chore(deps): bump the dependencies group across 1 directory with 17 updates

[dependabot]

Bumps the dependencies group with 17 updates in the / directory:

Package	From	To
@mariozechner/pi-ai	0.57.1	0.62.0
file-type	21.3.1	21.3.4
@fal-ai/client	1.9.4	1.9.5
@types/node	25.4.0	25.5.0
@vitest/coverage-v8	4.0.18	4.1.1
esbuild	0.27.3	0.27.4
oxfmt	0.39.0	0.42.0
oxlint	1.54.0	1.57.0
oxlint-tsgolint	0.16.0	0.17.3
typescript	5.9.3	6.0.2
vitest	4.0.18	4.1.1
jsdom	28.1.0	29.0.1
sanitize-html	2.17.1	2.17.2
@zag-js/checkbox	1.36.0	1.38.0
@zag-js/select	1.36.0	1.38.0
@types/chrome	0.1.37	0.1.38
wxt	0.20.18	0.20.20

Updates @mariozechner/pi-ai from 0.57.1 to 0.62.0

Release notes

Sourced from @​mariozechner/pi-ai's releases.

v0.62.0

New Features

• Built-in tools as extensible ToolDefinitions. Extension authors can now override rendering of built-in read/write/edit/bash/grep/find/ls tools with custom renderCall/renderResult components. See https://github.com/badlogic/pi-mono/tree/HEAD/packages/ai/blob/HEAD/docs/extensions.md.
• Unified source provenance via sourceInfo. All resources, commands, tools, skills, and prompt templates now carry structured sourceInfo with path, scope, and source metadata. Visible in autocomplete, RPC discovery, and SDK introspection. See https://github.com/badlogic/pi-mono/tree/HEAD/packages/ai/blob/HEAD/docs/extensions.md.
• AWS Bedrock cost allocation tagging. New requestMetadata option on BedrockOptions forwards key-value pairs to the Bedrock Converse API for AWS Cost Explorer split cost allocation.

Breaking Changes

• Changed ToolDefinition.renderCall and renderResult semantics. Fallback rendering now happens only when a renderer is not defined for that slot. If renderCall or renderResult is defined, it must return a Component.
• Changed slash command provenance to use sourceInfo consistently. RPC get_commands, RpcSlashCommand, and SDK SlashCommandInfo no longer expose location or path. Use sourceInfo instead (#1734)
• Removed legacy source fields from Skill and PromptTemplate. Use sourceInfo.source for provenance instead (#1734)
• Removed ResourceLoader.getPathMetadata(). Resource provenance is now attached directly to loaded resources via sourceInfo (#1734)
• Removed extensionPath from RegisteredCommand and RegisteredTool. Use sourceInfo.path for provenance instead (#1734)

Migration Notes

Resource, command, and tool provenance now use sourceInfo consistently.

Common updates:

• RPC get_commands: replace path and location with sourceInfo.path, sourceInfo.scope, and sourceInfo.source
• SlashCommandInfo: replace command.path and command.location with command.sourceInfo
• Skill and PromptTemplate: replace .source with .sourceInfo.source
• RegisteredCommand and RegisteredTool: replace .extensionPath with .sourceInfo.path
• Custom ResourceLoader implementations: remove getPathMetadata() and read provenance from loaded resources directly

Examples:

• command.path -> command.sourceInfo.path
• command.location === "user" -> command.sourceInfo.scope === "user"
• skill.source -> skill.sourceInfo.source
• tool.extensionPath -> tool.sourceInfo.path

Changed

• Built-in tools now work like custom tools in extensions. To get built-in tool definitions, import readToolDefinition / createReadToolDefinition() and the equivalent bash, edit, write, grep, find, and ls exports from @mariozechner/pi-coding-agent.
• Cleaned up buildSystemPrompt() so built-in tool snippets and tool-local guidelines come from built-in ToolDefinition metadata, while cross-tool and global prompt rules stay in system prompt construction.
• Added structured sourceInfo to pi.getAllTools() results for built-in, SDK, and extension tools (#1734)

Fixed

• Fixed extension command name conflicts so extensions with duplicate command names can load together. Conflicting extension commands now get numeric invocation suffixes in load order, for example /review:1 and /review:2 (#1061)
• Fixed slash command source attribution for extension commands, prompt templates, and skills in autocomplete and command discovery (#1734)
• Fixed auto-resized image handling to enforce the inline image size limit on the final base64 payload, return text-only fallbacks when resizing cannot produce a safe image, and avoid falling back to the original image in read and @file auto-resize paths (#2055)
• Fixed pi update for git packages to skip destructive reset, clean, and reinstall steps when the fetched target already matches the local checkout (#2503)
• Fixed print and JSON mode to take over stdout during non-interactive startup, keeping package-manager and other incidental chatter off protocol/output stdout (#2482)
• Fixed cli-highlight auto-detection for languageless code blocks that misidentified prose as programming languages and colored random English words as keywords
• Fixed Anthropic thinking disable handling to send thinking: { type: "disabled" } for reasoning-capable models when thinking is explicitly off (#2022)
• Fixed explicit thinking disable handling across Google, Google Vertex, Gemini CLI, OpenAI Responses, Azure OpenAI Responses, and OpenRouter-backed OpenAI-compatible completions (#2490)
• Fixed OpenAI Responses replay for foreign tool-call item IDs by hashing foreign IDs into bounded fc_<hash> IDs

... (truncated)

Changelog

Sourced from @​mariozechner/pi-ai's changelog.

[0.62.0] - 2026-03-23

Added

• Added requestMetadata option to BedrockOptions for AWS cost allocation tagging; key-value pairs are forwarded to the Bedrock Converse API requestMetadata field and appear in AWS Cost Explorer split cost allocation data (#2511 by @​wjonaskr)
• Exported BedrockOptions type from the package root entry point, consistent with other provider option types.

Fixed

• Fixed OpenAI Responses replay for foreign tool-call item IDs by hashing foreign function_call.id values into bounded fc_<hash> IDs instead of preserving backend-specific normalized shapes that OpenAI Codex rejects.
• Fixed Anthropic thinking disable handling to send thinking: { type: "disabled" } for reasoning-capable models when thinking is explicitly off, and added payload and env-gated end-to-end coverage for the Anthropic provider (#2022)
• Fixed explicit thinking disable handling across Google, Google Vertex, Gemini CLI, OpenAI Responses, Azure OpenAI Responses, and OpenRouter-backed OpenAI-compatible completions. Gemini 3 models now fall back to the lowest supported thinking level when full disable is not supported, and OpenAI/OpenRouter reasoning models now send explicit none effort instead of relying on provider defaults (#2490)
• Fixed OpenAI-compatible completions streams to ignore null chunks instead of crashing (#2466 by @​Cheng-Zi-Qing)

[0.61.1] - 2026-03-20

Changed

• Changed MiniMax model metadata to add missing MiniMax-M2.1-highspeed entries for the minimax and minimax-cn providers and normalize MiniMax Anthropic-compatible context limits to the provider's supported model set (#2445 by @​1500256797)

[0.61.0] - 2026-03-20

Added

• Added gpt-5.4-mini model support for the openai-codex provider with Codex pricing metadata and unit coverage (#2334 by @​justram)

Fixed

• Fixed validateToolArguments() to fall back gracefully when AJV schema compilation is blocked in restricted runtimes such as Cloudflare Workers, allowing tool execution to proceed without schema validation (#2395)
• Fixed google-vertex API key resolution to ignore placeholder auth markers like <authenticated> and fall back to ADC instead of sending them as literal API keys (#2335)
• Fixed OpenRouter reasoning requests to use the provider's nested reasoning.effort payload instead of OpenAI's reasoning_effort, restoring thinking level support for OpenRouter models (#2298 by @​PriNova)
• Fixed Bedrock prompt caching for application inference profiles by allowing cache points to be forced with AWS_BEDROCK_FORCE_CACHE=1 when the profile ARN does not expose the underlying Claude model name (#2346 by @​haoqixu)

[0.60.0] - 2026-03-18

Fixed

• Fixed Gemini 3 and Antigravity image tool results to stay inline as multimodal tool responses instead of being rerouted through separate follow-up messages (#2052)
• Fixed Bedrock Claude 4.6 model metadata to use the correct 200K context window instead of 1M (#2305)
• Fixed lazy built-in provider registration so compiled Bun binaries can still load providers on first use without eagerly bundling provider SDKs (#2314)
• Fixed built-in OAuth callback flows to share aligned callback handling across Anthropic, Gemini CLI, Antigravity, and OpenAI Codex, and fixed OpenAI Codex login to resolve immediately after callback completion (#2316)
• Fixed OpenAI-compatible z.ai network_error responses to surface as errors so callers can retry them instead of treating them as successful assistant messages (#2313)
• Fixed OpenAI Responses replay to normalize oversized resumed tool call IDs before sending them back to Codex and other Responses-compatible targets (#2328)

[0.59.0] - 2026-03-17

Added

• Added client injection support to AnthropicOptions, allowing callers to provide a pre-built Anthropic-compatible client instead of constructing one internally.

... (truncated)

Commits

• 29681bd Release v0.62.0
• abac5d6 docs: complete changelog entries for unreleased changes
• d1613e3 fix(ai): handle explicit thinking off across providers closes #2490
• 6129971 fix(ai): explicitly disable Anthropic thinking when off closes #2022
• 3bcbae4 feat(ai): add requestMetadata support to BedrockOptions for cost allocation t...
• b21b42d fix(ai): hash foreign responses tool item ids
• 78833df chore(ai): format openai completions test
• 60358dc Merge remote-tracking branch 'origin/main'
• a84fd4e Add [Unreleased] section for next cycle
• b63a4ab Release v0.61.1
• Additional commits viewable in compare view

Updates file-type from 21.3.1 to 21.3.4

Release notes

Sourced from file-type's releases.

v21.3.4

• Harden parser more aec20a0

---

sindresorhus/file-type@v21.3.3...v21.3.4

v21.3.3

• Harden parser c48c90b 135f91b

---

sindresorhus/file-type@v21.3.2...v21.3.3

v21.3.2

• Fix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v) a155cd7
• Fix bound recursive BOM and ID3 detection 370ed91

---

sindresorhus/file-type@v21.3.1...v21.3.2

Commits

• fbe8b77 21.3.4
• aec20a0 Harden parser more
• 3afcca5 21.3.3
• c48c90b Harden parser more
• 135f91b Harden parser more
• e18028c 21.3.2
• a155cd7 Fix ZIP bomb in known-size ZIP probing
• 6954817 Harden parser more
• 370ed91 Fix bound recursive BOM and ID3 detection
• d2ecea1 Add a few more safeguards
• Additional commits viewable in compare view

Updates @fal-ai/client from 1.9.4 to 1.9.5

Commits

• f6c67ea chore(realtime): remove dead states and fix stale interpreter reference
• 481ac83 chore(realtime): remove dead states and fix stale
• 5a97ffa fix(realtime): refresh tokens in background and clear on disconnect (#201)
• See full diff in compare view

Updates @types/node from 25.4.0 to 25.5.0

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.0.18 to 4.1.1

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.1

   🚀 Features

• experimental:
  • Expose matchesTags to test if the current filter matches tags  -  by @​sheremet-va in vitest-dev/vitest#9913 (eec53)
  • Introduce experimental.vcsProvider  -  by @​sheremet-va in vitest-dev/vitest#9928 (56115)

   🐞 Bug Fixes

• Mark TestProject.testFilesList internal properly  -  by @​sapphi-red in vitest-dev/vitest#9867 (54f26)
• Detect fixture that returns without calling use  -  by @​oilater in vitest-dev/vitest#9831 and vitest-dev/vitest#9861 (633ae)
• Drop vite 8.beta support  -  by @​AriPerkkio in vitest-dev/vitest#9862 (b78f5)
• Type regression in vi.mocked() static class methods  -  by @​purepear and @​hi-ogawa in vitest-dev/vitest#9857 (90926)
• Properly re-evaluate actual modules of mocked external  -  by @​hi-ogawa in vitest-dev/vitest#9898 (ae5ec)
• Preserve coverage report when html reporter overlaps  -  by @​hi-ogawa in vitest-dev/vitest#9889 (2d81a)
• Provide vi.advanceTimers to the preview provider  -  by @​sheremet-va in vitest-dev/vitest#9891 (1bc3e)
• Don't leak event listener in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#9910 (d9355)
• Open browser in --standalone mode without running tests  -  by @​sheremet-va in vitest-dev/vitest#9911 (e78ad)
• Guard disposable and optional body  -  by @​sheremet-va in vitest-dev/vitest#9912 (6fdb2)
• Resolve retry.condition RegExp serialization issue  -  by @​nstepien and @​hi-ogawa in vitest-dev/vitest#9942 (7b605)
• collect:
  • Don't treat extra props on test return as tests  -  by @​sheremet-va in vitest-dev/vitest#9871 (141e7)
• coverage:
  • Simplify provider types  -  by @​AriPerkkio in vitest-dev/vitest#9931 (aaf9f)
  • Load built-in provider without module runner  -  by @​AriPerkkio in vitest-dev/vitest#9939 (bf892)
• expect:
  • Soft assertions continue after .resolves/.rejects promise errors  -  by @​mixelburg, Maks Pikov, Claude Opus 4.6 (1M context) and @​hi-ogawa in vitest-dev/vitest#9843 (6d74b)
  • Fix sinon-chai style API  -  by @​hi-ogawa in vitest-dev/vitest#9943 (0f08d)
• pretty-format:
  • Limit output for large object  -  by @​hi-ogawa and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9949 (0d5f9)

    View changes on GitHub

v4.1.0

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1 beta. To get a review of all the new features, read our blog post.

   🚀 Features

• Return a disposable from doMock()  -  by @​kirkwaiblinger in vitest-dev/vitest#9332 (e3e65)
• Added chai style assertions  -  by @​ronnakamoto and @​sheremet-va in vitest-dev/vitest#8842 (841df)
• Update to sinon/fake-timers v15 and add setTickMode to timer controls  -  by @​atscott and @​sheremet-va in vitest-dev/vitest#8726 (4b480)
• Expose matcher types  -  by @​sheremet-va in vitest-dev/vitest#9448 (3e4b9)
• Add toTestSpecification to reported tasks  -  by @​sheremet-va in vitest-dev/vitest#9464 (1a470)
• Show a warning if vi.mock or vi.hoisted are declared outside of top level of the module  -  by @​sheremet-va in vitest-dev/vitest#9387 (5db54)
• Track and display expectedly failed tests (.fails) in UI and CLI  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#9476 (77d75)
• Support tags  -  by @​sheremet-va in vitest-dev/vitest#9478 (de7c8)
• Implement aroundEach and aroundAll hooks  -  by @​sheremet-va in vitest-dev/vitest#9450 (2a8cb)
• Stabilize experimental features  -  by @​sheremet-va in vitest-dev/vitest#9529 (b5fd2)

... (truncated)

Commits

• 1f2d318 chore: release v4.1.1
• aaf9f18 fix(coverage): simplify provider types (#9931)
• 4150b91 chore: release v4.1.0
• 0c2c013 chore: release v4.1.0-beta.6
• 689a22a fix(browser): types of getCDPSession and cdp() (#9716)
• 94eb73b chore(deps): update eslint packages (#9615)
• 8c96bb0 refator: update links to npmx (#9783)
• aaf7758 chore: standardize packages README (#9776)
• 57cbe39 chore(deps): update ast-v8-to-istanbul to v1 (#9755)
• 79672d7 chore: release v4.1.0-beta.5
• Additional commits viewable in compare view

Updates esbuild from 0.27.3 to 0.27.4

Release notes

Sourced from esbuild's releases.

v0.27.4

• Fix a regression with CSS media queries (#4395, #4405, #4406)

  Version 0.25.11 of esbuild introduced support for parsing media queries. This unintentionally introduced a regression with printing media queries that use the <media-type> and <media-condition-without-or> grammar. Specifically, esbuild was failing to wrap an or clause with parentheses when inside <media-condition-without-or>. This release fixes the regression.

  Here is an example:

  /* Original code */
  @media only screen and ((min-width: 10px) or (min-height: 10px)) {
    a { color: red }
  }
  /* Old output (incorrect) */
  @​media only screen and (min-width: 10px) or (min-height: 10px) {
  a {
  color: red;
  }
  }
  /* New output (correct) */
  @​media only screen and ((min-width: 10px) or (min-height: 10px)) {
  a {
  color: red;
  }
  }

• Fix an edge case with the inject feature (#4407)

  This release fixes an edge case where esbuild's inject feature could not be used with arbitrary module namespace names exported using an export {} from statement with bundling disabled and a target environment where arbitrary module namespace names is unsupported.

  With the fix, the following inject file:

  import jquery from 'jquery';
  export { jquery as 'window.jQuery' };

  Can now always be rewritten as this without esbuild sometimes incorrectly generating an error:

  export { default as 'window.jQuery' } from 'jquery';

• Attempt to improve API handling of huge metafiles (#4329, #4415)

  This release contains a few changes that attempt to improve the behavior of esbuild's JavaScript API with huge metafiles (esbuild's name for the build metadata, formatted as a JSON object). The JavaScript API is designed to return the metafile JSON as a JavaScript object in memory, which makes it easy to access from within a JavaScript-based plugin. Multiple people have encountered issues where this API breaks down with a pathologically-large metafile.

  The primary issue is that V8 has an implementation-specific maximum string length, so using the JSON.parse API with large enough strings is impossible. This release will now attempt to use a fallback JavaScript-based JSON parser that operates directly on the UTF8-encoded JSON bytes instead of using JSON.parse when the JSON metafile is too big to fit in a JavaScript string. The new fallback path has not yet been heavily-tested. The metafile will also now be generated with whitespace removed if the bundle is significantly large, which will reduce the size of the metafile JSON slightly.

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.4

• Fix a regression with CSS media queries (#4395, #4405, #4406)

  Version 0.25.11 of esbuild introduced support for parsing media queries. This unintentionally introduced a regression with printing media queries that use the <media-type> and <media-condition-without-or> grammar. Specifically, esbuild was failing to wrap an or clause with parentheses when inside <media-condition-without-or>. This release fixes the regression.

  Here is an example:

  /* Original code */
  @media only screen and ((min-width: 10px) or (min-height: 10px)) {
    a { color: red }
  }
  /* Old output (incorrect) */
  @​media only screen and (min-width: 10px) or (min-height: 10px) {
  a {
  color: red;
  }
  }
  /* New output (correct) */
  @​media only screen and ((min-width: 10px) or (min-height: 10px)) {
  a {
  color: red;
  }
  }

• Fix an edge case with the inject feature (#4407)

  This release fixes an edge case where esbuild's inject feature could not be used with arbitrary module namespace names exported using an export {} from statement with bundling disabled and a target environment where arbitrary module namespace names is unsupported.

  With the fix, the following inject file:

  import jquery from 'jquery';
  export { jquery as 'window.jQuery' };

  Can now always be rewritten as this without esbuild sometimes incorrectly generating an error:

  export { default as 'window.jQuery' } from 'jquery';

• Attempt to improve API handling of huge metafiles (#4329, #4415)

  This release contains a few changes that attempt to improve the behavior of esbuild's JavaScript API with huge metafiles (esbuild's name for the build metadata, formatted as a JSON object). The JavaScript API is designed to return the metafile JSON as a JavaScript object in memory, which makes it easy to access from within a JavaScript-based plugin. Multiple people have encountered issues where this API breaks down with a pathologically-large metafile.

... (truncated)

Commits

• f9c9012 publish 0.27.4 to npm
• 207dbc7 js api: fall back to js-based metafile json parser
• 1ca56dc fix #4329: auto-minify metafile for large bundles
• e3823aa fix #4415: add uint cast to stdio int parser
• d50e88c chore: correct copy&paste panic message (#4399)
• 8b829b1 fix #4407: incorrect error for inject edge case
• 4384bad fix #4395 close #4405 close #4406: parens for or
• See full diff in compare view

Updates oxfmt from 0.39.0 to 0.42.0

Changelog

Sourced from oxfmt's changelog.

[0.42.0] - 2026-03-24

🚀 Features

• 416865a formatter,oxfmt: Add doc comments for JsdocConfig (#20644) (leaysgur)
• 4fec907 formatter: Add JSDoc comment formatting support (#19828) (Dunqing)

[0.40.0] - 2026-03-12

🐛 Bug Fixes

• bc20217 oxlint,oxfmt: Omit useless | null for Option<T> field from schema (#20273) (leaysgur)

[0.36.0] - 2026-03-02

🐛 Bug Fixes

• 04e6223 npm: Add preferUnplugged for Yarn PnP compatibility (#19829) (Boshen)

📚 Documentation

• 2fa936f README.md: Map npm package links to npmx.dev (#19666) (Boshen)

[0.35.0] - 2026-02-23

🚀 Features

• 984dc07 oxfmt: Strip "experimental"SortXxx prefix (#19567) (leaysgur)

[0.34.0] - 2026-02-19

🐛 Bug Fixes

• 6c61b70 oxfmt: Fix outdated sortImports.groups doc comments (#19513) (leaysgur)

[0.33.0] - 2026-02-16

💥 BREAKING CHANGES

• 9c34f72 formatter/sort_imports: [BREAKING] Report invalid group name with renaming side-effect > side_effect (#19416) (leaysgur)

🚀 Features

• 4baebef formatter/sort_imports: Support { newlinesBetween: bool } inside groups (#19358) (leaysgur)
• d1c2fb6 formatter/sort_imports: Support customGroups attributes(selector and modifiers) (#19356) (leaysgur)

[0.30.0] - 2026-02-10

🐛 Bug Fixes

... (truncated)

Commits

• 8b0f61d release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20680)
• b33fbde Revert "release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20680)"
• 027ce4a release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20680)
• 180dd0f Revert "release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20649)"
• a8f45a8 release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20649)
• 416865a feat(formatter,oxfmt): Add doc comments for JsdocConfig (#20644)
• 4fec907 feat(formatter): add JSDoc comment formatting support (#19828)
• 5446ebd release(apps): oxlint v1.56.0 && oxfmt v0.41.0 (#20423)
• 6a26b93 release(apps): oxlint v1.55.0 && oxfmt v0.40.0 (#20293)
• bc20217 fix(oxlint,oxfmt): Omit useless | null for Option\<T> field from schema (#...
• See full diff in compare view

Updates oxlint from 1.54.0 to 1.57.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

• 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
• 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
• bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
• 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
• 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
• 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
• ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

• 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
• 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
• 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
• 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
• a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
• ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
• 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
• ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
• e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
• 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
• 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
• fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
• ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
• dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
• 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
• cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

• 25d577e language_server: Start tools in parallel (#15500) (Sysix)
• 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
• 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
• 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
• 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
• 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

• 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
• 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
• a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
• 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
• 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
• 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

Changelog

All notable changes to this package will be documented in this file.

The format is based on Keep a Changelog.

[1.55.0] - 2026-03-12

🐛 Bug Fixes

• bc20217 oxlint,oxfmt: Omit useless | null for Option<T> field from schema (#20273) (leaysgur)

📚 Documentation

• f339f10 linter/plugins: Promote JS plugins to alpha status (#20281) (overlookmotel)

Commits

• 8b0f61d release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20680)
• b33fbde Revert "release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20680)"
• 027ce4a release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20680)
• 180dd0f Revert "release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20649)"
• a8f45a8 release(apps): oxlint v1.57.0 && oxfmt v0.42.0 (#20649)
• 5446ebd release(apps): oxlint v1.56.0 && oxfmt v0.41.0 (#20423)
• 6a26b93 release(apps): oxlint v1.55.0 && oxfmt v0.40.0 (#20293)
• f339f10 docs(linter/plugins): promote JS plugins to alpha status (#20281)
• bc20217 fix(oxlint,oxfmt): Omit useless | null for Option\<T> field from schema (#...
• See full diff in compare view

Updates oxlint-tsgolint from 0.16.0 to 0.17.3

Release notes

Sourced from oxlint-tsgolint's releases.

v0.17.3

What's Changed

• fix(no-unnecessary-type-assertion): avoid inferring generic defaults from assertions by @​camc314 in oxc-project/tsgolint#826

Full Changelog: oxc-project/tsgolint@v0.17.2...v0.17.3

v0.17.2

What's Changed

• chore: update typescript-go to latest upstream by @​camc314 in oxc-project/tsgolint#814
• refactor(no-unnecessary-condition): more closely align rule implementation with upstream by @​camc314 in oxc-project/tsgolint#809
• chore(deps): update dependency dprint-json to v0.21.3 by @​renovate[bot] in oxc-project/tsgolint#819
• chore(deps): update github-actions by @​renovate[bot] in oxc-project/tsgolint#820
• chore(deps): update npm packages by @​renovate[bot] in oxc-project/tsgolint#821
• fix(no-unnecessary-type-assertion): avoid contextual generic inference for call expressions by @​camc314 in oxc-project/tsgolint#824
• refactor(no-unnecessary-condition): remove unused isLiteralValue by @​camc314 in oxc-project/tsgolint#825

Full Changelog: oxc-project/tsgolint@v0.17.1...v0.17.2

v0.17.1

What's Changed

• chore(deps): update github-actions by @​renovate[bot] in oxc-project/tsgolint#793
• chore(deps): update gomod by @​renovate[bot] in oxc-project/tsgolint#794
• chore(deps): update npm packages by @​renovate[bot] in oxc-project/tsgolint#795
• chore(deps): update softprops/action-gh-release action to v2.6.0 by @​renovate[bot] in oxc-project/tsgolint#798
• fix prefer-optional-chain parenthesized call panic by @​camc314 in oxc-project/tsgolint#800
• fix(no-base-to-string): check base types for ignoredTypeNames by @​younggglcy in oxc-project/tsgolint#796
• refactor: move matchesTypeOrBaseType function to utils package by @​camc314 in oxc-project/tsgolint#803
• fix(restrict-template-expressions): allow inherited types in allow list by @​camc314 in oxc-project/tsgolint#804
• fix(prefer-optional-chain): avoid false positives for instanceof and redundant nullish checks by @​wagenet in