deps(ts): Bump the all group in /ts with 6 updates

[dependabot]

Bumps the all group in /ts with 6 updates:

Package	From	To
@biomejs/biome	2.3.2	2.3.10
@tsconfig/node20	20.1.6	20.1.8
pkgroll	2.20.1	2.21.4
publint	0.3.15	0.3.16
tsx	4.20.6	4.21.0
typedoc	0.28.14	0.28.15

Updates @biomejs/biome from 2.3.2 to 2.3.10

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.10

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

What's Changed

• feat: new Turborepo domain and noUndeclaredEnvVars rule by @​anthonyshew in biomejs/biome#8426
• fix(noExtraNonNullAssertion): fix regression by @​dyc3 in biomejs/biome#8477
• fix(analyze/js): index ts constructor methods in semantic model (regression) by @​dyc3 in biomejs/biome#8479
• fix(lint): lint/suspicous/noRedeclare should not report redeclarations for infer type in conditional types by @​taga3s in biomejs/biome#8417
• fix(noLeakedRender): eslint rule name fix by @​vsn4ik in biomejs/biome#8420
• chore: add kraken as bronze sponsor by @​dyc3 in biomejs/biome#8486
• fix(linter): improve Vue defineProps handling in noVueReservedKeys by @​mdevils in biomejs/biome#8448
• fix(cli): colors with multi-codepoints characters by @​ematipico in biomejs/biome#8410
• feat(lint): implement noAmbiguousAnchorText by @​Netail in biomejs/biome#8372
• ci: release by @​github-actions[bot] in biomejs/biome#8474
• docs: fix typos for assist/actions/organize-imports by @​sergioness in biomejs/biome#8490

New Contributors

• @​taga3s made their first contribution in biomejs/biome#8417
• @​vsn4ik made their first contribution in biomejs/biome#8420
• @​sergioness made their first contribution in biomejs/biome#8490

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

... (truncated)

Commits

• fd279f3 ci: release (#8474)
• b352ee4 feat(lint): implement noAmbiguousAnchorText (#8372)
• 67546bc chore: add kraken as bronze sponsor (#8486)
• 285d932 feat: new Turborepo domain and noUndeclaredEnvVars rule (#8426)
• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates @tsconfig/node20 from 20.1.6 to 20.1.8

Commits

• See full diff in compare view

Updates pkgroll from 2.20.1 to 2.21.4

Release notes

Sourced from pkgroll's releases.

v2.21.4

2.21.4 (2025-11-28)

Bug Fixes

• dont resolve .js to .ts in external dependency (03c7283), closes #141

v2.21.3

2.21.3 (2025-11-22)

Bug Fixes

• resolve implicit external path (d972431)

v2.21.2

2.21.2 (2025-11-22)

Bug Fixes

• deps: update dependency @​rollup/plugin-alias to v6 (1267295)
• deps: update dependency @​rollup/plugin-commonjs to v29 (07548e4)

v2.21.1

2.21.1 (2025-11-20)

Bug Fixes

• resolver: prefer .js over .ts in node_modules (46d4202)

v2.21.0

2.21.0 (2025-11-20)

Bug Fixes

• deps: update all non-major dependencies (#25) (f18fe0f)

Features

• enhance dependency externalization with improved warnings (f7b3876), closes #32 #49

Commits

• 03c7283 fix: dont resolve .js to .ts in external dependency
• d972431 fix: resolve implicit external path
• 07548e4 fix(deps): update dependency @​rollup/plugin-commonjs to v29
• 91e3813 ci(github-actions): update github-actions to v6 (major)
• 1267295 fix(deps): update dependency @​rollup/plugin-alias to v6
• 46d4202 fix(resolver): prefer .js over .ts in node_modules
• a26950c chore(deps): lock file maintenance (#26)
• d6eba4e test: upgrade manten
• d4ef552 test: fix correct node version usage
• 15b0981 chore(deps): update node.js to v24
• Additional commits viewable in compare view

Updates publint from 0.3.15 to 0.3.16

Release notes

Sourced from publint's releases.

publint@0.3.16

Patch Changes

• Re-enable file existence checks for TS and TSX files if they do not use custom conditions. In v0.3.10, this was done unconditionally instead which missed catching possible file typos if only common conditions are used. (7b1408e)

Changelog

Sourced from publint's changelog.

0.3.16

Patch Changes

• Re-enable file existence checks for TS and TSX files if they do not use custom conditions. In v0.3.10, this was done unconditionally instead which missed catching possible file typos if only common conditions are used. (7b1408e)

Commits

• 9ef31c5 Release packages (#210)
• 7fb8483 Set prettier printWidth to 100
• 6e45f1e Update dependencies
• 7b1408e Re-enable TS file existence check for common conditions
• d02eb46 Improve repo parse
• 849f435 Update dependencies
• See full diff in compare view

Updates tsx from 4.20.6 to 4.21.0

Release notes

Sourced from tsx's releases.

v4.21.0

4.21.0 (2025-11-30)

Features

• upgrade esbuild (#748) (048fb62)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• f6284cd ci: lock in semantic-release v24
• 048fb62 feat: upgrade esbuild (#748)
• See full diff in compare view

Updates typedoc from 0.28.14 to 0.28.15

Release notes

Sourced from typedoc's releases.

v0.28.15

Features

• The gitRevision option now accepts the special value {branch}, which indicates source links should use the current git branch for links, #3041.
• Introduced validation.invalidPath for suppressing warnings caused by referencing relative paths which do not exist when building the documentation, #3033.
• API: Introduced Logger.validationWarning for validation which occurs during conversion rather than during TypeDoc's normal validation step, #3033.

Changelog

Sourced from typedoc's changelog.

v0.28.15 (2025-11-29)

Features

• The gitRevision option now accepts the special value {branch}, which indicates source links should use the current git branch for links, #3041.
• Introduced validation.invalidPath for suppressing warnings caused by referencing relative paths which do not exist when building the documentation, #3033.
• API: Introduced Logger.validationWarning for validation which occurs during conversion rather than during TypeDoc's normal validation step, #3033.

Commits

• 6c9220e Update changelog for release
• 081712a Bump version to 0.28.15
• 8944d63 Update dprint plugins
• b0dcca6 Update dependencies
• 81fbdf3 Add {branch} option to gitRevision
• fd3344f Add validation.invalidPath
• 88cd991 Thank contributors
• 114b190 Copy type param descriptions to constructors
• 3e70b65 Merge pull request #3035 from iclanton/remove-jsx
• 9906145 Update site/tags/typescript.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.