chore(deps-dev): bump the dev-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates in the / directory:

Package	From	To
@biomejs/biome	2.4.11	2.4.14
esmock	2.7.3	2.7.4
mockttp	4.3.0	4.3.2
mongodb-memory-server	11.0.1	11.1.0
sinon	21.1.2	22.0.0
typescript	6.0.2	6.0.3

Updates @biomejs/biome from 2.4.11 to 2.4.14

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.14

2.4.14

Patch Changes

• #9393 491b171 Thanks @​dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.

• #10157 eefc5ab Thanks @​dyc3! - Fixed #7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.

• #10054 0e9f569 Thanks @​minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

  A function annotated : object returning an object literal:

  function f(): object {
    return { retry: true };
  }

• #10116 53269eb Thanks @​jiwon79! - Fixed #6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.

• #10092 33d8543 Thanks @​Conaclos! - Fixed #9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

  Given the following organizeImports options:

  {
    "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
  }

  The following code...

  // Comment
  import "package";
  import "./file.js";

  ...was organized as:

  +
    // Comment
    import "package";
  +
    import "./file.js";

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.14

Patch Changes

• #9393 491b171 Thanks @​dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.

• #10157 eefc5ab Thanks @​dyc3! - Fixed #7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.

• #10054 0e9f569 Thanks @​minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

  A function annotated : object returning an object literal:

  function f(): object {
    return { retry: true };
  }

• #10116 53269eb Thanks @​jiwon79! - Fixed #6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.

• #10092 33d8543 Thanks @​Conaclos! - Fixed #9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

  Given the following organizeImports options:

  {
    "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
  }

  The following code...

  // Comment
  import "package";
  import "./file.js";

  ...was organized as:

  +
    // Comment
    import "package";
  +
    import "./file.js";

  A blank line was added even though the group ':NODE:' doesn't match any imports here. :BLANK_LINE: between never-matched groups and matched groups are now ignored.

... (truncated)

Commits

• 46393e0 ci: release (#10100)
• ae659dd feat(lint/js): add noExcessiveNestedCallbacks (#10188)
• d62b331 feat(lint/js): add useMathMinMax (#9926)
• 7acf1e0 feat(lint/js): add noReactStringRefs (#9922)
• 491b171 feat(lint/js): add useTestHooksOnTop (#9393)
• 4a664c1 fix(noShadow): make sure it doesn't shadow types (#10083)
• e316150 ci: release (#9991)
• 11ddc05 feat(lint): add useReactNativePlatformComponents rule and options (#10033)
• 1603f78 feat(js_analyze): implement noJsxLeakedDollar (#9911)
• c5eb92b feat(linter): add nursery rule noUnnecessaryTemplateExpression (#9969)
• Additional commits viewable in compare view

Updates esmock from 2.7.3 to 2.7.4

Release notes

Sourced from esmock's releases.

support typescript-modules

• add support for typescript modules, no tests, thanks @​mbrevda,
• add node 25.x to test matrix,
• disable tests using node-ts (seems un-maintained),
• windows tests are disabled for "tests-node", lacking windows env to resolve

Changelog

Sourced from esmock's changelog.

changelog

• 2.7.4 May.04.2026
  • update tests to resolve tests that began to fail,
  • add suuport for typescript modules, no tests, thanks @​mbrevda,
  • add node 25.x to test matrix,
  • disable tests using node-ts (seems un-maintained),
  • windows tests are disabled for "tests-node", lacking windows env to resolve
• 2.7.3 Sep.12.2025
  • drop node version 18 and 20 from tests.
  • increment some dependencies and reduce audit warnings.
  • restore ava and all other disabled test-runner tests
• 2.7.2 Sep.01.2025
  • increment resolvewithplus, match exact export paths, thanks @​matz3
• 2.7.1 Jul.01.2025
  • added node v24 to test matrix
• 2.7.0 Jan.24.2025
  • update resolver to correctly resolve openai package
  • update typescript-eslint
• 2.6.9 Oct.18.2024
  • added --glob option for rimraf usage removing un-used sources
  • added node v23 to test matrix
  • resolve v23-related error when module.exports is exported
• 2.6.8 Oct.17.2024
  • added pnpm unit-test, thanks @​darcyrush
  • resolve issue for pnpm by escaping '+' char in regexp
  • add log utility function for debugging loader
  • dropped ava and jest from test sequence, node v22 --loader issues
• 2.6.7 Jul.16.2024
  • add swc tests and remove swc caution from README thanks @​Brooooooklyn
  • unpin node 22.1 at test CI and use latest 22.x
• 2.6.6 Jun.15.2024
  • add tsx tests and remove tsx caution from README thanks @​galexite
  • pin node 22.1 at test CI and ignore regressions in new node 22
  • migrate to eslint 9
• 2.6.5 Apr.25.2024
  • add node 22 to ci test pipeline thanks @​aladdin-add
  • use json import syntax with { type: 'json' } for node 22
  • skip node 22 tests on windows-latest ci, where node 22 is in a broken state, see nodejs/node#52682
• 2.6.4 Feb.26.2024
  • update README with notice about incompatible typescript loaders
  • increment resolvewithplus to support more export patterns, see resolvewithplus v2.1.5
  • update publish spec job actions, use checkout@v4 and setup-node@v4
  • remove node 16 from test job matrix, eol 2023, Sep 11 #254
• 2.6.3 Jan.23.2024
  • resolve nested exports defined on named-properties with wildcards, eg exports: { './*': { default: './src/*/index.js' } } resolves this issue at esmock
• 2.6.2 Jan.14.2024
  • remove reserved keywords from export names lists, allows express to be mocked, thanks @​lcapel
• 2.6.1 Jan.13.2024
  • update ci job to use checkout v4

... (truncated)

Commits

• 652f693 Merge pull request #332 from iambumblehead/try-enabling-some-tests
• 224acd7 update CHANGLOG.md
• e987cef update CHANGELOG.md
• ba8cf91 disable workspaces ts-node tests
• d513dec added node-version 25.x to test matrix
• 2142e13 add additional note to CHANGELOG.md
• a339a67 increment package.json version
• 5f1865f add note that ts-node is un-maintained and tests disabled
• 09877f9 try enabling tests-workspaces ts tests
• 34f8101 leave jest-ts test disabled
• Additional commits viewable in compare view

Updates mockttp from 4.3.0 to 4.3.2

Commits

• 0e0af10 4.3.2
• 5f834cc Pin asn1 subdeps to resolve @​peculiar breaking issues in v2.7.0
• 1448822 Wait for keylog 'finish' on server.stop
• 2422abc Make keylog tests less flaky by waiting for IO explicitly
• 0ce1d54 Make abort test less flaky with a local target server
• 90afd9f Update CI Node version to match server
• 1f4ca6e Fix up the tests to pass in v25 (stricter validation catching test bugs)
• 313d5b2 Make the latest CI build really use latest Node
• ede564d Add test for now-fixed events breaking body passthrough bug
• e518dba Add a scheduled build, using the latest dep versions
• Additional commits viewable in compare view

Updates mongodb-memory-server from 11.0.1 to 11.1.0

Release notes

Sourced from mongodb-memory-server's releases.

v11.1.0

11.1.0 (2026-04-29)

Features

• resolveConfig: update default binary version to 8.2.6 (3876fad)
• update default-4.4-binary to 4.4.30 (119ef80)

Dependencies

• follow-redirects: upgrade to 1.16.0 (aed865f)
• mongodb: upgrade to 7.2.0 (b0a8b90)
• tar-stream: upgrade to 3.1.8 (026aa7f)
• yauzl: upgrade to 3.3.0 (ef4f38e)

Dev-Dependencies

• @​types/debug: upgrade to 4.1.13 (f4d5be2)
• @​types/yazl: upgrade to 3.3.1 (c329123)
• commitlint: upgrade to 20.5.2 (7640c9f)
• doctoc: upgrade to 2.4.1 (4443034)
• eslint-plugin-prettier: upgrade to 5.5.5 (f9889c4)
• eslint: upgrade to 10.2.1 (7e40e8c)
• jest: upgrade to 30.3.0 (5f7a6b2)
• lint-staged: upgrade to 16.4.0 (edd1f2d)
• prettier: upgrade to 3.8.3 (95a76d7)
• rimraf: upgrade to 6.1.3 (fddab3d)
• ts-jest: upgrade to 29.4.9 (7ed5a0f)
• typedoc: upgrade to 0.28.19 (acca60d)

Changelog

Sourced from mongodb-memory-server's changelog.

11.1.0 (2026-04-29)

Features

• resolveConfig: update default binary version to 8.2.6 (3876fad)
• update default-4.4-binary to 4.4.30 (119ef80)

Dependencies

• follow-redirects: upgrade to 1.16.0 (aed865f)
• mongodb: upgrade to 7.2.0 (b0a8b90)
• tar-stream: upgrade to 3.1.8 (026aa7f)
• yauzl: upgrade to 3.3.0 (ef4f38e)

Dev-Dependencies

• @​types/debug: upgrade to 4.1.13 (f4d5be2)
• @​types/yazl: upgrade to 3.3.1 (c329123)
• commitlint: upgrade to 20.5.2 (7640c9f)
• doctoc: upgrade to 2.4.1 (4443034)
• eslint-plugin-prettier: upgrade to 5.5.5 (f9889c4)
• eslint: upgrade to 10.2.1 (7e40e8c)
• jest: upgrade to 30.3.0 (5f7a6b2)
• lint-staged: upgrade to 16.4.0 (edd1f2d)
• prettier: upgrade to 3.8.3 (95a76d7)
• rimraf: upgrade to 6.1.3 (fddab3d)
• ts-jest: upgrade to 29.4.9 (7ed5a0f)
• typedoc: upgrade to 0.28.19 (acca60d)

Commits

• 1342553 release: v11.1.0
• See full diff in compare view

Updates sinon from 21.1.2 to 22.0.0

Changelog

Sourced from sinon's changelog.

22.0.0

• ed911df5 Update Ruby gems (Carl-Erik Kopseng)
• 75a1e5b8 Update to Node 26 (Carl-Erik Kopseng)
• 197d6608 Update documentation on faking timers to reflect the current state of fake-timers (Carl-Erik Kopseng)
• c5ddf80b Update fake-timers@15.4: includes new Temporal API (Carl-Erik Kopseng)
• f4ab02f6 Update updatable packages (Carl-Erik Kopseng)
• 0536afc8 Quality: Global mutable call id can grow unbounded across long-lived processes (#2691) (tuanaiseo)

  • refactor: global mutable call id can grow unbounded across l

  callId is module-scoped and incremented on every invocation. In long-running test runners or embedded usage, this can grow indefinitely and eventually lose integer precision semantics for strict ordering comparisons.

  Affected files: proxy-invoke.js

  Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com

  • Wrap around for all values that are too high

  ---

  Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com

• f4f7d93b Perform additional cleanup when calling callThrough() (#2670) (Cyrille)
• 6199e9e4 improve GitHubworkflows by introducing zizmor for monitoring (#2686) (Till!)

  • fix(workflows): fetch-depth is for actions/checkout
  • chore(workflows): update

  • pin all actions to precise commits
  • avoid credential leakage from actions/checkout
  • group action updates going forward
  • add zimor config to ignore "secrets outside env"
  • add job to keep validating workflows

• f7476b59 Use path.normalize() for path normalization (Carl-Erik Kopseng)
• 2c975393 fix: make build and node test scripts cross-platform (laplace young)
• a7692917 fix: isolate walk state from Object prototype (laplace young)
• 66df977a Fix sinon.restore() cascade-restoring sub-sandboxes (#2704) (Charlie Leitheiser)

  The ESM port of createApi (#2683, shipped in 21.1.0) replaced createSandbox: createSandbox with a wrapper that pushes every newly-created sandbox into the root sandbox's fake collection:

... (truncated)

Commits

• 52555af 22.0.0
• ed911df Update Ruby gems
• 75a1e5b Update to Node 26
• 197d660 Update documentation on faking timers to reflect the current state of fake-ti...
• c5ddf80 Update fake-timers@15.4: includes new Temporal API
• f4ab02f Update updatable packages
• 0536afc Quality: Global mutable call id can grow unbounded across long-lived processe...
• f4f7d93 Perform additional cleanup when calling callThrough() (#2670)
• 6199e9e improve GitHubworkflows by introducing zizmor for monitoring (#2686)
• 1519009 Merge #2703: isolate walk state from Object prototype
• Additional commits viewable in compare view

Updates typescript from 6.0.2 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).
• fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

• npm

Commits

• 050880c Bump version to 6.0.3 and LKG
• eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
• ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
• 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
• See full diff in compare view

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.