Bump the npm group across 1 directory with 9 updates

[dependabot]

Bumps the npm group with 8 updates in the / directory:

Package	From	To
@types/node	24.0.10	24.5.2
js-base64	3.7.7	3.7.8
@biomejs/biome	2.0.6	2.2.4
jasmine	5.8.0	5.10.0
publint	0.3.12	0.3.13
puppeteer	24.11.2	24.22.3
rollup	4.44.1	4.52.2
typescript	5.8.3	5.9.2

Updates @types/node from 24.0.10 to 24.5.2

Commits

• See full diff in compare view

Updates js-base64 from 3.7.7 to 3.7.8

Commits

• 5fd183d version 3.7.8
• fa94481 add permissions section to make CodeQL happy
• fb0b409 add node 24
• f2587cc use unknown instead of any accordingly to Aaron
• 237bffc use unknown instead of any accordingly to Aaron
• 73236ad Merge pull request #187 from Chanran/feat/optimize-atobPolyfill-performance
• 9df6b69 Merge pull request #179 from lifeiscontent/patch-1
• 1b1c84f feat: optimize atobPolyfill performance to avoid minor gc
• 09fde58 Update base64.ts
• df91b05 add node 22
• See full diff in compare view

Updates @biomejs/biome from 2.0.6 to 2.2.4

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.2.4

2.2.4

Patch Changes

• #7453 aa8cea3 Thanks @​arendjr! - Fixed #7242: Aliases specified in package.json's imports section now support having multiple targets as part of an array.

• #7454 ac17183 Thanks @​arendjr! - Greatly improved performance of noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #7447 7139aad Thanks @​rriski! - Fixes #7446. The GritQL $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #6710 98cf9af Thanks @​arendjr! - Fixed #4723: Type inference now recognises index signatures and their accesses when they are being indexed as a string.

  Example

  type BagOfPromises = {
    // This is an index signature definition. It declares that instances of type
    // `BagOfPromises` can be indexed using arbitrary strings.
    [property: string]: Promise<void>;
  };
  let bag: BagOfPromises = {};
  // Because bag.iAmAPromise is equivalent to bag[&quot;iAmAPromise&quot;], this is
  // considered an access to the string index, and a Promise is expected.
  bag.iAmAPromise;

• #7415 d042f18 Thanks @​qraqras! - Fixed #7212, now the useOptionalChain rule recognizes optional chaining using typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• #7419 576baf4 Thanks @​Conaclos! - Fixed #7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused. It is no longer reported.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.2.4

Patch Changes

• #7453 aa8cea3 Thanks @​arendjr! - Fixed #7242: Aliases specified in package.json's imports section now support having multiple targets as part of an array.

• #7454 ac17183 Thanks @​arendjr! - Greatly improved performance of noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #7447 7139aad Thanks @​rriski! - Fixes #7446. The GritQL $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #6710 98cf9af Thanks @​arendjr! - Fixed #4723: Type inference now recognises index signatures and their accesses when they are being indexed as a string.

  Example

  type BagOfPromises = {
    // This is an index signature definition. It declares that instances of type
    // `BagOfPromises` can be indexed using arbitrary strings.
    [property: string]: Promise<void>;
  };
  let bag: BagOfPromises = {};
  // Because bag.iAmAPromise is equivalent to bag[&quot;iAmAPromise&quot;], this is
  // considered an access to the string index, and a Promise is expected.
  bag.iAmAPromise;

• #7415 d042f18 Thanks @​qraqras! - Fixed #7212, now the useOptionalChain rule recognizes optional chaining using typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• #7419 576baf4 Thanks @​Conaclos! - Fixed #7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused. It is no longer reported.

  class TsBioo {
    private member: number;
  set_with_name(name: string, value: number) {
  this[name] = value;
  }
  }

... (truncated)

Commits

• 5d212c5 ci: release (#7450)
• 351bccd chore: restore release files
• 32dbfa1 ci: release (#7413)
• 75b6a0d feat(linter): add rule noJsxLiterals (#7248)
• 53ff5ae feat(analyse/json): add noDuplicateDependencies rule (#7142)
• daa4a66 ci: release (#7306)
• 0f38ea6 chore: add new bronze sponsor (#7397)
• 7f53274 docs: safety of useSortedKeys (#6112)
• fad34b9 feat(biome_js_analyze): add UseConsistentArrowReturn rule (#7245)
• 4416573 feat(lint/vue): implement useVueMultiWordComponentNames (#7373)
• Additional commits viewable in compare view

Updates jasmine from 5.8.0 to 5.10.0

Release notes

Sourced from jasmine's releases.

v5.10.0

Please see the release notes.

v5.9.0

Please see the release notes.

Commits

• e1e9411 Bump version to 5.10.0
• 2712681 Fixed release notes
• 642b38c Bump version to 5.9.0
• 4aa1dbb Fixed startup hang when using ES module loaders in parallel mode
• 6c418b3 Fixed jsdoc description of Configuration#requires
• 48263e0 Don't test on Node versions before 18.20.5
• 4238c1e Removed shelljs dev dependency
• cd7e7b1 Removed rimraf dev dependency
• See full diff in compare view

Updates jasmine-core from 5.8.0 to 5.10.0

Release notes

Sourced from jasmine-core's releases.

v5.10.0

Please see the release notes.

v5.9.0

Please see the release notes.

Commits

• 7978ad9 Fix fn names in release notes
• af4662a Bump version to 5.10.0
• 15c38c7 Add Firefox 140 (current ESR) to supported browsers and demote 128 to best-ef...
• b597975 Fix and enable pending async expectation message spec
• 09ce3a3 Pend environment-specific specs rather than passing
• 3bcbc2e Tweak spec duration margin
• fbaba90 Merge branch 'bonkevin-html-reporter-with-duration'
• bf2e8e7 Merge branch 'bonkevin-spec-suite-properties-accessors'
• 50e566b Move beforeAll failure reporting into TreeRunner
• 4b7d5e3 Update and move remaining disabled Runner specs
• Additional commits viewable in compare view

Updates publint from 0.3.12 to 0.3.13

Release notes

Sourced from publint's releases.

[email protected]

Patch Changes

• Improve message for "main" field with empty value and has missing files (0499518)

• Update fallback arrays message for CLI output (37b9dd5)

Changelog

Sourced from publint's changelog.

0.3.13

Patch Changes

• Improve message for "main" field with empty value and has missing files (0499518)

• Update fallback arrays message for CLI output (37b9dd5)

Commits

• 89ee041 Release packages (#197)
• 0499518 Improve missing main file message
• bcb5826 Update fallback array reference message
• f7fc0cf Update dependencies
• 17efbba Slice ArrayBuffer from Buffer (#194)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for publint since your current version.

Updates puppeteer from 24.11.2 to 24.22.3

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.22.3

24.22.3 (2025-09-24)

Bug Fixes

• regression in function stringification (#14246) (773a375)
• roll to Chrome 140.0.7339.207 (#14240) (db1a654)

puppeteer: v24.22.3

24.22.3 (2025-09-24)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.22.2 to 24.22.3

puppeteer-core: v24.22.2

24.22.2 (2025-09-23)

Bug Fixes

• pipes: concat buffers instead of string concatenation (#14236) (21e54b6)

puppeteer: v24.22.2

24.22.2 (2025-09-23)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.22.1 to 24.22.2

puppeteer-core: v24.22.1

24.22.1 (2025-09-23)

... (truncated)

Changelog

Sourced from puppeteer's changelog.

24.22.3 (2025-09-24)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.22.2 to 24.22.3

Bug Fixes

• regression in function stringification (#14246) (773a375)
• roll to Chrome 140.0.7339.207 (#14240) (db1a654)

24.22.2 (2025-09-23)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.22.1 to 24.22.2

Bug Fixes

• pipes: concat buffers instead of string concatenation (#14236) (21e54b6)

24.22.1 (2025-09-23)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

... (truncated)

Commits

• cb4342d chore: release main (#14241)
• 773a375 fix: regression in function stringification (#14246)
• 81dac27 chore: bump chromium-bidi to 9.1.0 (#14245)
• 418f03c test: add more test to PipeTransport (#14243)
• db1a654 fix: roll to Chrome 140.0.7339.207 (#14240)
• b6e1492 chore: release main (#14239)
• 21e54b6 fix(pipes): concat buffers instead of string concatenation (#14236)
• 6480e25 chore: release main (#14223)
• a2dafe9 ci(fix): dispose unusable browser (#14235)
• d0e95b1 fix: replace function eval with parsing in page.evaluate() (#14226)
• Additional commits viewable in compare view

Updates rollup from 4.44.1 to 4.52.2

Release notes

Sourced from rollup's releases.

v4.52.2

4.52.2

2025-09-23

Bug Fixes

• Fix Android build crashing due to failed dlopen (#6109)

Pull Requests

• #6109: fix(rust): use prebuilt std when it is available (@​cyyynthia)

v4.52.1

4.52.1

2025-09-23

Bug Fixes

• Opt-out of dynamic import optimization when using top-level await to effectively prevent deadlocks (#6121)

Pull Requests

• #6121: Simplify top-level await deadlock prevention (@​lukastaegert)

v4.52.0

4.52.0

2025-09-19

Features

• Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#6087)
• Add support for x86_64-pc-windows-gnu platform (#6110)

Pull Requests

• #6087: fix: manualChunks and non manualChunks shared dependencies are merged with the first manualChunk encountered alphabetically (@​maiieul)
• #6110: Add support x86_64-pc-windows-gnu (@​lsq, @​lukastaegert)
• #6118: Automatically remove REPL artefacts label from PRs (@​lukastaegert)

v4.51.0

4.51.0

2025-09-19

Features

• Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#6108)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.52.2

2025-09-23

Bug Fixes

• Fix Android build crashing due to failed dlopen (#6109)

Pull Requests

• #6109: fix(rust): use prebuilt std when it is available (@​cyyynthia)

4.52.1

2025-09-23

Bug Fixes

• Opt-out of dynamic import optimization when using top-level await to effectively prevent deadlocks (#6121)

Pull Requests

• #6121: Simplify top-level await deadlock prevention (@​lukastaegert)

4.52.0

2025-09-19

Features

• Add option output.onlyExplicitManualChunks to turn off merging additional dependencies into manual chunks (#6087)
• Add support for x86_64-pc-windows-gnu platform (#6110)

Pull Requests

• #6087: fix: manualChunks and non manualChunks shared dependencies are merged with the first manualChunk encountered alphabetically (@​maiieul)
• #6110: Add support x86_64-pc-windows-gnu (@​lsq, @​lukastaegert)
• #6118: Automatically remove REPL artefacts label from PRs (@​lukastaegert)

4.51.0

2025-09-19

Features

• Support ROLLUP_FILE_URL_OBJ placeholder to inject file URLs into the generated code (#6108)

Bug Fixes

• Improve OpenHarmony build to work in more situations (#6115)

... (truncated)

Commits

• fa2315c 4.52.2
• 10b2672 fix(rust): use prebuilt std when it is available (#6109)
• 69b5dd3 4.52.1
• 5eee44c Simplify top-level await deadlock prevention (#6121)
• 2029f63 4.52.0
• 039ba6b Fix release script for commits without GitHub authors
• 98f5d35 Automatically remove REPL artefacts label from PRs (#6118)
• 3f124ba fix: manualChunks and non manualChunks shared dependencies are merged with th...
• a0bb78c Add support x86_64-pc-windows-gnu (#6110)
• 1748736 4.51.0
• Additional commits viewable in compare view

Updates typescript from 5.8.3 to 5.9.2

Release notes

Sourced from typescript's releases.

TypeScript 5.9

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

TypeScript 5.9 RC

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

• npm

TypeScript 5.9 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

• npm

Commits

• be86783 Give more specific errors for verbatimModuleSyntax (#62113)
• 22ef577 LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250714...
• d5a414c Don't use noErrorTruncation when printing types with maximumLength set (#...
• f14b5c8 Remove unused and confusing dom.iterable.d.ts file (#62037)
• 2778e84 Restore AbortSignal.abort (#62086)
• 65cb4bd LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250710...
• 9e20e03 Clear out checker-level stacks on pop (#62016)
• 87740bc Fix for Issue 61081 (#61221)
• 833a8d4 Fix Symbol completion priority and cursor positioning (#61945)
• 0018c9f LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250702...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.