Bump the dev-dependencies group with 4 updates

[dependabot]

Bumps the dev-dependencies group with 4 updates: @markdoc/markdoc, next, @biomejs/biome and typescript.

Updates @markdoc/markdoc from 0.5.6 to 0.5.7

Release notes

Sourced from @​markdoc/markdoc's releases.

0.5.7

What's Changed

• Make table-syntax validation error location more precise by @​yue-stripe in markdoc/markdoc#605
  • the validate() method now returns more location/line info than before
  • Build output now includes ES2022 syntax. The esbuild version used to build markdoc was upgraded from 0.13 to 0.25, which raises the effective output target from ~ES2020 to ES2022+. If your build pipeline transpiles @​markdoc/markdoc, you may need to ensure your toolchain supports ES2022 features such as static class blocks.

Full Changelog: markdoc/markdoc@0.5.6...0.5.7

Commits

• 4c772e1 Bump to 0.5.7 (#622)
• 9b2dc1b Bump picomatch in the npm_and_yarn group across 1 directory (#621)
• 48e787d Bump esbuild to 0.25.0 via npm overrides (#620)
• 75e67ed Update marktest/package-lock.json so we're using the diff @ 4.0.4 (#619)
• cedc4b9 Fix CVE-2026-24001: bump diff to >=4.0.4 (#618)
• 4673571 Fix CVE-2026-27903: bump jasmine and patch-package to remove minimatch@3.1.2 ...
• 200b30f Fix CVE-2026-27903 and CVE-2026-33228: upgrade ESLint to v10 (#616)
• 64d6df3 Fix CVE-2026-27903: update typedoc to remove vulnerable minimatch (#615)
• b1ad3df Bump flatted to >=3.4.2 to address CVE-2026-24001 (#614)
• c1edb31 Bump esbuild from 0.13.3 to 0.25.0 in the npm_and_yarn group (#545)
• Additional commits viewable in compare view

Updates next from 16.2.0 to 16.2.1

Release notes

Sourced from next's releases.

v16.2.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• docs: post release amends (#91715)
• docs: fix broken Activity Patterns demo link in preserving UI state guide (#91698)
• Fix adapter outputs for dynamic metadata routes (#91680)
• Turbopack: fix webpack loader runner layer (#91727)
• Fix server actions in standalone mode with cacheComponents (#91711)
• turbo-persistence: remove Unmergeable mmap advice (#91713)
• Fix layout segment optimization: move app-page imports to server-utility transition (#91701)
• Turbopack: lazy require metadata and handle TLA (#91705)
• [turbopack] Respect {eval:true} in worker_threads constructors (#91666)

Credits

Huge thanks to @​icyJoseph, @​abhishekmardiya, @​ijjk, @​mischnic, @​unstubbable, @​sokra, and @​lukesandberg for helping!

v16.2.1-canary.18

Core Changes

• Add telemetry for adapterPath config usage: #92228
• Node.js streams: First pass: #90500
• fix: preserve HTTP access fallbacks during prerender recovery: #92231
• Remove unnecessary ALS re-exports from entry-base.ts: #91527
• Allow multi-level .localhost subdomains in dev origin check: #92262

Misc Changes

• remove the loop from StaticSortedFile::lookup: #91688
• Fix pr-status.js: retry on API errors and report timed-out jobs: #92205
• docs: vt demo guide: #92249

Credits

Huge thanks to @​lukesandberg, @​ijjk, @​timneutkens, @​sokra, @​ztanner, @​icyJoseph, @​unstubbable, and @​ctate for helping!

v16.2.1-canary.17

Core Changes

• Improve revalidateTag JSDoc to include guidance about required second parameter: #92176
• partial fallbacks: adapter support for intermediate shells: #91902
• docs: clarify id, filePath, and pathname in STATIC_FILE adapter output: #92227
• feat: add NEXT_HASH_SALT env var for content-hash filename salting: #91871
• Generate a CLI warning if using Rosetta 2 on Apple Silicon: #92220

Misc Changes

• simplify session dependent tasks and add TTL support: #91729

... (truncated)

Commits

• ed7d2ce v16.2.1
• 3e37bb4 docs: post release amends (#91715)
• a15ec6e docs: fix broken Activity Patterns demo link in preserving UI state guide (#9...
• 600cd2f Fix adapter outputs for dynamic metadata routes (#91680)
• 27886d3 Turbopack: fix webpack loader runner layer (#91727)
• 88fc430 Fix server actions in standalone mode with cacheComponents (#91711)
• 37aed86 turbo-persistence: remove Unmergeable mmap advice (#91713)
• d6195ec Fix layout segment optimization: move app-page imports to server-utility tran...
• 6cb97d6 Turbopack: lazy require metadata and handle TLA (#91705)
• e6b101a [turbopack] Respect {eval:true} in worker_threads constructors (#91666)
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.8 to 2.4.9

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.9

2.4.9

Patch Changes

• #9315 085d324 Thanks @​ematipico! - Added a new nursery CSS rule noDuplicateSelectors, that disallows duplicate selector lists within the same at-rule context.

  For example, the following snippet triggers the rule because the second selector and the first selector are the same:

  /* First selector */
  .x .y .z {
  }
  /* Second selector */
  .x {
  .y {
  .z {
  }
  }
  }

• #9567 b7ab931 Thanks @​ematipico! - Fixed #7211: useOptionalChain now detects negated logical OR chains. The following code is now considered invalid:

  !foo || !foo.bar;

• #8670 607ebf9 Thanks @​tt-a1i! - Fixed #8345: useAdjacentOverloadSignatures no longer reports false positives for static and instance methods with the same name. Static methods and instance methods are now treated as separate overload groups.

  class Kek {
    static kek(): number {
      return 0;
    }
    another(): string {
      return "";
    }
    kek(): number {
      return 1;
    } // no longer reported as non-adjacent
  }

• #9476 97b80a8 Thanks @​masterkain! - Fixed [#9475](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9475): Fixed a panic when Biome analyzed ambient TypeScript modules containing class constructor, getter, or setter signatures that reference local type aliases. Biome now handles these declarations without crashing during semantic analysis.

• #9553 0cd5298 Thanks @​dyc3! - Fixed a bug where enabling the rules of a whole group, would enable rules that belonged to a domain under the same group.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.9

Patch Changes

• #9315 085d324 Thanks @​ematipico! - Added a new nursery CSS rule noDuplicateSelectors, that disallows duplicate selector lists within the same at-rule context.

  For example, the following snippet triggers the rule because the second selector and the first selector are the same:

  /* First selector */
  .x .y .z {
  }
  /* Second selector */
  .x {
  .y {
  .z {
  }
  }
  }

• #9567 b7ab931 Thanks @​ematipico! - Fixed #7211: useOptionalChain now detects negated logical OR chains. The following code is now considered invalid:

  !foo || !foo.bar;

• #8670 607ebf9 Thanks @​tt-a1i! - Fixed #8345: useAdjacentOverloadSignatures no longer reports false positives for static and instance methods with the same name. Static methods and instance methods are now treated as separate overload groups.

  class Kek {
    static kek(): number {
      return 0;
    }
    another(): string {
      return "";
    }
    kek(): number {
      return 1;
    } // no longer reported as non-adjacent
  }

• #9476 97b80a8 Thanks @​masterkain! - Fixed [#9475](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9475): Fixed a panic when Biome analyzed ambient TypeScript modules containing class constructor, getter, or setter signatures that reference local type aliases. Biome now handles these declarations without crashing during semantic analysis.

• #9553 0cd5298 Thanks @​dyc3! - Fixed a bug where enabling the rules of a whole group, would enable rules that belonged to a domain under the same group.

  For example, linter.rules.correctness = "error" no longer enables React- or Qwik-specific correctness rules unless linter.domains.react, linter.domains.qwik, or an explicit rule config also enables them, or their relative dependencies are installed.

... (truncated)

Commits

• ad37526 ci: release (#9620)
• eb57e3a chore: use npmx.dev badge (#9614)
• e168494 feat(linter): add rule noUntrustedLicenses (#9474)
• 085d324 feat(css): add noDuplicateSelectors (#9315)
• 4d050df feat(analyze): implement noInlineStyles (#9534)
• 723798b feat: apply fix to use consistent method signatures (#9544)
• See full diff in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions