chore: bump the development-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the development-dependencies group with 5 updates in the / directory:

Package	From	To
@biomejs/biome	2.3.11	2.3.13
@commitlint/cli	20.3.1	20.4.0
@commitlint/config-conventional	20.3.1	20.4.0
release-please	17.1.3	17.2.0
undici	7.18.2	7.19.2

Updates @biomejs/biome from 2.3.11 to 2.3.13

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.13

2.3.13

Patch Changes

• #8815 f924f23 Thanks @​dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

  Now treated valid:

  <div @keydown.arrow-down="handler"></div>
  <div @keydown.a="handler"></div>
  <div @keydown.b="handler"></div>
  <div @keydown.27="foo"></div>

• #8856 85f81f9 Thanks @​dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

• #8850 2a190e0 Thanks @​dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

• #8863 79386e0 Thanks @​dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

• #8771 6f56b6e Thanks @​lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

• #8714 ac3a71f Thanks @​Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

What's Changed

• fix(dx/codegen): don't insert module into biome_rule_options/src/lib.rs if it already exists by @​dyc3 in biomejs/biome#8847
• feat(js_analyze): implement useConsistentEnumValueType by @​Netail in biomejs/biome#8714
• fix(parse/html/vue): parse dynamic slot directives that contain quotes by @​dyc3 in biomejs/biome#8856
• fix(parse/css): improve parsing of @utility names by @​dyc3 in biomejs/biome#8850
• fix(cli): improve RuleName ordering and update summary snapshots close #8730 by @​lghuahua in biomejs/biome#8771
• fix(useVueValidVOn): align more with source rule, also use phf hash sets for perf by @​dyc3 in biomejs/biome#8815
• fix(migrate): fix migrate command not picking up rules for css, graphql, html by @​dyc3 in biomejs/biome#8863
• chore(deps): update dependency tombi to v0.7.23 by @​renovate[bot] in biomejs/biome#8865
• chore(deps): update pnpm to v10.28.1 by @​renovate[bot] in biomejs/biome#8866
• chore(deps): update rust crate proc-macro2 to 1.0.106 by @​renovate[bot] in biomejs/biome#8867
• chore(deps): update rust crate quote to 1.0.44 by @​renovate[bot] in biomejs/biome#8868
• fix(deps): update @​biomejs packages by @​renovate[bot] in biomejs/biome#8869
• chore(deps): update rust crate schemars to 1.2.0 by @​renovate[bot] in biomejs/biome#8875
• chore(deps): update @​biomejs packages by @​renovate[bot] in biomejs/biome#8872
• chore(deps): update github-actions by @​renovate[bot] in biomejs/biome#8873
• chore(deps): update typescript-eslint monorepo to v8.53.1 by @​renovate[bot] in biomejs/biome#8877
• fix(deps): update dependency prettier to v3.8.1 by @​renovate[bot] in biomejs/biome#8878
• chore(deps): update rust crate tokio to 1.49.0 by @​renovate[bot] in biomejs/biome#8876
• ci: release by @​github-actions[bot] in biomejs/biome#8853

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.13

Patch Changes

• #8815 f924f23 Thanks @​dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

  Now treated valid:

  <div @keydown.arrow-down="handler"></div>
  <div @keydown.a="handler"></div>
  <div @keydown.b="handler"></div>
  <div @keydown.27="foo"></div>

• #8856 85f81f9 Thanks @​dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

• #8850 2a190e0 Thanks @​dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

• #8863 79386e0 Thanks @​dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

• #8771 6f56b6e Thanks @​lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

• #8714 ac3a71f Thanks @​Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

2.3.12

Patch Changes

• #8653 047576d Thanks @​dyc3! - Added new nursery rule noDuplicateAttributes to forbid duplicate attributes in HTML elements.

• #8648 96d09f4 Thanks @​BaeSeokJae! - Added a new nursery rule noVueOptionsApi.

  Biome now reports Vue Options API usage, which is incompatible with Vue 3.6's Vapor Mode. This rule detects Options API patterns in <script> blocks, defineComponent(), and createApp() calls, helping prepare codebases for Vapor Mode adoption.

  For example, the following now triggers this rule:

  <script>
  export default {
    data() {
      return { count: 0 };
    },
  };
  </script>

• #8832 b08270b Thanks @​Exudev! - Fixed #8809, #7985, and #8136: the noSecrets rule no longer reports false positives on common CamelCase identifiers like paddingBottom, backgroundColor, unhandledRejection, uncaughtException, and IngestGatewayLogGroup.

... (truncated)

Commits

• 2c5e505 ci: release (#8853)
• ac3a71f feat(js_analyze): implement useConsistentEnumValueType (#8714)
• fd33f86 ci: release (#8671)
• a53fc75 chore: update sponsors (#8844)
• 4ee3bda feat(graphql_analyze): implement useLoneAnonymousOperation (#8616)
• 71b5c6e feat(js_analyze): implement noExcessiveClassesPerFile (#8753)
• d6b2bda feat(js_analyze): implement noFloatingClasses (#8754)
• 17ed9d3 feat(js_analyze): implement noDivRegex (#8757)
• 291c9f2 feat(biome_js_analyze): port useInlineScriptId from Next.js (#8624)
• 96d09f4 feat(lint): add noVueOptionsApi rule (#8648)
• Additional commits viewable in compare view

Updates @commitlint/cli from 20.3.1 to 20.4.0

Release notes

Sourced from @​commitlint/cli's releases.

v20.4.0

20.4.0 (2026-01-30)

Features

• feat: upgrade conventional commit packages #4082 by @​escapedcat in conventional-changelog/commitlint#4597

Refactor

• refactor: replace lodash.uniq with simple code by @​hyperz111 in conventional-changelog/commitlint#4600
• refactor: replace lodash.isplainobject with is-plain-obj" by @​hyperz111 in conventional-changelog/commitlint#4601
• refactor(ensure): replace all lodash string methods with kasi and manual by @​hyperz111 in conventional-changelog/commitlint#4602
• refactor: replace lodash.merge with lodash.mergewith by @​hyperz111 in conventional-changelog/commitlint#4603
• refactor: remove lodash.isfunction dependency by @​escapedcat in conventional-changelog/commitlint#4604
• refactor: replace find-up with escalade by @​hyperz111 in conventional-changelog/commitlint#4605
• refactor: replace chalk with picocolors by @​escapedcat in conventional-changelog/commitlint#4599

New Contributors

• @​hyperz111 made their first contribution in conventional-changelog/commitlint#4600

Full Changelog: conventional-changelog/commitlint@v20.3.1...v20.4.0

Changelog

Sourced from @​commitlint/cli's changelog.

20.4.0 (2026-01-30)

Features

• upgrade conventional commit packages #4082 (#4597) (3aaf0a6)

Commits

• c68de5e v20.4.0
• 3aaf0a6 feat: upgrade conventional commit packages #4082 (#4597)
• 1828d6e refactor: replace lodash.merge with lodash.mergewith (#4603)
• See full diff in compare view

Updates @commitlint/config-conventional from 20.3.1 to 20.4.0

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.4.0

20.4.0 (2026-01-30)

Features

• feat: upgrade conventional commit packages #4082 by @​escapedcat in conventional-changelog/commitlint#4597

Refactor

• refactor: replace lodash.uniq with simple code by @​hyperz111 in conventional-changelog/commitlint#4600
• refactor: replace lodash.isplainobject with is-plain-obj" by @​hyperz111 in conventional-changelog/commitlint#4601
• refactor(ensure): replace all lodash string methods with kasi and manual by @​hyperz111 in conventional-changelog/commitlint#4602
• refactor: replace lodash.merge with lodash.mergewith by @​hyperz111 in conventional-changelog/commitlint#4603
• refactor: remove lodash.isfunction dependency by @​escapedcat in conventional-changelog/commitlint#4604
• refactor: replace find-up with escalade by @​hyperz111 in conventional-changelog/commitlint#4605
• refactor: replace chalk with picocolors by @​escapedcat in conventional-changelog/commitlint#4599

New Contributors

• @​hyperz111 made their first contribution in conventional-changelog/commitlint#4600

Full Changelog: conventional-changelog/commitlint@v20.3.1...v20.4.0

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.4.0 (2026-01-30)

Features

• upgrade conventional commit packages #4082 (#4597) (3aaf0a6)

Commits

• c68de5e v20.4.0
• 3aaf0a6 feat: upgrade conventional commit packages #4082 (#4597)
• See full diff in compare view

Updates release-please from 17.1.3 to 17.2.0

Release notes

Sourced from release-please's releases.

v17.2.0

17.2.0 (2026-01-20)

Features

• add --force-tag option to explicitly create git tags for releases. (#2627) (e3eba37)
• add include-v-in-release-name config option (#2633) (84a43ef)
• dependency-manifest.ts: add support for Dependabot commit messages (#2584) (6a9ddb7)

Changelog

Sourced from release-please's changelog.

17.2.0 (2026-01-20)

Features

• add --force-tag option to explicitly create git tags for releases. (#2627) (e3eba37)
• add include-v-in-release-name config option (#2633) (84a43ef)
• dependency-manifest.ts: add support for Dependabot commit messages (#2584) (6a9ddb7)

Commits

• b962a0f chore(main): release 17.2.0 (#2616)
• c228c33 ci: split engines install test from units (#2647)
• e3eba37 feat: add --force-tag option to explicitly create git tags for releases. (#2627)
• 9393f4b build(deps): bump diff from 7.0.0 to 8.0.3 (#2650)
• 3f51d0f chore: fix lint failures (#2630)
• e6bc18a docs: fix incorrect default value for include-v-in-tag option (#2646)
• a5c96ae chore(deps): remove devDependency on types/pino which is extraneous (#2648)
• 84a43ef feat: add include-v-in-release-name config option (#2633)
• 009c2a6 deps: bump js-yaml (#2625)
• 6ab8b12 chore(deps): update dependency js-yaml to v4.1.1 [security] (#2621)
• Additional commits viewable in compare view

Updates undici from 7.18.2 to 7.19.2

Release notes

Sourced from undici's releases.

v7.19.2

What's Changed

• Minor code cleanups to decompress interceptor by @​domenic in nodejs/undici#4754
• fix(h2): fix flaky stream end handling on macOS by @​mcollina in nodejs/undici#4762
• return response when receiving 401 instead of network error by @​KhafraDev in nodejs/undici#4769
• fix: properly close idle connections in test server cleanup by @​mcollina in nodejs/undici#4764
• fix: decode HTTP headers as latin1 instead of utf8 by @​mcollina in nodejs/undici#4768
• fix: submodule update by @​Uzlopak in nodejs/undici#4648
• build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 by @​dependabot[bot] in nodejs/undici#4720

New Contributors

• @​domenic made their first contribution in nodejs/undici#4754

Full Changelog: nodejs/undici@v7.19.1...v7.19.2

v7.19.1

What's Changed

• fix: use commit hash when generating release (#4757) by @​fenichelar in nodejs/undici#4759
• fix fetch 401 loop by @​KhafraDev in nodejs/undici#4761

New Contributors

• @​fenichelar made their first contribution in nodejs/undici#4759

Full Changelog: nodejs/undici@v7.19.0...v7.19.1

v7.19.0

What's Changed

• fix: Handle FormData body type correctly in RetryAgent retried requests by @​eliotschu in nodejs/undici#4692
• feat(client): expose HTTP/2 flow-control options by @​pabloelisseo in nodejs/undici#4706
• Implement origin normalization in MockAgent for case-insensitivity and URL handling by @​SksOp in nodejs/undici#4731
• fix websocket basic auth by @​KhafraDev in nodejs/undici#4747
• fix(cache): regenerate stream from source when cache.match is called after GC by @​mcollina in nodejs/undici#4713
• chore: use testcontext for test:cache by @​Uzlopak in nodejs/undici#4571
• chore: use testcontext for subresource integrity tests by @​Uzlopak in nodejs/undici#4575
• feat(cache): add origins option for whitelist filtering by @​mcollina in nodejs/undici#4739
• ci: test shared-builtin only on Node.js 24 and 25 by @​mcollina in nodejs/undici#4746
• fix websocketstream open error by @​KhafraDev in nodejs/undici#4748

New Contributors

• @​eliotschu made their first contribution in nodejs/undici#4692
• @​pabloelisseo made their first contribution in nodejs/undici#4706
• @​SksOp made their first contribution in nodejs/undici#4731

Full Changelog: nodejs/undici@v7.18.2...v7.19.0

Commits

• 4b36fef Bumped v7.19.2 (#4777)
• 44e437d build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.0.0 (#4720)
• cfd42c6 fix: submodule update (#4648)
• 9f5466c fix: decode HTTP headers as latin1 instead of utf8 (#4768)
• 5e94274 fix: properly close idle connections in test server cleanup (#4764)
• be564c1 return response when receiving 401 instead of network error (#4769)
• 94d147d fix: remove incorrect stream state check in h2 'end' event handler (#4762)
• e26acd8 Minor code cleanups to decompress interceptor (#4754)
• e2aeb52 Bumped v7.19.1 (#4760)
• 4920fc4 fix fetch 401 loop (#4761)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions