chore(deps-dev): bump the dev-dependencies group across 1 directory with 17 updates

[dependabot]

Bumps the dev-dependencies group with 17 updates in the / directory:

Package	From	To
@biomejs/biome	2.4.9	2.4.15
@playwright/test	1.58.2	1.60.0
@types/bun	1.3.13	1.3.14
bun-types	1.3.11	1.3.14
knip	5.88.1	6.14.1
playwright	1.58.2	1.60.0
vitest	2.1.9	4.1.7
@intellectronica/ruler	0.3.37	0.3.41
diff	8.0.4	9.0.0
hardhat	2.22.18	3.5.0
lint-staged	16.4.0	17.0.5
@xterm/headless	5.5.0	6.0.0
vercel	53.4.0	54.2.0
prettier	3.6.2	3.8.3
@types/uuid	10.0.0	11.0.0
webpack	5.105.4	5.107.0
@avalix/chroma	0.0.16	1.0.1

Updates @biomejs/biome from 2.4.9 to 2.4.15

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.15

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Commits

• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• e0a54cc feat(lint/js/vue): add useVueNextTickPromise (#10254)
• 1110256 feat(lint/vue): add noVueImportCompilerMacros (#10238)
• 7f7419c fix: grammar in extends docstring (#10263)
• 0ae5840 feat(lint/js): add useThisForClassMethods (#9807)
• 83f7385 feat(lint/js): add noBaseToString (#9838)
• 64aee45 feat(lint/html/vue): add noVueVOnNumberValues (#10219)
• 46393e0 ci: release (#10100)
• Additional commits viewable in compare view

Updates @playwright/test from 1.58.2 to 1.60.0

Release notes

Sourced from @​playwright/test's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits

• 87bb9dd cherry-pick(#40747): fix(yauzl): vendor yauzl with destroy-lifecycle fix
• 9a9c51c cherry-pick(#40733): chore(electron): revert #40184 (move Electron API to a s...
• 4b3b628 cherry-pick(#40736): Revert "feat(electron): add timeout option to electronAp...
• f869f96 chore: bump version to v1.60.0 (#40714)
• 7eb6918 cherry-pick(#40710): docs: release notes v1.60
• 118d2aa cherry-pick(#40693): chore(python): formdata path type
• 54012f5 chore(deps): bump ip-address and express-rate-limit (#40680)
• 9fa531d fix(screencast): unblock frame ack when an async client disconnects (#40674)
• 3649db5 chore(mcp): bump default extension protocol to v2 (#40678)
• bb6c009 chore(extension): mark 0.2.1 (#40679)
• Additional commits viewable in compare view

Updates @types/bun from 1.3.13 to 1.3.14

Commits

• See full diff in compare view

Updates bun-types from 1.3.11 to 1.3.14

Release notes

Sourced from bun-types's releases.

Bun v1.3.14

To install Bun v1.3.14

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.14:

bun upgrade

Read Bun v1.3.14's release notes on Bun's blog

Thanks to 11 contributors!

• @​190n
• @​alii
• @​carlsmedstad
• @​cirospaciari
• @​coleleavitt
• @​djs5008
• @​dylan-conway
• @​ig-ant
• @​Jarred-Sumner
• @​robobun
• @​sosukesuzuki

Bun v1.3.13

To install Bun v1.3.13

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

... (truncated)

Commits

• 0d9b296 Bun.serve: rename h3/h1 options to http3/http1 (#30583)
• 191edc0 image: preserve ICC profile through WebP decode/encode (#30211)
• d0a0bc4 Preserve ICC colour profile through Bun.Image JPEG/PNG encode (#30201)
• ed75c88 Bun.Image — Sharp-shaped image pipeline (jpeg/png/webp, resize, rotate, modul...
• accbff6 fetch: experimental HTTP/2 client (#29766)
• b424bb7 Bun.serve: HTTP/3 (QUIC) support via h3: true (#29768)
• e2017e7 ws: respect perMessageDeflate: false in upgrade request (#29685)
• dc578b1 spawn: return caller-supplied fds from Subprocess.stdio[N] (#29629)
• 890ef5a spawn: don't close caller-owned fds passed as extra stdio (#29606)
• b424e70 bun-types: dedupe alias enum keys in FFI type maps (#29193)
• Additional commits viewable in compare view

Updates knip from 5.88.1 to 6.14.1

Release notes

Sourced from knip's releases.

Release 6.14.1

• Detect dynamic imports in Svelte compiler (#1747) (e1c1b1705f96ed7d6ac537a7969cbd07d238246a) - thanks @​jinhyuk9714!
• Detect dynamic import attributes; share import matcher with Astro-MDX (9dae64166bbc45be1abeb8d741127d109d48d351)
• Work the docs (close #1746) (919cba2f11d1979b854c7abaaca8992ee8b08e23)

Release 6.14.0

• Resolve imports satisfied via transitive peerDeps (d654ec74d)
• Don't flag undeclared sibling workspace imports as unlisted (#1742) (e7122a1ae)
• Update github-actions reporter snapshots (2308b5a42)
• Cache syncGlob() results like defaultGlob() does (6c34287a5)
• Trim redundant statSync calls in FileEntryCache (eee3b899b)
• Cache parsed .gitignore patterns across --cache runs (7ffdc2ff3)
• Tighten cache module callsites (64e507265)
• Extract shared disk-cache helper used by glob and gitignore caches (0987421d9)
• Simplify CacheConsultant: replace trampoline with default arrow methods (bebe750d3)
• Pin pnpm minimumReleaseAge and trustPolicy (77efb32e5)
• Eliminate rescanFrontier polling in walkAndAnalyze (38d91b6e3)
• Reduce findWorkspaceByFilePath per-call overhead (91494378f)
• Memoize DependencyDeputy.getDependencies (a661a2142)
• Tighten module-graph map helpers (drop double-lookup + optional chains) (c11d62fb0)
• Add --duration flag for zero-overhead duration measurement (d4b59d89b)
• Cover analysis pipeline with --performance timerify (694dbf44d)
• Align --help text (6f12997b1)
• Add cli arg shorthands: -p, -s, -w, -D, -f, -F, -u (f21a58710)
• Format (8db5346e4)
• This one's okay (662ceaf46)

Release 6.13.1

• Add jest.config.{cts,mts} (#1743) (44738d678c9992799f5fe4909a01cc5ddd702aa2) - thanks @​joshkel!
• Update ecosystem tests (74420a614dfa15b81906266279c31ae0bf4e21bd)
• Fix export * as re-exported namespace case (5923af48fc33aa56c2f42f882aa185e66626453d)
• Add .mts and .cts config files to some plugins (69d1e83123e56c2c441f320c81bae099ba1eb014)
• Docusaurus: ignore @generated/*, handle local plugin paths (ce5f7672fced084bfb017410650b78d36133e1b0)
• Nx: expand {projectRoot} / {workspaceRoot} token variables (871531228b0cb67ff07fdb9d77316c4340ccaf33)

Release 6.13.0

• Add mercurial (hg) to command constants (#1737) (abb08b0958e08a12684deacf0ab62dc7ada38074) - thanks @​unrevised6419!
• Expand wildcards in Jest projects (#1710) (7cb2d37a5c46b54d8be9bee1fbb026b52bb71246) - thanks @​joshkel!
• Add knex visitor to scan source files for config (resolve #1736) (4c96fd297f33316921186293cf9f9d323ca48eb8)
• Refactor to a better split of ast helpers (6e726a2c66727c2346b4c249a2efcd7d752231f5)
• Handle package.json exports for outDir="." (resolve #1738) (42497c249545cd9e4ae8b7e64995e62cb0e8885d)
• Fix star re-exported namespace case (resolve #1739) (e566c4b1a1bc697c0997e8a4ef6bdeb746524166)
• Strip comments in scripts in compilers (resolve #1740) (a123d5c35ba6b9239f6ac1d20cf50b8b0f9b2d28)
• Update rolldown snapshot (edfee2b3b6bfc3085d432fa5765b4e7a60ba5783)
• Source-map subpath imports + collect pairs from referenced tsconfigs (7c5acc4a33047156205ff61413a83625bb9e05b4)
• Tighten source-mapping utilities (0b68b81b4a732b3db64d69fd8c47802ff3302564)
• Update dependencies (8788c1a64a93d568a9391693278a388af6980dec)
• Remove obsolete internal jsdoc tag (0fed9756b485deb1831fbc78d8053bc939bd6971)
• Add @​serhalp and @​stevennevins to sponsors (thank you!) (999a5e3551e0bafbcfa7a1540ae7f3fc4218828b)
• Fix astro config after bump (f63537aa40f42aa7d3ff4bc64dab20dd01ecba83)

... (truncated)

Commits

• b99f1a5 Release knip@6.14.1
• 919cba2 Work the docs (close #1746)
• 9dae641 Detect dynamic import attributes; share import matcher with Astro-MDX
• e1c1b17 Detect dynamic imports in Svelte compiler (#1747)
• f7b9cc5 Release knip@6.14.0
• 8db5346 Format
• f21a587 Add cli arg shorthands: -p, -s, -w, -D, -f, -F, -u
• 6f12997 Align --help text
• 694dbf4 Cover analysis pipeline with --performance timerify
• d4b59d8 Add --duration flag for zero-overhead duration measurement
• Additional commits viewable in compare view

Updates playwright from 1.58.2 to 1.60.0

Release notes

Sourced from playwright's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

• expect(page).toMatchAriaSnapshot() now works on a Page, in addition to a Locator — equivalent to asserting against page.locator('body').
• New boxes option on locator.ariaSnapshot() / page.ariaSnapshot() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits

• 87bb9dd cherry-pick(#40747): fix(yauzl): vendor yauzl with destroy-lifecycle fix
• 9a9c51c cherry-pick(#40733): chore(electron): revert #40184 (move Electron API to a s...
• 4b3b628 cherry-pick(#40736): Revert "feat(electron): add timeout option to electronAp...
• f869f96 chore: bump version to v1.60.0 (#40714)
• 7eb6918 cherry-pick(#40710): docs: release notes v1.60
• 118d2aa cherry-pick(#40693): chore(python): formdata path type
• 54012f5 chore(deps): bump ip-address and express-rate-limit (#40680)
• 9fa531d fix(screencast): unblock frame ack when an async client disconnects (#40674)
• 3649db5 chore(mcp): bump default extension protocol to v2 (#40678)
• bb6c009 chore(extension): mark 0.2.1 (#40679)
• Additional commits viewable in compare view

Updates vitest from 2.1.9 to 4.1.7

Release notes

Sourced from vitest's releases.

v4.1.7

   🐞 Bug Fixes

• runner: Limit concurrency per task branch in addition to per leaf callbacks (backport)  -  by @​hi-ogawa in vitest-dev/vitest#10384 (4f0f2)

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in vitest-dev/vitest#10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in vitest-dev/vitest#10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in vitest-dev/vitest#9668 (d4fbb)

... (truncated)

Commits

• a09d472 chore: release v4.1.7
• a8fd24c chore: release v4.1.6
• 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
• 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
• e399846 chore: release v4.1.5
• 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
• 9787ded fix: respect diff config options in soft assertions (#8696)
• 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
• 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
• 663b99f fix: alias agent reporter to minimal (#10157)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vitest since your current version.

Updates @intellectronica/ruler from 0.3.37 to 0.3.41

Release notes

Sourced from @​intellectronica/ruler's releases.

v0.3.41

What's Changed

• Fix README: --subagents default incorrectly documented as "enabled" by @​Copilot in intellectronica/ruler#425
• Fix subagent propagation for nested source trees and make cleanup explicitly opt-in by @​Copilot in intellectronica/ruler#432

Full Changelog: intellectronica/ruler@v0.3.40...v0.3.41

v0.3.40

What's Changed

• feat(agents): exclude .ruler/agents from rules; rename [subagents] → [agents] by @​mravinale in intellectronica/ruler#421

Full Changelog: intellectronica/ruler@v0.3.39...v0.3.40

v0.3.39

What's Changed

• Feat: Subagent propagation for Claude/Cursor/Codex/Copilot by @​mravinale in intellectronica/ruler#419
• fix(readme): add Windsurf to native skills support documentation by @​Copilot in intellectronica/ruler#408
• docs: add missing --no-backup to apply options table by @​Copilot in intellectronica/ruler#415

New Contributors

• @​mravinale made their first contribution in intellectronica/ruler#419

Full Changelog: intellectronica/ruler@v0.3.38...v0.3.39

v0.3.38

What's Changed

• (Feature) Add Windsurf native skills support by @​CNTRS in intellectronica/ruler#405

New Contributors

• @​CNTRS made their first contribution in intellectronica/ruler#405

Full Changelog: intellectronica/ruler@v0.3.37...v0.3.38

Commits

• 74999af Bump version from 0.3.40 to 0.3.41
• bfecd71 Merge pull request #432 from intellectronica/copilot/fix-issue-430
• f66c831 Fix CI jest-util module resolution for ts-jest
• b678e14 Fix subagents recursive discovery and non-destructive cleanup defaults
• d4160ce Merge pull request #425 from intellectronica/copilot/update-readme-accuracy-f...
• 2b05e6a Fix README --subagents default description (enabled -> disabled)
• 87f312d Initial plan
• e905229 Bump version from 0.3.39 to 0.3.40
• 315f92a Merge pull request #421 from mravinale/upstream/agents-config-and-rule-concat
• 0fd693a feat(agents): exclude .ruler/agents from rules; rename [subagents] → [agents]
• Additional commits viewable in compare view

Updates diff from 8.0.4 to 9.0.0

Changelog

Sourced from diff's changelog.

9.0.0

(All changes part of PR #672.)

• ES5 support is dropped. parsePatch now uses TextDecoder and Uint8Array, which are not available in ES5, and TypeScript is now compiled with the "es6" target. From now on, I intend to freely use any features that are deemed "Widely available" by Baseline. Users who need ES5 support should stick to version 8.

• C-style quoted strings in filename headers are now properly supported.

  When the name of either the old or new file in a patch contains "special characters", both GNU diff and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; parsePatch would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. formatPatch, meanwhile, did not quote or escape special characters at all.

  Now, parsePatch parses all the possible escape sequences that GNU diff (or Git) ever output, and formatPatch quotes and escapes filenames containing special characters in the same way GNU diff does.

• formatPatch now omits file headers when oldFileName or newFileName in the provided patch object are undefined, regardless of the headerOptions parameter. (Previously, it would treat the absence of oldFileName or newFileName as indicating the filename was the word "undefined" and emit headers --- undefined / +++ undefined.)

• formatPatch no longer outputs trailing tab characters at the end of ---/+++ headers.

  Previously, if formatPatch was passed a patch object to serialize that had empty strings for the oldHeader or newHeader property, it would include a trailing tab character after the filename in the --- and/or +++ file header. Now, this scenario is treated the same as when oldHeader/newHeader is undefined - i.e. the trailing tab is omitted.

• formatPatch no longer mutates its input when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously formatPatch would provide the correct output but also mutate the oldLines or newLines property on the hunk, changing the meaning of the underlying patch.

• Git-style patches are now supported by parsePatch, formatPatch, and reversePatch.

  Patches output by git diff can include some features that are unlike those output by GNU diff, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the content of two files, but Git diffs can also indicate, via "extended headers", the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated ---/+++ file headers nor any hunks.

  jsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now parsePatch parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no --- or +++ file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by parsePatch. See isGit and subsequent properties in the docs in the README.md file.

  formatPatch now outputs extended headers based on these new Git-specific properties, and reversePatch respects them as far as possible (with one unavoidable caveat noted in the README.md file).

• Unpaired file headers now cause parsePatch to throw.

  It remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a @@ hunk header on the very first line), but a patch with only a --- header or only a +++ header is now considered an error.

• parsePatch is now more tolerant of "trailing garbage"

  That is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of "garbage" (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a +, -, or and thus is interpretable as part of a hunk still triggers a throw).

  This means we no longer reject patches output by tools that include extra data in "garbage" lines not understood by generic unified diff parsers. (For example, SVN patches can include "Property changes on:" lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)

  This change brings jsdiff's behaviour more in line with GNU patch, which is highly permissive of "garbage".

• The oldFileName and newFileName fields of StructuredPatch are now typed as string | undefined instead of...

  Description has been truncated

  Greptile Summary

  Automated Dependabot bump of 17 dev-dependency packages across the monorepo, including several major-version upgrades.

  • Patch/minor bumps (biome, playwright, bun-types, prettier, webpack) are straightforward; most vitest changes are small patches from 4.1.5/4.1.6 → 4.1.7, except packages/feed/packages/examples/local-a2a-server which jumps two major versions (2.1.9 → 4.1.7).
  • Several major-version upgrades carry known breaking changes: hardhat 2→3 (new task/config API), knip 5→6 (plugin API changes), diff 8→9 (ES5 dropped, parsePatch throw behavior), lint-staged 16→17, and @xterm/headless 5→6 while @xterm/xterm stays on 5.

  Confidence Score: 3/5

  Not safe to merge as-is: the TUI will crash at runtime due to the xterm major-version split, and Hardhat v3's rewritten config/task API will break any existing Hardhat scripts without a migration.

  Two confirmed breaking changes are present and unaddressed: @xterm/headless was bumped to v6 while @xterm/xterm remains on v5 (co-released packages that share internal contracts), and Hardhat was bumped to v3 which ships an entirely new task and configuration API incompatible with v2 project files. Additionally the overrides block in packages/feed/package.json still pins diff at 4.0.4 and webpack at 5.105.4, silently reverting two of the intended bumps, and @avalix/chroma jumps from a 0.0.x pre-release to a stable 1.0.1 with an unknown API surface.

  packages/tui/package.json (xterm major mismatch), packages/feed/package.json (hardhat v3, stale overrides, knip v6), packages/feed/tools/e2e/package.json (chroma 0→1 major jump)

  Important Files Changed

  Filename	Overview
  packages/feed/package.json	Multiple major-version dev-dependency upgrades: hardhat 2→3, knip 5→6, diff 8→9, lint-staged 16→17; stale overrides block still pins diff@4.0.4 and webpack@5.105.4, neutralizing those two bumps.
  packages/tui/package.json	Bumps @xterm/headless to ^6.0.0 while @xterm/xterm stays at ^5.5.0, creating a co-released major-version mismatch that will likely crash at runtime.
  packages/feed/tools/e2e/package.json	Bumps @avalix/chroma from pre-release 0.0.16 to stable 1.0.1, a potential full API rewrite; e2e tooling using chroma download-extensions may need updates.
  packages/feed/packages/examples/local-a2a-server/package.json	Jumps vitest from 2.1.9 to 4.1.7 (two major versions); config options and pool defaults changed across v3 and v4.
  packages/feed/tools/chroma/package.json	Bumps playwright and @playwright/test 1.58.2→1.60.0; patch/minor updates only, low risk.
  bun.lock	Lockfile updated to reflect all dependency version changes across the monorepo.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Dependabot PR: 17 dev-dependency bumps] --> B[Patch / Minor bumps]
    A --> C[Major version bumps]
    B --> B1["@biomejs/biome 2.4.9→2.4.15"]
    B --> B2["playwright / @playwright/test 1.58.2→1.60.0"]
    B --> B3["bun-types 1.3.11→1.3.14"]
    B --> B4["prettier 3.6.2→3.8.3"]
    B --> B5["webpack 5.105.4→5.107.0"]
    B --> B6["vitest 4.1.x→4.1.7 (most packages)"]
    C --> C1["hardhat 2→3 rewritten task/config API"]
    C --> C2["@xterm/headless 5→6, xterm stays on 5"]
    C --> C3["knip 5→6 plugin API changes"]
    C --> C4["diff 8→9 neutralized by overrides@4.0.4"]
    C --> C5["lint-staged 16→17"]
    C --> C6["@avalix/chroma 0.0.16→1.0.1 pre-release to stable"]
    C --> C7["vitest 2.1.9→4.1.7 in local-a2a-server example"]

Loading

Comments Outside Diff (1)

1. packages/feed/package.json, line 171-175 (link)

   Stale overrides neutralize the diff and webpack version bumps

   The overrides block in this workspace root still pins "diff": "4.0.4" and "webpack": "5.105.4". Because bun/npm overrides take precedence over all declarations in the dependency tree (including direct devDependencies), the bump of diff to ^9.0.0 on line 138 and the bump of webpack to 5.107.0 in packages/feed/apps/web/package.json will both resolve to the old pinned version, making those two bumps entirely no-ops. The overrides entries need to be updated (or removed) to match the new target versions for the upgrades to take effect.

_{Reviews (7): Last reviewed commit: "Merge branch 'develop' into dependabot/n..." | Re-trigger Greptile}

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: smoke — Tiers requested: large,frontier

large — SUMMARY.md missing

frontier — SUMMARY.md missing

Artifacts: lifeops-multi-tier-large-26182899726, lifeops-multi-tier-frontier-26182899726

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: smoke — Tiers requested: large,frontier

large — SUMMARY.md missing

frontier — SUMMARY.md missing

Artifacts: lifeops-multi-tier-large-26185479850, lifeops-multi-tier-frontier-26185479850

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: smoke — Tiers requested: large,frontier

large — cancelled

frontier — cancelled

Artifacts: lifeops-multi-tier-large-26199745854, lifeops-multi-tier-frontier-26199745854

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: — Tiers requested:

large — cancelled

frontier — cancelled

Artifacts: lifeops-multi-tier-large-26200272807, lifeops-multi-tier-frontier-26200272807

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: — Tiers requested:

large — cancelled

frontier — cancelled

Artifacts: lifeops-multi-tier-large-26200645424, lifeops-multi-tier-frontier-26200645424

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[github-actions]

LifeOps Multi-Tier Benchmark

Suite: smoke — Tiers requested: large,frontier

large

LifeOps Multi-Tier Benchmark

Tier: large
Suite: smoke

frontier

LifeOps Multi-Tier Benchmark

Tier: frontier
Suite: smoke

Artifacts: lifeops-multi-tier-large-26201250656, lifeops-multi-tier-frontier-26201250656