Update dependencies: Bump the all-dependencies group with 4 updates

[dependabot]

Bumps the all-dependencies group with 4 updates: @biomejs/biome, @types/node, mongoose and pkgroll.

Updates @biomejs/biome from 2.0.6 to 2.1.1

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.1.1

2.1.1

Patch Changes

• #6781 9bbd34f Thanks @​siketyan! - Fixed the FileFeaturesResult interface in the WASM API was defined as a mapped object but the actual value was a Map object.

• #6761 cf3c2ce Thanks @​dyc3! - Fixed #6759, a false positive for noFocusedTests that was triggered by calling any function with the name fit on any object.

  The following code will now pass the noFocusedTests rule:

  import foo from "foo";
  foo.fit();

What's Changed

• ci: correct restore path of the artifact by @​siketyan in biomejs/biome#6780
• fix(wasm): serialize map as a plain object by @​siketyan in biomejs/biome#6781
• ci: release by @​github-actions in biomejs/biome#6779
• docs: update contribution guide and pull request template by @​ematipico in biomejs/biome#6664

Full Changelog: https://github.com/biomejs/biome/compare/@​biomejs/js-api@​2.0.1...@​biomejs/biome@​2.1.1

Biome CLI v2.1.0

2.1.0

Minor Changes

• #6512 0c0bf82 Thanks @​arendjr! - The rule noFloatingPromises can now detect floating arrays of Promises.

  Invalid examples

  // This gets flagged because the Promises are not handled.
  [1, 2, 3].map(async (x) => x + 1);

  Valid examples

  await Promise.all([1, 2, 3].map(async (x) => x + 1));

• #6637 6918085 Thanks @​arendjr! - Type inference is now able to handle the sequence operator (,), as well as post- and pre-update operators: ++.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.1.1

Patch Changes

• #6781 9bbd34f Thanks @​siketyan! - Fixed the FileFeaturesResult interface in the WASM API was defined as a mapped object but the actual value was a Map object.

• #6761 cf3c2ce Thanks @​dyc3! - Fixed #6759, a false positive for noFocusedTests that was triggered by calling any function with the name fit on any object.

  The following code will now pass the noFocusedTests rule:

  import foo from "foo";
  foo.fit();

2.1.0

Minor Changes

• #6512 0c0bf82 Thanks @​arendjr! - The rule noFloatingPromises can now detect floating arrays of Promises.

  Invalid examples

  // This gets flagged because the Promises are not handled.
  [1, 2, 3].map(async (x) => x + 1);

  Valid examples

  await Promise.all([1, 2, 3].map(async (x) => x + 1));

• #6637 6918085 Thanks @​arendjr! - Type inference is now able to handle the sequence operator (,), as well as post- and pre-update operators: ++.

  Example

  let x = 5;
  // We now infer that x++ resolves to a number, while the expression as a whole
  // becomes a Promise:
  x++, new Promise((resolve) => resolve("comma"));

• #6752 c9eaca4 Thanks @​arendjr! - Fixed #6646: .gitignore files are now picked up even when running Biome from a nested directory, or when the ignore file itself is ignored through files.includes.

• #6746 90aeead Thanks @​arendjr! - biome migrate no longer enables style rules that were recommended in v1, because that would be undesirable for users upgrading from 2.0.

... (truncated)

Commits

• eb62b71 ci: release (#6779)
• dcce75a ci: release (#6582)
• 1bfb5bb docs: fix typos in CHANGELOG & CONTRIBUTING (#6721)
• cd4a9bb feat(biome_js_analyse): added new option to rule to ignore unused function pa...
• 43d871e fix(formatter): trailing commas in json files (#6683)
• aee9ec7 fix(biome-js-analyze): move no_secrets options inside biome-rules-opt… (#6672)
• 74d27b9 refactor: share lint rule options (#5543)
• 1804abf Merge branch 'main' into next
• 153eda7 feat(biome_js_analyse): added new rule noMagicNumbers (#6562)
• 392b861 Merge branch 'main' into next
• See full diff in compare view

Updates @types/node from 24.0.10 to 24.0.13

Commits

• See full diff in compare view

Updates mongoose from 8.16.1 to 8.16.3

Release notes

Sourced from mongoose's releases.

8.16.3 / 2025-07-10

• fix(document): clean modified subpaths if unsetting map #15520 #15519
• fix: make DocumentArray SchemaType pass all options to embedded SchemaType #15523
• types: support readonly array in query.select #15527 omermizr

8.16.2 / 2025-07-07

• fix(cursor): populate after hydrating in queryCursor so populated docs get parent() #15498 #15494
• fix(schema): support toJSONSchema() on mixed types and improve error message about unsupported types #15492 #15489
• types: add _id and __v to toObject/toJSON transform type #15501 #15479
• types(schema): use user-provided THydratedDocumentType as context for virtual get() and set() #15517 #15516
• types: improve typing for transform option to toJSON and toObject #15485
• docs: link to custom setter docs from lowercase, etc. options and note that setters run on query filters #15493 #15491
• docs(jest): add note about resetModules #15515

Changelog

Sourced from mongoose's changelog.

8.16.3 / 2025-07-10

• fix(document): clean modified subpaths if unsetting map #15520 #15519
• fix: make DocumentArray SchemaType pass all options to embedded SchemaType #15523
• types: support readonly array in query.select #15527 omermizr

8.16.2 / 2025-07-07

• fix(cursor): populate after hydrating in queryCursor so populated docs get parent() #15498 #15494
• fix(schema): support toJSONSchema() on mixed types and improve error message about unsupported types #15492 #15489
• types: add _id and __v to toObject/toJSON transform type #15501 #15479
• types(schema): use user-provided THydratedDocumentType as context for virtual get() and set() #15517 #15516
• types: improve typing for transform option to toJSON and toObject #15485
• docs: link to custom setter docs from lowercase, etc. options and note that setters run on query filters #15493 #15491
• docs(jest): add note about resetModules #15515

Commits

• ab5632a test: fix deno tests
• 9e11102 chore: release 8.16.3
• 0aac16a style: fix lint
• 66e0d9f Merge pull request #15527 from omermizr/bug/select-readonly-array
• 6c85c7b Merge pull request #15523 from Automattic/vkarpov15/documentarray-schematype-...
• e369fd7 Merge pull request #15520 from Automattic/vkarpov15/gh-15519
• c18ef31 types: support readonly array in query.select
• b4f082d style: fix lint
• a5e0abb fix: make DocumentArray SchemaType pass all options to embedded SchemaType
• 133f2ca chore: release 8.16.2
• Additional commits viewable in compare view

Updates pkgroll from 2.13.1 to 2.14.3

Release notes

Sourced from pkgroll's releases.

v2.14.3

2.14.3 (2025-07-14)

Bug Fixes

• binary: ensure file is built before chmod (9278e74)

v2.14.2

2.14.2 (2025-07-13)

Bug Fixes

• binary: race condition resolving list of binaries too early (bab3e5c)

v2.14.1

2.14.1 (2025-07-09)

Bug Fixes

• only emit specified output (#8) (2824df6)

v2.14.0

2.14.0 (2025-07-07)

Bug Fixes

• dts: account for duplicate input file names (ccfeb83)

Features

• cleaner watch mode timestamp (570fcf2)
• srcdist flag for multiple src and dist directories (#7) (affa309)

Commits

• 9278e74 fix(binary): ensure file is built before chmod
• bab3e5c fix(binary): race condition resolving list of binaries too early
• 2824df6 fix: only emit specified output (#8)
• 73d05e5 refactor: remove unused platform analysis
• affa309 feat: srcdist flag for multiple src and dist directories (#7)
• 89ea65e refactor: entry points (#6)
• 552c0d5 refactor: move env logic inside pkg config
• 28bd726 refactor: check first path character without function
• 7ea79c7 test: enforce package.json types
• 5a3a2bc chore: force module mode in tsconfig
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud