Bump the all-npm group with 3 updates

[dependabot]

Bumps the all-npm group with 3 updates: @aws-sdk/client-eventbridge, @biomejs/biome and @types/node.

Updates @aws-sdk/client-eventbridge from 3.947.0 to 3.952.0

Release notes

Sourced from @​aws-sdk/client-eventbridge's releases.

v3.952.0

3.952.0(2025-12-15)

Chores

• codegen: apply spotless eclipse formatting (#7573) (7e8a34ea)

Documentation Changes

• client-bedrock-agentcore-control: This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources. (6207cfae)

New Features

• client-service-quotas: Add support for SQ Dashboard Api (bcc5261c)
• client-entityresolution: Support Customer Profiles Integration for AWS Entity Resolution (32903b15)
• client-health: Updating Health API endpoint generation for dualstack only regions (c8be328f)
• client-s3: This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations. (55955e01)
• client-ec2: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units. (f5db7c3c)
• client-cloudwatch-logs: This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place. (23d7db9d)
• client-route53resolver: Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance. (93737551)
• client-glacier: Documentation updates for Amazon Glacier's maintenance mode (069dcf44)
• client-connect: Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time. (c9b56eb0)
• client-mediatailor: Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations. (d0aae6dd)

Bug Fixes

• client-sts: warn sts default region only when used (#7579) (6512de50)
• credential-provider-ini: pass requestHandler from client to login provider (#7577) (a0bd362c)

---

For list of updated packages, view updated-packages.md in assets-3.952.0.zip

v3.951.0

3.951.0(2025-12-12)

New Features

• clients: update client endpoints as of 2025-12-12 (e2460aa3)
• client-datasync: Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks. (a9f75c95)
• client-bcm-recommended-actions: Added new freetier action types to RecommendedAction.type. (a9471243)
• client-connect: Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys. (26542c92)
• client-workspaces-web: Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets. (038e6dd0)

Bug Fixes

• ec2-metadata-service:
  • preserve statusCode when rethrowing errors for IMDS requests (#7564) (c860bd5c)
  • custom port configuration for IMDS requests (#7565) (0d8b7ea2)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-eventbridge's changelog.

3.952.0 (2025-12-15)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.948.0 (2025-12-09)

Note: Version bump only for package @​aws-sdk/client-eventbridge

Commits

• 3870229 Publish v3.952.0
• c6e71bf Publish v3.948.0
• See full diff in compare view

Updates @biomejs/biome from 2.3.8 to 2.3.9

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.9

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

  Caution

  This is a first iteration of the rule, and does not yet detect generic "thenable" values.

• #8034 e7e0f6c Thanks @​Netail! - Added the nursery rule useRegexpExec. Enforce RegExp#exec over String#match if no global flag is provided.

• #8137 d407efb Thanks @​denbezrukov! - Reduced the internal memory used by the Biome formatter.

• #8281 30b046f Thanks @​tylersayshi! - Added the rule useRequiredScripts, which enforces presence of configurable entries in the scripts section of package.json files.

• #8290 d74c8bd Thanks @​dyc3! - The HTML formatter has been updated to match Prettier 3.7's behavior for handling <iframe>'s allow attribute.

  - <iframe allow="layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';"></iframe>
  + <iframe
  + 	allow="
  + 		layout-animations 'none';
  + 		unoptimized-images 'none';
  + 		oversized-images 'none';
  + 		sync-script 'none';
  + 		sync-xhr 'none';
  + 		unsized-media 'none';
  + 	"
  + ></iframe>

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

  Caution

  This is a first iteration of the rule, and does not yet detect generic "thenable" values.

• #8034 e7e0f6c Thanks @​Netail! - Added the nursery rule useRegexpExec. Enforce RegExp#exec over String#match if no global flag is provided.

• #8137 d407efb Thanks @​denbezrukov! - Reduced the internal memory used by the Biome formatter.

• #8281 30b046f Thanks @​tylersayshi! - Added the rule useRequiredScripts, which enforces presence of configurable entries in the scripts section of package.json files.

• #8290 d74c8bd Thanks @​dyc3! - The HTML formatter has been updated to match Prettier 3.7's behavior for handling <iframe>'s allow attribute.

  - <iframe allow="layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';"></iframe>
  + <iframe
  + 	allow="
  + 		layout-animations 'none';
  + 		unoptimized-images 'none';
  + 		oversized-images 'none';
  + 		sync-script 'none';
  + 		sync-xhr 'none';
  + 		unsized-media 'none';
  + 	"
  + ></iframe>

• #8302 d1d5014 Thanks @​mlafeldt! - Fixed #8109: return statements in Astro frontmatter no longer trigger "Illegal return statement" errors when using experimentalFullSupportEnabled.

... (truncated)

Commits

• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• 3710702 feat(lint): implement useDestructuring (#8335)
• 111ff34 chore: move depot to platinum sponsor (#8337)
• 343dc4d feat(linter): implement useAwaitThenable (#8341)
• 153e3c6 fix(lint): improve noBiomeFirstException (#8326)
• Additional commits viewable in compare view

Updates @types/node from 24.10.2 to 25.0.2

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions