chore(deps-dev): bump the minor-development-deps group with 10 updates

[dependabot]

Bumps the minor-development-deps group with 10 updates:

Package	From	To
@biomejs/biome	2.3.2	2.3.8
@tsconfig/node20	20.1.6	20.1.8
knip	5.66.4	5.70.2
prettier	3.6.2	3.7.3
tsup	8.5.0	8.5.1
@readme/oas-examples	7.0.3	7.0.4
@vitest/coverage-v8	4.0.6	4.0.14
tsx	4.20.6	4.21.0
type-fest	5.1.0	5.2.0
jest-expect-openapi	4.1.0	4.1.1

Updates @biomejs/biome from 2.3.2 to 2.3.8

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.8

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

  const foo = "Line 1\nLine 2";
  const bar = `Line 1

... (truncated)

Commits

• 0a6b6fb chore: restore version and yaml how they were
• 5d15cd5 chore: revert version
• 59fa146 ci: release (#8263)
• f7e836f feat(biome_js_analyze): implement noProto rule (#8276)
• b537918 feat(js_biome_analyze): implement noDuplicatedSpreadProps (#8116)
• 91484d1 feat(biome_js_analyze): implement noMultiStr rule (#8218)
• 68c052e feat(biome_js_analyze): implement noEqualsToNull rule (#8214)
• 79adaea feat(lint): added new rule no-leaked-render from eslint-react (#8171)
• cd2edd7 feat(js_analyze): implement noTernary (#8201)
• 8e97b89 ci: release (#8161)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates @tsconfig/node20 from 20.1.6 to 20.1.8

Commits

• See full diff in compare view

Updates knip from 5.66.4 to 5.70.2

Release notes

Sourced from knip's releases.

Release 5.70.2

• Restore & add TS v5.5.0 workarounds ↻ oh my (fe7ea23981ae1c94118041299b9f1fecceba62d4)
• Extend & refactor Import in module graph (ad25794fc5ed465cf4be151df05fc4196d1589e4)
• Fix TYPE_ONLY instance (b431303d60f84f6abf77f37f93ccf9ab399d4cc9)
• Add side-effect imports as well (ed289ba9e69a030f945a42aef0828029fbe9b734)
• Remove project patterns from astro plugin (ac9e378d2bdf84b70791bdce9febc511bee924b4)
• Don't leak negated entry into project patterns (eab2b892c774c8ed545952997e66cf53719fa68e)
• Run glob sets with negations separately (resolves #1249) (969e3afdb25d9e607ff68f60543c8f1e64be5a69)
• Include all groups to negate entry patterns in production mode (406592dca0e44917703b24cee78c2d85b0a42fb6)

Release 5.70.1

• chore: fix vitest node env recognition (#1360) (9a38e10230b18b256ee8ed03dcc5217029b5298d) - thanks @​jonathansamines!
• Improve some export/import positions (f6f58fa96ef1243c4e5c70e8860b286bd63bed94)
• Add some common hints/FAQs to plugin test template (da7cf84a501321a9bbb3e118e840d36d47abad56)

Release 5.70.0

• Revert "Revive some tests in Bun" (f1406b5d8fc5add850e88ea23619bad745519c97)
• feat(plugins): Add Prisma plugin entry and Prisma schema compiler (#1340) (9f80aa4b09f9c9c5a0e55015a8b0eae9fb2e1812) - thanks @​CHC383!
• Improve some export/import positions (b19282b3ff84d1486820afb9f09e1384d8934bc8)
• Move block to group top-level patterns (bba25f33d489fb1942925d022348536513e4a4dd)
• Improve some naming around module graph (63d61176f0613bb405627f6cab2dc1bbee052df5)
• Minor refactors (a63b0dce0f886f297650185c72003f7c935a9deb)
• Update auto-fix.mdx (#1356) (c64d9056ef9aed63b1b8255dc1bad120a21f311f) - thanks @​skvale!
• Improve side-effects & opaque import call handling (resolve #1352) (e364589d790ce185c9a3b29aa2ea00f2663064d6)
• Add some unit tests for isIdentifierReferenced (f31eab4b443f084ff4af3eab187c352deab27089)
• Add support for awaited import call promise (92cbcef6b0501891e9e62ef6a3ef801b0de945e7)
• Edit and dim tag hints title (e4affd2f0651ba530817bb04805805e6474b0fbe)
• feat(plugins): Add taskfile plugin (#1357) (f64b72c31f0ee47da68a1eff96505dc770c43194) - thanks @​elierotenberg!
• Improve pragmas handling/setup (resolves #1358) (e0f497cc937e5cb5281a84a7e9c2181942b94361)
• Upgrade js-yaml + some others (resolve #1359) (5195888a691c200c971e214f28ad20bf4a395862)
• Clean up (da9440fb6a09222cc8a50093178e6cd69fee3bd6)

Release 5.69.1

• Release @​knip/create-config 1.0.8 (87405169656dbfa8cf931092d516c91647f95529)
• Edit docs (5eb8a6943904505b5630dee1ee58379c7707f72d)
• Apply Next.js page extensions to app directory (#1351) (f9cf9dc0fd44880a515979a104261ed77fa8878d) - thanks @​remcohaszing!
• Refactor fixes & consistently use issue.fixes (d7b45cfebb135881160ecda2acf0ad5239d98441)
• Revive some tests in Bun (74a0bd8ebf6e68e121333489495d2b6d58545fd4)
• Fix import identifier/specifier pos (95d2c04d5400ffb57f9057653c0977967b3ae02e)
• Fix namespace import pos (6b6b80b813d545d16ba74fc68beecd492f1252a2)
• Improve some export/import positions (9b87b1ac20fb33d9f9b5af1de1cbe1d053fa18ff)
• Rely on absolute paths with formatly (npx acts weird) (6653f357074c559f537af1b5563b191372d7901e)

Release 5.69.0

• Update mdxlint-preset-webpro (88e772a01022dd8a023d5f9c54fe2e1e1407565b)
• Edit docs (c44b8bfe849e131c0a071cd67cb63e8ef1bffc30)
• Upgrade biome (5d3d74d0cdcd507c5b9f7db2bc4c7a9896394bff)
• Fix up issue type shorthands (88ad825f80cd8390631ea6a67db35a28d21d6a0c)
• Improve zod error message (208381009cf99a15c0b1fe3feecbc202cbe4d7a1)
• Correct mdxlint setup in package.json (#1337) (71a4d125a8450c7a9e4a5c78735bbb3c2aabdae1) - thanks @​remcohaszing!

... (truncated)

Commits

• 59abdaa Release 5.70.2
• 406592d Include all groups to negate entry patterns in production mode
• 969e3af Run glob sets with negations separately (resolves #1249)
• eab2b89 Don't leak negated entry into project patterns
• ac9e378 Remove project patterns from astro plugin
• ed289ba Add side-effect imports as well
• b431303 Fix TYPE_ONLY instance
• ad25794 Extend & refactor Import in module graph
• fe7ea23 Restore & add TS v5.5.0 workarounds ↻ oh my
• d31050b Release 5.70.1
• Additional commits viewable in compare view

Updates prettier from 3.6.2 to 3.7.3

Release notes

Sourced from prettier's releases.

3.7.3

What's Changed

• Fix prettier.getFileInfo() change that breaks VSCode extension by @​fisker in prettier/prettier#18375

🔗 Changelog

3.7.2

What's Changed

• Fix string print when switching quotes by @​fisker in prettier/prettier#18351
• Preserve quote for embedded HTML attribute values by @​kovsu in prettier/prettier#18352
• Fix comment in empty type literal by @​fisker in prettier/prettier#18364

🔗 Changelog

3.7.1

• Fix performance regression in doc printer (#18342 by @​fisker)

🔗 Changelog

3.7.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.7.3

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

3.7.2

diff

JavaScript: Fix string print when switching quotes (#18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")
// Prettier 3.7.1
console.log('A descriptor\'s .kind must be "method" or "field".');
// Prettier 3.7.2
console.log('A descriptor\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;
// Prettier 3.7.1
const html = /* HTML */ &lt;div class=${styles.banner}&gt;&lt;/div&gt;;
// Prettier 3.7.2
const html = /* HTML */ &lt;div class=&quot;${styles.banner}&quot;&gt;&lt;/div&gt;;

TypeScript: Fix comment in empty type literal (#18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};
// Prettier 3.7.1
</tr></table>

... (truncated)

Commits

• fdfa670 Release 3.7.3
• 2dce3ec Fix typo
• 27d6c64 Revert previous change to getFileInfo (#18375)
• f4a7afa Add types for config related functions (#18376)
• 9266e3e Add resolved test cases (#18358)
• 3bfc014 Bump Prettier dependency to 3.7.2
• 081b846 Clean changelog_unreleased
• 03384c9 Release 3.7.2
• 514e51a Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.2
• 29a11ae Fix comment in empty type literal (#18364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.

Updates tsup from 8.5.0 to 8.5.1

Release notes

Sourced from tsup's releases.

v8.5.1

   🐞 Bug Fixes

• Add script tag validation  -  by @​benhoad in egoist/tsup#1314 (df736)
• Update esbuild to fix sourcemap source issue  -  by @​ArcherGu and @​sxzz in egoist/tsup#1316 (fb8ae)

    View changes on GitHub

Commits

• 1ecb6a5 chore: release v8.5.1
• e92ba64 chore: upgrade esbuild
• fb8ae7d fix: update esbuild to fix sourcemap source issue (#1316)
• db7cfaa chore: upgrade pnpm
• df7360b fix: add script tag validation (#1314)
• 65e8547 chore: bump source-map to 0.7.6 (#1358)
• f127e57 ci: switch to trusted publisher
• 8b6907d chore: add maintenance info in README (#1332)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tsup since your current version.

Updates @readme/oas-examples from 7.0.3 to 7.0.4

Commits

• fa28db7 chore(release): publish
• 4b1b54c chore(deps-dev): upgrading to vitest v4
• See full diff in compare view

Updates @vitest/coverage-v8 from 4.0.6 to 4.0.14

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.0.14

   🚀 Experimental Features

• browser: Expose utils.configurePrettyDOM  -  by @​sheremet-va in vitest-dev/vitest#9103 (2cc34)
• runner: Add full names to tasks  -  by @​macarie in vitest-dev/vitest#9087 (821aa)
• ui: Add tabbed failure view for toMatchScreenshot with comparison slider  -  by @​macarie in vitest-dev/vitest#8813 (c37c2)

   🐞 Bug Fixes

• Externalize before caching  -  by @​sheremet-va in vitest-dev/vitest#9077 (e1b2e)
• Collect the duration of external imports  -  by @​sheremet-va in vitest-dev/vitest#9097 (3326c)
• Rename collect to import, remove prepare  -  by @​sheremet-va in vitest-dev/vitest#9091 (1256b)
• browser:
  • Unsubscribe onCancel on rpc destroy  -  by @​AriPerkkio in vitest-dev/vitest#9088 (f5b72)
  • Revert the viewport scaling in non-ui mode #9018  -  by @​sheremet-va in vitest-dev/vitest#9072 and vitest-dev/vitest#9018 (64502)
• coverage:
  • Invalidate circular modules correctly on rerun with coverage  -  by @​aicest in vitest-dev/vitest#9096 (6f22c)
• expect:
  • Allow function as standard schema  -  by @​hi-ogawa in vitest-dev/vitest#9099 (ed8a2)
• jsdom:
  • Reuse abort signals if possible  -  by @​sheremet-va in vitest-dev/vitest#9090 (2c468)
• pool:
  • Init VITEST_POOL_ID + VITEST_WORKER_ID before environment setup  -  by @​AriPerkkio in vitest-dev/vitest#9085 (37918)
• web-worker:
  • postMessage to send ports to workers  -  by @​whitphx and @​AriPerkkio in vitest-dev/vitest#9078 (9d176)

   🏎 Performance

• Replace debug with obug  -  by @​sxzz and @​AriPerkkio in vitest-dev/vitest#9057 (acc51)

    View changes on GitHub

v4.0.13

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in vitest-dev/vitest#9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in vitest-dev/vitest#9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in vitest-dev/vitest#9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in vitest-dev/vitest#9076 (6b9a1)

    View changes on GitHub

v4.0.12

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in vitest-dev/vitest#9063 (9a8bc)

... (truncated)

Commits

• 9ca74cf chore: release v4.0.14
• acc5152 perf: replace debug with obug (#9057)
• 73b54ce chore: release v4.0.13
• 5aa84d5 chore: release v4.0.12
• c3befb0 chore: release v4.0.11
• 259a3d1 chore: release v4.0.10
• 62fab24 chore: release v4.0.9
• 46bfd09 chore: release v4.0.8
• da8b93a fix(deps): update all non-major dependencies (#8636)
• 1f5d9d2 chore: release v4.0.7
• See full diff in compare view

Updates tsx from 4.20.6 to 4.21.0

Release notes

Sourced from tsx's releases.

v4.21.0

4.21.0 (2025-11-30)

Features

• upgrade esbuild (#748) (048fb62)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• f6284cd ci: lock in semantic-release v24
• 048fb62 feat: upgrade esbuild (#748)
• See full diff in compare view

Updates type-fest from 5.1.0 to 5.2.0

Release notes

Sourced from type-fest's releases.

v5.2.0

New types

• Add ExclusifyUnion type (#1278) 2b906fe
• Add ArrayElement type (#1270) 2afaa40

Improvements

• CamelCase: Add splitOnNumbers option (#1290) ce2d244
• PackageJson: Add devEngines type (#1286) 3b4ad2e

Fixes

• ExcludeRestElement: Fix generic assignability with arrays (#1274) 12ef5b2
• GreaterThanOrEqual / LessThan: Fix behavior with operands like N and N | N + >0 (#1280) b2caa3f

---

sindresorhus/type-fest@v5.1.0...v5.2.0

Commits

• c300548 5.2.0
• 2b906fe Add ExclusifyUnion type (#1278)
• ce2d244 CamelCase: Add support for splitOnNumbers option (#1290)
• ff32c66 Fix CI
• bdb5658 ExtractStrict: Fix typo in docs (#1288)
• 12ef5b2 ExcludeRestElement: Fix generic assignability with arrays (#1274)
• 3b4ad2e PackageJson: Add devEngines type (#1286)
• ad62d2c Or/And: Fix documentation errors and add link to Xor (#1261)
• b2caa3f GreaterThanOrEqual / LessThan: Fix behavior with operands like N and `N...
• 5612f64 IfNotAnyOrNever: Add note regarding tail recursion (#1276)
• Additional commits viewable in compare view

Updates jest-expect-openapi from 4.1.0 to 4.1.1

Commits

• fa28db7 chore(release): publish
• 4b1b54c chore(deps-dev): upgrading to vitest v4
• 070f50a chore(deps): bump @​vitest/expect from 3.2.4 to 4.0.6 (#1015)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[erunion]

@dependabot recreate