chore(deps): bump the npm-dependencies group with 9 updates

[dependabot]

Bumps the npm-dependencies group with 9 updates:

Package	From	To
@filoz/synapse-sdk	0.36.1	0.37.0
filecoin-pin	0.15.1	0.16.0
pg-boss	12.11.1	12.11.2
undici	7.21.0	7.22.0
viem	2.45.2	2.46.0
lucide-react	0.563.0	0.564.0
tailwind-merge	3.4.0	3.4.1
jsdom	28.0.0	28.1.0
@biomejs/biome	2.3.14	2.4.0

Updates @filoz/synapse-sdk from 0.36.1 to 0.37.0

Release notes

Sourced from @​filoz/synapse-sdk's releases.

synapse-sdk: v0.37.0

0.37.0 (2026-02-11)

⚠ BREAKING CHANGES

• change params to options object and remove withIpni (#601)
• remove pdp classes and change upload input to File
• transition from ethers to viem (#555)
• replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526)
• use activePieceCount for accurate piece tracking (#517)
• change to only export Synapse from the main entrypoint

refactor

• replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526) (a4956c7)

Features

• Add API for querying remaining egress (#430) (c40d6b8)
• add devnet support (#527) (773551b)
• change params to options object and remove withIpni (#601) (0d529e2)
• change to only export Synapse from the main entrypoint (4c0cc47), closes #232
• Endorsements Service (#553) (fba3280)
• examples/cli: add get-sp-peer-ids command (#546) (8aafdf1)
• move ethers to peer dependencies (242a2c1)
• remove pdp classes and change upload input to File (32700c2)
• storage: rename "pieces" callbacks, add piece info & dataSetId (#439) (f1bd585)
• transition from ethers to viem (#555) (3741241)
• use activePieceCount for accurate piece tracking (#517) (59fd863)

Bug Fixes

• cache clientDataSetId in StorageContext (#489) (ec1345a)
• change FilBeam URL to stats.filbeam.com (#539) (87ac7a8)
• createStorageContext without getClientDataSetsWithDetails (#438) (76e2439)
• expose getScheduledRemovals on storageContext (#490) (6a3b5cc)
• remove settlement fee (#502) (8c7537e), closes #243
• remove telemetry (#562) (128037e)
• resolveByProviderId doesnt use getClientDataSetsWithDetails (1049c05)
• revert back uploads to uint8array and stream (67a17ee)
• simplify upload input to Blob (908c042)
• treat status code 202 for findPiece as a retry (6b9e03f)
• warm-storage: check metadata withCDN key in addition to cdnRailId for CDN status (#505) (db234e5)

Chores

... (truncated)

Commits

• 2524aeb chore(master): release synapse-sdk 0.37.0 (#481)
• 0902a01 chore(master): release synapse-core 0.2.0 (#482)
• 0d529e2 feat!: change params to options object and remove withIpni (#601)
• 67a17ee fix: revert back uploads to uint8array and stream
• d7b9661 fix: namespace upload types
• 9b3f73f fix: move default nonces to the sign functions
• 908c042 fix: simplify upload input to Blob
• 78cfd25 chore: skip size limit test in StorageService due to browser limitations
• ac0e76e chore: linter
• 8061afb chore: update docs and export missing types
• Additional commits viewable in compare view

Updates filecoin-pin from 0.15.1 to 0.16.0

Release notes

Sourced from filecoin-pin's releases.

v0.16.0

0.16.0 (2026-02-07)

Features

• add --data-set and --new-data-set flags to add command (#296) (e03719b)
• add provider command with info and ping subcommands (#295) (c52ebbf)

Bug Fixes

• use namespace import for Sentry SDK v8+ ESM compatibility (#319) (320a461)

Chores

• deps-dev: bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318) (97f6f1b)
• deps: bump @​clack/prompts from 0.11.0 to 1.0.0 (#315) (63b34e0)

Changelog

Sourced from filecoin-pin's changelog.

0.16.0 (2026-02-07)

Features

• add --data-set and --new-data-set flags to add command (#296) (e03719b)
• add provider command with info and ping subcommands (#295) (c52ebbf)

Bug Fixes

• use namespace import for Sentry SDK v8+ ESM compatibility (#319) (320a461)

Chores

• deps-dev: bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318) (97f6f1b)
• deps: bump @​clack/prompts from 0.11.0 to 1.0.0 (#315) (63b34e0)

Commits

• 778928e chore(master): release 0.16.0 (#317)
• f15bba4 ci: Update auto-label workflow to use pull_request_target (#323)
• 97f6f1b chore(deps-dev): bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318)
• 63b34e0 chore(deps): bump @​clack/prompts from 0.11.0 to 1.0.0 (#315)
• 320a461 fix: use namespace import for Sentry SDK v8+ ESM compatibility (#319)
• e03719b feat: add --data-set and --new-data-set flags to add command (#296)
• c52ebbf feat: add provider command with info and ping subcommands (#295)
• See full diff in compare view

Updates pg-boss from 12.11.1 to 12.11.2

Release notes

Sourced from pg-boss's releases.

12.11.2

What's Changed

• Add missing docs to main dashboard documentation by @​kibertoad in timgit/pg-boss#712
• Add JSDoc comments for queue-related types, JobPollingOptions and JobFetchOptions by @​olepbr in timgit/pg-boss#713

New Contributors

• @​olepbr made their first contribution in timgit/pg-boss#713

Full Changelog: timgit/pg-boss@12.11.1...12.11.2

Commits

• bb47b99 versioning
• 2081269 Merge pull request #713 from olepbr/comment-types
• c1b0db6 docs
• b3cd07c docs
• ebbf8f0 Add JSDoc comments to JobPollingOptions and JobFetchOptions
• d1157ab Add JSDoc comments for queue-related types
• b57312d update dashboard readme
• 8bf2d52 Merge pull request #712 from kibertoad/docs/missed-params
• 12c9d29 Improve docs
• b980109 versioning
• Additional commits viewable in compare view

Updates undici from 7.21.0 to 7.22.0

Release notes

Sourced from undici's releases.

v7.22.0

What's Changed

• docs: fix syntax highlighting in WebSocket.md by @​styfle in nodejs/undici#4814
• fix: use OR operator in includesCredentials per WHATWG URL Standard by @​jackhax in nodejs/undici#4816
• feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk by @​SuperOleg39 in nodejs/undici#4676
• fix: route WebSocket upgrades through onRequestUpgrade by @​mcollina in nodejs/undici#4787
• build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 by @​dependabot[bot] in nodejs/undici#4821
• fix(deduplicate): do not deduplicate non-safe methods by default by @​mcollina in nodejs/undici#4818
• feat: Support async cache stores in revalidation by @​marcopiraccini in nodejs/undici#4826

New Contributors

• @​jackhax made their first contribution in nodejs/undici#4816
• @​marcopiraccini made their first contribution in nodejs/undici#4826

Full Changelog: nodejs/undici@v7.21.0...v7.22.0

Commits

• 0a23610 Bumped v7.22.0 (#4829)
• f3c5c61 feat: Support async cache stores in revalidation (#4826)
• 9b78a44 fix(deduplicate): avoid deduping methods not in methods option (#4818)
• 0ce57ba build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 (#4821)
• 2453caf fix: route websocket upgrades through new handler API (#4787)
• 4658cdf feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk (#4676)
• a821c56 fix: use OR operator in includesCredentials per WHATWG URL Standard (#4816)
• b3326b5 docs: fix syntax highlighting in WebSocket.md (#4814)
• See full diff in compare view

Updates viem from 2.45.2 to 2.46.0

Release notes

Sourced from viem's releases.

viem@2.46.0

Minor Changes

• #4304 b6b50d40fb6bbadc851377b74b2dd4da584958b0 Thanks @​jxom! - Breaking (viem/tempo): Renamed nonceKey: 'random' to nonceKey: 'expiring' to align with TIP-1009 terminology.

  TIP-1009 defines "expiring nonces" as time-based replay protection using validBefore timestamps. The name 'expiring' better describes the mechanism than 'random'.

  await sendTransaction(client, {
    account,
  - nonceKey: 'random',
  + nonceKey: 'expiring',
    to: '0x...',
  })

viem@2.45.3

Patch Changes

• #4329 d12bb351c0b8c973b995583695606f9d083af1bb Thanks @​sakulstra! - Added multicall batching support for getBalance via multicall3's getEthBalance. When the client has batch.multicall enabled, getBalance calls are now batched via eth_call instead of making individual eth_getBalance RPC calls.

• #4333 71a324d6b98332f4f98e10c9de4d61287de8534a Thanks @​kiyoakii! - Added blockCreated field to MegaETH Mainnet and Testnet multicall3 contract definitions.

• #4330 aab32a4a5eb3df06cdf8eab5d6f91259d438590b Thanks @​boredland! - Added blockCreated field to zkSync multicall3 contract.

Commits

• 93981f7 chore: version package (#4338)
• 2a28a31 chore: up snap
• 5ce7aeb chore: sponsors
• 1358b1b ci: tmp disable wagmi
• b3690ab chore: audit
• b6b50d4 feat(tempo): expiring nonces (#4304)
• 803d4d9 chore: version package (#4335)
• acbd802 chore: up
• 850c0da chore: up ox
• 71a324d fix: add blockCreated to MegaETH multicall3 contracts (#4333)
• Additional commits viewable in compare view

Updates lucide-react from 0.563.0 to 0.564.0

Release notes

Sourced from lucide-react's releases.

Version 0.564.0

What's Changed

• chore(docs): Improve SEO icon detail pages by @​ericfennis in lucide-icons/lucide#4040
• feat(icons): added database-search icon by @​Spleefies in lucide-icons/lucide#4003
• fix(icons): changed user-lock icon by @​jguddas in lucide-icons/lucide#3971
• fix(icons): changed bug-off icon by @​jguddas in lucide-icons/lucide#3972
• fix(icons): changed bell-dot icon by @​jguddas in lucide-icons/lucide#3973
• fix(icons): changed bandage icon by @​jguddas in lucide-icons/lucide#3967
• fix(icons): changed hard-drive icon by @​jguddas in lucide-icons/lucide#3622
• fix(icons): changed git-branch icon by @​jguddas in lucide-icons/lucide#3938
• fix(icons): changed file-cog icon by @​jguddas in lucide-icons/lucide#3965
• fix(icons): changed cloud-alert and cloud-check icon by @​jguddas in lucide-icons/lucide#3976
• feat(icons): adds user-key and user-round-key, updates other -key icons to match by @​karsa-mistmere in lucide-icons/lucide#4044

New Contributors

• @​Spleefies made their first contribution in lucide-icons/lucide#4003

Full Changelog: lucide-icons/lucide@0.563.1...0.564.0

Hotfix @lucide/svelte hasA11yProp.js import

What's Changed

• fix(@​lucide/svelte): Fix build in by @​ericfennis in lucide-icons/lucide#4026

Full Changelog: lucide-icons/lucide@0.563.0...0.563.1

Commits

• See full diff in compare view

Updates tailwind-merge from 3.4.0 to 3.4.1

Release notes

Sourced from tailwind-merge's releases.

v3.4.1

Bug Fixes

• Prevent arbitrary font-family and font-weight from merging by @​roneymoon in dcastil/tailwind-merge#635

Full Changelog: dcastil/tailwind-merge@v3.4.0...v3.4.1

Thanks to @​brandonmcconnell, @​manavm1990, @​langy, @​roboflow, @​syntaxfm, @​getsentry, @​codecov, a private sponsor, @​block, @​openclaw, @​sourcegraph and more via @​thnxdev for sponsoring tailwind-merge! ❤️

Commits

• 02b6eb6 v3.4.1
• 6b845eb add agent info for release workflow
• 655f2f1 add changelog for v3.4.1
• e44e5eb add agent docs
• 4a38681 Merge pull request #644 from dcastil/renovate/major-vitest-monorepo
• 23ac259 migrate to vitest v4
• 927f617 chore(deps): update vitest monorepo to v4
• aea4869 Merge pull request #648 from dcastil/renovate/major-octokit-monorepo
• 78365f2 Merge pull request #646 from dcastil/renovate/actions-exec-3.x
• b08384d fix(deps): update dependency @​octokit/types to v16
• Additional commits viewable in compare view

Updates jsdom from 28.0.0 to 28.1.0

Release notes

Sourced from jsdom's releases.

Version 28.1.0

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
• Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
• Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

Changelog

Sourced from jsdom's changelog.

28.1.0

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
• Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
• Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

Commits

• 12949b5 Version 28.1.0
• ce4c58f Apply CSS specificity when computing styles
• 7ed55a0 Skip single-byte-decoder encoding tests on Node 20
• f3b1973 Generalize node version conditions in test expectations
• 853c596 Rewrite getElementById ID caching for tree-order correctness
• 5fbfde6 Fix potential sync XHR worker hang from unhandled dispatch errors
• 82df38f Cache the root node for document-connected trees
• ed7c5c0 Add documentation comment to create-event-accessor.js
• b4562e9 Simplify Window.js installEventHandlers
• 7da340f Centralize "determine the target of an event handler"
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.3.14 to 2.4.0

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.0

2.4.0

Minor Changes

• #8964 0353fa0 Thanks @​dyc3! - Added ignore option to the useHookAtTopLevel rule.

  You can now specify function names that should not be treated as hooks, even if they follow the use* naming convention.

  Example configuration:

  {
    "linter": {
      "rules": {
        "correctness": {
          "useHookAtTopLevel": {
            "options": {
              "ignore": ["useDebounce", "useCustomUtility"]
            }
          }
        }
      }
    }
  }

• #8769 d0358b0 Thanks @​rahuld109! - Added the rule useAnchorContent for HTML to enforce that anchor elements have accessible content for screen readers. The rule flags empty anchors, anchors with only whitespace, and anchors where all content is hidden with aria-hidden. Anchors with aria-label or title attributes providing a non-empty accessible name are considered valid.

• #8742 6340ce6 Thanks @​rahuld109! - Added the rule useMediaCaption to the HTML language. Enforces that audio and video elements have a track element with kind="captions" for accessibility. Muted videos are allowed without captions.

• #8621 d11130b Thanks @​Netail! - Added support for multiple reporters, and the ability to save reporters on arbitrary files.

  Combine two reporters in CI

  If you run Biome on GitHub, take advantage of the reporter and still see the errors in console, you can now use both reporters:

  biome ci --reporter=default --reporter=github

  Save reporter output to a file

  With the new --reporter-file CLI option, it's now possible to save the output of all reporters to a file. The file is a path, so you can pass a relative or an absolute path:

  biome ci --reporter=rdjson --reporter-file=/etc/tmp/report.json
  biome ci --reporter=summary --reporter-file=./reports/file.txt

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.0

Minor Changes

• #8964 0353fa0 Thanks @​dyc3! - Added ignore option to the useHookAtTopLevel rule.

  You can now specify function names that should not be treated as hooks, even if they follow the use* naming convention.

  Example configuration:

  {
    "linter": {
      "rules": {
        "correctness": {
          "useHookAtTopLevel": {
            "options": {
              "ignore": ["useDebounce", "useCustomUtility"]
            }
          }
        }
      }
    }
  }

• #8769 d0358b0 Thanks @​rahuld109! - Added the rule useAnchorContent for HTML to enforce that anchor elements have accessible content for screen readers. The rule flags empty anchors, anchors with only whitespace, and anchors where all content is hidden with aria-hidden. Anchors with aria-label or title attributes providing a non-empty accessible name are considered valid.

• #8742 6340ce6 Thanks @​rahuld109! - Added the rule useMediaCaption to the HTML language. Enforces that audio and video elements have a track element with kind="captions" for accessibility. Muted videos are allowed without captions.

• #8621 d11130b Thanks @​Netail! - Added support for multiple reporters, and the ability to save reporters on arbitrary files.

  Combine two reporters in CI

  If you run Biome on GitHub, take advantage of the reporter and still see the errors in console, you can now use both reporters:

  biome ci --reporter=default --reporter=github

  Save reporter output to a file

  With the new --reporter-file CLI option, it's now possible to save the output of all reporters to a file. The file is a path, so you can pass a relative or an absolute path:

  biome ci --reporter=rdjson --reporter-file=/etc/tmp/report.json
  biome ci --reporter=summary --reporter-file=./reports/file.txt

... (truncated)

Commits

• bf6e5f9 ci: release (#9045)
• e014336 feat: promote rules for v2.4 (#9011)
• 7e33fd5 Merge remote-tracking branch 'origin/main' into next
• df21006 ci: release (#8973)
• 6ebf6c6 feat(lint): add nursery rule noUselessReturn (#9029)
• 043b67c feat(lint/js): add noNestedPromises (#9019)
• 26d8367 docs: correct default value for useEditorconfig schema setting (#9025)
• dc1f94e feat(assist): add noDuplicateClasses assist action (#8623)
• 0353fa0 feat(useHookAtTopLevel): add ignore option (#8964)
• c409d2a Merge branch 'main' into next
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions