chore(deps-dev): bump the dev-dependencies group with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates:

Package	From	To
@biomejs/biome	2.4.10	2.4.16
@types/node	22.19.15	25.9.2
lint-staged	16.4.0	17.0.7
tsx	4.21.0	4.22.4
typescript	5.9.3	6.0.3

Updates @biomejs/biome from 2.4.10 to 2.4.16

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.16

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Commits

• 5f4ea56 ci: release (#10326)
• de2a33c fix(core): regression in emitted types (#10478)
• d835303 docs: remove redundant default phrase in useConsistentObjectDefinitions rul...
• 4f1aaf2 fix: incorrect build when using build or test (#10426)
• dc73b6b refactor: make plugins opt-in via feature gate (#10418)
• e71f584 feat(useDestructuring): add options for assignment/declaration and improve di...
• 9b1577f fix(config): support trailingCommas in overrides (#10318)
• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• Additional commits viewable in compare view

Updates @types/node from 22.19.15 to 25.9.2

Commits

• See full diff in compare view

Updates lint-staged from 16.4.0 to 17.0.7

Release notes

Sourced from lint-staged's releases.

v17.0.7

Patch Changes

• #1806 e692e58 - Update dependency tinyexec@^1.2.4.

v17.0.6

Patch Changes

• #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

• #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

• #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

• #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

v17.0.5

Patch Changes

• #1792 1f67271 - Correctly set the --max-arg-length default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.

v17.0.4

Patch Changes

• #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

  • after editing <file> it is staged with git add <file>, and then committed with git commit
  • after editing <file> it is committed with git commit --all without explicit git add
  • after editing <file> it is committed with git commit <pathspec> without explicit git add

  There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

v17.0.3

Patch Changes

• #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
  • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
  • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

v17.0.2

Patch Changes

• #1779 88670ca Thanks @​iiroj! - Enable immutable GitHub releases

v17.0.1

Patch Changes

• #1776 4a5664b Thanks @​iiroj! - Adjust GitHub Actions workflow so that automatic publishing works with signed commits.

v17.0.0

... (truncated)

Changelog

Sourced from lint-staged's changelog.

17.0.7

Patch Changes

• #1806 e692e58 - Update dependency tinyexec@^1.2.4.

17.0.6

Patch Changes

• #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

• #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

• #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

• #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

17.0.5

Patch Changes

• #1792 1f67271 - Correctly set the --max-arg-length default value based on the running platform. This controls how very long lists of staged files are split into multiple chunks.

17.0.4

Patch Changes

• #1788 f95c1f8 - Another fix for making sure lint-staged adds task modifications correctly to the commit in the following cases:

  • after editing <file> it is staged with git add <file>, and then committed with git commit
  • after editing <file> it is committed with git commit --all without explicit git add
  • after editing <file> it is committed with git commit <pathspec> without explicit git add

  There's new test cases which actually setup the Git pre_commit hook to run lint-staged and verify them. These issues started in v17.0.0 when trying to improve support for committig without having explicitly staged files.

17.0.3

Patch Changes

• #1782 06813f9 Thanks @​iiroj! - Fix lint-staged behavior when implicitly committing files without using git add by either:
  • git commit -am "my commit message" where -a (--all) means to automatically stage all tracked modified and deleted files
  • git commit -m "my commit message" . where . is an example of a pathspec where matching files will be staged

17.0.2

Patch Changes

• #1779 88670ca Thanks @​iiroj! - Enable immutable GitHub releases

17.0.1

... (truncated)

Commits

• cd11fec Merge pull request #1807 from lint-staged/changeset-release/main
• 15a8ee0 chore(changeset): release
• 797bbd9 Merge pull request #1808 from lint-staged/add-stashing-faq
• 504e307 docs: add FAQ entry on how stashing works
• eff5cd1 Merge pull request #1806 from lint-staged/update-tinyexec
• e692e58 build(deps): update tinyexec@^1.2.4
• a2dd4ea Merge pull request #1805 from lint-staged/update-github-templates
• c928519 docs: update GitHub templates
• 094ba56 Merge pull request #1798 from lint-staged/changeset-release/main
• 88e19fe chore(changeset): release
• Additional commits viewable in compare view

Updates tsx from 4.21.0 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

• decode typed loader source (dce02fc)
• preserve entrypoint with TypeScript preload hooks (68f72f3)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

• preserve CJS JSON require in ESM hooks (35b700b)
• preserve named exports from CommonJS TypeScript (11de737)
• support module.exports require(esm) interop (cf8f199)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.22.1

4.22.1 (2026-05-17)

Bug Fixes

• resolve tsconfig path aliases containing a colon (#780) (6979f28)

---

This release is also available on:

• npm package (@​latest dist-tag)

... (truncated)

Commits

• 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
• dce02fc fix: decode typed loader source
• 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
• 69455cf test: cover package exports for ambiguous ESM reexports
• 35b700b fix: preserve CJS JSON require in ESM hooks
• ef807db chore: update testing dependencies
• 3917090 test: document compatibility test taxonomy
• de8113f refactor: centralize Node capability facts
• c1f62db test: consolidate tsconfig path edge coverage
• 4e08174 test: consolidate loader hook coverage
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for tsx since your current version.

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).
• fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

• npm

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 050880c Bump version to 6.0.3 and LKG
• eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
• ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
• 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions