Skip to content

chore(deps): bump the minor-patch group across 1 directory with 6 updates#49

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-patch-0223d9da73
Closed

chore(deps): bump the minor-patch group across 1 directory with 6 updates#49
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-patch-0223d9da73

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 7, 2026
edited
Loading

Bumps the minor-patch group with 5 updates in the / directory:

Package From To
@modelcontextprotocol/sdk 1.27.1 1.29.0
fuse.js 7.1.0 7.3.0
@biomejs/biome 2.4.7 2.4.10
@types/node 25.5.0 25.5.2
@vitest/coverage-v8 4.1.0 4.1.3

Updates @modelcontextprotocol/sdk from 1.27.1 to 1.29.0

Release notes

Sourced from @​modelcontextprotocol/sdk's releases.

v1.29.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.28.0...v1.29.0

v1.28.0

What's Changed

New Contributors

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.1...v1.28.0

Commits

Updates fuse.js from 7.1.0 to 7.3.0

Release notes

Sourced from fuse.js's releases.

v7.3.0

Features

  • Token search — per-term fuzzy matching with IDF scoring (68c1dcf)
  • Fuse.match() — static method for single string matching (460eb5b)
  • BigInt support for indexing and search (0ae662c)
  • removeAt() now returns the removed item (8cec7e2)
  • Support keyless string entries in logical queries (8695556)
  • getFn null return, escaped pipe in extended search, empty query returns all (d33b735)

Bug Fixes

  • Merge overlapping match indices in extended search (06c5e97)
  • Inverse patterns now work correctly across multiple keys (9351882)
  • Handle quoted tokens with inner spaces and quotes in extended search (c226523)
  • Handle non-decomposable diacritics in stripDiacritics (5a01f29)
  • Coerce non-string array values to strings during indexing (db0e181)
  • Strip getFn from keys in toJSON() for safe serialization (0f2a69b)

Internal

  • Full TypeScript rewrite of source code
  • Dropped UMD builds and babel preset-env
  • Upgraded to Rollup 4, Vitest 2, TypeScript 6, ESLint 9
  • Frozen default config to prevent mutation across instances
  • Rewrote documentation as standalone markdown files

v7.2.0

Features

  • Add Fuse.use() for runtime plugin registration

Performance

  • Inline Bitap score computation to reduce object allocation in hot loops
  • Batch removeAll for O(n) bulk removes instead of O(n*k)
  • Heap-based top-k selection when limit is set
  • Cache compiled searcher for repeated queries

Benchmarked on 10k records: 9-14% faster core search, 49x faster bulk remove.

Bug Fixes

  • search: Deduplicate and merge overlapping match indices (#735)
  • search: Preserve original array indices in nested path traversal (#786)
  • types: Correct key type in FuseSortFunctionMatch (#811)
  • types: Correct keys type in parseIndex parameter (#794)

Full Changelog: krisk/Fuse@v7.1.0...v7.2.0

Changelog

Sourced from fuse.js's changelog.

7.3.0 (2026-04-04)

Features

  • add BigInt support for indexing and search (0ae662c), closes #814
  • add static Fuse.match() for single string matching (460eb5b)
  • add token search — per-term fuzzy matching with IDF scoring (68c1dcf)
  • getFn null return, escaped pipe in extended search, empty query returns all (d33b735), closes #800 #765 #728
  • removeAt() now returns the removed item (8cec7e2), closes #675
  • search: support keyless string entries in logical queries (8695556), closes #736

Bug Fixes

  • index: coerce non-string array values to strings during indexing (db0e181), closes #738
  • index: strip getFn from keys in toJSON() for safe serialization (0f2a69b), closes #798
  • lint: suppress unused var in toJSON destructure (d63c0e8)
  • merge overlapping match indices in extended search (06c5e97)
  • search: handle non-decomposable diacritics in stripDiacritics (5a01f29), closes home-assistant/frontend#30399 #816
  • search: handle quoted tokens with inner spaces and quotes in extended search (c226523), closes #810
  • search: inverse patterns now work correctly across multiple keys (9351882), closes #712

7.2.0 (2026-04-02)

Features

  • add Fuse.use() for runtime plugin registration (8546a9b)

Performance

  • inline Bitap score computation to reduce object allocation in hot loops (8546a9b)
  • batch removeAll for O(n) bulk removes instead of O(n*k) (8546a9b)
  • heap-based top-k selection when limit is set (8546a9b)
  • cache compiled searcher for repeated queries (8546a9b)

Bug Fixes

  • search: deduplicate and merge overlapping match indices (60c393a), closes #735
  • search: preserve original array indices in nested path traversal (a1451be), closes #786
  • types: correct key type in FuseSortFunctionMatch (fecee16), closes #811
  • types: correct keys type in parseIndex parameter (58c7c73), closes #794
Commits
  • aae48f5 chore(release): 7.3.0
  • d63c0e8 fix(lint): suppress unused var in toJSON destructure
  • 44dfdb4 chore: add funding field to package.json
  • 65dadf5 docs: add performance guide with benchmark script
  • 0ae662c feat: add BigInt support for indexing and search
  • 8153c9d docs: fix tsconfig to resolve "no inputs found" error
  • 6afb2ed docs: add "When to Use It" section to token search page
  • 0e74a9c docs: simplify Getting Started page title
  • 80330ed docs: fix sidebar titles and restore subheading expansion
  • 6cd0cee docs: remove unused TwitterFollow and Version components
  • Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.7 to 2.4.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.10

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.10

Patch Changes

  • #8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

    The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

    // Invalid
setTimeout("alert('Hello');", 100);
// Valid
setTimeout(() => alert("Hello"), 100);

  • #9320 93c3b6c Thanks @​taberoajorge! - Fixed #7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

  • #9630 1dd4a56 Thanks @​raashish1601! - Fixed #9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

  • #9216 04243b0 Thanks @​FrederickStempfle! - Fixed #9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

    Previously, only the global process object was flagged:

    import process from "node:process";
// This was not flagged, but now it is:
console.log(process.env.NODE_ENV);

  • #9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

  • #9627 06a0f35 Thanks @​ematipico! - Fixed #191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

    Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

    Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

  • #9643 5bfee36 Thanks @​dyc3! - Fixed #9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

  • #9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

  • #9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

  • #9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

  • #9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

... (truncated)

Commits

Updates @types/node from 25.5.0 to 25.5.2

Commits

Updates @vitest/coverage-v8 from 4.1.0 to 4.1.3

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

... (truncated)

Commits

Updates vitest from 4.1.0 to 4.1.3

Release notes

Sourced from vitest's releases.

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

   🐞 Bug Fixes

    View changes on GitHub

v4.1.1

   🚀 Features

   🐞 Bug Fixes

... (truncated)

Commits
  • 2dc0d62 chore: release v4.1.3
  • 7827363 feat: add experimental.preParse flag (#10070)
  • 691d341 fix(snapshot): export custom snapshot matcher helper from vitest (#10042)
  • 59b0e64 feat(experimental/snapshot): support custom snapshot matcher (#9973)
  • 487990a feat(experimental): support browser.locators.exact option (#10013)
  • 146d4f0 fix: add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional de...
  • 3f5bfa3 fix: advance fake timers with expect.poll interval (#10022)
  • 9dbf477 fix(vm): fix external module resolve error with deps optimizer query (#10024)
  • ec20455 fix(expect): don't leak "runner" types (#10004)
  • 66751c9 fix(expect): remove JestExtendError.context from verbose error reporting (#...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the minor-patch group across 1 directory with 6 upd…
f97b16d 
…ates

Bumps the minor-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.27.1` | `1.29.0` |
| [fuse.js](https://github.com/krisk/Fuse) | `7.1.0` | `7.3.0` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.7` | `2.4.10` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.0` | `25.5.2` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.0` | `4.1.3` |



Updates `@modelcontextprotocol/sdk` from 1.27.1 to 1.29.0
- [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases)
- [Commits](modelcontextprotocol/typescript-sdk@v1.27.1...v1.29.0)

Updates `fuse.js` from 7.1.0 to 7.3.0
- [Release notes](https://github.com/krisk/Fuse/releases)
- [Changelog](https://github.com/krisk/Fuse/blob/main/CHANGELOG.md)
- [Commits](krisk/Fuse@v7.1.0...v7.3.0)

Updates `@biomejs/biome` from 2.4.7 to 2.4.10
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome)

Updates `@types/node` from 25.5.0 to 25.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitest/coverage-v8` from 4.1.0 to 4.1.3
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.3/packages/coverage-v8)

Updates `vitest` from 4.1.0 to 4.1.3
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.3/packages/vitest)

---
updated-dependencies:
- dependency-name: "@modelcontextprotocol/sdk"
  dependency-version: 1.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: fuse.js
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: "@types/node"
  dependency-version: 25.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: vitest
  dependency-version: 4.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 7, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
tokencost Ready Ready Preview, Comment Apr 7, 2026 2:50pm

Request Review

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 5, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 5, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/minor-patch-0223d9da73 branch May 5, 2026 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants