Bump the dev-deps group across 1 directory with 4 updates by dependabot[bot] · Pull Request #147 · G4brym/workers-qb

dependabot · 2026-02-02T19:12:51Z

Bumps the dev-deps group with 2 updates in the / directory: @biomejs/biome and @cloudflare/vitest-pool-workers.

Updates @biomejs/biome from 2.3.12 to 2.3.13

Release notes

Sourced from @biomejs/biome's releases.

Biome CLI v2.3.13

2.3.13

Patch Changes
#8815 f924f23 Thanks @dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

Now treated valid:
<div @keydown.arrow-down="handler"></div>
<div @keydown.a="handler"></div>
<div @keydown.b="handler"></div>
<div @keydown.27="foo"></div>
#8856 85f81f9 Thanks @dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

#8850 2a190e0 Thanks @dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

#8863 79386e0 Thanks @dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

#8771 6f56b6e Thanks @lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

#8714 ac3a71f Thanks @Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.
What's Changed

fix(dx/codegen): don't insert module into biome_rule_options/src/lib.rs if it already exists by @dyc3 in biomejs/biome#8847

feat(js_analyze): implement useConsistentEnumValueType by @Netail in biomejs/biome#8714

fix(parse/html/vue): parse dynamic slot directives that contain quotes by @dyc3 in biomejs/biome#8856

fix(parse/css): improve parsing of @utility names by @dyc3 in biomejs/biome#8850

fix(cli): improve RuleName ordering and update summary snapshots close #8730 by @lghuahua in biomejs/biome#8771

fix(useVueValidVOn): align more with source rule, also use phf hash sets for perf by @dyc3 in biomejs/biome#8815

fix(migrate): fix migrate command not picking up rules for css, graphql, html by @dyc3 in biomejs/biome#8863

chore(deps): update dependency tombi to v0.7.23 by @renovate[bot] in biomejs/biome#8865

chore(deps): update pnpm to v10.28.1 by @renovate[bot] in biomejs/biome#8866

chore(deps): update rust crate proc-macro2 to 1.0.106 by @renovate[bot] in biomejs/biome#8867

chore(deps): update rust crate quote to 1.0.44 by @renovate[bot] in biomejs/biome#8868

fix(deps): update @biomejs packages by @renovate[bot] in biomejs/biome#8869

chore(deps): update rust crate schemars to 1.2.0 by @renovate[bot] in biomejs/biome#8875

chore(deps): update @biomejs packages by @renovate[bot] in biomejs/biome#8872

chore(deps): update github-actions by @renovate[bot] in biomejs/biome#8873

chore(deps): update typescript-eslint monorepo to v8.53.1 by @renovate[bot] in biomejs/biome#8877

fix(deps): update dependency prettier to v3.8.1 by @renovate[bot] in biomejs/biome#8878

chore(deps): update rust crate tokio to 1.49.0 by @renovate[bot] in biomejs/biome#8876

ci: release by @github-actions[bot] in biomejs/biome#8853

... (truncated)

Changelog

Sourced from @biomejs/biome's changelog.

2.3.13

Patch Changes
#8815 f924f23 Thanks @dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

Now treated valid:
<div @keydown.arrow-down="handler"></div>
<div @keydown.a="handler"></div>
<div @keydown.b="handler"></div>
<div @keydown.27="foo"></div>
#8856 85f81f9 Thanks @dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

#8850 2a190e0 Thanks @dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

#8863 79386e0 Thanks @dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

#8771 6f56b6e Thanks @lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

#8714 ac3a71f Thanks @Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

Commits

2c5e505 ci: release (#8853)
ac3a71f feat(js_analyze): implement useConsistentEnumValueType (#8714)
See full diff in compare view

Updates @cloudflare/vitest-pool-workers from 0.12.6 to 0.12.8

Release notes

Sourced from @cloudflare/vitest-pool-workers's releases.

@cloudflare/vitest-pool-workers@0.12.8

Patch Changes

Updated dependencies [8a210af, eb8a415, 3b06b18, 17961bb, 52fdfe7, 6d8d9cd, cb72c11]:

[email protected]

[email protected]

@cloudflare/vitest-pool-workers@0.12.7

Patch Changes

#12056 6d5f69f Thanks @edmundhung! - fix: allow Vite query parameters like ?raw on .sql file imports

Importing .sql files with Vite query parameters (e.g., import sql from "./query.sql?raw") would fail with "No such module" errors in vitest-pool-workers 0.12.x. Both import styles now work:

import sql from "./query.sql?raw" (Vite handles the ?raw transform)

import sql from "./query.sql" (loaded as Text module)

#11917 7b40ceb Thanks @ksawaneh! - Fix CommonJS require() of .json files in the module fallback service (avoids SyntaxError: Unexpected token ':').

#11897 bbd8a5e Thanks @dario-piotrowicz! - Bundle the zod dependency to reduce supply chain attack surface

In order to prevent possible npm vulnerability attacks, the team's policy is to bundle dependencies in our packages where possible. This helps ensure that only trusted code runs on the user's system, even if compromised packages are later published to npm.

This change bundles zod (a pure JavaScript validation library with no native dependencies) into miniflare and @cloudflare/vitest-pool-workers.

Other dependencies remain external for technical reasons:

sharp: Native binary with platform-specific builds

undici: Dynamically required at runtime in worker threads

ws: Has optional native bindings for performance

workerd: Native binary (Cloudflare's JavaScript runtime)

@cspotcode/source-map-support: Uses require.cache manipulation at runtime

youch: Dynamically required for lazy loading

Updated dependencies [a0a9ef6, ad4666c, 014e7aa, e414f05, 77e82d2, f08ef21, 0641e6c, eacedba, 05714f8, e8b2ef5, bbd8a5e]:

[email protected]

[email protected]

Changelog

Sourced from @cloudflare/vitest-pool-workers's changelog.

0.12.8

Patch Changes

Updated dependencies [8a210af, eb8a415, 3b06b18, 17961bb, 52fdfe7, 6d8d9cd, cb72c11]:

[email protected]

[email protected]

0.12.7

Patch Changes

#12056 6d5f69f Thanks @edmundhung! - fix: allow Vite query parameters like ?raw on .sql file imports

Importing .sql files with Vite query parameters (e.g., import sql from "./query.sql?raw") would fail with "No such module" errors in vitest-pool-workers 0.12.x. Both import styles now work:

import sql from "./query.sql?raw" (Vite handles the ?raw transform)

import sql from "./query.sql" (loaded as Text module)

#11917 7b40ceb Thanks @ksawaneh! - Fix CommonJS require() of .json files in the module fallback service (avoids SyntaxError: Unexpected token ':').

#11897 bbd8a5e Thanks @dario-piotrowicz! - Bundle the zod dependency to reduce supply chain attack surface

In order to prevent possible npm vulnerability attacks, the team's policy is to bundle dependencies in our packages where possible. This helps ensure that only trusted code runs on the user's system, even if compromised packages are later published to npm.

This change bundles zod (a pure JavaScript validation library with no native dependencies) into miniflare and @cloudflare/vitest-pool-workers.

Other dependencies remain external for technical reasons:

sharp: Native binary with platform-specific builds

undici: Dynamically required at runtime in worker threads

ws: Has optional native bindings for performance

workerd: Native binary (Cloudflare's JavaScript runtime)

@cspotcode/source-map-support: Uses require.cache manipulation at runtime

youch: Dynamically required for lazy loading

Updated dependencies [a0a9ef6, ad4666c, 014e7aa, e414f05, 77e82d2, f08ef21, 0641e6c, eacedba, 05714f8, e8b2ef5, bbd8a5e]:

[email protected]

[email protected]

Commits

95154f5 Version Packages (#12184)
1228dee Version Packages (#12045)
7b40ceb [vitest-pool-workers] Fix JSON require() in module fallback (#11917)
bbd8a5e Minimize the number of the Miniflare package dependencies (#11897)
6d5f69f fix(vitest-pool-workers): allow Vite query parameters like ?raw on module i...
See full diff in compare view

Updates @cloudflare/workers-types from 4.20260124.0 to 4.20260131.0

Commits

See full diff in compare view

Updates wrangler from 4.60.0 to 4.61.1

Release notes

Sourced from wrangler's releases.

[email protected]

Patch Changes

#12189 eb8a415 Thanks @NuroDev! - Fixed Durable Object missing migrations warning message.

If a Workers project includes some durable_objects in it but no migrations we show a warning to the user to add migrations to their config. However, this warning recommended new_classes for their migrations, but we instead now recommend all users use new_sqlite_classes instead.

#11804 3b06b18 Thanks @emily-shen! - fix: allow d1 execute, d1 export, and d1 migrations to work locally without database_id in config.

#12183 17961bb Thanks @dependabot! - chore: update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260124.0 1.20260127.0

#12196 52fdfe7 Thanks @dependabot! - chore: update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260127.0 1.20260128.0

#12199 6d8d9cd Thanks @petebacondarwin! - Prevent wrangler logout from failing when the Wrangler configuration file is invalid

Previously, if your wrangler.toml or wrangler.json file contained syntax errors or invalid values, the wrangler logout command would fail. Now, configuration parsing errors are caught and logged at debug level, allowing you to log out regardless of the state of your configuration file.

#12153 cb72c11 Thanks @petebacondarwin! - Sanitize commands and arguments in telemetry to prevent accidentally capturing sensitive information.

Changes:

Renamed telemetry fields from command/args to sanitizedCommand/sanitizedArgs to distinguish from historical fields that may have contained sensitive data in older versions

Command names now come from command definitions rather than user input, preventing accidental capture of sensitive data pasted as positional arguments

Sentry breadcrumbs now use the safe command name from definitions

Argument values are only included if explicitly allowed via COMMAND_ARG_ALLOW_LIST

Argument keys (names) are always included since they come from command definitions, not user input

Updated dependencies [8a210af, 17961bb, 52fdfe7, 5f060c9]:

[email protected]

@cloudflare/unenv-preset@2.12.0

[email protected]

Minor Changes

#12008 e414f05 Thanks @penalosa! - Add support for customising the inspector IP address

Adds a new --inspector-ip CLI flag and dev.inspector_ip configuration option to allow customising the IP address that the inspector server listens on. Previously, the inspector was hardcoded to listen only on 127.0.0.1.

... (truncated)

Commits

95154f5 Version Packages (#12184)
6d8d9cd fix(wrangler): prevent logout from failing on invalid config (#12199)
8a210af [explorer] add implementation for local KV API (take 2) (#12152)
52fdfe7 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12196)
cb72c11 refactor(wrangler): add safe command/args handling for telemetry (#12153)
eb8a415 fix(wrangler): Update missing DO migrations message to recommend `new_sqlite_...
5f060c9 feat(unenv-preset): add native node:repl module support (#12007)
3b06b18 fix: allow D1 local commands to work without database_id (#11804)
17961bb chore(deps): bump the workerd-and-workers-types group with 2 updates (#12183)
1228dee Version Packages (#12045)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps the dev-deps group with 2 updates in the / directory: [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) and [@cloudflare/vitest-pool-workers](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/vitest-pool-workers). Updates `@biomejs/biome` from 2.3.12 to 2.3.13 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/[email protected]/packages/@biomejs/biome) Updates `@cloudflare/vitest-pool-workers` from 0.12.6 to 0.12.8 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/vitest-pool-workers/CHANGELOG.md) - [Commits](https://github.com/cloudflare/workers-sdk/commits/@cloudflare/[email protected]/packages/vitest-pool-workers) Updates `@cloudflare/workers-types` from 4.20260124.0 to 4.20260131.0 - [Release notes](https://github.com/cloudflare/workerd/releases) - [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md) - [Commits](https://github.com/cloudflare/workerd/commits) Updates `wrangler` from 4.60.0 to 4.61.1 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Commits](https://github.com/cloudflare/workers-sdk/commits/[email protected]/packages/wrangler) --- updated-dependencies: - dependency-name: "@biomejs/biome" dependency-version: 2.3.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-deps - dependency-name: "@cloudflare/vitest-pool-workers" dependency-version: 0.12.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-deps - dependency-name: "@cloudflare/workers-types" dependency-version: 4.20260131.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-deps - dependency-name: wrangler dependency-version: 4.61.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-deps ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 2, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/dev-deps-5760bb60af branch from 47c780c to b21e77f Compare March 9, 2026 18:06

dependabot bot force-pushed the dependabot/npm_and_yarn/dev-deps-5760bb60af branch from b21e77f to b90d8fa Compare March 16, 2026 17:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dev-deps group across 1 directory with 4 updates#147

Bump the dev-deps group across 1 directory with 4 updates#147
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-deps-5760bb60af

dependabot bot commented on behalf of github Feb 2, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Biome CLI v2.3.13

2.3.13

Patch Changes

What's Changed

2.3.13

Patch Changes

@​cloudflare/vitest-pool-workers@​0.12.8

Patch Changes

@​cloudflare/vitest-pool-workers@​0.12.7

Patch Changes

0.12.8

Patch Changes

0.12.7

Patch Changes

[email protected]

Patch Changes

[email protected]

Minor Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Feb 2, 2026 •

edited

Loading

`@cloudflare/vitest-pool-workers@0`.12.8

`@cloudflare/vitest-pool-workers@0`.12.7