chore(deps): bump the bun group across 1 directory with 13 updates

[dependabot]

Bumps the bun group with 13 updates in the / directory:

Package	From	To
@elysiajs/bearer	1.3.0	1.4.2
@elysiajs/jwt	1.3.1	1.4.0
@sinclair/typebox	0.34.34	0.34.41
chalk	5.4.1	5.6.2
drizzle-orm	0.44.2	0.45.1
elysia	1.3.5	1.4.19
jose	6.0.11	6.1.3
radashi	12.6.0	12.7.1
@biomejs/biome	2.0.6	2.3.8
bun-types	1.2.18	1.3.4
drizzle-kit	0.31.4	0.31.8
typescript	5.8.3	5.9.3
vitepress	1.6.3	1.6.4

Updates @elysiajs/bearer from 1.3.0 to 1.4.2

Release notes

Sourced from @​elysiajs/bearer's releases.

1.4.2

What's Changed

• fix: bump min elysia version to 1.4.3 by @​DaxServer in elysiajs/elysia-bearer#28

New Contributors

• @​DaxServer made their first contribution in elysiajs/elysia-bearer#28

Full Changelog: elysiajs/elysia-bearer@1.4.1...1.4.2

1.4.1

What's changed

Bug fix:

• Fix issue with multiple bearer tokens in query parameters

Full Changelog: elysiajs/elysia-bearer@1.4.0...1.4.1

1.4.0

What's changed

Improvement:

• support Elysia 1.4

Full Changelog: elysiajs/elysia-bearer@1.3.0...1.4.0

Changelog

Sourced from @​elysiajs/bearer's changelog.

1.4.2 - 14 Dec 2025

Bug fix:

• set min Elysia version to 1.4.3

1.4.1 - 13 Sep 2025

Bug fix:

• Fix issue with multiple bearer tokens in query parameters

1.3.0-exp.0 - 23 Apr 2025

Change:

• Add support for Elysia 1.3

1.2.0-rc.0 - 23 Dec 2024

Change:

• Add support for Elysia 1.2

1.1.2 - 5 Sep 2024

Feature:

• add provenance publish

1.1.1 - 16 Jul 2024

Change:

• Accept only first bearer query

1.1.0 - 16 Jul 2024

Change:

• Add support for Elysia 1.1

1.1.0-rc.0 - 12 Jul 2024

Change:

• Add support for Elysia 1.1

1.0.2 - 18 Mar 2024

Change:

• Add support for Elysia 1.0

1.0.0 - 16 Mar 2024

Change:

• Add support for Elysia 1.0

1.0.0-rc.0 - 1 Mar 2024

Change:

• Add support for Elysia 1.0

1.0.0-beta.1 - 17 Feb 2024

... (truncated)

Commits

• 095638d 🧹 chore: 1.4.2
• 925976f 🧹 chore: 1.4.3
• 4942b4c Merge pull request #28 from DaxServer/min-elysia-version
• 349be42 fix: bump min elysia version to 1.4.3
• 22625e5 📘 doc: multiple bearer tokens in query parameters
• 649b104 🧹 chore: bump version
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​elysiajs/bearer since your current version.

Updates @elysiajs/jwt from 1.3.1 to 1.4.0

Release notes

Sourced from @​elysiajs/jwt's releases.

1.4.0

What's changed

Improvement:

• support Elysia 1.4

Full Changelog: elysiajs/elysia-jwt@1.3.3...1.4.0

1.3.3

What's Changed

Feature:

• #110 add optional, typed 'options' argument to jwt.verify() and pass to jose jwtVerify() if present by @​jmlow

Bug fix:

• #109 type inconsistencies in JWT payload and improve schema-based inference by @​kimzuni
• #107 correct iat claim handling and expand allowed claim value type by @​kimzuni
• #105 adjust README in regard to the cookie plugin by @​codemusings

New Contributors

• @​jmlow made their first contribution in elysiajs/elysia-jwt#110
• @​kimzuni made their first contribution in elysiajs/elysia-jwt#109
• @​codemusings made their first contribution in elysiajs/elysia-jwt#105

Full Changelog: elysiajs/elysia-jwt@1.3.2...1.3.3

1.3.2

What's Changed

• fix: Resolve various issues with payload, schema, and types by @​victorfrei in elysiajs/elysia-jwt#104

New Contributors

• @​victorfrei made their first contribution in elysiajs/elysia-jwt#104

Full Changelog: elysiajs/elysia-jwt@1.3.1...1.3.2

Changelog

Sourced from @​elysiajs/jwt's changelog.

1.3.3 - 14 Jul 2025

Feature:

• #110 add optional, typed 'options' argument to jwt.verify() and pass to jose jwtVerify() if present

Bug fix:

• #109 type inconsistencies in JWT payload and improve schema-based inference
• #107 correct iat claim handling and expand allowed claim value type
• #105 adjust README in regard to the cookie plugin

1.3.2 - 14 Jul 2025

Bug fix:

• #104 Resolve various issues with payload, schema, and types
• #101 Closes Config exp not encoded in payload
• #23 Closes bug sign args exp type
• #98 Closes verify fails when using schema in Elysia JWT plugin
• #52 Closes iat Type inconsistency
• #36 Closes upgrade dependency "jose" to latest version to fix issues
• #19 Closes Header Parameter is stored in the payload instead of header

Commits

• c1ef884 🧹 chore: bump version
• c6e97f0 📘 doc: typo
• ac0313b 🔧 fix: error
• 964cd55 Merge pull request #108 from kimzuni/fix/nbf-exp-iat-handling
• ad918c4 Merge pull request #105 from codemusings/readme-fix-cookie
• 72dd9a3 Merge branch 'main' into fix/nbf-exp-iat-handling
• 70590fa Merge pull request #109 from kimzuni/fix/jwt-payload-types
• 9ac6676 Merge pull request #110 from jmlow/support-options-for-jwt-verify
• 9078f60 Pull 'await' out of ternary operator
• ce5f397 Add typed 'options' argument to jwt.verify(), then pass to jose verifyJwt()
• Additional commits viewable in compare view

Updates @sinclair/typebox from 0.34.34 to 0.34.41

Commits

• e0ec98c Revision 0.34.41 (#1310)
• 81c3686 Revision 0.34.40 (#1298)
• 16f1d0a Cast: Use Uniform over Reciprocal weighting on Union Select (#1293)
• c54a0f8 Revision 0.34.39 (#1296)
• 60fdafe Revision 0.34.38 (#1285)
• 97e3154 Preserve exact type matches in union conversion (#1282)
• 30cfe89 Revision 0.34.37 (#1278)
• 9783391 Fix: Correctly score nested unions (#1273)
• b40ba2c Revision 0.34.36 (#1276)
• cb3f898 Ecosystem (#1274)
• Additional commits viewable in compare view

Updates chalk from 5.4.1 to 5.6.2

Release notes

Sourced from chalk's releases.

v5.6.2

• Fix vulnerability in 5.6.1, see: chalk/chalk#656

v5.6.0

• Make WezTerm terminal use true color a8f5bf7

---

chalk/chalk@v5.5.0...v5.6.0

v5.5.0

• Make Ghostty terminal use true color (#653) 79ee2d3

---

chalk/chalk@v5.4.1...v5.5.0

Commits

• 5155778 5.6.2
• 5c91505 5.6.0
• a8f5bf7 Make WezTerm terminal use true color
• 67db246 5.5.0
• 79ee2d3 Make Ghostty terminal use true color (#653)
• See full diff in compare view

Updates drizzle-orm from 0.44.2 to 0.45.1

Release notes

Sourced from drizzle-orm's releases.

0.45.1

• Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

• Fixed pg-native Pool detection in node-postgres transactions
• Allowed subqueries in select fields
• Updated typo algorythm => algorithm
• Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)
• Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

0.44.7

• fix durable sqlite transaction return value #3746 - thanks @​joaocstro

0.44.6

• feat: add $replicas reference #4874

0.44.5

• Fixed invalid usage of .one() in durable-sqlite session
• Fixed spread operator related crash in sqlite blob columns
• Better browser support for sqlite blob columns
• Improved sqlite blob mapping

0.44.4

• Fix wrong DrizzleQueryError export. thanks @​nathankleyn

0.44.3

• Fixed types of $client for clients created by drizzle function

await db.$client.[...]

• Added the updated_at column to the neon_auth.users_sync table definition.

Commits

• a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
• c445637 Merge pull request #5095 from drizzle-team/main-workflows
• e7b3aaa Merge branch 'main' into main-workflows
• 0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
• 45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
• 6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
• 53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
• ce88a18 Merge remote-tracking branch 'origin/ext-deps-kit' into main-workflows
• 5c8a4c5 +
• 73e2ea4 feat: Add release router workflow to manage feature and latest releases
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for drizzle-orm since your current version.

Updates elysia from 1.3.5 to 1.4.19

Release notes

Sourced from elysia's releases.

1.4.19

What's Changed

Security:

• reject invalid cookie signature when using cookie rotation

Improvement

• #1609 calling afterResponse with aot: false
• #1607, #1606, #1139 data coercion on nested form data by @​Teyik0
• #1604 save lazy compilation of Elysia.fetch for up to 45x performance improvement
• #1588, #1587 add seen weakset during mergeDeep by @​abhishekg999

Bug fix:

• #1614 Cloudflare Worker with dynamic path
• add set immediate fallback
• #1597 safeParse, parse to static type
• #1596 handle context pass to function with sub context
• #1591, #1590 merge set.headers without duplicating Response by @​truehazker
• #1546 override group prefix type
• #1526 default error handler doesn't work in Cloudflare Workers
• handle group with empty prefix in type-level

New Contributors

• @​abhishekg999 made their first contribution in elysiajs/elysia#1588
• @​Teyik0 made their first contribution in elysiajs/elysia#1607
• @​truehazker made their first contribution in elysiajs/elysia#1591

Full Changelog: elysiajs/elysia@1.4.18...1.4.19

1.4.18

What's Changed

Security

• use JSON.stringify over custom escape implementation

Full Changelog: elysiajs/elysia@1.4.17...1.4.18

1.4.17

What's Changed

Improvement:

• #1573 Server is always resolved to any when @types/bun is missing
• #1568 optimize cookie value comparison using FNV-1a hash
• #1549 Set-Cookie headers not sent when errors are thrown
• #1579 HEAD to handle Promise value

Security:

• cookie injection, prototype pollution, and RCE

Bug fix:

• #1550 excess property checking
• allow cookie.sign to be string

... (truncated)

Changelog

Sourced from elysia's changelog.

1.4.19 - 13 Dec 2025

Security:

• reject invalid cookie signature when using cookie rotation

Improvement

• #1609 calling afterResponse with aot: false
• #1607, #1606, #1139 data coercion on nested form data
• #1604 save lazy compilation of Elysia.fetch for up to 45x performance improvement
• #1588, #1587 add seen weakset during mergeDeep

Bug fix:

• #1614 Cloudflare Worker with dynamic path
• add set immediate fallback
• #1597 safeParse, parse to static type
• #1596 handle context pass to function with sub context
• #1591, #1590 merge set.headers without duplicating Response
• #1546 override group prefix type
• #1526 default error handler doesn't work in Cloudflare Workers
• handle group with empty prefix in type-level

1.4.18 - 4 Dec 2025

Security:

• use JSON.stringify over custom escape implementation

1.4.17 - 2 Dec 2025

Improvement:

• #1573 Server is always resolved to any when @types/bun is missing
• #1568 optimize cookie value comparison using FNV-1a hash
• #1549 Set-Cookie headers not sent when errors are thrown
• #1579 HEAD to handle Promise value

Security:

• cookie injection, prototype pollution, and RCE

Bug fix:

• #1550 excess property checking
• allow cookie.sign to be string

Change:

• #1584 change customError property to unknown
• #1556 prevent sending set-cookie header when cookie value is not modified
• #1563 standard schema on websocket
• conditional parseQuery parameter
• conditional pass c.request to handler for streaming response
• fix missing contentType type on parser

1.4.16 - 13 Nov 2025

Improvement:

• ValidationError: add messageValue as an alias of errorValue
• ValidationError.detail now accept optional 2nd parameter allowUnsafeValidatorDetails

... (truncated)

Commits

• 218c12a 🧹 chore: update version
• 4641b18 Merge pull request #1610 from elysiajs/next
• 3334797 🧹 chore: use oidc publish
• 9210318 🔧 fix: misc possible bugs
• 90b7940 🔧 fix: re-compile on promise module
• 1e0a5d6 🔧 fix: override read-only property
• 7f2bdd6 🔧 fix: save lazy compilation of Elysia.fetch
• 2a86a8b 🔧 fix: save lazy compilation of Elysia.fetch
• aea3b06 🔧 fix: #1546 override group prefix type
• d0cea55 🔧 fix: reject invalid cookie signature when using cookie rotation
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for elysia since your current version.

Updates jose from 6.0.11 to 6.1.3

Release notes

Sourced from jose's releases.

v6.1.3

Refactor

• avoid export * as for google closure's compiler sake (6303d98), closes #832

v6.1.2

Refactor

• fallback to checking instanceof for CryptoKey (901cd90), closes #765 #803 #821 #827 #828

v6.1.1

Documentation

• add link to RFC9864 (767edde)
• link to ML-DSA for JOSE (ed4252c)
• remove mention of Edge Runtime from the readme (94fdde7)
• update README.md (25098ef)

Refactor

• eliminate named exports in the source code (f6ae30d)
• expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
• faster path for symmetric key checks (a44c2ec)
• improve en/decoding overheads (daee426)

v6.1.0

Features

• support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
• support for the ML-DSA PQC Algorithm Identifiers (25ddce4)

v6.0.13

Refactor

• more readability in ecdhes.ts (84da9de)
• update asn1.ts helpers (b4f8fb3)

v6.0.12

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

• createPublicKey is not a constructor (61ded78)

... (truncated)

Changelog

Sourced from jose's changelog.

6.1.3 (2025-12-02)

Refactor

• avoid export * as for google closure's compiler sake (6303d98), closes #832

6.1.2 (2025-11-15)

Refactor

• fallback to checking instanceof for CryptoKey (901cd90), closes #765 #803 #821 #827 #828

6.1.1 (2025-11-09)

Documentation

• add link to RFC9864 (767edde)
• link to ML-DSA for JOSE (ed4252c)
• remove mention of Edge Runtime from the readme (94fdde7)
• update README.md (25098ef)

Refactor

• eliminate named exports in the source code (f6ae30d)
• expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
• faster path for symmetric key checks (a44c2ec)
• improve en/decoding overheads (daee426)

6.1.0 (2025-08-27)

Features

• support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
• support for the ML-DSA PQC Algorithm Identifiers (25ddce4)

6.0.13 (2025-08-21)

Refactor

• more readability in ecdhes.ts (84da9de)
• update asn1.ts helpers (b4f8fb3)

6.0.12 (2025-07-15)

... (truncated)

Commits

• ebb8774 chore(release): 6.1.3
• 6303d98 refactor: avoid export * as for google closure's compiler sake
• 39c8805 chore: bump packages
• cf5726e chore: update error message
• 0154775 chore: update threat model
• d015cdf chore: add a threat model
• c5e285e chore: bump packages
• d681315 chore: bump packages
• 4ae1005 chore(deps-dev): bump glob from 11.0.3 to 11.1.0 (#831)
• aaedc25 chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 (#830)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jose since your current version.

Updates radashi from 12.6.0 to 12.7.1

Release notes

Sourced from radashi's releases.

v12.7.1

Fixed

• Ensure DurationParser static properties can be tree-shaked in b9d7529

v12.7.0

New Functions

Add getOrInsert and getOrInsertComputed functions [→ PR #444](radashi-org/radashi#444)

Access or initialize map entries without boilerplate branching. getOrInsert writes the provided value once, while getOrInsertComputed lazily creates an entry only when it is missing.

• Works with both Map and WeakMap instances
• Returns the stored entry so you can chain additional logic
• Avoids unnecessary factory calls when a key already exists

import * as _ from 'radashi'
const counts = new Map<string, number>()
_.getOrInsert(counts, 'clicks', 1) // => 1
_.getOrInsert(counts, 'clicks', 5) // => 1
_.getOrInsertComputed(counts, 'views', () => 10) // => 10
_.getOrInsertComputed(counts, 'views', () => 0) // => 10

Inspired by TC39's upsert proposal.

🔗 Docs: getOrInsert · getOrInsertComputed / Source: getOrInsert.ts · getOrInsertComputed.ts / Tests: getOrInsert.test.ts · getOrInsertComputed.test.ts

Add isArrayEqual function [→ PR #417](radashi-org/radashi#417)

Compare arrays with Object.is precision. isArrayEqual checks length and element identity, correctly handling tricky cases like NaN, sparse arrays, and the +0/-0 distinction.

• Uses Object.is so NaN matches itself while +0 and -0 stay distinct
• Short-circuits when lengths differ for a fast inequality check
• Leaves the original arrays untouched

import * as _ from 'radashi'
_.isArrayEqual([1, 2, 3], [1, 2, 3]) // => true
_.isArrayEqual([0], [-0]) // => false
_.isArrayEqual([Number.NaN], [Number.NaN]) // => true

🔗 Docs / Source / Tests

... (truncated)

Changelog

Sourced from radashi's changelog.

[radashi@12.7.1] - 2025-11-19

Details

Fixed

• Ensure DurationParser static properties can be tree-shaked in b9d7529

[radashi@12.7.0] - 2025-10-17

Details

Added

• Add identity function in 38e2f37
• Add isArrayEqual function in 095f2b0
• Add isMapEqual and isSetEqual functions in 0fa566a
• Add getOrInsert and getOrInsertComputed in 4675076
• (objectify) Add index parameter to getKey and getValue functions in 1506472
• Add absoluteJitter and proportionalJitter in ebea7d7

Changed

• Preserve tuple type in min/max even with a getter in c72a1c4
• Use identity as default getter for sort in df55a6e

[radashi@12.6.2] - 2025-08-20

Details

Fixed

• (range) Ensure end parameter works when 0 in 9c8ffa0

[radashi@12.6.1] - 2025-08-09

Details

Fixed

• (group) Use Object.create(null) for the returned object in 5db8c37

Commits

• 478e0cd chore(release): 12.7.1
• 763e630 chore: update .cliffignore
• b9d7529 fix: ensure DurationParser static properties can be tree-shaked (#447)
• 0154943 chore(scripts): use dist build for tree-shake-check
• 6207890 chore: add tree-shake-check script
• 6c8276a Revert "feat!: transpile to Node18 syntax (#448)"
• b109d1e feat!: transpile to Node18 syntax (#448)
• f0c9c33 chore(docs): remove unnecessary await in example
• 900f2e8 chore(release): 12.7.0
• 11d932d chore: prepare release notes
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.0.6 to 2.3.8

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.8

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

  const foo = "Line 1\nLine 2";
  const bar = `Line 1

... (truncated)

Commits

• 0a6b6fb chore: restore version and yaml how they were
• 5d15cd5 chore: revert version
• 59fa146 ci: release (#8263)
• f7e836f feat(biome_js_analyze): implement noProto rule (#8276)
• b537918 feat(js_biome_analyze): implement noDuplicatedSpreadProps (#8116)
• 91484d1 feat(biome_js_analyze): implement noMultiStr rule (#8218)
• 68c052e feat(biome_js_analyze): implement noEqualsToNull rule (#8214)
• 79adaea feat(lint): added new rule no-leaked-render from eslint-react (#8171)
• cd2edd7 feat(js_analyze): implement noTernary (#8201)
• 8e97b89 ci: release (#8161)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates bun-types from 1.2.18 to 1.3.4

Release notes

Sourced from bun-types's releases.

Bun v1.3.4

To install Bun v1.3.4

curl -fsSL https://bun.sh/install | bash
# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.4:

bun upgrade

Read Bun v1.3.4's release notes on Bun's blog

Thanks to 14 contributors!

• @​alii
• @​amdad121
• @​dylan-conway
• @​eroderust
• @​jarred-sumner
• @​lydiahallie
• @​markovejnovic
• @​nektro
• @​pfgithub
• @​riskymh
• @​robobun
• @​shendongming

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}