chore(deps): bump the npm-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the npm-dependencies group with 5 updates in the / directory:

Package	From	To
next	16.1.0	16.1.1
@biomejs/biome	2.3.10	2.3.11
baseline-browser-mapping	2.9.10	2.9.11
jsdom	27.3.0	27.4.0
lefthook	2.0.12	2.0.13

Updates next from 16.1.0 to 16.1.1

Release notes

Sourced from next's releases.

v16.1.1

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Turbopack: Create junction points instead of symlinks on Windows (#87606)

Credits

Huge thanks to @​sokra and @​ztanner for helping!

v16.1.1-canary.11

Misc Changes

• fix: normalize CRLF line endings in jscodeshift tests on Windows: #88008

Credits

Huge thanks to @​feedthejim for helping!

v16.1.1-canary.10

Misc Changes

• chore(turbo-tasks-malloc): replace mimalloc-rspack to mimalloc: #87815

Credits

Huge thanks to @​xusd320 for helping!

v16.1.1-canary.9

Core Changes

• misc: fix type check log for CI envs: #87838

Misc Changes

• Update Rspack production test manifest: #87889
• Update Rspack development test manifest: #87888

Credits

Huge thanks to @​feedthejim and @​vercel-release-bot for helping!

v16.1.1-canary.8

Core Changes

• [strict-route-types] Add experimental.strictRouteTypes config: #87378

Credits

... (truncated)

Commits

• 3aa5398 v16.1.1
• d1bd5b5 Turbopack: Create junction points instead of symlinks on Windows (#87606)
• a67ee72 setup release branch
• See full diff in compare view

Updates @biomejs/biome from 2.3.10 to 2.3.11

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.11

2.3.11

Patch Changes

• #8583 83be210 Thanks @​dyc3! - Added the new nursery rule useVueValidTemplateRoot.

  This rule validates only root-level \<template> elements in Vue single-file components. If the \<template> has a src attribute, it must be empty. Otherwise, it must contain content.

  Invalid examples:

  \<template src="./foo.html">content</template>

  \<template></template>

  Valid examples:

  \<template>content</template>

  \<template src="./foo.html"></template>

• #8586 df8fe06 Thanks @​dyc3! - Added a new nursery rule useVueConsistentVBindStyle. Enforces consistent v-bind style (:prop shorthand vs v-bind:prop longhand). Default prefers shorthand; configurable via rule options.

• #8587 9a8c98d Thanks @​dyc3! - Added the rule useVueVForKey, which enforces that any element using v-for also specifies a key.

  Invalid

  <li v-for="item in items">{{ item }}</li>

  Valid

  <li v-for="item in items" :key="item.id">{{ item }}</li>

• #8586 df8fe06 Thanks @​dyc3! - Added a new nursery rule useVueConsistentVOnStyle. Enforces consistent v-on style (@event shorthand vs v-on:event longhand). Default prefers shorthand; configurable via rule options.

• #8583 83be210 Thanks @​dyc3! - Added the new nursery rule useVueValidVOnce. Enforces that usages of the v-once directive in Vue.js SFC are valid.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.11

Patch Changes

• #8583 83be210 Thanks @​dyc3! - Added the new nursery rule useVueValidTemplateRoot.

  This rule validates only root-level \<template> elements in Vue single-file components. If the \<template> has a src attribute, it must be empty. Otherwise, it must contain content.

  Invalid examples:

  \<template src="./foo.html">content</template>

  \<template></template>

  Valid examples:

  \<template>content</template>

  \<template src="./foo.html"></template>

• #8586 df8fe06 Thanks @​dyc3! - Added a new nursery rule useVueConsistentVBindStyle. Enforces consistent v-bind style (:prop shorthand vs v-bind:prop longhand). Default prefers shorthand; configurable via rule options.

• #8587 9a8c98d Thanks @​dyc3! - Added the rule useVueVForKey, which enforces that any element using v-for also specifies a key.

  Invalid

  <li v-for="item in items">{{ item }}</li>

  Valid

  <li v-for="item in items" :key="item.id">{{ item }}</li>

• #8586 df8fe06 Thanks @​dyc3! - Added a new nursery rule useVueConsistentVOnStyle. Enforces consistent v-on style (@event shorthand vs v-on:event longhand). Default prefers shorthand; configurable via rule options.

• #8583 83be210 Thanks @​dyc3! - Added the new nursery rule useVueValidVOnce. Enforces that usages of the v-once directive in Vue.js SFC are valid.

  <!-- Valid -->

... (truncated)

Commits

• 1550e73 ci: release (#8507)
• a3a27a7 feat(analyze/html/vue): add useVueVapor rule (#8644)
• 9a8c98d feat(analyze/html/vue): add useVueVForKey (#8587)
• ab9af9a feat: no-jsx-props-bind (#7410)
• df8fe06 feat(analyze/html/vue): add v-bind/v-on style rules (#8586)
• 83be210 feat(analyze/html/vue): add a few more simple vue lint rules (#8583)
• a3a1ad2 feat(biome_js_analyze): port noBeforeInteractiveScriptOutsideDocument from ...
• 9dd9ca7 feat(graphql_analyze): implement useUniqueArgumentNames (#8591)
• 5e85d43 feat(graphql_analyze): implement useUniqueFieldDefinitionNames (#8598)
• a5f59cd feat(graphql_analyze): implement useUniqueInputFieldNames (#8592)
• Additional commits viewable in compare view

Updates baseline-browser-mapping from 2.9.10 to 2.9.11

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

• Remove process.loadEnfFile() from main script by @​tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

• 51d4700 Patch to 2.9.11 because browser or feature data changed
• 168883e Browser or feature data changed
• 429dc08 Updating static site
• See full diff in compare view

Updates jsdom from 27.3.0 to 27.4.0

Release notes

Sourced from jsdom's releases.

Version 27.4.0

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

Changelog

Sourced from jsdom's changelog.

27.4.0

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

Commits

• 098d16d Version 27.4.0
• 1cd029e Improve asciiLowercase/asciiUppercase performance
• 83fcb62 Implement TextEncoder and TextDecoder; improve XML decoding
• ddad97d Switch from iconv-lite to exodus/bytes for decoding
• 25cb2a1 Use weak references for ranges
• ed4f5ed Add currently-failing CSS regression tests
• See full diff in compare view

Updates lefthook from 2.0.12 to 2.0.13

Release notes

Sourced from lefthook's releases.

v2.0.13

Changelog

• 009da6884b03e65c7d920ff0fd8ea53a49de6929 chore: add more tests (#1244)
• ab93c17f526d064a169fca6cc6df42807b8737b4 docs(output): remove duplicate config: false description (#1245)
• 862908827582ffe87483692b963c5ad8fec3ef71 fix: allow custom hooks in JSON schema by updating generator (#1250)
• aeb326c728cf1b86e5ea60b2138f498954792590 fix: set extends to empty slice after loading remotes (#1259)

Changelog

Sourced from lefthook's changelog.

2.0.13 (2025-12-26)

• fix: set extends to empty slice after loading remotes (#1259) by @​mrexox
• fix: allow custom hooks in JSON schema by updating generator (#1250) by @​jeonghoon11
• docs: remove duplicate config: false description (#1245) by @​scop
• chore: add more tests (#1244) by @​mrexox

Commits

• af9f514 2.0.13: allow non-git hooks in jsonscheme
• aeb326c fix: set extends to empty slice after loading remotes (#1259)
• 8629088 fix: allow custom hooks in JSON schema by updating generator (#1250)
• ab93c17 docs(output): remove duplicate config: false description (#1245)
• 009da68 chore: add more tests (#1244)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
nextjs-base	Ready	Preview, Comment	Jan 4, 2026 1:09pm

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[michellepace]

Closing - these updates were applied manually in an upcoming commit. Thanks Dependabot!

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml