deps: bump the dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the dependencies group with 8 updates in the / directory:

Package	From	To
@standard-schema/spec	1.0.0	1.1.0
@biomejs/biome	2.3.8	2.3.10
effect	3.19.12	3.19.13
jsdom	27.3.0	27.4.0
lefthook	2.0.12	2.0.13
vite	7.2.7	7.3.0
vitest	4.0.15	4.0.16
zod	4.2.0	4.2.1

Updates @standard-schema/spec from 1.0.0 to 1.1.0

Release notes

Sourced from @​standard-schema/spec's releases.

v1.1.0

Adds the Standard JSON Schema specification.

Please refer to the README and standardschema.dev for more details.

Commits

• 2c4e37f Merge pull request #134 from standard-schema/json-schema
• 395ee95 Add json-integrate
• 1a5ccf3 Improve json-integrate
• 1dbb6d2 Improve docs
• b081dbb Update site
• 87bc20f Add pullfrog.yml workflow
• 3a1b9ea Add examples table
• f16ef72 Update website
• ea2436d Update JSON Schema compatibility table with Valibot details
• 727c24a update arktype implementation version and pr
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.3.8 to 2.3.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.10

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

What's Changed

• feat: new Turborepo domain and noUndeclaredEnvVars rule by @​anthonyshew in biomejs/biome#8426
• fix(noExtraNonNullAssertion): fix regression by @​dyc3 in biomejs/biome#8477
• fix(analyze/js): index ts constructor methods in semantic model (regression) by @​dyc3 in biomejs/biome#8479
• fix(lint): lint/suspicous/noRedeclare should not report redeclarations for infer type in conditional types by @​taga3s in biomejs/biome#8417
• fix(noLeakedRender): eslint rule name fix by @​vsn4ik in biomejs/biome#8420
• chore: add kraken as bronze sponsor by @​dyc3 in biomejs/biome#8486
• fix(linter): improve Vue defineProps handling in noVueReservedKeys by @​mdevils in biomejs/biome#8448
• fix(cli): colors with multi-codepoints characters by @​ematipico in biomejs/biome#8410
• feat(lint): implement noAmbiguousAnchorText by @​Netail in biomejs/biome#8372
• ci: release by @​github-actions[bot] in biomejs/biome#8474
• docs: fix typos for assist/actions/organize-imports by @​sergioness in biomejs/biome#8490

New Contributors

• @​taga3s made their first contribution in biomejs/biome#8417
• @​vsn4ik made their first contribution in biomejs/biome#8420
• @​sergioness made their first contribution in biomejs/biome#8490

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

... (truncated)

Commits

• fd279f3 ci: release (#8474)
• b352ee4 feat(lint): implement noAmbiguousAnchorText (#8372)
• 67546bc chore: add kraken as bronze sponsor (#8486)
• 285d932 feat: new Turborepo domain and noUndeclaredEnvVars rule (#8426)
• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• Additional commits viewable in compare view

Updates effect from 3.19.12 to 3.19.13

Release notes

Sourced from effect's releases.

effect@3.19.13

Patch Changes

• #5911 77eeb86 Thanks @​mattiamanzati! - Add test for ensuring typeConstructor is attached

• #5910 287c32c Thanks @​mattiamanzati! - Add typeConstructor annotation for Schema

Changelog

Sourced from effect's changelog.

3.19.13

Patch Changes

• #5911 77eeb86 Thanks @​mattiamanzati! - Add test for ensuring typeConstructor is attached

• #5910 287c32c Thanks @​mattiamanzati! - Add typeConstructor annotation for Schema

Commits

• 431c997 Version Packages (#5909)
• 77eeb86 Add test for ensuring typeConstructor is attached (#5911)
• 287c32c Add typeConstructor annotation for Schema (#5910)
• See full diff in compare view

Updates jsdom from 27.3.0 to 27.4.0

Release notes

Sourced from jsdom's releases.

Version 27.4.0

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

Changelog

Sourced from jsdom's changelog.

27.4.0

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

Commits

• 098d16d Version 27.4.0
• 1cd029e Improve asciiLowercase/asciiUppercase performance
• 83fcb62 Implement TextEncoder and TextDecoder; improve XML decoding
• ddad97d Switch from iconv-lite to exodus/bytes for decoding
• 25cb2a1 Use weak references for ranges
• ed4f5ed Add currently-failing CSS regression tests
• See full diff in compare view

Updates lefthook from 2.0.12 to 2.0.13

Release notes

Sourced from lefthook's releases.

v2.0.13

Changelog

• 009da6884b03e65c7d920ff0fd8ea53a49de6929 chore: add more tests (#1244)
• ab93c17f526d064a169fca6cc6df42807b8737b4 docs(output): remove duplicate config: false description (#1245)
• 862908827582ffe87483692b963c5ad8fec3ef71 fix: allow custom hooks in JSON schema by updating generator (#1250)
• aeb326c728cf1b86e5ea60b2138f498954792590 fix: set extends to empty slice after loading remotes (#1259)

Changelog

Sourced from lefthook's changelog.

2.0.13 (2025-12-26)

• fix: set extends to empty slice after loading remotes (#1259) by @​mrexox
• fix: allow custom hooks in JSON schema by updating generator (#1250) by @​jeonghoon11
• docs: remove duplicate config: false description (#1245) by @​scop
• chore: add more tests (#1244) by @​mrexox

Commits

• af9f514 2.0.13: allow non-git hooks in jsonscheme
• aeb326c fix: set extends to empty slice after loading remotes (#1259)
• 8629088 fix: allow custom hooks in JSON schema by updating generator (#1250)
• ab93c17 docs(output): remove duplicate config: false description (#1245)
• 009da68 chore: add more tests (#1244)
• See full diff in compare view

Updates vite from 7.2.7 to 7.3.0

Release notes

Sourced from vite's releases.

v7.3.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.3.0 (2025-12-15)

Features

• deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

Commits

• acf7e05 release: v7.3.0
• cff26ec feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (#21183)
• See full diff in compare view

Updates vitest from 4.0.15 to 4.0.16

Release notes

Sourced from vitest's releases.

v4.0.16

   🐞 Bug Fixes

• Fix browser mode default testTimeout back to 15 seconds  -  by @​hi-ogawa in vitest-dev/vitest#9167 (da0ad)
• Avoid crashing on process.versions stub  -  by @​AriPerkkio in vitest-dev/vitest#9174 (78cfb)
• Reject calling suite function inside test  -  by @​hi-ogawa in vitest-dev/vitest#9198 (1a259)
• Allow inlining fully dynamic import  -  by @​hi-ogawa in vitest-dev/vitest#9137 (56851)
• Fix module graph UI on html reporter with headless browser mode  -  by @​hi-ogawa in vitest-dev/vitest#9219 (60642)
• Log deprecated test.poolOptions if it's set  -  by @​sheremet-va in vitest-dev/vitest#9226 (f7f6a)
• browser:
  • Import recordArtifact from the vitest package  -  by @​macarie in vitest-dev/vitest#9186 (01c56)
  • Fix import.meta.env define  -  by @​hi-ogawa in vitest-dev/vitest#9205 (01a9a)
  • String formatting bug when including placeholders in console.log  -  by @​michael-debs and @​hi-ogawa in vitest-dev/vitest#9030 and vitest-dev/vitest#9131 (84a30)
• coverage:
  • Istanbul untested files source maps are off  -  by @​AriPerkkio in vitest-dev/vitest#9208 (372e8)
• experimental:
  • Export setupEnvironment for custom pools  -  by @​AriPerkkio in vitest-dev/vitest#9187 (5d26b)

    View changes on GitHub

Commits

• b46d744 chore: release v4.0.16
• 84a3062 fix(browser): string formatting bug when including placeholders in console.lo...
• f7f6aa8 fix: log deprecated test.poolOptions if it's set (#9226)
• 568513c fix: allow inlining fully dynamic import (#9137)
• 5d26b87 fix(experimental): export setupEnvironment for custom pools (#9187)
• f17eb42 refactor: avoid using isFileServingAllowed from Vite (#9160)
• 78cfbf9 fix: avoid crashing on process.versions stub (#9174)
• da0ade2 fix: fix browser mode default testTimeout back to 15 seconds (#9167)
• See full diff in compare view

Updates zod from 4.2.0 to 4.2.1

Release notes

Sourced from zod's releases.

v4.2.1

Commits:

• 5b5b129315fbc94a3b0d6244185eaeefcbe438d1 4.2.1

Commits

• 5b5b129 4.2.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7150c46

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR