  dependency-version: 25.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: fuse.js
  dependency-version: 7.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: vitest
  dependency-version: 4.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: zod
  dependency-version: 4.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the minor-patch group with 7 updates chore(deps): bump the minor-patch group across 1 directory with 7 updates Jun 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/minor-patch-911480385e branch from 9bf031f to c9cf446 Compare June 12, 2026 16:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants