build(deps-dev): bump the minor-and-patch group across 1 directory with 4 updates

[dependabot]

Bumps the minor-and-patch group with 4 updates in the / directory: @anthropic-ai/claude-agent-sdk, @biomejs/biome, @types/bun and lefthook.

Updates @anthropic-ai/claude-agent-sdk from 0.2.92 to 0.2.111

Release notes

Sourced from @​anthropic-ai/claude-agent-sdk's releases.

v0.2.111

What's changed

• Opus 4.7 is now available! This version of the SDK is required to use it.
• mcp_set_servers control request: remote (http/sse) server entries can now carry per-tool permission_policy values, which are applied to the session's allow/deny rules
• startup() and WarmQuery are now part of the public TypeScript API
• Changed options.env to overlay the inherited process.env instead of replacing it

Update

npm install @anthropic-ai/claude-agent-sdk@0.2.111
# or
yarn add @anthropic-ai/claude-agent-sdk@0.2.111
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.2.111
# or
bun add @anthropic-ai/claude-agent-sdk@0.2.111

v0.2.110

What's changed

• Fixed unstable_v2_createSession not respecting cwd, settingSources, and allowDangerouslySkipPermissions options
• Added optional shouldQuery field to SDKUserMessage — set to false to append a user message without triggering an assistant turn; fixed shouldQuery: false messages incorrectly triggering auto-title generation, prompt suggestions, and UserPromptSubmit hooks
• Auto session-title generation now respects CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC and CLAUDE_CODE_DISABLE_TERMINAL_TITLE

Update

npm install @anthropic-ai/claude-agent-sdk@0.2.110
# or
yarn add @anthropic-ai/claude-agent-sdk@0.2.110
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.2.110
# or
bun add @anthropic-ai/claude-agent-sdk@0.2.110

v0.2.109

What's changed

• Updated to parity with Claude Code v2.1.109

Update

npm install @anthropic-ai/claude-agent-sdk@0.2.109
# or
yarn add @anthropic-ai/claude-agent-sdk@0.2.109
</tr></table> 

... (truncated)

Changelog

Sourced from @​anthropic-ai/claude-agent-sdk's changelog.

0.2.111

• Opus 4.7 is now available! This version of the SDK is required to use it.
• mcp_set_servers control request: remote (http/sse) server entries can now carry per-tool permission_policy values, which are applied to the session's allow/deny rules
• startup() and WarmQuery are now part of the public TypeScript API
• Changed options.env to overlay the inherited process.env instead of replacing it

0.2.110

• Fixed unstable_v2_createSession not respecting cwd, settingSources, and allowDangerouslySkipPermissions options
• Added optional shouldQuery field to SDKUserMessage — set to false to append a user message without triggering an assistant turn; fixed shouldQuery: false messages incorrectly triggering auto-title generation, prompt suggestions, and UserPromptSubmit hooks
• Auto session-title generation now respects CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC and CLAUDE_CODE_DISABLE_TERMINAL_TITLE

0.2.109

• Updated to parity with Claude Code v2.1.109

0.2.108

• SDKStatus now includes 'requesting'; when includePartialMessages is enabled, a {type:'system', subtype:'status', status:'requesting'} message is emitted before each API request in the stream

0.2.107

• Updated to parity with Claude Code v2.1.107

0.2.106

• Updated to parity with Claude Code v2.1.106

0.2.105

• Added system/memory_recall event and memory_paths on system/init for SDK renderers to surface memory operations
• Fixed error_max_structured_output_retries being emitted when the final retry attempt succeeded, discarding valid structured output

0.2.102

• Updated to parity with Claude Code v2.1.102

0.2.101

• Security: bumped @anthropic-ai/sdk to ^0.81.0 and @modelcontextprotocol/sdk to ^1.29.0 to resolve GHSA-5474-4w2j-mq4c and transitive hono advisories
• Fixed resume-session temp directory leaking on Windows when subprocess file handles weren't released before cleanup, and on macOS/APFS when await using disposal raced its own cleanup callback
• Fixed MaxListenersExceededWarning when running 11+ concurrent query() calls

0.2.100

• Updated to parity with Claude Code v2.1.100

0.2.99

... (truncated)

Commits

• bf1a335 chore: Update CHANGELOG.md
• 9ecc668 chore: Update CHANGELOG.md
• 36e2715 chore: Update CHANGELOG.md
• 9ca6a44 chore: Update CHANGELOG.md
• 849c843 chore: Update CHANGELOG.md
• 0305880 chore: Update CHANGELOG.md
• de1cb56 chore: Update CHANGELOG.md
• 01435f5 chore: Update CHANGELOG.md
• 71e257a chore: Update CHANGELOG.md
• 943af1a chore: Update CHANGELOG.md
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.10 to 2.4.12

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.12

2.4.12

Patch Changes

• #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

  describe("foo", () => {});
  describe("foo", () => {
    // invalid: same title as previous describe block
    test("baz", () => {});
    test("baz", () => {}); // invalid: same title as previous test case
  });

• #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

• #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

  For example, the following snippets trigger the rule:

  function createComponent(label) {
    function MyComponent() {
      return <div>{label}</div>;
    }
    return MyComponent;
  }

  function Parent() {
    function Child() {
      return <div />;
    }
    return <Child />;
  }

• #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

• #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

• #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.12

Patch Changes

• #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

  describe("foo", () => {});
  describe("foo", () => {
    // invalid: same title as previous describe block
    test("baz", () => {});
    test("baz", () => {}); // invalid: same title as previous test case
  });

• #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

• #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

  For example, the following snippets trigger the rule:

  function createComponent(label) {
    function MyComponent() {
      return <div>{label}</div>;
    }
    return MyComponent;
  }

  function Parent() {
    function Child() {
      return <div />;
    }
    return <Child />;
  }

• #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

• #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

• #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

• #9966 322675e Thanks @​siketyan! - Fixed #9113: Biome now parses and formats @media and other conditional blocks correctly inside embedded CSS snippets.

... (truncated)

Commits

• baaacfc ci: release (#9890)
• e0ba71d feat: implement useIframeSandbox (#9949)
• 2cff700 feat(lint/js): add useVarsOnTop (#9861)
• 27dd7b1 feat(react/js): add noComponentHookFactories (#9916)
• 0d0e611 feat(js_analyze): implement useReactAsyncServerFunction (#9909)
• f1c1363 feat(lint/js): add useStringStartsEndsWith (#9796)
• d417803 feat(js_analyze): implement noJsxNamespace (#9913)
• 9701a33 feat(lint/js): add noIdenticalTestTitle (#9376)
• c499f46 feat(lint): implement useReduceTypeParameter nursery rule (#9577)
• 40bd180 feat(lint/js): add noExcessiveSelectorClasses (#9866)
• Additional commits viewable in compare view

Updates @types/bun from 1.3.11 to 1.3.12

Commits

• See full diff in compare view

Updates lefthook from 2.1.4 to 2.1.6

Release notes

Sourced from lefthook's releases.

v2.1.6

Changelog

• bf73ea2f1ea5468c9af7a6f06b5ef8cd43e66040 fix(packaging): do not pipe stdout and stderr (#1382)
• 04da00697cd8a6241023c1962feb720eeaa62698 fix(windows): normalize lefthook path for sh script (#1383)
• de9597a1bf456d2cf0fbcb8816858b6e5cf6b609 fix: log full scoped name for skipped jobs (#1291)
• eb3e70dbbd2442200ec8ff2140a3ee9daa7d9e70 fix: normalize root to always include trailing slash before path replacement (#1381)
• f90f3f570ef9227ddf345a79cec687dac41a5d31 fix: skip pty allocation when stdout is not a terminal (#1393)

v2.1.5

Changelog

• afac466157f88b5a5f9d03eb28acc90b095a4b5d chore(golangci-lint): upgrade to 2.11.4 (#1362)
• f8e73b947e2eefd6950d6a19c20bbde19070809d chore: fix golangci-lint version lookup
• 4564da343b1497f73f8a82f6104e1b5903f8a081 chore: move golangci-lint version to .tool-versions (#1349)
• 236a5bd07c650aaa882963d68ab5e5e654a47681 chore: small cleanup (#1370)
• 5ddf2206dd23e826c5434392e034fa7db523cd3d deps: April 2026 (#1375)
• e26c719f5a85e8ff35871e9724649714d6f05c13 fix: git repository merge issue (#1372)
• 3503a3b102c2b41c298e1e7dc6549181508518a6 fix: prevent lefthook run from overwriting global hooks (#1371)
• f3fc175f6c638fd54ab49b8d7c060898f936c934 fix: use pre-push stdin for push file detection (#1368)

Changelog

Sourced from lefthook's changelog.

2.1.6 (2026-04-16)

• fix: normalize lefthook path for sh script (#1383) by @​AndrewKahr
• fix: normalize root to always include trailing slash before path replacement (#1381) by @​Copilot
• fix: skip pty allocation when stdout is not a terminal (#1393) by @​technicalpickles
• docs: upgrade docmd (#1391) by @​mrexox
• fix: log full scoped name for skipped jobs (#1291) by @​scop
• fix: do not pipe stdout and stderr (#1382) by @​mrexox

2.1.5 (2026-04-06)

• deps: April 2026 (#1375) by @​mrexox
• docs: update documentation and docs for claude (#1373) by @​mrexox
• fix: git repository merge issue (#1372) by @​mrexox
• fix: use pre-push stdin for push file detection (#1368) by @​supitsdu
• chore: small cleanup (#1370) by @​mrexox
• fix: prevent lefthook run from overwriting global hooks (#1371) by @​ivy
• chore: upgrade to 2.11.4 (#1362) by @​scop
• chore: fix golangci-lint version lookup by @​mrexox
• chore: move golangci-lint version to .tool-versions (#1349) by @​scop

Commits

• 679ce27 2.1.6: fixes for Windows and AI tools execution
• 04da006 fix(windows): normalize lefthook path for sh script (#1383)
• eb3e70d fix: normalize root to always include trailing slash before path replacemen...
• f90f3f5 fix: skip pty allocation when stdout is not a terminal (#1393)
• 1481e9d docs: upgrade docmd (#1391)
• de9597a fix: log full scoped name for skipped jobs (#1291)
• bf73ea2 fix(packaging): do not pipe stdout and stderr (#1382)
• 4cec579 2.1.5: prevent overwriting global hooks and fix pre-push for sha256 repos
• 5ddf220 deps: April 2026 (#1375)
• 0c16199 docs: update documentation and docs for claude (#1373)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions