chore(deps-dev): Bump the minor-and-patch group across 1 directory with 4 updates

[dependabot]

Bumps the minor-and-patch group with 4 updates in the / directory: @savvy-web/changesets, @savvy-web/commitlint, @savvy-web/lint-staged and @savvy-web/vitest.

Updates @savvy-web/changesets from 0.7.1 to 0.7.4

Release notes

Sourced from @​savvy-web/changesets's releases.

0.7.4

Bug Fixes

• 8721a98 Add missing hookEventName field to SessionStart hook JSON output, fixing validation errors
• Consume stdin in SessionStart hook to prevent broken pipe errors
• Convert SessionStart hook additionalContext from markdown to XML tags for reliable parsing

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/changesets@​0.7.4	📦	📄	GitHub, SBOM
npm	@​savvy-web/changesets@​0.7.4	📦	📄	GitHub, SBOM

0.7.3

Bug Fixes

• f4c116f Fixed session-start hook to output structured JSON with hookSpecificOutput.additionalContext instead of raw text, matching the expected hook response format
• Added error trapping and CLAUDE_PROJECT_DIR guard for better failure diagnostics

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/changesets@​0.7.3	📦	📄	GitHub, SBOM
npm	@​savvy-web/changesets@​0.7.3	📦	📄	GitHub, SBOM

0.7.2

Dependencies

• 5d46ce6	Dependency	Type	Action	From	To
  @​savvy-web/silk-effects	dependency	added	—	^0.2.1
  jsonc-effect	dependency	added	—	^0.2.1
  workspaces-effect	dependency	added	—	^0.3.0
  jsonc-parser	dependency	removed	^3.3.1	—
  workspace-tools	dependency	removed	0.41.0	—

Other

• 5d46ce6 Adopt shared Silk Suite libraries, replacing internal implementations with Effect services:

• Replace changeset config reading with ChangesetConfigReader from @savvy-web/silk-effects
• Replace jsonc-parser with jsonc-effect for Effect-native JSONC operations
• Replace workspace-tools with workspaces-effect Effect services (WorkspaceDiscovery, PackageManagerDetector, WorkspaceRoot)
• Delete Workspace static utility class

... (truncated)

Changelog

Sourced from @​savvy-web/changesets's changelog.

0.7.4

Bug Fixes

• 8721a98 Add missing hookEventName field to SessionStart hook JSON output, fixing validation errors
• Consume stdin in SessionStart hook to prevent broken pipe errors
• Convert SessionStart hook additionalContext from markdown to XML tags for reliable parsing

0.7.3

Bug Fixes

• f4c116f Fixed session-start hook to output structured JSON with hookSpecificOutput.additionalContext instead of raw text, matching the expected hook response format
• Added error trapping and CLAUDE_PROJECT_DIR guard for better failure diagnostics

0.7.2

Dependencies

• 5d46ce6	Dependency	Type	Action	From	To
  @​savvy-web/silk-effects	dependency	added	—	^0.2.1
  jsonc-effect	dependency	added	—	^0.2.1
  workspaces-effect	dependency	added	—	^0.3.0
  jsonc-parser	dependency	removed	^3.3.1	—
  workspace-tools	dependency	removed	0.41.0	—

Other

• 5d46ce6 Adopt shared Silk Suite libraries, replacing internal implementations with Effect services:

• Replace changeset config reading with ChangesetConfigReader from @savvy-web/silk-effects
• Replace jsonc-parser with jsonc-effect for Effect-native JSONC operations
• Replace workspace-tools with workspaces-effect Effect services (WorkspaceDiscovery, PackageManagerDetector, WorkspaceRoot)
• Delete Workspace static utility class

Commits

• 48dde2d release: 0.7.4 (#67)
• 8721a98 fix: add hookEventName to session-start hook and convert to XML context (#66)
• 629f387 release: 0.7.3 (#64)
• 5bf9fd1 release: 0.7.2 (#60)
• dd89b24 refactor: adopt workspaces-effect, replace workspace-tools with Effect servic...
• 5d46ce6 refactor: adopt silk-effects for config reading and jsonc-effect for JSONC op...
• fa76f28 chore(deps): update pnpm config dependencies (#54)
• See full diff in compare view

Updates @savvy-web/commitlint from 0.4.4 to 0.5.2

Release notes

Sourced from @​savvy-web/commitlint's releases.

0.5.2

Bug Fixes

• 4390e3d Fix session-start hook JSON output validation by adding missing hookEventName field, converting markdown to XML tags in additionalContext, and consuming stdin to prevent broken pipe errors

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/commitlint@​0.5.2	📦	📄	GitHub, SBOM
npm	@​savvy-web/commitlint@​0.5.2	📦	📄	GitHub, SBOM

0.5.1

Bug Fixes

• 180878a Convert plugin SessionStart hook from plain text stdout to structured JSON hookSpecificOutput.additionalContext response

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/commitlint@​0.5.1	📦	📄	GitHub, SBOM
npm	@​savvy-web/commitlint@​0.5.1	📦	📄	GitHub, SBOM

0.5.0

Features

• 4fbd4cd ### Claude Code Plugin

Add Claude Code sidecar plugin that registers a SessionStart hook to inform AI agents about Silk commit conventions, allowed types, and available CLI tools. Install with:

# Add the Savvy Web plugin marketplace (one-time setup)
/plugin marketplace add savvy-web/systems
Install the commitlint plugin for this project
/plugin install commitlint@savvy-web-systems --scope project

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/commitlint@​0.5.0	📦	📄	GitHub, SBOM

... (truncated)

Changelog

Sourced from @​savvy-web/commitlint's changelog.

0.5.2

Bug Fixes

• 4390e3d Fix session-start hook JSON output validation by adding missing hookEventName field, converting markdown to XML tags in additionalContext, and consuming stdin to prevent broken pipe errors

0.5.1

Bug Fixes

• 180878a Convert plugin SessionStart hook from plain text stdout to structured JSON hookSpecificOutput.additionalContext response

0.5.0

Features

• 4fbd4cd ### Claude Code Plugin

Add Claude Code sidecar plugin that registers a SessionStart hook to inform AI agents about Silk commit conventions, allowed types, and available CLI tools. Install with:

# Add the Savvy Web plugin marketplace (one-time setup)
/plugin marketplace add savvy-web/systems
Install the commitlint plugin for this project
/plugin install commitlint@savvy-web-systems --scope project

0.4.5

Refactoring

• 184c43b Replaced workspace-tools with @savvy-web/silk-effects and workspaces-effect across the CLI command layer. The public API (CommitlintConfig.silk()) is unchanged.
• init command now uses the ManagedSection service for hook marker management instead of direct string manipulation.
• check command now delegates to VersioningStrategy, WorkspaceDiscovery, and ManagedSection services from workspaces-effect.
• scopes detection is now effectful, returning an Effect rather than a synchronous array.
• CLI layer composition wires all silk-effects and workspaces-effect layers at the entry point.
• Deleted src/detection/versioning.ts (superseded by VersioningStrategy service) and src/detection/utils.ts (findProjectRoot inlined into dco.ts).

Dependencies

• 7ce01c0	Dependency	Type	Action	From	To
  @​savvy-web/vitest	devDependency	updated	^1.0.1	^1.1.0

• 184c43b	Dependency	Type	Action	From	To
  @savvy-web/silk-effects	dependency	added	—	^0.1.0
  workspaces-effect	dependency	added	—	^0.1.0

... (truncated)

Commits

• a4dd252 release: 0.5.2 (#97)
• 4390e3d fix(plugin): add missing hookEventName to session-start hook (#96)
• 6704742 release: 0.5.1 (#95)
• 9cd7834 chore: fix package detection
• 2373a1a chore: 0.5.0 (#89)
• 4fbd4cd feat: add Claude Code plugin and restructure as monorepo
• See full diff in compare view

Updates @savvy-web/lint-staged from 0.6.6 to 0.7.3

Release notes

Sourced from @​savvy-web/lint-staged's releases.

0.7.3

Bug Fixes

• f905f27 Fix session-start hook JSON output validation by adding hookEventName, consuming stdin, and converting additionalContext to XML tags

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/lint-staged@​0.7.3	📦	📄	GitHub, SBOM
npm	@​savvy-web/lint-staged@​0.7.3	📦	📄	GitHub, SBOM

0.7.2

Bug Fixes

• 9d60389 Fixed savvy-lint init writing Biome schema URLs containing the literal string "catalog:silk" instead of the resolved version number. The @biomejs/biome peer dependency is now pinned to 2.4.9 directly rather than via a pnpm catalog reference, so the version is available at publish time when schema URLs are generated (fixes #98).

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/lint-staged@​0.7.2	—	📄	—
npm	@​savvy-web/lint-staged@​0.7.2	—	📄	—

0.7.1

Bug Fixes

• 242afde Convert session-start.sh hook from plain text stdout to structured JSON hookSpecificOutput.additionalContext response, matching the Claude Code plugin hook contract

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/lint-staged@​0.7.1	📦	📄	GitHub, SBOM
npm	@​savvy-web/lint-staged@​0.7.1	📦	📄	GitHub, SBOM

0.7.0

Breaking Changes

• a7e608e ### Removed ConfigSearch utility

The ConfigSearch class and its associated types (ConfigSearchOptions, ConfigSearchResult) have been removed from the public API. Use ConfigDiscovery from @savvy-web/silk-effects instead -- it is now re-exported directly from this package.

Features

... (truncated)

Changelog

Sourced from @​savvy-web/lint-staged's changelog.

0.7.3

Bug Fixes

• f905f27 Fix session-start hook JSON output validation by adding hookEventName, consuming stdin, and converting additionalContext to XML tags

0.7.2

Bug Fixes

• 9d60389 Fixed savvy-lint init writing Biome schema URLs containing the literal string "catalog:silk" instead of the resolved version number. The @biomejs/biome peer dependency is now pinned to 2.4.9 directly rather than via a pnpm catalog reference, so the version is available at publish time when schema URLs are generated (fixes #98).

0.7.1

Bug Fixes

• 242afde Convert session-start.sh hook from plain text stdout to structured JSON hookSpecificOutput.additionalContext response, matching the Claude Code plugin hook contract

0.7.0

Breaking Changes

• a7e608e ### Removed ConfigSearch utility

The ConfigSearch class and its associated types (ConfigSearchOptions, ConfigSearchResult) have been removed from the public API. Use ConfigDiscovery from @savvy-web/silk-effects instead -- it is now re-exported directly from this package.

Features

• a7e608e ### Claude Code companion plugin

A new Claude Code plugin is included in the repository that automatically injects code quality context at session start. It detects the project's package manager and informs the agent about Biome formatting/linting rules, markdownlint configuration, and TypeScript conventions so Claude Code follows the project's code style without manual prompting.

# Add the Savvy Web plugin marketplace (one-time setup)
/plugin marketplace add savvy-web/systems
Install the lint-staged plugin for this project
/plugin install lint-staged@savvy-web-systems --scope project

Refactoring

• a7e608e ### Adopted @savvy-web/silk-effects for shared logic

Internal implementations replaced with centralized @savvy-web/silk-effects modules:

• ManagedSection -- managed section reads/writes in husky hook files
• BiomeSchemaSync -- biome config $schema URL synchronization
• ConfigDiscovery -- config file discovery with lib/configs/ priority
• ToolDiscovery -- CLI tool availability detection

... (truncated)

Commits

• 2135ee4 release: 0.7.3 (#104)
• f905f27 fix: add hookEventName and XML tags to session-start hook (#103)
• 4bc3295 release: 0.7.2 (#102)
• 9d60389 fix: pin biome peerDependency to static version (#99)
• 3bda79a release: 0.7.1 (#95)
• 9f5afcc release: 0.7.0 (#92)
• a7e608e feat: adopt silk-effects 0.3.0, Claude Code plugin, and sidecar restructure (...
• See full diff in compare view

Updates @savvy-web/vitest from 1.1.0 to 1.2.2

Release notes

Sourced from @​savvy-web/vitest's releases.

1.2.2

Bug Fixes

• 6e38b54 Fix SessionStart hook JSON validation by adding missing hookEventName field, consuming stdin to prevent broken pipe errors, and converting additionalContext from markdown to XML tags

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/vitest@​1.2.2	📦	📄	GitHub, SBOM
npm	@​savvy-web/vitest@​1.2.2	📦	📄	GitHub, SBOM

1.2.1

Bug Fixes

• 476cc9f Fixed session-start hook silently swallowing errors by converting from plain text stdout output to structured JSON hookSpecificOutput.additionalContext response with error trap and environment variable validation

---

Publish Summary

Registry	Package	SBOM	API	Provenance
GitHub Packages	@​savvy-web/vitest@​1.2.1	📦	📄	GitHub, SBOM
npm	@​savvy-web/vitest@​1.2.1	📦	📄	GitHub, SBOM

1.2.0

Features

• dd6d5af Added a companion Claude Code plugin (plugin/) that provides AI coding agents with automatic test convention context and a full configuration API reference.

  The plugin ships two components:

  • Session-start hook — on every Claude Code session start, the hook injects workspace discovery context (auto-discovery behavior, __test__/ directory layout, test classification rules by filename convention) and dynamically scans the current workspace to report which packages use __test__/ directories, co-located tests, or both.
  • /vitest:config skill — a slash-command reference covering all VitestConfigOptions fields (coverage, coverageTargets, coverageExclude, agentReporter, pool, unit/e2e/int overrides, postProcess), VitestProject factory defaults and mutation methods, and common configuration recipes.

Dependencies

• 35db183	Dependency	Type	Action	From	To
  @​savvy-web/lint-staged	devDependency	updated	^0.6.5	^0.6.6

Maintenance

• dd6d5af Restructured the repository into a sidecar pattern. The publishable package source moved from the repo root to package/ (src/, rslib.config.ts, tsconfig.json, turbo.json). No changes were made to the package's exported API — the @savvy-web/vitest module surface is identical.

---

... (truncated)

Changelog

Sourced from @​savvy-web/vitest's changelog.

1.2.2

Bug Fixes

• 6e38b54 Fix SessionStart hook JSON validation by adding missing hookEventName field, consuming stdin to prevent broken pipe errors, and converting additionalContext from markdown to XML tags

1.2.1

Bug Fixes

• 476cc9f Fixed session-start hook silently swallowing errors by converting from plain text stdout output to structured JSON hookSpecificOutput.additionalContext response with error trap and environment variable validation

1.2.0

Features

• dd6d5af Added a companion Claude Code plugin (plugin/) that provides AI coding agents with automatic test convention context and a full configuration API reference.

  The plugin ships two components:

  • Session-start hook — on every Claude Code session start, the hook injects workspace discovery context (auto-discovery behavior, __test__/ directory layout, test classification rules by filename convention) and dynamically scans the current workspace to report which packages use __test__/ directories, co-located tests, or both.
  • /vitest:config skill — a slash-command reference covering all VitestConfigOptions fields (coverage, coverageTargets, coverageExclude, agentReporter, pool, unit/e2e/int overrides, postProcess), VitestProject factory defaults and mutation methods, and common configuration recipes.

Dependencies

• 35db183	Dependency	Type	Action	From	To
  @​savvy-web/lint-staged	devDependency	updated	^0.6.5	^0.6.6

Maintenance

• dd6d5af Restructured the repository into a sidecar pattern. The publishable package source moved from the repo root to package/ (src/, rslib.config.ts, tsconfig.json, turbo.json). No changes were made to the package's exported API — the @savvy-web/vitest module surface is identical.

Commits

• 6935002 release: 1.2.2 (#51)
• 6e38b54 fix: add hookEventName to SessionStart hook and convert context to XML (#49)
• 58c9114 release: 1.2.1 (#47)
• 43717ab release: 1.2.0 (#42)
• dd6d5af feat: add companion Claude Code plugin (#40)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​savvy-web/​vitest@​1.1.0 ⏵ 1.2.2				+1
	@​savvy-web/​commitlint@​0.4.4 ⏵ 0.5.2			+4	+1
	@​savvy-web/​lint-staged@​0.6.6 ⏵ 0.7.3				+1
	@​savvy-web/​changesets@​0.7.1 ⏵ 0.7.4			+1	+1

View full report

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.