digest: add issues for 2026-06-07

Author: github-actions[bot]

src/posts/2026-06-06_biomejs-biome.md

@@ -0,0 +1,33 @@
+---
+date: 2026-06-06
+repo: biomejs/biome
+size: L
+title: "SCSS formatter and export lint get smarter"
+excerpt: "Adds a `useExportType` style option, fixes SCSS bracketed and grid formatting, and tightens a11y/ignore diagnostics."
+commits: 8
+authors: [denbezrukov, Conaclos, harsha-cpp, dfedoryshchev]
+commit_authors: {"4167475": denbezrukov, "3634a3f": denbezrukov, "eb1ed0e": harsha-cpp, "6022c19": denbezrukov, "2ceb4fe": Conaclos, "961f41c": Conaclos, "78075b7": Conaclos, "777bdbf": dfedoryshchev}
+---
+
+### **Add `useExportType` style enforcement** (78075b7)
+Biome now supports a new `style` option for `useExportType`, letting users choose between `inlineType`, `separatedType`, or `auto`. The rule was expanded to split mixed exports into type-only and value exports, and the config/schema/backend were updated to expose the option.
+
+### **Fix SCSS bracketed expression parsing** (6022c19)
+SCSS bracketed expression lists are now parsed as first-class syntax instead of recovering as errors. This unlocks correct formatting for bracketed values and removes a parser hole that previously dropped valid cases in tests.
+
+### **Preserve SCSS string concatenation indentation** (4167475)
+The SCSS formatter now indents broken string concatenations more consistently, especially in grouped or parenthesized expressions. This improves readability for multi-line concatenations and aligns output with expected SCSS formatting behavior.
+
+### **Fix grid-template handling in CSS/SCSS formatting** (3634a3f)
+Biome now recognizes SCSS grid-template rows correctly and avoids treating unrelated `grid-template-*` properties as grid-area declarations. This prevents malformed formatting around grid values and fixes a correctness bug in the grid-area linter.
+
+### **Stop `useAriaPropsForRole` false positives on Vue bindings** (eb1ed0e)
+The a11y rule now treats Vue `v-bind` shorthand attributes like `:aria-checked` and `:aria-level` as satisfying required ARIA props. That removes noisy diagnostics for valid Vue templates without changing the rule’s intent.
+
+### **Improve `noTsIgnore` diagnostic ranges** (2ceb4fe)
+`noTsIgnore` now highlights only the `@ts-ignore` directive instead of a broader chunk of the comment. The rule’s message is unchanged, but the fix range is more precise and easier to act on.
+
+### Other misc changes
+- `useExportType` docs and internal refactorings (961f41c)
+- SCSS formatter/parser follow-up tests and cleanup (6022c19, 4167475, 3634a3f)
+- Comment wording cleanup across formatter crates (777bdbf)

src/posts/2026-06-06_denoland-deno.md

@@ -0,0 +1,51 @@
+---
+date: 2026-06-06
+repo: denoland/deno
+size: L
+title: "Deno adds WebCrypto, Node, and CLI fixes"
+excerpt: "Major updates across WebCrypto, BroadcastChannel, child_process, and bundling, plus several bug fixes and new APIs."
+commits: 33
+authors: [bartlomieju, divybot, fibibot, nathanwhitbot, ry, littledivy]
+commit_authors: {"9839d3a": bartlomieju, "a5b709e": bartlomieju, "591ff87": bartlomieju, "84b80f0": bartlomieju, "181c8e5": bartlomieju, "0e8fe8c": divybot, "e867d08": divybot, "0e6757e": littledivy, "25cfe2b": divybot}
+---
+
+### **WebCrypto now tracks modern algorithms and detached buffers** (0e6757e)
+Deno’s WebCrypto implementation was brought closer to the modern-algorithms spec, with support and validation updates across post-quantum and newer digest/encapsulation paths. The patch also fixes buffer-copy behavior around detached inputs so algorithms observe mutations correctly, which matters for spec conformance and hard-to-debug edge cases.
+
+### **BroadcastChannel now supports SharedArrayBuffer payloads** (0e8fe8c)
+BroadcastChannel can now serialize, transmit, and deserialize `SharedArrayBuffer`-backed messages instead of failing with clone errors for additional receivers. This closes a real interoperability gap and makes Node worker-thread style messaging work more reliably.
+
+### **Node child_process IPC handles now work with net.Server and net.Socket variants** (25cfe2b)
+`ChildProcess.send()` now handles unlistened servers and socket/server wraps more like Node, including pipe-backed handles and the null-handle case. That unlocks more IPC patterns, especially for server and socket passing across processes.
+
+### **`deno compile --bundle` can now resolve worker npm imports outside package scope** (591ff87)
+Bundling worker sources now falls back to npm snapshot resolution for bare specifiers that originate outside the entrypoint’s package tree. This fixes a class of compile failures in dual-tree layouts where worker code lives beside, rather than under, the main package scope.
+
+### **`deno clean` keeps going on locked caches and explains who holds them** (a5b709e)
+On Windows, `deno clean` no longer aborts as soon as it hits a cache database held open by another process. Instead it reports the locked files and, when possible, identifies the process holding them so users can unblock cleanup.
+
+### **`deno serve --watch` now applies import maps to the main module** (9839d3a)
+Watch mode now resolves the entrypoint through the same import-map-aware path as non-watch mode. This fixes bare-specifier entrypoints that previously failed only under `--watch`.
+
+### **`deno add` now accepts npm-style version ranges** (84b80f0)
+The CLI now accepts comparator, range, and OR-range syntax like npm does, instead of rejecting them with specifier-grammar errors. That makes `deno add` usable with a much wider set of package version constraints.
+
+### **`deno bump-version -c` chooses the manifest that actually has a version** (e867d08)
+When `deno.json` and `package.json` live side by side, the bump-version command now prefers the file that contains real version metadata. This fixes the common dual-publish workflow where `deno.json` is only tooling config.
+
+### **`deno bundle` now preserves Node-style CJS interop on browser targets** (181c8e5)
+Browser-targeted bundles now handle dual CJS/ESM packages the same way Node does, avoiding init-time crashes from default-import interop mismatches. This unblocks packages like `tslib` that rely on Node’s CJS semantics.
+
+### **Other misc changes**
+- Fixed interactive `deno update` to show the version requirement instead of the resolved version.
+- Hidden invalid Windows env keys from `Deno.env.toObject()`.
+- Fixed redundant slashes in file specifiers causing runaway import cycles.
+- Added support for `priority` in `RequestInit`.
+- Surfaced unresolved imports in `.d.ts` entrypoints during `deno check`.
+- Stripped trailing `\r` from CLI args so CRLF shebangs work.
+- Improved JSR manifest verification errors.
+- Clearer error when a closed resource-backed stream is still being consumed.
+- Collected re-exported names for `deno test --doc` injection.
+- Fixed UTF-8 replacement behavior in Node `Buffer` decoding.
+- Suppressed peer dependency warnings for overridden packages.
+- Various smaller install, resolver, fs performance, TLS, and test/compatibility fixes.

src/posts/2026-06-06_denoland-std.md

@@ -0,0 +1,10 @@
+---
+date: 2026-06-06
+repo: denoland/std
+size: N
+title: "No changes"
+excerpt: ""
+commits: 0
+---
+
+

src/posts/2026-06-06_jsr-io-jsr.md

@@ -0,0 +1,10 @@
+---
+date: 2026-06-06
+repo: jsr-io/jsr
+size: N
+title: "No changes"
+excerpt: ""
+commits: 0
+---
+
+

src/posts/2026-06-06_microsoft-typescript-go.md

@@ -0,0 +1,20 @@
+---
+date: 2026-06-06
+repo: microsoft/typescript-go
+size: M
+title: "Unicode suggestions and JSDoc constructor fix"
+excerpt: "Improved spelling suggestions for Unicode identifiers and fixed JSDoc modifiers being misparsed on constructors."
+commits: 2
+authors: [ahejlsberg]
+commit_authors: {"3e477ab": ahejlsberg, "f3c4190": ahejlsberg}
+---
+
+### **Unicode spelling suggestions now handle Unicode characters** (3e477ab)
+The suggestion matcher now measures name length in runes instead of bytes, so identifiers with accented or other multi-byte characters get more accurate “Did you mean” results. This fixes incorrect spelling suggestions for Unicode-heavy names without changing the public API.
+
+### **Fix reparsing of JSDoc modifiers on constructors** (f3c4190)
+Constructor declarations are now included in the parser’s JSDoc modifier reparse path, and AST modifier storage gained a setter to support the fix. This resolves cases where tags like `@private` or `@readonly` were being applied or reported incorrectly on constructors.
+
+### Other misc changes
+- Updated test baselines for the new Unicode spelling suggestion cases.
+- Updated test baselines for JSDoc constructor/private and readonly conformance cases.

src/posts/2026-06-06_nodejs-node.md

@@ -0,0 +1,13 @@
+---
+date: 2026-06-06
+repo: nodejs/node
+size: S
+title: "Brotli test now waits for backpressure"
+excerpt: "A flaky Brotli 16GB test now waits for the readable buffer to fill before asserting, avoiding a race with libuv worker scheduling."
+commits: 1
+authors: [trivikr]
+commit_authors: {"2adaeee": trivikr}
+---
+
+### Other misc changes
+- Test reliability fix: `test-zlib-brotli-16GB.js` now polls until the Brotli decoder reaches its expected buffered chunk count before checking backpressure, removing a race with the fixed timeout (2adaeee).

src/posts/2026-06-06_oven-sh-bun.md

@@ -0,0 +1,39 @@
+---
+date: 2026-06-06
+repo: oven-sh/bun
+size: L
+title: "REPL UTF-8, CSS hangs, and crash fixes"
+excerpt: "Fixes REPL multi-byte input, two CSS parser/minifier DoS bugs, a dev-server CSS crash, and several runtime/refactor issues."
+commits: 8
+authors: [robobun, Jarred-Sumner]
+commit_authors: {"a988615": robobun, "1293ef4": robobun, "0342abb": robobun, "90589f9": robobun, "300b148": Jarred-Sumner, "27d5181": robobun, "73ab3dd": robobun, "a7034f2": robobun}
+---
+
+### **REPL now preserves multi-byte UTF-8 input** (a988615)
+The interactive `bun repl` line editor now handles full UTF-8 codepoints instead of dropping non-ASCII bytes. That means pasted or typed Korean and other multi-byte text is preserved, moved, and transposed correctly in the editor.
+
+### **CSS minifier now merges duplicate rules in linear time** (1293ef4)
+This fixes a fuzzer-found hang where adjacent rules with equivalent selectors could trigger superlinear work during duplicate-rule merging. The change makes the merge path incremental and adds regression coverage for the affected CSS families.
+
+### **Auto-install no longer panics on unreadable top-level directories** (0342abb)
+Package-manager initialization now returns a sticky error instead of crashing when the root directory cannot be read at runtime. This turns a Windows-heavy panic path into a recoverable failure for `bun <script>` and `bun -e` when the cwd is deleted or unreadable.
+
+### **Dev server CSS rebuild failures stop crashing** (90589f9)
+A CSS file that parses but fails import resolution during hot reload now fails cleanly instead of tripping a bundler assertion. The fix also stops parking failed CSS on the graph as if it were valid, which avoids misclassifying broken files as successful CSS chunks.
+
+### **Markdown rendering avoids quadratic nested-label work** (27d5181)
+Nested link/image label rendering was refactored to avoid repeated rescans and quadratic behavior on deeply nested inputs. This also changes the renderer’s internal flow to keep label traversal bounded by heap-backed state rather than repeated recursive slice rebuilds.
+
+### **CSS parser stops exponential backtracking on nested color token lists** (73ab3dd)
+Token-list parsing now tracks failures and propagates them early when an alternative has already failed inside a nested token-list argument. That closes an OOM/DoS class in nested color-function handling, including `light-dark()` and related token-list paths.
+
+### **Decorator lowering now evaluates private-call receivers once** (a7034f2)
+Private method call lowering now captures complex receivers into temporaries so side effects run once instead of being duplicated across nested private-call chains. The temp declarations are hoisted into the owning function body, fixing both a receiver double-evaluation bug and the fuzzed memory blow-up.
+
+### Other misc changes
+- Test runner scanner raw-pointer refactor and UB cleanup (300b148)
+- Panic/error-handling plumbing around package-manager init and resolver auto-install (0342abb)
+- CSS minifier state/merge refactor and regression tests (1293ef4)
+- Markdown parser/rendering internals refactor and tests (27d5181)
+- REPL key handling/editor refactor plus tests (a988615)
+- CSS parser/custom property internal parsing refactors and tests (73ab3dd)

src/posts/2026-06-06_pnpm-pnpm.md

@@ -0,0 +1,43 @@
+---
+date: 2026-06-06
+repo: pnpm/pnpm
+size: L
+title: "pnpr goes resolve-only; big perf pass lands"
+excerpt: "pnpr switches to resolve-only streaming while tarball and linker work get parallelized and race-fixed for faster installs."
+commits: 14
+authors: [zkochan, KSXGitHub]
+commit_authors: {"75bf4bf": KSXGitHub, "51839cd": zkochan, "d276a78": zkochan, "7db1e75": zkochan, "bea64b2": zkochan, "de32f83": zkochan, "5f7f747": zkochan, "da4c80c": zkochan, "089484a": zkochan}
+---
+
+### **pnpr now resolves only, with streamed NDJSON** (089484a)
+The pnpr accelerator no longer serves file contents inline with install results; it resolves server-side and then the client fetches tarballs normally from registries. That moves pnpr closer to a resolve offload model, restoring the client’s existing parallel fetch/integrity paths and simplifying the server-side accelerator.
+
+### **pnpr client now parses streamed `/v1/resolve` frames** (de32f83)
+The TypeScript client was updated to read `/v1/resolve` as NDJSON instead of a single buffered JSON blob, matching the server’s streaming protocol. It now skips `package` frames and reacts to the terminal `done`, `error`, or `violations` frame, which fixes the previous parse failure on streaming responses.
+
+### **pnpr install stops re-downloading prefetched tarballs** (5f7f747)
+The frozen-install path now consults the shared in-flight tarball cache so it can reuse prefetch downloads instead of fetching the same registry tarball twice. That removes a real race between prefetching and materialization, especially on pnpr-backed installs.
+
+### **Fresh-install prefetches now reuse in-flight downloads** (d276a78)
+The cold fresh-resolve path now threads the shared tarball cache through to the virtual-store install step, so the cold batch can observe and reuse downloads kicked off earlier by resolution. This closes the duplicate-download race on fresh installs and aligns the fresh path with the existing pnpr prefetch flow.
+
+### **Tarball extraction now writes CAS entries in parallel** (bea64b2)
+Tarball extraction was split into a serial tar-walk phase and a parallel CAS-write phase, so large archives no longer pin one thread while hashing and writing thousands of files. This should materially improve extraction throughput on file-heavy packages and reduce tail latency during installs.
+
+### **CAS writes now use a dedicated rayon pool** (7db1e75)
+The parallel CAS-write phase was moved off rayon’s global pool onto a dedicated pool. That prevents tarball extraction bursts from starving the linker’s own rayon work, which should smooth out installs when downloads finish in waves.
+
+### **Cold-batch slot linking is now parallelized** (51839cd)
+The cold batch no longer serializes slot-link work inside each install future; it defers linking and then runs the slot materialization in a parallel pass once downloads are complete. That removes a throughput bottleneck on fresh installs with many packages.
+
+### **Fresh-install reporting now matches what users actually see** (da4c80c)
+Fresh installs now report prefetched packages as `fetched` instead of `found_in_store`, so progress output reflects that the tarball was actually downloaded during resolution. The change also deduplicates progress events so resolve-time prefetching and warm-batch materialization don’t double-count the same package.
+
+### **Commit hooks now reject bare `#NNN` issue refs** (75bf4bf)
+A new commit-msg hook blocks bare `#123` references because GitHub can silently turn them into repo-local issue/PR links, which is easy to misuse in AI-generated messages. The rule is now documented for contributors and agents, making commit metadata safer and less ambiguous.
+
+### Other misc changes
+- Dependency bumps: tabled, serde-saphyr, dashmap, reqwest
+- Integrated benchmark workflow tweaks and scenario additions
+- Test updates for pnpr streaming, caching, and install reporting
+- Misc docs/config changes for agent and benchmark guidance

src/posts/2026-06-06_tc39-ecma262.md

@@ -0,0 +1,10 @@
+---
+date: 2026-06-06
+repo: tc39/ecma262
+size: N
+title: "No changes"
+excerpt: ""
+commits: 0
+---
+
+

src/posts/2026-06-06_tc39-proposals.md

@@ -0,0 +1,10 @@
+---
+date: 2026-06-06
+repo: tc39/proposals
+size: N
+title: "No changes"
+excerpt: ""
+commits: 0
+---
+
+