build(deps-dev): bump the npm-development group across 1 directory with 4 updates

[dependabot]

Bumps the npm-development group with 4 updates in the / directory: @biomejs/biome, js-yaml, openai and textlint.

Updates @biomejs/biome from 2.3.1 to 2.3.7

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.7

2.3.7

Patch Changes

• #8169 7fdcec8 Thanks @​arendjr! - Fixed #7999: Correctly place await after leading comment in auto-fix action from noFloatingPromises rule.

• #8157 12d5b42 Thanks @​Conaclos! - Fixed #8148. noInvalidUseBeforeDeclaration no longer reports some valid use before declarations.

  The following code is no longer reported as invalid:

  class classA {
    C = C;
  }
  const C = 0;

• #8178 6ba4157 Thanks @​dyc3! - Fixed #8174, where the HTML parser would parse 2 directives as a single directive because it would not reject whitespace in Vue directives. This would cause the formatter to erroneously merge the 2 directives into one, resulting in broken code.

  - <Component v-else:property="123" />
  + <Component v-else :property="123" />

• #8088 0eb08e8 Thanks @​db295! - Fixed #7876: The noUnusedImports rule now ignores imports that are used by @​linkcode and @​linkplain (previously supported @​link and @​see).

  The following code will no longer be a false positive:

  import type { a } from "a"
  /**
  
  {@​linkcode a}
  */
  function func() {}

#8119 8d64655 Thanks @​ematipico! - Improved the detection of the rule noUnnecessaryConditions. Now the rule isn't triggered for variables that are mutated inside a module.

This logic deviates from the original rule, hence noUnnecessaryConditions is now marked as "inspired".

In the following example, hey starts as false, but then it's assigned to a string. The rule isn't triggered inside the if check.

let hey = false;
function test() {
hey = "string";

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.7

Patch Changes

• #8169 7fdcec8 Thanks @​arendjr! - Fixed #7999: Correctly place await after leading comment in auto-fix action from noFloatingPromises rule.

• #8157 12d5b42 Thanks @​Conaclos! - Fixed #8148. noInvalidUseBeforeDeclaration no longer reports some valid use before declarations.

  The following code is no longer reported as invalid:

  class classA {
    C = C;
  }
  const C = 0;

• #8178 6ba4157 Thanks @​dyc3! - Fixed #8174, where the HTML parser would parse 2 directives as a single directive because it would not reject whitespace in Vue directives. This would cause the formatter to erroneously merge the 2 directives into one, resulting in broken code.

  - <Component v-else:property="123" />
  + <Component v-else :property="123" />

• #8088 0eb08e8 Thanks @​db295! - Fixed #7876: The noUnusedImports rule now ignores imports that are used by @​linkcode and @​linkplain (previously supported @​link and @​see).

  The following code will no longer be a false positive:

  import type { a } from "a"
  /**
  
  {@​linkcode a}
  */
  function func() {}

#8119 8d64655 Thanks @​ematipico! - Improved the detection of the rule noUnnecessaryConditions. Now the rule isn't triggered for variables that are mutated inside a module.

This logic deviates from the original rule, hence noUnnecessaryConditions is now marked as "inspired".

In the following example, hey starts as false, but then it's assigned to a string. The rule isn't triggered inside the if check.

let hey = false;
function test() {
hey = "string";
}

... (truncated)

Commits

• 8e97b89 ci: release (#8161)
• fb1458b feat(lint/html/vue): add useVueValidVText (#8158)
• 2dd38cf fix(schema): domains and feature kind (#8147)
• 803a44a chore: remove gold sponsor (#8135)
• 166d95b ci: release (#8076)
• 6976d03 chore: schema regression rule domains (#8133)
• 5fc5416 feat(lint/vue): add noVueVIfWithVFor, useVueHyphenatedAttributes (#8097)
• fb8e3e7 fix(noInvalidUseBeforeDeclaration): handle class, enum, import-equals (#8113)
• 0f0a658 feat(analyze): implement noSyncScripts (#8108)
• 82b9a8e feat(js_analyze): implement useFind (#8100)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates openai from 6.7.0 to 6.9.1

Release notes

Sourced from openai's releases.

v6.9.1

6.9.1 (2025-11-17)

Full Changelog: v6.9.0...v6.9.1

Bug Fixes

• api: align types of input items / output items for typescript (99adaa7)

v6.9.0

6.9.0 (2025-11-13)

Full Changelog: v6.8.1...v6.9.0

Features

• api: gpt 5.1 (58e78a8)

Chores

• add typescript-estree dependency for jsr readme script (3759514)

v6.8.1

6.8.1 (2025-11-05)

Full Changelog: v6.8.0...v6.8.1

Bug Fixes

• api: fix nullability of logprobs (40a403c)

v6.8.0

6.8.0 (2025-11-03)

Full Changelog: v6.7.0...v6.8.0

Features

• api: Realtime API token_limits, Hybrid searching ranking options (6a5b48c)
• api: remove InputAudio from ResponseInputContent (9909fef)

Chores

• internal: codegen related update (3ad52aa)

Changelog

Sourced from openai's changelog.

6.9.1 (2025-11-17)

Full Changelog: v6.9.0...v6.9.1

Bug Fixes

• api: align types of input items / output items for typescript (99adaa7)

6.9.0 (2025-11-13)

Full Changelog: v6.8.1...v6.9.0

Features

• api: gpt 5.1 (58e78a8)

Chores

• add typescript-estree dependency for jsr readme script (3759514)

6.8.1 (2025-11-05)

Full Changelog: v6.8.0...v6.8.1

Bug Fixes

• api: fix nullability of logprobs (40a403c)

6.8.0 (2025-11-03)

Full Changelog: v6.7.0...v6.8.0

Features

• api: Realtime API token_limits, Hybrid searching ranking options (6a5b48c)
• api: remove InputAudio from ResponseInputContent (9909fef)

Chores

• internal: codegen related update (3ad52aa)

Commits

• c9a4d68 release: 6.9.1
• edc0e1c fix(api): align types of input items / output items for typescript
• 1f2d35e update zod imports to reduce esbuild bundle size by 260kb (#1703)
• 92d65d7 release: 6.9.0
• 7a3c26e feat(api): gpt 5.1
• 88135c8 codegen metadata
• cd95c0d chore: add typescript-estree dependency for jsr readme script
• 7a97bfc release: 6.8.1
• d1f169f fix(api): fix nullability of logprobs
• d1c87a3 release: 6.8.0
• Additional commits viewable in compare view

Updates textlint from 15.2.3 to 15.4.0

Commits

• e409b35 v15.4.0 (#1825)
• abe8aa6 feat(textlint-tester): add suggestions API support (#1823)
• f3b39d2 fix(deps): update dependency @​modelcontextprotocol/sdk to ^1.21.1 (#1824)
• 3e40bf0 fix(deps): update dependency mocha to ^11.7.5 (#1822)
• 934a2d1 fix(deps): update dependency @​modelcontextprotocol/sdk to ^1.21.0 (#1821)
• e9c6096 chore(deps): update eslint to ^8.46.3 (patch) (#1820)
• cbe89f5 chore(deps): update dependency @​types/node to ^24.10.0 (#1819)
• 73b626d chore(deps): update dependency @​eslint/js to ^9.39.1 (#1818)
• a54245d v15.3.0 (#1817)
• e94e260 feat(kernel): add suggestions API (#1801)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

📋 Release Plan

Module	Type	Latest Version	New Version	Release Details
tf-modules-kms	patch		v1.0.0	🆕 Initial Release
tf-modules-vpc-endpoint	patch		v1.0.0	🆕 Initial Release

📝 Changelog

tf-modules-kms-v1.0.0 (2025-11-24)

• 🔀PR #323 - build(deps-dev): bump the npm-development group across 1 directory with 4 updates

tf-modules-vpc-endpoint-v1.0.0 (2025-11-24)

• 🔀PR #323 - build(deps-dev): bump the npm-development group across 1 directory with 4 updates

_{Wiki Status^ℹ️}

✅ Enabled

_{Automated Tag/Release Cleanup^ℹ️}

⏸️ Existing tags and releases will be preserved as the delete-legacy-tags flag is disabled.

_{Powered by:   techpivot/terraform-module-releaser}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud