chore(deps): bump the bun-minor-patch group across 1 directory with 5 updates

[dependabot]

Bumps the bun-minor-patch group with 5 updates in the / directory:

Package	From	To
@anthropic-ai/claude-agent-sdk	0.3.177	0.3.195
@statelyai/inspect	0.7.1	0.7.2
xstate	5.32.1	5.32.2
@biomejs/biome	2.5.0	2.5.1
knip	6.16.1	6.22.0

Updates @anthropic-ai/claude-agent-sdk from 0.3.177 to 0.3.195

Release notes

Sourced from @​anthropic-ai/claude-agent-sdk's releases.

v0.3.195

What's changed

• Added Query.reinitialize() to re-send the initialize control request and redeliver pending permission/dialog prompts after a transport gap
• Fixed commands_changed event not being emitted for synced skills when the skill list resolves before the change-detector subscribes

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.195
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.195
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.195
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.195

v0.3.193

What's changed

• Added promptSuggestions option to Browser SDK query() to opt the remote CLI into emitting follow-up suggestions
• Fixed brief console window flashes on Windows when spawning CLI subprocesses

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.193
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.193
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.193
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.193

v0.3.191

What's changed

• Added old_source field to NotebookEdit tool results for replace and delete operations, enabling inline diffs
• Added seven_day_overage_included to SDKRateLimitInfo.rateLimitType for per-model weekly usage limits
• Added model_scoped array to usage response for per-model weekly limit windows with utilization and reset times
• Fixed fast mode reverting to standard after the first turn when settingSources includes user/project settings

Update

npm install @anthropic-ai/claude-agent-sdk@0.3.191
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.191
</tr></table> 

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-agent-sdk's changelog.

0.3.195

• Added Query.reinitialize() to re-send the initialize control request and redeliver pending permission/dialog prompts after a transport gap
• Fixed commands_changed event not being emitted for synced skills when the skill list resolves before the change-detector subscribes

0.3.194

• Updated to parity with Claude Code v2.1.194

0.3.193

• Added promptSuggestions option to Browser SDK query() to opt the remote CLI into emitting follow-up suggestions
• Fixed brief console window flashes on Windows when spawning CLI subprocesses

0.3.192

• Updated to parity with Claude Code v2.1.192

0.3.191

• Added old_source field to NotebookEdit tool results for replace and delete operations, enabling inline diffs
• Added seven_day_overage_included to SDKRateLimitInfo.rateLimitType for per-model weekly usage limits
• Added model_scoped array to usage response for per-model weekly limit windows with utilization and reset times
• Fixed fast mode reverting to standard after the first turn when settingSources includes user/project settings

0.3.190

• Updated to parity with Claude Code v2.1.190

0.3.188

• Updated to parity with Claude Code v2.1.188

0.3.187

• Added sandbox.credentials to SDK settings types for configuring credential file and environment variable denial in sandboxed commands

0.3.186

• Added agent_id field to can_use_tool control requests — background agents now forward permission prompts to canUseTool instead of auto-denying, and stdin stays open while background tasks are running
• Added ReadMcpResourceDirTool tool type to SDK schemas — MCP resource directory listing is now a dedicated tool instead of a fallback inside ReadMcpResourceTool
• Added rewind_conversation control request for rewinding a conversation to a previous point with durable resume anchor support

0.3.185

• Updated to parity with Claude Code v2.1.185

0.3.184

• Updated to parity with Claude Code v2.1.184

... (truncated)

Commits

• b09861c chore: Update CHANGELOG.md
• 761e2be chore: Update CHANGELOG.md
• 7eef35d chore: Update CHANGELOG.md
• b9c030b chore: Update CHANGELOG.md
• 4279d96 chore: Update CHANGELOG.md
• 42f6772 chore: Update CHANGELOG.md
• 810e709 chore: Update CHANGELOG.md
• fc84d93 chore: Update CHANGELOG.md
• 4d3840c chore: Update CHANGELOG.md
• 32753ee chore: Update CHANGELOG.md
• Additional commits viewable in compare view

Updates @statelyai/inspect from 0.7.1 to 0.7.2

Release notes

Sourced from @​statelyai/inspect's releases.

v0.7.2

Patch Changes

• #56 816a1a1 Thanks @​davidkpiano! - Remove the uuid dependency in favor of the platform-native crypto.randomUUID(), clearing CVE-2026-41907 flagged by downstream security scanners. A #uuid subpath import resolves to node:crypto in Node and the global crypto in browser/worker environments.

Changelog

Sourced from @​statelyai/inspect's changelog.

0.7.2

Patch Changes

• #56 816a1a1 Thanks @​davidkpiano! - Remove the uuid dependency in favor of the platform-native crypto.randomUUID(), clearing CVE-2026-41907 flagged by downstream security scanners. A #uuid subpath import resolves to node:crypto in Node and the global crypto in browser/worker environments.

Commits

• d72a7fc Merge pull request #57 from statelyai/changeset-release/main
• b7292cb Version Packages
• 9a2584a Merge pull request #56 from statelyai/davidkpiano/uuid-fix
• aefc757 Don't use baseUrl
• 816a1a1 Fix UUID issue
• See full diff in compare view

Updates xstate from 5.32.1 to 5.32.2

Release notes

Sourced from xstate's releases.

xstate@5.32.2

Patch Changes

• #5548 8a53531 Thanks @​JSap0914! - fix(core): fall back to wildcard event descriptors when an exact descriptor's guard fails

  When a state has both an exact event descriptor (e.g. "foo.bar") and a matching wildcard descriptor (e.g. "foo.*"), transitions from the exact descriptor are now tried first; if all their guards fail, matching wildcard descriptor transitions are tried as fallback. Previously, the presence of an exact match would prevent any wildcard fallback from being considered, leaving the machine in its current state when the exact descriptor's guard failed.

Commits

• 229d976 Version Packages (#5550)
• 8a53531 fix(core): fall back to wildcard descriptors when exact guard fails (#5548)
• c35cb81 Version Packages (#5541)
• 28c9961 [@​xstate/store] Add store effect trigger (#5537)
• See full diff in compare view

Updates @biomejs/biome from 2.5.0 to 2.5.1

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.1

2.5.1

Patch Changes

• #10722 f8a303d Thanks @​denbezrukov! - Fixed CSS formatter output for comments between import media queries.

  -@import url("print.css") print,
  -/* comment */
  -screen;
  +@import url("print.css") print, /* comment */ screen;

• #10738 9fdc560 Thanks @​JamBalaya56562! - Fixed #9899: the json and json-pretty reporters now escape backslashes in a diagnostic's location.path. Previously, paths containing backslashes (such as Windows-style paths) were emitted unescaped, producing invalid JSON.

  -    "path": "src\account\setup-passkey.tsx",
  +    "path": "src\\account\\setup-passkey.tsx",

• #10626 5f837df Thanks @​tom-groves! - Fixed #10625: biome migrate no longer emits an invalid trailing comma when a renamed rule (such as noConsoleLog → noConsole) is the last member of its rule group. Previously this produced malformed output that aborted the migration of a strict-JSON biome.json with a parsing error.

• #10535 c245f9d Thanks @​Mokto! - Fixed a false positive in noUnusedVariables for Svelte files where variables referenced inside {@html expr} blocks were incorrectly reported as unused.

• #10668 a0f197e Thanks @​Netail! - The biome init command has been updated to include a more up-to-date URL to the first-party extensions page.

• #10667 d8c3e87 Thanks @​Netail! - Fixed #10664: useErrorCause now correctly detects a shorthand property.

• #10696 ef2373f Thanks @​ematipico! - Fixed #9566. Improved how the Biome Language Server loads multiple configuration files inside a workspace.

• #10705 4ccb410 Thanks @​ematipico! - Fixed #10652. Biome plugins are now properly filtered when using --only and --skip flags.

• #10669 aa0a6eb Thanks @​Netail! - Fixed #10651: useInlineScriptId now correctly trims trivia to detect if an id attribute has been set.

• #10689 844b1be Thanks @​ematipico! - Fixed #10658. The issue was caused by the "Go-to definition" editor feature, which was enabled by default. The feature is now disabled by default. To work, the feature triggers the scanner to build the module graph. This caused memory leak issues in cases where Biome starts in the home directory to modify files.

  If you relied on this new feature, you must now turn on using the [editor settings] of the extension e.g. Zed and VSCode.

• #10695 043fbb5 Thanks @​ematipico! - Fixed #10674. Biome now throws an error when the field level is missing from a rule option.

• #10712 5941df2 Thanks @​Conaclos! - Improved the diagnostic and the documentation of useFlatMap.

• #10615 23814f1 Thanks @​qwertycxz! - Improved the DX the JSON schema when it's used by certain code editors like VSCode.

• #10688 ec69489 Thanks @​ematipico! - Fixed a bug where the Biome Daemon did not correctly shut down when the editor was closed during an in-progress operation, especially while scanning.

• #10701 6c2e0d7 Thanks @​ematipico! - Fixed #10694. The Biome Language Server no longer prints an error when the user hovers a variable imported from node_modules.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.1

Patch Changes

• #10722 f8a303d Thanks @​denbezrukov! - Fixed CSS formatter output for comments between import media queries.

  -@import url("print.css") print,
  -/* comment */
  -screen;
  +@import url("print.css") print, /* comment */ screen;

• #10738 9fdc560 Thanks @​JamBalaya56562! - Fixed #9899: the json and json-pretty reporters now escape backslashes in a diagnostic's location.path. Previously, paths containing backslashes (such as Windows-style paths) were emitted unescaped, producing invalid JSON.

  -    "path": "src\account\setup-passkey.tsx",
  +    "path": "src\\account\\setup-passkey.tsx",

• #10626 5f837df Thanks @​tom-groves! - Fixed #10625: biome migrate no longer emits an invalid trailing comma when a renamed rule (such as noConsoleLog → noConsole) is the last member of its rule group. Previously this produced malformed output that aborted the migration of a strict-JSON biome.json with a parsing error.

• #10535 c245f9d Thanks @​Mokto! - Fixed a false positive in noUnusedVariables for Svelte files where variables referenced inside {@html expr} blocks were incorrectly reported as unused.

• #10668 a0f197e Thanks @​Netail! - The biome init command has been updated to include a more up-to-date URL to the first-party extensions page.

• #10667 d8c3e87 Thanks @​Netail! - Fixed #10664: useErrorCause now correctly detects a shorthand property.

• #10696 ef2373f Thanks @​ematipico! - Fixed #9566. Improved how the Biome Language Server loads multiple configuration files inside a workspace.

• #10705 4ccb410 Thanks @​ematipico! - Fixed #10652. Biome plugins are now properly filtered when using --only and --skip flags.

• #10669 aa0a6eb Thanks @​Netail! - Fixed #10651: useInlineScriptId now correctly trims trivia to detect if an id attribute has been set.

• #10689 844b1be Thanks @​ematipico! - Fixed #10658. The issue was caused by the "Go-to definition" editor feature, which was enabled by default. The feature is now disabled by default. To work, the feature triggers the scanner to build the module graph. This caused memory leak issues in cases where Biome starts in the home directory to modify files.

  If you relied on this new feature, you must now turn on using the [editor settings] of the extension e.g. Zed and VSCode.

• #10695 043fbb5 Thanks @​ematipico! - Fixed #10674. Biome now throws an error when the field level is missing from a rule option.

• #10712 5941df2 Thanks @​Conaclos! - Improved the diagnostic and the documentation of useFlatMap.

• #10615 23814f1 Thanks @​qwertycxz! - Improved the DX the JSON schema when it's used by certain code editors like VSCode.

• #10688 ec69489 Thanks @​ematipico! - Fixed a bug where the Biome Daemon did not correctly shut down when the editor was closed during an in-progress operation, especially while scanning.

• #10701 6c2e0d7 Thanks @​ematipico! - Fixed #10694. The Biome Language Server no longer prints an error when the user hovers a variable imported from node_modules.

• #10681 888515b Thanks @​Conaclos! - Fixed useExportType that reported useless details in some diagnostics.

... (truncated)

Commits

• ffe7d33 chore: revert
• 564d660 chore: revert
• 0abf1a5 ci: release (#10627)
• 23814f1 chore(biome_configuration): add allowTrailingCommas to json-schema to make VS...
• a0f197e chore: dead and old links (#10668)
• See full diff in compare view

Updates knip from 6.16.1 to 6.22.0

Release notes

Sourced from knip's releases.

Release 6.22.0

• Support XO v1+ (#1819) (1dffe368b5c336d190e358ab4c2e2240e3d50e26) - thanks @​patrik-csak!
• feat: detect execaNode scripts in execa visitor (#1824) (5095ae1ccd0ceb083d4434e827443f03ba19a1ff) - thanks @​gwagjiug!
• Skip optional peerDeps referenced only via a host (resolve #1823) (7759a9894f2ac1d9425cf682e1e3c400f0976080)
• docs: update npmjs.com links to npmx.dev (#1826) (11fe8bd248c839c6eeb95b06c8204c25294e0adb) - thanks @​serhalp!
• docs: fix semi-broken link to DEVELOPMENT.md in CONTRIBUTING.md (#1827) (a5302b2466be1294633b1f40e86ca81a00605293) - thanks @​serhalp!
• feat: add support for Lunaria (#1825) (3e1b8212086dfae26fa7f368f245285ec82af14d) - thanks @​trueberryless!
• Fix lint issues (76c92e2328a94257afead6ae497a747a9e2944ea)

Release 6.21.0

• Detect Vite config dependencies (resolve #1721) (8754c43368112922c6f80d1f8d1d8ddb6cb29f25)
• fix: Update timerifyMethods to include resolveFromAST (#1814) (3c8deac3b856def31c16372f85525bf867105132) - thanks @​gwagjiug!
• Fix crash on null root export in package.json (resolve #1815) (9b8af2b343e1aacae46fedcb155252f56f9bae61)
• Fix unresolved subpath imports with a colon prefix (resolve #1816) (f89db4192ff7ff6c873828ed19fe40d379566b49)
• Detect Next.js entry files in subdirectory (resolve #1817) (f32c6ea215dde54a59af7b91fd8bdd2177cc2881)

Release 6.20.0

• Add raw transfer opt-out (resolve #1813) (6f08c680ac4acd6edf0806ba3c1c5c8f7bca24cd)
• Fix cached plugin config cycles (resolve #1811) (2bc2f2420ca71db1ae70846626c6152896d270ee)

Release 6.19.0

• feat: support new optional sveltekit config pattern via vite config (#1810) (3fee8bf608e0862d7bcdd1377cfb859a9185f17d) - thanks @​fubits1!
• Optimize hot path string scanning (e30cfe796423e3ecd9adff42291f3c4de6604d2b)
• Update astro snapshot (71e71a71b888a1b8034d4438635e94831d62b330)

Release 6.18.0

• Update dependencies (pin oxc-resolver) (7dda4eccc65c6d61ef2546442eb752b2a73edab9)
• Resolve tsconfig paths for non-TS importers independent of oxc ownership (3b71565e72107d43cbd6d2ddec7ab2fbbf65c001)
• Format (64865f8247b8956def52f1a387234562fbddd667)
• Fix false positive for Vitest mocks (#1802) (ec93e2013deb53902b406463b30fa6386445f9c9) - thanks @​remcohaszing!
• Mark npx-run binaries optional unless --no-install (resolve #1803) (203c31e1b2bd77eb9c94f82121f353fbf0671c67)
• Ignore pnpm [WARN] lines in ecosystem snapshots (392835a39b9429a3d85d712025da4c6531b8ece6)
• Update slonik snapshot (62d802bf8d53d7790f6322f481a290e09812cbcc)
• Update Jest entry patterns for Jest 30 (#1808) (d2caeddf32ba99ca12e5c26e891b7974392f981a) - thanks @​gwagjiug!
• Report stale workspaces configuration keys as configuration hints (#1807) (9083c16b3313fbebf5cb3cd11cadf45ac773bc3d) - thanks @​WooWan!

Release 6.17.2

• Fix up jest plugin (63dbd653b6e1be08a36401f5f728b351ab69e81b)
• Detect coverage provider from bare vitest --coverage flag (#1800) (dc11d9fc5458e6e1f734013eb82403eab07af2c1) - thanks @​WooWan!
• Don't disable configuration hints in workspace-scoped runs (#1791) (8ce1ec8160a786dad90903e43c3ef646ffba9464) - thanks @​WooWan!
• Detect react-email v6 packages from non-numeric version ranges (resolve #1798) (27a1caeb1bff6abcccd7140c7e92e4a57197ad47)
• Discover workspaces included after a negated pattern (resolve #1797) (630e152f6f687d9404cc25ffa01f0d49737d9229)

Release 6.17.1

• Remove ignoreBinaries w/ tar (b13d0ca1ce0a201b7e66f725039d9f346b4d424e)
• Wrap up docs/refs (29f3e46cc765a70643bcf2ef96e940ff371f39c6)
• Update dependencies (7b2f3458176110900204fa49e50650ac50d1f4db)
• Fix up vscode-languageclient imports (820c2335ca63f329f862eb8ec5c264bd8d5f09eb)

Release 6.17.0

... (truncated)

Commits

• c053755 Release knip@6.22.0
• 76c92e2 Fix lint issues
• 3e1b821 feat: add support for Lunaria (#1825)
• 11fe8bd docs: update npmjs.com links to npmx.dev (#1826)
• 7759a98 Skip optional peerDeps referenced only via a host (resolve #1823)
• 5095ae1 feat: detect execaNode scripts in execa visitor (#1824)
• 1dffe36 Support XO v1+ (#1819)
• 6b328d5 Release knip@6.21.0
• f32c6ea Detect Next.js entry files in subdirectory (resolve #1817)
• f89db41 Fix unresolved subpath imports with a colon prefix (resolve #1816)
• Additional commits viewable in compare view

[github-code-quality]

Code Coverage Overview

Languages: TypeScript

TypeScript / unit

The overall coverage remains at 88%, unchanged from the main branch.

---

_{Updated June 27, 2026 22:48 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}