deps: bump the dependencies group across 1 directory with 6 updates #44

dependabot · 2026-01-26T08:47:09Z

Bumps the dependencies group with 6 updates in the / directory:

Package	From	To
cheerio	`1.1.2`	`1.2.0`
@biomejs/biome	`2.3.11`	`2.3.12`
effect	`3.19.14`	`3.19.15`
lefthook	`2.0.13`	`2.0.15`
vitest	`4.0.16`	`4.0.18`
zod	`4.3.5`	`4.3.6`

Updates cheerio from 1.1.2 to 1.2.0

Release notes

Sourced from cheerio's releases.

v1.2.0

What's Changed

.val() now supports button values by @kaioduarte in cheeriojs/cheerio#4175

.find() now properly scopes :scope selectors by @T0nd0Tara in cheeriojs/cheerio#4967

The isHtml utility now runtime-validates input types by @Mallikarjun-0 in cheeriojs/cheerio#4523

New Contributors

@noritaka1166 made their first contribution in cheeriojs/cheerio#4740

@kaioduarte made their first contribution in cheeriojs/cheerio#4175

@Mallikarjun-0 made their first contribution in cheeriojs/cheerio#4523

@T0nd0Tara made their first contribution in cheeriojs/cheerio#4967

Full Changelog: cheeriojs/cheerio@v1.1.2...v1.2.0

Commits

e3c7aaf 1.2.0
96bfd3e chore(package): Exclude tests from published bundle
08d396c docs(readme): Update Sponsors (#5014)
bd9d3dd build(deps-dev): bump eslint-plugin-jsdoc from 62.3.0 to 62.3.1 (#5022)
f4c8a58 build(deps): bump unist-util-visit from 5.0.0 to 5.1.0 in /website (#5027)
8fa46d5 build(deps): bump astro from 5.16.12 to 5.16.14 in /website (#5026)
8e132a6 build(deps-dev): bump @vitest/coverage-v8 from 4.0.17 to 4.0.18 (#5023)
6d31bfc build(deps-dev): bump globals from 17.0.0 to 17.1.0 (#5025)
65aa6c8 build(deps): bump @docsearch/css from 4.5.0 to 4.5.3 in /website (#5020)
5567e65 build(deps): bump astro from 5.16.11 to 5.16.12 in /website (#5021)
Additional commits viewable in compare view

Updates @biomejs/biome from 2.3.11 to 2.3.12

Release notes

Sourced from @biomejs/biome's releases.

Biome CLI v2.3.12

2.3.12

Patch Changes
#8653 047576d Thanks @dyc3! - Added new nursery rule noDuplicateAttributes to forbid duplicate attributes in HTML elements.
#8648 96d09f4 Thanks @BaeSeokJae! - Added a new nursery rule noVueOptionsApi.

Biome now reports Vue Options API usage, which is incompatible with Vue 3.6's Vapor Mode. This rule detects Options API patterns in <script> blocks, defineComponent(), and createApp() calls, helping prepare codebases for Vapor Mode adoption.

For example, the following now triggers this rule:
<script>
export default {
  data() {
    return { count: 0 };
  },
};
</script>
#8832 b08270b Thanks @Exudev! - Fixed #8809, #7985, and #8136: the noSecrets rule no longer reports false positives on common CamelCase identifiers like paddingBottom, backgroundColor, unhandledRejection, uncaughtException, and IngestGatewayLogGroup.

The entropy calculation algorithm now uses "average run length" to distinguish between legitimate CamelCase patterns (which have longer runs of same-case letters) and suspicious alternating case patterns (which have short runs).
#8793 c19fb0e Thanks @TheBaconWizard! - Properly handle parameters metavariables for arrow_function GritQL queries. The following biome search command no longer throws an error:
biome search 'arrow_function(parameters=$parameters, body=$body)'
#8561 981affb Thanks @wataryooou! - Fixed noUnusedVariables to ignore type parameters declared in ambient contexts such as declare module blocks.

#8817 652cfbb Thanks @dyc3! - Fixed #8765: The HTML parser can now parse directive modifiers with a single colon, e.g. @keydown.:.
#8704 a1914d4 Thanks @Netail! - Added the nursery rule noRootType. Disallow the usage of specified root types. (e.g. mutation and/or subscription)

Invalid:
{
  "options": {
    "disallow": ["mutation"]
  }

... (truncated)

Changelog

Sourced from @biomejs/biome's changelog.

2.3.12

Patch Changes
#8653 047576d Thanks @dyc3! - Added new nursery rule noDuplicateAttributes to forbid duplicate attributes in HTML elements.
#8648 96d09f4 Thanks @BaeSeokJae! - Added a new nursery rule noVueOptionsApi.

Biome now reports Vue Options API usage, which is incompatible with Vue 3.6's Vapor Mode. This rule detects Options API patterns in <script> blocks, defineComponent(), and createApp() calls, helping prepare codebases for Vapor Mode adoption.

For example, the following now triggers this rule:
<script>
export default {
  data() {
    return { count: 0 };
  },
};
</script>
#8832 b08270b Thanks @Exudev! - Fixed #8809, #7985, and #8136: the noSecrets rule no longer reports false positives on common CamelCase identifiers like paddingBottom, backgroundColor, unhandledRejection, uncaughtException, and IngestGatewayLogGroup.

The entropy calculation algorithm now uses "average run length" to distinguish between legitimate CamelCase patterns (which have longer runs of same-case letters) and suspicious alternating case patterns (which have short runs).
#8793 c19fb0e Thanks @TheBaconWizard! - Properly handle parameters metavariables for arrow_function GritQL queries. The following biome search command no longer throws an error:
biome search 'arrow_function(parameters=$parameters, body=$body)'
#8561 981affb Thanks @wataryooou! - Fixed noUnusedVariables to ignore type parameters declared in ambient contexts such as declare module blocks.

#8817 652cfbb Thanks @dyc3! - Fixed #8765: The HTML parser can now parse directive modifiers with a single colon, e.g. @keydown.:.
#8704 a1914d4 Thanks @Netail! - Added the nursery rule noRootType. Disallow the usage of specified root types. (e.g. mutation and/or subscription)

Invalid:
{
  "options": {
    "disallow": ["mutation"]
  }
}

... (truncated)

Commits

fd33f86 ci: release (#8671)
a53fc75 chore: update sponsors (#8844)
4ee3bda feat(graphql_analyze): implement useLoneAnonymousOperation (#8616)
71b5c6e feat(js_analyze): implement noExcessiveClassesPerFile (#8753)
d6b2bda feat(js_analyze): implement noFloatingClasses (#8754)
17ed9d3 feat(js_analyze): implement noDivRegex (#8757)
291c9f2 feat(biome_js_analyze): port useInlineScriptId from Next.js (#8624)
96d09f4 feat(lint): add noVueOptionsApi rule (#8648)
39eb545 fix(biome_configuration): revert URL brackets (#8766)
365f7aa feat(js_analyze): implement noDuplicateEnumValues (#8711)
Additional commits viewable in compare view

Updates effect from 3.19.14 to 3.19.15

Release notes

Sourced from effect's releases.

effect@3.19.15

Patch Changes

#5981 7e925ea Thanks @bxff! - Fix type inference loss in Array.flatten for complex nested structures like unions of Effects with contravariant requirements. Uses distributive indexed access (T[number][number]) in the Flatten type utility and adds const to the flatten generic parameter.

#5970 d7e75d6 Thanks @KhraksMamtsov! - fix Config.orElseIf signature

#5996 4860d1e Thanks @parischap! - fix Equal.equals plain object comparisons in structural mode

Changelog

Sourced from effect's changelog.

3.19.15

Patch Changes

#5981 7e925ea Thanks @bxff! - Fix type inference loss in Array.flatten for complex nested structures like unions of Effects with contravariant requirements. Uses distributive indexed access (T[number][number]) in the Flatten type utility and adds const to the flatten generic parameter.

#5970 d7e75d6 Thanks @KhraksMamtsov! - fix Config.orElseIf signature

#5996 4860d1e Thanks @parischap! - fix Equal.equals plain object comparisons in structural mode

Commits

3134f12 Version Packages (#5985)
4860d1e Fix prototype comparison in Equal.ts (#5996)
7e925ea Fix Array.flatten type inference loss (#5963) (#5981)
d7e75d6 fix Config.orElseIf signature (#5970)
c9dc711 doc: Clean up ZIO refs in Stream and Channel docs. (#5961)
856ec0a chore: update TSTyche to v6.0.0-beta.4 (#5498)
See full diff in compare view

Updates lefthook from 2.0.13 to 2.0.15

Release notes

Sourced from lefthook's releases.

v2.0.15

Changelog

f8dc321dd3ed3b7bdcad622a4011a268a63451e3 feat: skip scripts if args given with empty file template (#1277)

v2.0.14

Changelog

037fcdca819684123dc1c62df1d14f4402b1e245 deps: December 2025 (#1209)

e80f8927482b638bcd068136d3624d5adc83f0b2 deps: switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1261)

87350d63c401c47b9260d0023c7640e3885e0202 feat: add jsonc support (#1274)

882159f29f83b1f4f175ed5116ac48c631639deb fix: don't install custom hooks to hooks dir (#1246)

2bcab48ec33b2bf57e1a981734a73be4ea0a10ed fix: skip if any files template is empty (#1275)

Changelog

Sourced from lefthook's changelog.

2.0.15 (2026-01-13)

docs: clarify remote settings (#1260) by @mrexox

feat: skip scripts if args given with empty file template (#1277) by @mrexox

2.0.14 (2026-01-12)

fix: skip if any files template is empty (#1275) by @mrexox

feat: add jsonc support (#1274) by @mrexox

deps: switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1261) by @scop

fix: don't install custom hooks to hooks dir (#1246) by @scop

deps: December 2025 (#1209) by @mrexox

Commits

e272e4f 2.0.15: skip scripts when file template is empty in args
ccacdf7 docs: clarify remote settings (#1260)
f8dc321 feat: skip scripts if args given with empty file template (#1277)
32a3e5d 2.0.14: skip command on empty files template
2bcab48 fix: skip if any files template is empty (#1275)
87350d6 feat: add jsonc support (#1274)
e80f892 deps: switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1261)
882159f fix: don't install custom hooks to hooks dir (#1246)
037fcdc deps: December 2025 (#1209)
See full diff in compare view

Updates vitest from 4.0.16 to 4.0.18

Release notes

Sourced from vitest's releases.

v4.0.18

   🚀 Experimental Features

experimental: Add onModuleRunner hook to worker.init - by @sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

Use meta.url in createRequire - by @sheremet-va in vitest-dev/vitest#9441 (e0572)

browser: Hide injected data-testid attributes - by @sheremet-va in vitest-dev/vitest#9503 (f8989)

ui: Process artifact attachments when generating HTML reporter - by @macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

v4.0.17

   🚀 Experimental Features

Support openTelemetry for browser mode - by @hi-ogawa in vitest-dev/vitest#9180 (1ec3a)

Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation - by @Copilot, hi-ogawa and @hi-ogawa in vitest-dev/vitest#9295 (876cb)

   🐞 Bug Fixes

Improve asymmetric matcher diff readability by unwrapping container matchers - by @Copilot, sheremet-va, hi-ogawa and @hi-ogawa in vitest-dev/vitest#9330 (b2ec7)

Improve runner error when importing outside of test context - by @sheremet-va in vitest-dev/vitest#9335 (2dd3d)

Replace crypto.randomUUID to allow insecure environments (fix #9… - by @plusgut in vitest-dev/vitest#9339 and vitest-dev/vitest#9 (e6a3f)

Handle null options in addEventHandler #9371 - by @ThibautMarechal in vitest-dev/vitest#9372 and vitest-dev/vitest#9371 (40841)

Typo in browser.provider error - by @deammer in vitest-dev/vitest#9394 (4b67f)

browser:

Fix process.env and import.meta.env defines in inline project - by @hi-ogawa in vitest-dev/vitest#9239 (b70c9)

Fix upload File instance - by @hi-ogawa in vitest-dev/vitest#9294 (b6778)

Fix invalid project token for artifacts assets - by @hi-ogawa in vitest-dev/vitest#9321 (caa7d)

Log ErrorEvent.message when unhandled ErrorEvent.error is null - by @hi-ogawa in vitest-dev/vitest#9322 (5d84e)

Support fileParallelism on an instance - by @sheremet-va in vitest-dev/vitest#9328 (15006)

coverage:

Remove unnecessary istanbul-lib-source-maps usage - by @AriPerkkio in vitest-dev/vitest#9344 (b0940)

Apply patch from istanbuljs/istanbuljs#837 - by @AriPerkkio and sapphi-red in vitest-dev/vitest#9413 and vitest-dev/vitest#837 (e05ce)

fsModuleCache:

Don't store importers in cache - by @sheremet-va in vitest-dev/vitest#9422 (75136)

Add importers alongside importedModules - by @sheremet-va in vitest-dev/vitest#9423 (59f92)

mocker:

Fix mock transform with class - by @hi-ogawa in vitest-dev/vitest#9421 (d390e)

pool:

Validate environment options when reusing the worker - by @sheremet-va in vitest-dev/vitest#9349 (a8a88)

Handle worker start failures gracefully - by @AriPerkkio in vitest-dev/vitest#9337 (200da)

reporter:

Report test module if it failed to run - by @sheremet-va in vitest-dev/vitest#9272 (c7888)

runner:

Respect nested test.only within describe.only - by @Ujjwaljain16 in vitest-dev/vitest#9021 and vitest-dev/vitest#9213 (55d5d)

typecheck:

Improve error message when tsc outputs help text - by @Ujjwaljain16 in vitest-dev/vitest#9214 (7b10a)

ui:

... (truncated)

Commits

4d3e3c6 chore: release v4.0.18
ea837de feat(experimental): add onModuleRunner hook to worker.init (#9286)
e057281 fix: use meta.url in createRequire (#9441)
dd54e94 chore: release v4.0.17
59f92d4 fix(fsModuleCache): add importers alongside importedModules (#9423)
751364e fix(fsModuleCache): don't store importers in cache (#9422)
4b67fc2 fix: typo in browser.provider error (#9394)
40841ff fix: handle null options in addEventHandler #9371 (#9372)
200dadb fix(pool): handle worker start failures gracefully (#9337)
1500654 fix(browser): support fileParallelism on an instance (#9328)
Additional commits viewable in compare view

Updates zod from 4.3.5 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors

f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)

251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call

edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)

85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)

cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)

dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)

762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling

ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

Commits

ca3c862 v4.3.6
762e911 Generalize numeric key handling
dfbbf1c Avoid re-exported star modules (#5656)
cbf77bb Avoid non null assertion (#5638)
85db85e fix: typo in codec.test.ts file (#5628)
edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
251d716 Clean up workflow_call
f4b7bae Update pullfrog.yml (#5634)
9977fb0 Add brand.dev to sponsors
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [cheerio](https://github.com/cheeriojs/cheerio) | `1.1.2` | `1.2.0` | | [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.3.11` | `2.3.12` | | [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) | `3.19.14` | `3.19.15` | | [lefthook](https://github.com/evilmartians/lefthook) | `2.0.13` | `2.0.15` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.0.16` | `4.0.18` | | [zod](https://github.com/colinhacks/zod) | `4.3.5` | `4.3.6` | Updates `cheerio` from 1.1.2 to 1.2.0 - [Release notes](https://github.com/cheeriojs/cheerio/releases) - [Commits](cheeriojs/cheerio@v1.1.2...v1.2.0) Updates `@biomejs/biome` from 2.3.11 to 2.3.12 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.3.12/packages/@biomejs/biome) Updates `effect` from 3.19.14 to 3.19.15 - [Release notes](https://github.com/Effect-TS/effect/releases) - [Changelog](https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md) - [Commits](https://github.com/Effect-TS/effect/commits/effect@3.19.15/packages/effect) Updates `lefthook` from 2.0.13 to 2.0.15 - [Release notes](https://github.com/evilmartians/lefthook/releases) - [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md) - [Commits](evilmartians/lefthook@v2.0.13...v2.0.15) Updates `vitest` from 4.0.16 to 4.0.18 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.18/packages/vitest) Updates `zod` from 4.3.5 to 4.3.6 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v4.3.5...v4.3.6) --- updated-dependencies: - dependency-name: cheerio dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@biomejs/biome" dependency-version: 2.3.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: effect dependency-version: 3.19.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: lefthook dependency-version: 2.0.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: vitest dependency-version: 4.0.18 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: zod dependency-version: 4.3.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

changeset-bot · 2026-01-26T08:47:13Z

⚠️ No Changeset found

Latest commit: d1dcc9b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

dependabot · 2026-02-02T08:46:18Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 26, 2026

dependabot bot closed this Feb 2, 2026

dependabot bot deleted the dependabot/npm_and_yarn/dependencies-f834d222e5 branch February 2, 2026 08:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: bump the dependencies group across 1 directory with 6 updates #44

deps: bump the dependencies group across 1 directory with 6 updates #44

Uh oh!

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading

Uh oh!

changeset-bot bot commented Jan 26, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

deps: bump the dependencies group across 1 directory with 6 updates #44

deps: bump the dependencies group across 1 directory with 6 updates #44

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.2.0

What's Changed

New Contributors

Biome CLI v2.3.12

2.3.12

Patch Changes

2.3.12

Patch Changes

effect@3.19.15

Patch Changes

3.19.15

Patch Changes

v2.0.15

Changelog

v2.0.14

Changelog

2.0.15 (2026-01-13)

2.0.14 (2026-01-12)

v4.0.18

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.0.17

🚀 Experimental Features

🐞 Bug Fixes

v4.3.6

Commits:

Uh oh!

changeset-bot bot commented Jan 26, 2026

⚠️ No Changeset found

Uh oh!

dependabot bot commented on behalf of github Feb 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading