Bump the dev-dependencies group with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates:

Package	From	To
@biomejs/biome	2.4.9	2.4.10
@storybook/html-vite	10.3.3	10.3.4
storybook	10.3.3	10.3.4
vitest	4.1.1	4.1.2
@hono/node-server	1.19.11	1.19.12
@playwright/test	1.58.2	1.59.1

Updates @biomejs/biome from 2.4.9 to 2.4.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.10

2.4.10

Patch Changes

• #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

  The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

  // Invalid
  setTimeout("alert('Hello');", 100);
  // Valid
  setTimeout(() => alert("Hello"), 100);

• #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

• #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

• #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

  Previously, only the global process object was flagged:

  import process from "node:process";
  // This was not flagged, but now it is:
  console.log(process.env.NODE_ENV);

• #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

• #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

  Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

  Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

• #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

• #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

• #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

• #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

• #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.10

Patch Changes

• #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

  The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

  // Invalid
  setTimeout("alert('Hello');", 100);
  // Valid
  setTimeout(() => alert("Hello"), 100);

• #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

• #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

• #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

  Previously, only the global process object was flagged:

  import process from "node:process";
  // This was not flagged, but now it is:
  console.log(process.env.NODE_ENV);

• #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

• #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

  Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

  Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

• #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

• #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

• #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

• #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

• #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

• #9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

... (truncated)

Commits

• fcf216d ci: release (#9622)
• 8b7f55c chore: update sponsors (#9714)
• 9856a87 feat(lint/js): add noUnsafePlusOperands (#9695)
• 5bfee36 fix(useVueValidVBind): don't flag missing arguments (#9643)
• f3a6a6b feat(linter): add noImpliedEval rule (#8838)
• See full diff in compare view

Updates @storybook/html-vite from 10.3.3 to 10.3.4

Release notes

Sourced from @​storybook/html-vite's releases.

v10.3.4

10.3.4

• Addon-a11y: Clear status transition timer on unmount to prevent test flake - #34203, thanks @​mixelburg!
• Bug: Skip re-processing already transformed config files for CSF factories - #34273, thanks @​huang-julien!
• Builder-Vite: Use djb2 hash to prevent variable name collisions in builder-vite - #34274, thanks @​chida09!
• CLI: Prompt for init crash reports - #34316, thanks @​JReinhold!
• CSF4: Fix duplicate preview loading issue in Vitest - #34361, thanks @​valentinpalkovic!
• Core: Fix WebSocket connection for StackBlitz/WebContainers - #34281, thanks @​ghengeveld!
• React-Docgen: Try .tsx fallback when resolving .js ESM imports in docgen resolvers - #34393, thanks @​mixelburg!
• React-Vite: Upgrade @​joshwooding/vite-plugin-react-docgen-typescript to 0.7.0 - #34335, thanks @​beeswhacks!

Changelog

Sourced from @​storybook/html-vite's changelog.

10.3.4

• Addon-a11y: Clear status transition timer on unmount to prevent test flake - #34203, thanks @​mixelburg!
• Bug: Skip re-processing already transformed config files for CSF factories - #34273, thanks @​huang-julien!
• Builder-Vite: Use djb2 hash to prevent variable name collisions in builder-vite - #34274, thanks @​chida09!
• CLI: Prompt for init crash reports - #34316, thanks @​JReinhold!
• CSF4: Fix duplicate preview loading issue in Vitest - #34361, thanks @​valentinpalkovic!
• Core: Fix WebSocket connection for StackBlitz/WebContainers - #34281, thanks @​ghengeveld!
• React-Docgen: Try .tsx fallback when resolving .js ESM imports in docgen resolvers - #34393, thanks @​mixelburg!
• React-Vite: Upgrade @​joshwooding/vite-plugin-react-docgen-typescript to 0.7.0 - #34335, thanks @​beeswhacks!

Commits

• 4eff9cd Bump version from "10.3.3" to "10.3.4" [skip ci]
• See full diff in compare view

Updates storybook from 10.3.3 to 10.3.4

Release notes

Sourced from storybook's releases.

v10.3.4

10.3.4

• Addon-a11y: Clear status transition timer on unmount to prevent test flake - #34203, thanks @​mixelburg!
• Bug: Skip re-processing already transformed config files for CSF factories - #34273, thanks @​huang-julien!
• Builder-Vite: Use djb2 hash to prevent variable name collisions in builder-vite - #34274, thanks @​chida09!
• CLI: Prompt for init crash reports - #34316, thanks @​JReinhold!
• CSF4: Fix duplicate preview loading issue in Vitest - #34361, thanks @​valentinpalkovic!
• Core: Fix WebSocket connection for StackBlitz/WebContainers - #34281, thanks @​ghengeveld!
• React-Docgen: Try .tsx fallback when resolving .js ESM imports in docgen resolvers - #34393, thanks @​mixelburg!
• React-Vite: Upgrade @​joshwooding/vite-plugin-react-docgen-typescript to 0.7.0 - #34335, thanks @​beeswhacks!

Changelog

Sourced from storybook's changelog.

10.3.4

• Addon-a11y: Clear status transition timer on unmount to prevent test flake - #34203, thanks @​mixelburg!
• Bug: Skip re-processing already transformed config files for CSF factories - #34273, thanks @​huang-julien!
• Builder-Vite: Use djb2 hash to prevent variable name collisions in builder-vite - #34274, thanks @​chida09!
• CLI: Prompt for init crash reports - #34316, thanks @​JReinhold!
• CSF4: Fix duplicate preview loading issue in Vitest - #34361, thanks @​valentinpalkovic!
• Core: Fix WebSocket connection for StackBlitz/WebContainers - #34281, thanks @​ghengeveld!
• React-Docgen: Try .tsx fallback when resolving .js ESM imports in docgen resolvers - #34393, thanks @​mixelburg!
• React-Vite: Upgrade @​joshwooding/vite-plugin-react-docgen-typescript to 0.7.0 - #34335, thanks @​beeswhacks!

Commits

• 4eff9cd Bump version from "10.3.3" to "10.3.4" [skip ci]
• 21d37fd Merge pull request #34224 from storybookjs/chore/removeprettierrc
• 4eb227b Build: Move prettier to oxfmt
• ff9d121 Merge pull request #34316 from storybookjs/jeppe/fix-error-reports-on-init
• 5bc8686 Merge pull request #34281 from storybookjs/fix-stackblitz-websocket
• See full diff in compare view

Updates vitest from 4.1.1 to 4.1.2

Release notes

Sourced from vitest's releases.

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

• Don't resolve setupFiles from parent directory  -  by @​hi-ogawa in vitest-dev/vitest#9960 (7aa93)
• Ensure sequential mock/unmock resolution  -  by @​hi-ogawa and Claude Opus 4.6 in vitest-dev/vitest#9830 (7c065)
• browser: Take failure screenshot if toMatchScreenshot can't capture a stable screenshot  -  by @​macarie in vitest-dev/vitest#9847 (faace)
• coverage: Correct coverageConfigDefaults values and types  -  by @​Arthie in vitest-dev/vitest#9940 (b3c99)
• pretty-format: Fix output limit over counting  -  by @​hi-ogawa in vitest-dev/vitest#9965 (d3b7a)
• Disable colors if agent is detected  -  by @​sheremet-va and @​AriPerkkio in vitest-dev/vitest#9851 (6f97b)

    View changes on GitHub

Commits

• fc6f482 chore: release v4.1.2
• 6f97b55 feat: disable colors if agent is detected (#9851)
• b3c992c fix(coverage): correct coverageConfigDefaults values and types (#9940)
• 7c06598 fix: ensure sequential mock/unmock resolution (#9830)
• f54abad chore: add typo-checker skill and fix typos (#9963)
• 7aa9377 fix: don't resolve setupFiles from parent directory (#9960)
• See full diff in compare view

Updates @hono/node-server from 1.19.11 to 1.19.12

Release notes

Sourced from @​hono/node-server's releases.

v1.19.12

What's Changed

• chore: ignore claude setting by @​yusukebe in honojs/node-server#314
• fix: request draining for early 413 responses by @​usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

Commits

• 6cdb5a7 1.19.12
• 70250f7 fix: request draining for early 413 responses (#329)
• cfc08b3 chore: ignore claude setting (#314)
• See full diff in compare view

Updates @playwright/test from 1.58.2 to 1.59.1

Release notes

Sourced from @​playwright/test's releases.

v1.59.1

Bug Fixes

• [Windows] Reverted hiding console window when spawning browser processes, which caused regressions including broken codegen, --ui and show commands (#39990)

v1.59.0

🎬 Screencast

New page.screencast API provides a unified interface for capturing page content with:

• Screencast recordings
• Action annotations
• Visual overlays
• Real-time frame capture
• Agentic video receipts

Screencast recording — record video with precise start/stop control, as an alternative to the recordVideo option:

await page.screencast.start({ path: 'video.webm' });
// ... perform actions ...
await page.screencast.stop();

Action annotations — enable built-in visual annotations that highlight interacted elements and display action titles during recording:

await page.screencast.showActions({ position: 'top-right' });

screencast.showActions() accepts position ('top-left', 'top', 'top-right', 'bottom-left', 'bottom', 'bottom-right'), duration (ms per annotation), and fontSize (px). Returns a disposable to stop showing actions.

Action annotations can also be enabled in test fixtures via the video option:

// playwright.config.ts
export default defineConfig({
  use: {
    video: {
      mode: 'on',
      show: {
        actions: { position: 'top-left' },
        test: { position: 'top-right' },
      },
</tr></table> 

... (truncated)

Commits

• d466ac5 chore: mark v1.59.1 (#40005)
• 530e7e5 cherry-pick(#4004): fix(cli): kill-all should kill dashboard
• 9aa216c cherry-pick(#39994): Revert "fix(windows): hide console window when spawning ...
• 01b2b15 cherry-pick(#39980): chore: more release notes fixes
• a5cb6c9 cherry-pick(#39972): chore: expose browser.bind and browser.unbind APIs
• 99a17b5 cherry-pick(#39975): chore: support opening .trace files via .link indirection
• 43607c3 cherry-pick(#39974): chore(webkit): update Safari user-agent version to 26.4
• 62cabe1 cherry-pick(#39969): chore(npm): include all *.md from lib (#39970)
• 0c65a75 cherry-pick(#39968): chore: screencast.showActions api
• f04155b cherry-pick(#39958): chore: release notes for langs v1.59
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions