Bump the npm-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the npm-dependencies group with 8 updates in the / directory:

Package	From	To
@types/node	20.19.37	20.19.41
prettier	3.8.1	3.8.3
typescript-eslint	8.58.0	8.59.3
@aws-sdk/client-bedrock-runtime	3.1022.0	3.1046.0
ws	8.20.0	8.20.1
grammy	1.41.1	1.42.0
@types/bun	1.3.11	1.3.14
@clack/prompts	1.2.0	1.4.0

Updates @types/node from 20.19.37 to 20.19.41

Commits

• See full diff in compare view

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.58.0 to 8.59.3

Release notes

Sourced from typescript-eslint's releases.

v8.59.3

8.59.3 (2026-05-11)

This was a version bump only, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)
• eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)
• eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)
• eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)
• eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

• anasm266 @​anasm266
• Anshika Jain @​Anshikakalpana
• Ulrich Stark
• yugo innami @​nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.59.3 (2026-05-11)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.2 (2026-05-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.1 (2026-04-27)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.0 (2026-04-20)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.2 (2026-04-13)

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#12187)

❤️ Thank You

• Abhijeet Singh @​cseas

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.1 (2026-04-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

... (truncated)

Commits

• 48e13c0 chore(release): publish 8.59.3
• 44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
• 2ec35f1 chore(release): publish 8.59.2
• 5245793 chore(release): publish 8.59.1
• ea9ae4f chore(release): publish 8.59.0
• 90c2803 chore(release): publish 8.58.2
• b3315fd chore: convert import eslint to import js - followup (#12100)
• be6b49a fix: remove tsbuildinfo cache file from published packages (#12187)
• 5311ed3 chore(release): publish 8.58.1
• See full diff in compare view

Updates @aws-sdk/client-bedrock-runtime from 3.1022.0 to 3.1046.0

Release notes

Sourced from @​aws-sdk/client-bedrock-runtime's releases.

v3.1046.0

3.1046.0(2026-05-14)

Chores

• build: set compilation config module type to nodenext (#8018) (893d9e61)
• core/util:
  • update tsconfig.types.json (#8016) (b09190e7)
  • migrate minor utility functions to core (#8007) (6a0f061a)
• scripts:
  • optimize codegen build speed (#8012) (3b64aa8f)
  • add submodule variant api surface parity linting (#8006) (3361fb26)
• codegen: dependency version bump (#8008) (9ce20f6d)
• signature-v4-multi-region: invert dependency on middleware-sdk-s3 (#8003) (b41bc62f)
• update smithy/core imports (#7979) (acffbf90)

Documentation Changes

• client-redshift: Added rg.xlarge and rg.4xlarge to valid NodeType values and updated documentation for CreateCluster, ModifyCluster, ResizeCluster, and RestoreFromClusterSnapshot APIs to reflect RG node type support. (fc4437bd)
• client-batch: Adds a billing callout to docs regarding using the CE Scale Down Delay feature (72d87371)
• client-glue: AWS Glue now defaults the job timeout to 480 minutes for Glue version 5.0 and later when no timeout value is specified. The default remains 2,880 minutes for Glue version 4.0 and earlier. (0a44c1f6)
• core: package consolidation plan (#8002) (51d1f8cb)

New Features

• clients: update client endpoints as of 2026-05-14 (0a8e3b77)
• client-sfn: Updated default SDK endpoints for AWS Step Functions in AWS GovCloud (US) regions. The default Dual-Stack endpoints now resolve to "states-fips" prefixed hostnames. There are no changes to service behavior. No customer action is required. (35908544)
• client-quicksight: Adds five new custom permission option for Quick Apps so that these capabilities can be controlled by public SDK and CLI. (8e76717d)
• client-elasticsearch-service: Adds support for AutomatedSnapshotPauseOptions. (e1a722aa)
• client-arc-region-switch: Adds support for enabling and disabling Lambda event source mappings in Region switch plans. (5b7d56f3)
• client-rtbfabric: Customers can now configure custom domain names for their RTB Fabric gateways. This enables partners to use their own branded domain for RTB traffic instead of the default rtbfabric endpoint (b1e0392d)
• client-connectcases: Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. (883cc0f7)
• client-pcs: Add support for Amazon EC2 Interruptible-ODCR (cbd2be24)
• client-securityagent: Add support for code reviews, a new resource type that enables automated security-focused static analysis of source code repositories. (8ae5b437)
• client-sagemaker: Adds execution role session name mode to reflect user identity in Studio. Adds Flexible Training Plans on Studio apps. Adds restricted model packages to control access to proprietary model artifacts via IAM. Fixed instance type parity between inference endpoints and managed shadow tests. (c6c87516)
• client-connect: This change added three new EventSourceName for schedule notification feature (b8f49e23)
• client-socialmessaging: Adds parameters to call the GetWhatsAppMessageTemplate and UpdateWhatsAppMessageTemplate APIs with a template name and language code in place of the template ID. Linked WhatsApp accounts also describe whether the WABA is onboarded to Meta's Marketing Messages API. (085c2dd6)
• client-ec2: Include length limits in the SDK and documentation for text fields in Image (AMI) APIs such as the image name and description (9a5ca595)
• client-partnercentral-account: Added ServiceQuotaExceededExceptions for Profile operations (725a2b6d)
• client-opensearch: Adds support for AutomatedSnapshotPauseOptions. (8bc57f1f)
• client-billingconductor: Add ConflictException to UpdateCustomLineItem operation. (f0f73bae)
• client-bedrock-agentcore-control: Adds support for read-only summary APIs for Policy Engine, Policy, and Policy Generation resources, enabling metadata retrieval without KMS decryption for AWS Config integration. (6d630817)
• client-lightsail: Added OriginIpAddressTypeEnum (ipv4, ipv6, dualstack) and ipAddressType field to Origin and InputOrigin structures for Lightsail CDN distributions. Allows customers to specify how the distribution connects to origins, using IPv4, IPv6, or dualstack networking (eaa98531)
• client-dsql: Added support for Amazon Aurora DSQL change data capture (CDC) streams that deliver row-level database changes to Amazon Kinesis in JSON format. Includes CreateStream, GetStream, ListStreams, and DeleteStream operations. (d071f80a)
• client-connectcampaignsv2: This release added support for Outbound Campaign timezone detection using all available contact methods (1a0d5fee)

Bug Fixes

• core/protocols: corrections for absolute and relative shape id lookup for errors (#8001) (c9921dcb)
• cloudfront-signer: url-encode special characters in URL path (#7763) (e942132d)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-bedrock-runtime's changelog.

3.1046.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/client-bedrock-runtime

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/client-bedrock-runtime

3.1044.0 (2026-05-06)

Note: Version bump only for package @​aws-sdk/client-bedrock-runtime

3.1043.0 (2026-05-05)

Note: Version bump only for package @​aws-sdk/client-bedrock-runtime

3.1042.0 (2026-05-04)

Note: Version bump only for package @​aws-sdk/client-bedrock-runtime

3.1041.0 (2026-05-01)

Note: Version bump only for package @​aws-sdk/client-bedrock-runtime

3.1040.0 (2026-04-30)

... (truncated)

Commits

• a664335 Publish v3.1046.0
• 9ce20f6 chore(codegen): dependency version bump (#8008)
• acffbf9 chore: update smithy/core imports (#7979)
• b329def Publish v3.1045.0
• 1ccd438 Publish v3.1044.0
• 96baad9 Publish v3.1043.0
• d942e31 Publish v3.1042.0
• 5df4c01 Publish v3.1041.0
• 7736067 Publish v3.1040.0
• 51c8215 Publish v3.1039.0
• Additional commits viewable in compare view

Updates ws from 8.20.0 to 8.20.1

Release notes

Sourced from ws's releases.

8.20.1

Bug fixes

• Fixed an uninitialized memory disclosure issue in websocket.close() (c0327ec1).

Providing a TypedArray (e.g. Float32Array) as the reason argument for websocket.close(), rather than the supported string or Buffer types, caused uninitialized memory to be disclosed to the remote peer.

import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port}, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
  deepStrictEqual(reason, Buffer.alloc(80));
});

}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});

The issue was privately reported by Nikita Skovoroda.

Commits

• 5d9b316 [dist] 8.20.1
• c0327ec [security] Fix uninitialized memory disclosure in websocket.close()
• ce2a3d6 [ci] Test on node 26
• 58e45b8 [ci] Do not test on node 25
• 5f26c24 [ci] Run the lint step on node 24
• See full diff in compare view

Updates grammy from 1.41.1 to 1.42.0

Release notes

Sourced from grammy's releases.

v1.42.0

What's Changed

• fix: correct typo in filter key chat_owner_changd by @​glacierphonk in grammyjs/grammY#881
• feat: support Bot API 9.6 by @​KnorpelSenf in grammyjs/grammY#892

New Contributors

• @​glacierphonk made their first contribution in grammyjs/grammY#881
• @​github-actions[bot] made their first contribution in grammyjs/grammY#891

Full Changelog: grammyjs/grammY@v1.41.1...v1.42.0

Commits

• 68faaf4 1.42.0
• dcb4f8b feat: support Bot API 9.6 (#892)
• 1cf54ad docs: update contributor information (#891)
• a999c9e docs: update outdated contributors
• 3985353 chore(ci): improve label of contributor update (#890)
• 5338be5 chore(ci): fix escaping
• 1983543 chore(ci): fix contribution update script (#889)
• 1c332c1 chore: update write perm for github contributor update action (#888)
• bec57ca docs: add @​arunr-inji as a contributor for infra (#887)
• 6f03ebf test: add test coverage for API_CONSTANTS (#882)
• Additional commits viewable in compare view

Updates @types/bun from 1.3.11 to 1.3.14

Commits

• See full diff in compare view

Updates @clack/prompts from 1.2.0 to 1.4.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.4.0

Minor Changes

• 284677e: Support scrolling and maxItems option for groupMultiselect, and removes indent when withGuide is set to false

Patch Changes

• aab46a2: docs: add jsdoc for text, password, and multiline prompts
• 54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.
• Updated dependencies [54be8d7]
  • @​clack/core@​1.3.1

@​clack/prompts@​1.3.0

Minor Changes

• ea5702e: fix: add engines field expressing node >=20.12 requirement
• 814ab9a: Add new multiline prompt for multi-line text input.

Patch Changes

• 5b897a7: Fix mixed type-only and runtime exports from @​clack/core.
• Updated dependencies [78fd3ae]
• Updated dependencies [ea5702e]
• Updated dependencies [814ab9a]
  • @​clack/core@​1.3.0

Changelog

Sourced from @​clack/prompts's changelog.

1.4.0

Minor Changes

• 284677e: Support scrolling and maxItems option for groupMultiselect, and removes indent when withGuide is set to false

Patch Changes

• aab46a2: docs: add jsdoc for text, password, and multiline prompts
• 54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.
• Updated dependencies [54be8d7]
  • @​clack/core@​1.3.1

1.3.0

Minor Changes

• ea5702e: fix: add engines field expressing node >=20.12 requirement
• 814ab9a: Add new multiline prompt for multi-line text input.

Patch Changes

• 5b897a7: Fix mixed type-only and runtime exports from @​clack/core.
• Updated dependencies [78fd3ae]
• Updated dependencies [ea5702e]
• Updated dependencies [814ab9a]
  • @​clack/core@​1.3.0

Commits

• fe2bcd2 [ci] release (#530)
• aab46a2 docs: add jsdoc for text, password, and multiline prompts (#523)
• 54be8d7 fix: trim lines from correct end (#532)
• 284677e feat(prompts): support maxItems in groupMultiselect (#528)
• 05bfd43 [ci] release (#501)
• 5b897a7 fix: split type-only and runtime exports (#518)
• cd7e5cd deps: update pnpm and align node types version (#515)
• 970268b chore(deps): update deps in core and prompts packages (#512)
• ea5702e chore: add engines field to prompts and core (#514)
• ec432f9 docs: correct Progress example in README (#505)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions