chore(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dev-dependencies group with 7 updates in the / directory:

Package	From	To
@biomejs/biome	2.3.11	2.4.4
@openai/codex	0.89.0	0.106.0
@types/node	24.10.9	24.10.15
@typescript-eslint/parser	8.53.1	8.56.1
eslint-plugin-jsdoc	62.3.1	62.7.1
eslint-plugin-tsdoc	0.5.0	0.5.2
turbo	2.7.5	2.8.11

Updates @biomejs/biome from 2.3.11 to 2.4.4

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.4

2.4.4

Patch Changes

• #9150 6946835 Thanks @​dyc3! - Fixed #9138: Astro files containing --- in HTML content (e.g., <h1>---Hi</h1>) are now parsed correctly, both when a frontmatter block is present and when there is no frontmatter at all.

• #9150 aa6f837 Thanks @​dyc3! - Fixed #9138: The HTML parser incorrectly failing to parse bracket characters ([ and ]) in text content (e.g. <div>[Foo]</div>).

• #9151 c0d4b0c Thanks @​dyc3! - Fixed parsing of Svelte directive keywords (use, style) when used as plain text content in HTML/Svelte files. Previously, <p>use JavaScript</p> or <p>style it</p> would incorrectly produce a bogus element instead of proper text content.

• #9162 7f1e060 Thanks @​dyc3! - Fixed #9161: The Vue parser now correctly handles colon attributes like xlink:href and xmlns:xlink by parsing them as single attributes instead of splitting them into separate tokens.

• #9164 458211b Thanks @​dyc3! - Fixed #9161: The noAssignInExpressions rule no longer flags assignments in Vue v-on directives (e.g., @click="counter += 1"). Assignments in event handlers are idiomatic Vue patterns and are now skipped by the rule.

What's Changed

• chore(scss): cherry-picks by @​denbezrukov in biomejs/biome#9149
• fix(parse/html): don't lex square brackets as special tokens in contexts where they don't mean anything by @​dyc3 in biomejs/biome#9150
• refactor(parse/html): use token_set! instead of matches! for svelte keywords and directives helpers by @​dyc3 in biomejs/biome#9148
• fix(parse/html): don't lex "use" as USE_KW when in html text content by @​dyc3 in biomejs/biome#9151
• feat(css): enhance SCSS qualified name detection by @​denbezrukov in biomejs/biome#9159
• chore(html): more html benchmarks by @​dyc3 in biomejs/biome#8153
• fix(parse/html/vue): don't treat : as special token outside of vue directives by @​dyc3 in biomejs/biome#9162
• feat(lint/vue): automatically ignore noAssignInExpressions for vue v-on directives by @​dyc3 in biomejs/biome#9164
• ci: release by @​github-actions[bot] in biomejs/biome#9160

Full Changelog: https://github.com/biomejs/biome/compare/@​biomejs/biome@​2.4.3...@​biomejs/biome@​2.4.4

Biome CLI v2.4.3

2.4.3

Patch Changes

• #9120 aa40fc2 Thanks @​ematipico! - Fixed #9109, where the GitHub reporter wasn't correctly enabled when biome ci runs on GitHub Actions.

• #9128 8ca3f7f Thanks @​dyc3! - Fixed #9107: The HTML parser can now correctly parse Astro directives (client/set/class/is/server), which fixes the formatting for Astro directives.

• #9124 f5b0e8d Thanks @​ematipico! - Fixed #8882 and #9108: The Astro frontmatter lexer now correctly identifies the closing --- fence when the frontmatter contains multi-line block comments with quote characters, strings that mix quote types (e.g. "it's"), or escaped quote characters (e.g. "\").

• #9142 3ca066b Thanks @​THernandez03! - Fixed #9141: The noUnknownAttribute rule no longer reports closedby as an unknown attribute on <dialog> elements.

• #9126 792013e Thanks @​ematipico! - Added missing Mocha globals to the Test domain: context, run, setup, specify, suite, suiteSetup, suiteTeardown, teardown, xcontext, xdescribe, xit, and xspecify. These are injected by Mocha's BDD and TDD interfaces and were previously flagged as undeclared variables in projects using Mocha.

• #8855 6918c9e Thanks @​ruidosujeira! - Fixed #8840. Now the Biome CSS parser correctly parses not + scroll-state inside @container queries.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.4

Patch Changes

• #9150 6946835 Thanks @​dyc3! - Fixed #9138: Astro files containing --- in HTML content (e.g., <h1>---Hi</h1>) are now parsed correctly, both when a frontmatter block is present and when there is no frontmatter at all.

• #9150 aa6f837 Thanks @​dyc3! - Fixed #9138: The HTML parser incorrectly failing to parse bracket characters ([ and ]) in text content (e.g. <div>[Foo]</div>).

• #9151 c0d4b0c Thanks @​dyc3! - Fixed parsing of Svelte directive keywords (use, style) when used as plain text content in HTML/Svelte files. Previously, <p>use JavaScript</p> or <p>style it</p> would incorrectly produce a bogus element instead of proper text content.

• #9162 7f1e060 Thanks @​dyc3! - Fixed #9161: The Vue parser now correctly handles colon attributes like xlink:href and xmlns:xlink by parsing them as single attributes instead of splitting them into separate tokens.

• #9164 458211b Thanks @​dyc3! - Fixed #9161: The noAssignInExpressions rule no longer flags assignments in Vue v-on directives (e.g., @click="counter += 1"). Assignments in event handlers are idiomatic Vue patterns and are now skipped by the rule.

2.4.3

Patch Changes

• #9120 aa40fc2 Thanks @​ematipico! - Fixed #9109, where the GitHub reporter wasn't correctly enabled when biome ci runs on GitHub Actions.

• #9128 8ca3f7f Thanks @​dyc3! - Fixed #9107: The HTML parser can now correctly parse Astro directives (client/set/class/is/server), which fixes the formatting for Astro directives.

• #9124 f5b0e8d Thanks @​ematipico! - Fixed #8882 and #9108: The Astro frontmatter lexer now correctly identifies the closing --- fence when the frontmatter contains multi-line block comments with quote characters, strings that mix quote types (e.g. "it's"), or escaped quote characters (e.g. "\").

• #9142 3ca066b Thanks @​THernandez03! - Fixed #9141: The noUnknownAttribute rule no longer reports closedby as an unknown attribute on <dialog> elements.

• #9126 792013e Thanks @​ematipico! - Added missing Mocha globals to the Test domain: context, run, setup, specify, suite, suiteSetup, suiteTeardown, teardown, xcontext, xdescribe, xit, and xspecify. These are injected by Mocha's BDD and TDD interfaces and were previously flagged as undeclared variables in projects using Mocha.

• #8855 6918c9e Thanks @​ruidosujeira! - Fixed #8840. Now the Biome CSS parser correctly parses not + scroll-state inside @container queries.

• #9111 4fb55cf Thanks @​Jayllyz! - Slightly improved performance of noIrregularWhitespace by adding early return optimization and simplifying character detection logic.

• #8975 086a0c5 Thanks @​FrankFMY! - Fixed #8478: useDestructuring no longer suggests destructuring when the variable has a type annotation, like const foo: string = object.foo.

2.4.2

Patch Changes

• #9103 fc9850c Thanks @​dyc3! - Fixed #9098: useImportType no longer incorrectly flags imports used in Svelte control flow blocks ({#if}, {#each}, {#await}, {#key}) as type-only imports.

• #9106 f4b7296 Thanks @​dyc3! - Updated rule source metadata for rules from html-eslint.

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noConditionalExpect. This rule disallows conditional expect() calls inside tests, which can lead to tests that silently pass when assertions never run.

  // Invalid - conditional expect may not run
  test("conditional", async ({ page }) => {
    if (someCondition) {
      await expect(page).toHaveTitle("Title");
    }

... (truncated)

Commits

• 6c296ea ci: release (#9160)
• 312b6db ci: release (#9116)
• b99e7db ci: release (#9104)
• 4a5ff40 feat(lint): add Playwright ESLint rules (#8960)
• 5153f2f ci: release (#9094)
• 4cc531c chore: docs that break website (#9077)
• bf6e5f9 ci: release (#9045)
• e014336 feat: promote rules for v2.4 (#9011)
• 7e33fd5 Merge remote-tracking branch 'origin/main' into next
• df21006 ci: release (#8973)
• Additional commits viewable in compare view

Updates @openai/codex from 0.89.0 to 0.106.0

Release notes

Sourced from @​openai/codex's releases.

0.106.0

New Features

• Added a direct install script for macOS and Linux and publish it as a GitHub release asset, using the existing platform payload (including codex and rg) (#12740)
• Expanded the app-server v2 thread API with experimental thread-scoped realtime endpoints/notifications and a thread/unsubscribe flow to unload live threads without archiving them (#12715, #10954)
• Promoted js_repl to /experimental, added startup compatibility checks with user-visible warnings, and lowered the validated minimum Node version to 22.22.0 (#12712, #12824, #12857)
• Enabled request_user_input in Default collaboration mode (not just Plan mode) (#12735)
• Made 5.3-codex visible in the CLI model list for API users (#12808)
• Improved memory behavior with diff-based forgetting and usage-aware memory selection (#12900, #12909)

Bug Fixes

• Improved realtime websocket reliability by retrying timeout-related HTTP 400 handshake failures and preferring WebSocket v2 when supported by the selected model (#12791, #12838)
• Fixed a zsh-fork shell execution path that could drop sandbox wrappers and bypass expected filesystem restrictions (#12800)
• Added a shared ~1M-character input size cap in the TUI and app-server to prevent hangs/crashes on oversized pastes, with explicit error responses (#12823)
• Improved TUI local file-link rendering to hide absolute paths while preserving visible line/column references (#12705, #12870)
• Fixed Ctrl-C handling for sub-agents in the TUI (#12911)

Documentation

• Fixed a stale sign-in success link in the auth/onboarding flow (#12805)
• Clarified the CLI login hint for remote/device-auth login scenarios (#12813)

Chores

• Added structured OTEL audit logging for embedded codex-network-proxy policy decisions and blocks (#12046)
• Removed the steer feature flag and standardized on the always-on steer path in the TUI composer (#12026)
• Reduced sub-agent startup overhead by skipping expensive history metadata scans for subagent spawns (#12918)

Changelog

Full Changelog: openai/codex@rust-v0.105.0...rust-v0.106.0

• #12046 feat(network-proxy): add embedded OTEL policy audit logging @​mcgrew-oai
• #12712 Promote js_repl to experimental with Node requirement @​fjord-oai
• #12715 Add app-server v2 thread realtime API @​aibrahim-oai
• #12795 Revert "fix(bazel): replace askama templates with include_str! in memories" @​jif-oai
• #12791 Handle websocket timeout @​pakrym-oai
• #12800 fix: enforce sandbox envelope for zsh fork execution @​bolinfest
• #12802 Propagate session ID when compacting @​rasmusrygaard
• #12732 feat(app-server): add ThreadItem::DynamicToolCall @​owenlin0
• #12807 Add simple realtime text logs @​aibrahim-oai
• #12805 Update Codex docs success link @​etraut-openai
• #12809 fix: harden zsh fork tests and keep subcommand approvals deterministic @​bolinfest
• #12808 make 5.3-codex visible in cli for api users @​sayan-oai
• #10954 feat(app-server): thread/unsubscribe API @​owenlin0
• #12806 only use preambles for realtime @​aibrahim-oai
• #12830 Revert "only use preambles for realtime" @​aibrahim-oai
• #12721 Revert "Ensure shell command skills trigger approval (#12697)" @​celia-oai
• #12831 only use preambles for realtime @​aibrahim-oai
• #12735 Enable request_user_input in Default mode @​charley-oai
• #12814 feat: scope execve session approvals by approved skill metadata @​bolinfest
• #12026 Remove steer feature flag @​aibrahim-oai
• #12740 Add macOS and Linux direct install script @​EFRAZER-oai

... (truncated)

Commits

• 3293538 Update pnpm versions to fix cve-2026-24842 (#12009)
• 31906cd Update vendored rg to the latest stable version (15.1) (#12007)
• 703fb38 Make codex-sdk depend on openai/codex (#11503)
• d9c014e # Use @openai/codex dist-tags for platform binaries instead of separate pac...
• c19969c chore: split NPM packages (#11318)
• b7f26d7 chore: ensure pnpm-workspace.yaml is up-to-date (#10140)
• 4d9ae3a fix: remove references to corepack (#10138)
• See full diff in compare view

Updates @types/node from 24.10.9 to 24.10.15

Commits

• See full diff in compare view

Updates @typescript-eslint/parser from 8.53.1 to 8.56.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.56.1

8.56.1 (2026-02-23)

What's Changed

• chore(deps): update dependency minimatch to v10.2.2 by @​benmccann in typescript-eslint/typescript-eslint#12074

You can read about our versioning strategy and releases on our website.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.55.0

8.55.0 (2026-02-09)

🚀 Features

• utils: deprecate defaultOptions in favor of meta.defaultOptions (#11992)

🩹 Fixes

• eslint-plugin: [no-unused-vars] remove trailing newline when removing entire import (#11990)
• eslint-plugin: [no-useless-default-assignment] require strictNullChecks (#11966, #12000)
• eslint-plugin: [no-useless-default-assignment] report unnecessary defaults in ternary expressions (#11984)
• eslint-plugin: [no-useless-default-assignment] reduce param index to ts this handling (#11949)
• typescript-estree: forbid invalid modifier in object expression (#11931)

❤️ Thank You

• Christian Rose @​chrros95
• fisker Cheung @​fisker
• Josh Goldberg
• Maria Solano @​MariaSolOs

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.54.0 (2026-01-26)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 96a04a9 chore(release): publish 8.56.1
• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• fedfe86 chore(release): publish 8.55.0
• b931f8c chore: use workspace refs for workspace deps (#12018)
• 1f17a79 chore: migrate to pnpm (#11248)
• d423e57 chore(release): publish 8.54.0
• See full diff in compare view

Updates eslint-plugin-jsdoc from 62.3.1 to 62.7.1

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v62.7.1

62.7.1 (2026-02-24)

Bug Fixes

• require-property: err if user blocks [@property](https://github.com/property); fixes #1634 (23a9f1d)

v62.7.0

62.7.0 (2026-02-20)

Features

• support ESLint 10 (d8599fb)

v62.6.1

62.6.1 (2026-02-19)

Bug Fixes

• check-param-names: only fire on TSPropertySignature if with TSFunctionNode; fixes #1663 (951d354)

v62.6.0

62.6.0 (2026-02-18)

Features

• tag-lines: add startLinesWithNoTags option; fixes #1661 (b36a67a)

v62.5.5

62.5.5 (2026-02-15)

Bug Fixes

• check-param-names: check arrow function properties in interfaces (TSPropertySignature); fixes #1657 (c7b132f)

v62.5.4

62.5.4 (2026-02-07)

Bug Fixes

• no-undefined-types: avoid treating infer type identifier as undefined; fixes #1654 (da44046)
• no-undefined-types: ensure template tags are defined; fixes #1655 (bfef848)

v62.5.3

... (truncated)

Commits

• 23a9f1d fix(require-property): err if user blocks @property; fixes #1634
• bd90efd Merge pull request #1668 from gajus/dependabot/npm_and_yarn/ajv-6.14.0
• eca3090 chore(deps): bump ajv from 6.12.6 to 6.14.0
• 86bd0be Merge pull request #1666 from gajus/gajus-patch-1
• ba0c8af Update funding to brettz9
• 35c5745 Merge pull request #1659 from brettz9/eslint10
• d8599fb feat: support ESLint 10
• 951d354 fix(check-param-names): only fire on TSPropertySignature if with `TSFunct...
• b36a67a feat(tag-lines): add startLinesWithNoTags option; fixes #1661
• c7b132f fix(check-param-names): check arrow function properties in interfaces (TSPr...
• Additional commits viewable in compare view

Updates eslint-plugin-tsdoc from 0.5.0 to 0.5.2

Changelog

Sourced from eslint-plugin-tsdoc's changelog.

0.5.2

Wed, 25 Feb 2026 21:34:35 GMT

Patches

• Replace deprecated context.getSourceCode() and context.getCwd() with context.sourceCode and context.cwd for ESLint 10 compatibility, with fallback for older versions.

0.5.1

Wed, 25 Feb 2026 02:06:43 GMT

Patches

• Update the @typescript-eslint/utils dependency to ~8.56.0 to address CVE-2026-26996.

Commits

• fb08c58 Merge pull request #462 from iclanton/bump-versions
• 0fe359e Merge pull request #461 from roli-lpci/fix/eslint-10-compat
• 8022897 Merge pull request #459 from iclanton/bump-rushstack-projects
• e11ec0b fix(eslint-plugin-tsdoc): replace deprecated ESLint APIs for v10 compatibility
• 5947510 Merge pull request #458 from iclanton/bump-versions
• b63ed12 Merge pull request #457 from roggervalf/minimatch
• See full diff in compare view

Updates turbo from 2.7.5 to 2.8.11

Commits

• 7b998de publish 2.8.11 to registry
• 60ee91e fix: Restore daemon client in RunCache for turbo watch (#11995)
• 6d0247f release(turborepo): 2.8.11-canary.29 (#11996)
• 7e48e24 fix: Use versioned schema URLs in Turborepo skill files (#11994)
• 5793b0a release(turborepo): 2.8.11-canary.28 (#11993)
• 71ca25c fix: Disable husky pre-push hook in release workflow (#11992)
• 2365307 fix: Disable husky pre-push hook during release staging (#11991)
• fd15d24 fix(docs): update sitemap.md to single-line pipe-delimited format (#11976)
• 6bc216b docs: Mention inputs key in package hash inputs table (#11990)
• b1d5ec2 docs: Fix same-page anchor links that don't scroll to target (#11989)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.