Bump the npm group with 5 updates

[dependabot]

Bumps the npm group with 5 updates:

Package	From	To
@biomejs/biome	2.2.3	2.2.4
@types/node	24.3.1	24.6.1
@types/vscode	1.103.0	1.104.0
typescript	5.9.2	5.9.3
webpack	5.101.3	5.102.0

Updates @biomejs/biome from 2.2.3 to 2.2.4

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.2.4

2.2.4

Patch Changes

• #7453 aa8cea3 Thanks @​arendjr! - Fixed #7242: Aliases specified in package.json's imports section now support having multiple targets as part of an array.

• #7454 ac17183 Thanks @​arendjr! - Greatly improved performance of noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #7447 7139aad Thanks @​rriski! - Fixes #7446. The GritQL $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #6710 98cf9af Thanks @​arendjr! - Fixed #4723: Type inference now recognises index signatures and their accesses when they are being indexed as a string.

  Example

  type BagOfPromises = {
    // This is an index signature definition. It declares that instances of type
    // `BagOfPromises` can be indexed using arbitrary strings.
    [property: string]: Promise<void>;
  };
  let bag: BagOfPromises = {};
  // Because bag.iAmAPromise is equivalent to bag[&quot;iAmAPromise&quot;], this is
  // considered an access to the string index, and a Promise is expected.
  bag.iAmAPromise;

• #7415 d042f18 Thanks @​qraqras! - Fixed #7212, now the useOptionalChain rule recognizes optional chaining using typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• #7419 576baf4 Thanks @​Conaclos! - Fixed #7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused. It is no longer reported.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.2.4

Patch Changes

• #7453 aa8cea3 Thanks @​arendjr! - Fixed #7242: Aliases specified in package.json's imports section now support having multiple targets as part of an array.

• #7454 ac17183 Thanks @​arendjr! - Greatly improved performance of noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #7447 7139aad Thanks @​rriski! - Fixes #7446. The GritQL $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #6710 98cf9af Thanks @​arendjr! - Fixed #4723: Type inference now recognises index signatures and their accesses when they are being indexed as a string.

  Example

  type BagOfPromises = {
    // This is an index signature definition. It declares that instances of type
    // `BagOfPromises` can be indexed using arbitrary strings.
    [property: string]: Promise<void>;
  };
  let bag: BagOfPromises = {};
  // Because bag.iAmAPromise is equivalent to bag[&quot;iAmAPromise&quot;], this is
  // considered an access to the string index, and a Promise is expected.
  bag.iAmAPromise;

• #7415 d042f18 Thanks @​qraqras! - Fixed #7212, now the useOptionalChain rule recognizes optional chaining using typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• #7419 576baf4 Thanks @​Conaclos! - Fixed #7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused. It is no longer reported.

  class TsBioo {
    private member: number;
  set_with_name(name: string, value: number) {
  this[name] = value;
  }
  }

... (truncated)

Commits

• 5d212c5 ci: release (#7450)
• 351bccd chore: restore release files
• 32dbfa1 ci: release (#7413)
• 75b6a0d feat(linter): add rule noJsxLiterals (#7248)
• 53ff5ae feat(analyse/json): add noDuplicateDependencies rule (#7142)
• See full diff in compare view

Updates @types/node from 24.3.1 to 24.6.1

Commits

• See full diff in compare view

Updates @types/vscode from 1.103.0 to 1.104.0

Commits

• See full diff in compare view

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Commits

• 31a0ead Don't compare "missing" to undefined in compareProperties under `exactOpt...
• d4b15eb Enhance type argument completions (#62170)
• 83ff202 Bump the github-actions group across 1 directory with 2 updates (#62507)
• e350126 Port microsoft/typescript-go#1764 (#62510)
• 97610a8 Port microsoft/typescript-go#1757 (#62501)
• 1cd5309 Port microsoft/typescript-go#1759 (#62502)
• 5f183ad Revert PR 61928 (#62423)
• 6f6efb4 Disable conditional exports fallbacks on null values (#62483)
• 96acaa5 Remove no-default-lib (#62435)
• 904e7dd Enable noUncheckedSideEffectImports by default (#62443)
• Additional commits viewable in compare view

Updates webpack from 5.101.3 to 5.102.0

Release notes

Sourced from webpack's releases.

v5.102.0

Features

• Added static analyze for dynamic imports
• Added support for import file from "./file.ext" with { type: "bytes" } to get the content as Uint8Array (look at example)
• Added support for import file from "./file.ext" with { type: "text" } to get the content as text (look at example)
• Added the snapshot.contextModule to configure snapshots options for context modules
• Added the extractSourceMap option to implement the capabilities of loading source maps by comment, you don't need source-map-loader (look at example)
• The topLevelAwait experiment is now stable (you can remove experiments.topLevelAwait from your webpack.config.js)
• The layers experiment is now stable (you can remove experiments.layers from your webpack.config.js)
• Added function matcher support in rule options

Fixes

• Fixed conflicts caused by multiple concatenate modules
• Ignore import failure during HMR update with ES modules output
• Keep render module order consistent
• Prevent inlining modules that have this exports
• Removed unused timeout attribute of script tag
• Supported UMD chunk format to work in web workers
• Improved CommonJs bundle to ES module library
• Use es-lexer for mjs files for build dependencies
• Fixed support __non_webpack_require__ for ES modules
• Properly handle external modules for CSS
• AssetsByChunkName included assets from chunk.auxiliaryFiles
• Use createRequire only when output is ES module and target is node
• Typescript types

Performance Improvements

• Avoid extra calls for snapshot
• A avoid extra jobs for build dependencies
• Move import attributes to own dependencies

Commits

• 14c813a chore(release): 5.102.0
• 761b153 feat: support function matcher in rule options (#19952)
• 8c0fa9e feat: tree shaking nested exports for destructuring assignment (#19955)
• 0a58530 chore(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 (#19958)
• 042bf86 fix: integrity in http-url test (#19954)
• d9121b3 docs: use markdown instead html (#19938)
• 3f00777 docs: remove unused files (#19937)
• 3cf0d95 chore: add lfx badge (#19934)
• 84e5c12 fix: should analyze correct variable for dynamic import (#19936)
• 44cf16f docs: Revise security policy and reporting guidelines (#19886)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions