Skip to content

chore(deps): bump the linting group with 3 updates#300

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/linting-9e999cc82d
Open

chore(deps): bump the linting group with 3 updates#300
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/linting-9e999cc82d

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps the linting group with 3 updates: @biomejs/biome, @commitlint/cli and @commitlint/config-conventional.

Updates @biomejs/biome from 2.4.6 to 2.4.7

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.7

2.4.7

Patch Changes

  • #9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

    For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

    a {
  accent-color: bar;
}

  • #9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

    // Invalid
import { foo } from "foo";
const bar = 1;
import { baz } from "baz"; // ← flagged
// Valid
import { foo } from "foo";
import { baz } from "baz";
const bar = 1;

  • #9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

  • #9435 6c5a8f2 Thanks @​siketyan! - Fixed #9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

  • #9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

  • #9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

  • #9420 a1c46af Thanks @​ematipico! - Fixed #9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

  • #9416 f2581b8 Thanks @​ematipico! - Fixed #9131, #9112, #9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

  • #9344 cb4d7d7 Thanks @​ematipico! - Fixed #6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

  • #9360 bc5dd99 Thanks @​ematipico! - Fixed #7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

  • #9371 29cac17 Thanks @​ematipico! - Fixed #5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

  • #9043 61e2a02 Thanks @​dyc3! - Fixed #8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.7

Patch Changes

  • #9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

    For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

    a {
  accent-color: bar;
}

  • #9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

    // Invalid
import { foo } from "foo";
const bar = 1;
import { baz } from "baz"; // ← flagged
// Valid
import { foo } from "foo";
import { baz } from "baz";
const bar = 1;

  • #9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

  • #9435 6c5a8f2 Thanks @​siketyan! - Fixed #9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

  • #9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

  • #9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

  • #9420 a1c46af Thanks @​ematipico! - Fixed #9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

  • #9416 f2581b8 Thanks @​ematipico! - Fixed #9131, #9112, #9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

  • #9344 cb4d7d7 Thanks @​ematipico! - Fixed #6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

  • #9360 bc5dd99 Thanks @​ematipico! - Fixed #7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

  • #9371 29cac17 Thanks @​ematipico! - Fixed #5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

  • #9043 61e2a02 Thanks @​dyc3! - Fixed #8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

  • #9354 930c858 Thanks @​denbezrukov! - Improved CSS parser recovery for invalid unicode-range values that mix wildcard ranges with range intervals. For example, Biome now reports clearer diagnostics for invalid syntax like:

... (truncated)

Commits

Updates @commitlint/cli from 20.4.3 to 20.5.0

Release notes

Sourced from @​commitlint/cli's releases.

v20.5.0

20.5.0 (2026-03-15)

Bug Fixes

Features

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.4...v20.5.0

v20.4.4

20.4.4 (2026-03-12)

Bug Fixes

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.3...v20.4.4

Changelog

Sourced from @​commitlint/cli's changelog.

20.5.0 (2026-03-15)

Bug Fixes

  • cli: validate that --cwd directory exists before execution (#4658) (cf80f75), closes #4595

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/cli

Commits

Updates @commitlint/config-conventional from 20.4.3 to 20.5.0

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.5.0

20.5.0 (2026-03-15)

Bug Fixes

Features

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.4...v20.5.0

v20.4.4

20.4.4 (2026-03-12)

Bug Fixes

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.3...v20.4.4

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.5.0 (2026-03-15)

Note: Version bump only for package @​commitlint/config-conventional

20.4.4 (2026-03-12)

Note: Version bump only for package @​commitlint/config-conventional

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the linting group with 3 updates
ee489f7 
Bumps the linting group with 3 updates: [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome), [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) and [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional).


Updates `@biomejs/biome` from 2.4.6 to 2.4.7
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.7/packages/@biomejs/biome)

Updates `@commitlint/cli` from 20.4.3 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.4.3 to 20.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.5.0/@commitlint/config-conventional)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: linting
- dependency-name: "@commitlint/cli"
  dependency-version: 20.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: linting
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 20.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: linting
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 16, 2026

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from rubenmarcus as a code owner March 16, 2026 10:40
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 16, 2026

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

@github-actions github-actions bot added the chore label Mar 16, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 16, 2026

✔️ Bundle Size Analysis

Metric Value
Base 2638.70 KB
PR 2638.70 KB
Diff 0 KB (0%)
Bundle breakdown 
156K	dist/auth
80K	dist/automation
4.0K	dist/cli.d.ts
4.0K	dist/cli.d.ts.map
20K	dist/cli.js
12K	dist/cli.js.map
584K	dist/commands
28K	dist/config
4.0K	dist/index.d.ts
4.0K	dist/index.d.ts.map
4.0K	dist/index.js
4.0K	dist/index.js.map
896K	dist/integrations
100K	dist/llm
1.2M	dist/loop
188K	dist/mcp
60K	dist/presets
92K	dist/setup
40K	dist/skills
392K	dist/sources
76K	dist/ui
144K	dist/utils
336K	dist/wizard

claude[bot]
claude bot reviewed Mar 16, 2026
View reviewed changes
Copy link

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — lockfile-only patch/minor bumps of dev linting dependencies.

Extended reasoning...

Overview

This is an automated Dependabot PR that bumps three dev dependencies in the pnpm-lock.yaml lockfile: @biomejs/biome (2.4.6 → 2.4.7, patch), @commitlint/cli (20.4.3 → 20.5.0, minor), and @commitlint/config-conventional (20.4.3 → 20.5.0, minor). No source code, configuration files, or application logic is modified — only the lockfile is updated. The transitive dependency changes (e.g., git-raw-commits v4→v5, removal of dargs, split2, meow@12, addition of @conventional-changelog/git-client, tinyexec bump) are expected consequences of the commitlint minor version bump.

Security risks

No security risks. These are devDependencies used only for linting and commit message validation. They do not ship in production builds. The packages are well-known, widely-used open source tools from established maintainers (biomejs, conventional-changelog).

Level of scrutiny

Minimal scrutiny is appropriate. This is a lockfile-only change for dev tooling with no impact on production code or behavior. Dependabot PRs of this nature are routine and low-risk.

Other factors

No bugs were found by the automated bug hunting system. No outstanding reviewer comments exist. The PR has no CODEOWNERS implications since it only touches pnpm-lock.yaml. The version specifiers in package.json already allow these ranges (^2.3.13, ^20.3.1), so the lockfile update is consistent with declared constraints.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@rubenmarcus rubenmarcus Awaiting requested review from rubenmarcus rubenmarcus is a code owner

Assignees

No one assigned

Labels

chore dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants