Bump the all-npm group with 3 updates

[dependabot]

Bumps the all-npm group with 3 updates: @aws-sdk/client-eventbridge, @biomejs/biome and @types/node.

Updates @aws-sdk/client-eventbridge from 3.1005.0 to 3.1010.0

Release notes

Sourced from @​aws-sdk/client-eventbridge's releases.

v3.1010.0

3.1010.0(2026-03-16)

New Features

• clients: update client endpoints as of 2026-03-16 (6ae1dd8a)
• client-ecs: Amazon ECS now supports configuring whether tags are propagated to the EC2 Instance Metadata Service (IMDS) for instances launched by the Managed Instances capacity provider. This gives customers control over tag visibility in IMDS when using ECS Managed Instances. (f165f183)
• client-bedrock-agentcore-control: Supporting hosting of public ECR Container Images in AgentCore Runtime (a3ca4b6e)
• client-bedrock: You can now generate policy scenarios on demand using the new GENERATE POLICY SCENARIOS build workflow type. Scenarios will no longer be automatically generated during INGEST CONTENT, REFINE POLICY, and IMPORT POLICY workflows, resulting in faster completion times for these operations. (e9c8b9ce)
• client-bedrock-agentcore: Provide support to perform deterministic operations on agent runtime through shell command executions via the new InvokeAgentRuntimeCommand API (14fb5577)
• middleware-flexible-checksums: allow custom checksums to be used in responses (#7849) (213defa2)

Tests

• canary: use vitest 4.0.17 in canary tests (#7848) (bda6c45a)

---

For list of updated packages, view updated-packages.md in assets-3.1010.0.zip

v3.1009.0

3.1009.0(2026-03-13)

Chores

• codegen: sync for retry strategy lifecycle fix (#7842) (7bf8888b)

Documentation Changes

• client-medialive: Documents the VideoDescription.ScalingBehavior.SMART(underscore)CROP enum value. (fa49aa1b)
• client-sqs: document that SQS supports AWS Query protocol, non-default (#7847) (90772af6)
• clients: generate readme block about protocols (#7839) (21ffcafc)

New Features

• clients: update client endpoints as of 2026-03-13 (079cb594)
• client-api-gateway: API Gateway now supports an additional security policy "SecurityPolicy-TLS13-1-2-FIPS-PFS-PQ-2025-09" for REST APIs and custom domain names. The new policy is compliant with TLS 1.3, Federal Information Processing Standards (FIPS), Perfect Forward Secrecy (PFS), and post-quantum (PQ) cryptography (663ec588)
• client-gameliftstreams: Feature launch that enables customers to connect streaming sessions to their own VPCs running in AWS. (9b2dfe80)
• client-connect: Deprecating PredefinedNotificationID field (20194f10)
• client-ivs-realtime: Updates maximum reconnect window seconds from 60 to 300 for participant replication (e384ea14)
• client-glue: Add QuerySessionContext to BatchGetPartitionRequest (e39731fa)
• client-mediaconvert: This update adds support for Dolby AC-4 audio output, frame rate conversion between non-Dolby Vision inputs to Dolby Vision outputs, and clear lead CMAF HLS output. (11615b9f)
• client-quicksight: The change adds a new capability named ManageSharedFolders in Custom Permissions (cffca16f)
• client-mgn: Network Migration APIs are now publicly available for direct programmatic access. Customers can now call Network Migration APIs directly without going through AWS Transform (ATX), enabling automation, integration with existing tools, and self-service migration workflows. (2c814ea8)
• client-config-service: Fix pagination support for DescribeConformancePackCompliance, and update OrganizationConfigRule InputParameters max length to match ConfigRule. (469faf6f)

---

... (truncated)

Changelog

Sourced from @​aws-sdk/client-eventbridge's changelog.

3.1010.0 (2026-03-16)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.1009.0 (2026-03-13)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.1008.0 (2026-03-12)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.1007.0 (2026-03-11)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.1006.0 (2026-03-10)

Note: Version bump only for package @​aws-sdk/client-eventbridge

Commits

• 2aa1e6c Publish v3.1010.0
• 7888030 Publish v3.1009.0
• 7bf8888 chore(codegen): sync for retry strategy lifecycle fix (#7842)
• 21ffcaf docs(clients): generate readme block about protocols (#7839)
• 543c385 Publish v3.1008.0
• 7718940 Publish v3.1007.0
• fa4dc50 Publish v3.1006.0
• See full diff in compare view

Updates @biomejs/biome from 2.4.6 to 2.4.7

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.7

2.4.7

Patch Changes

• #9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

  For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

  a {
    accent-color: bar;
  }

• #9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

  // Invalid
  import { foo } from "foo";
  const bar = 1;
  import { baz } from "baz"; // ← flagged
  // Valid
  import { foo } from "foo";
  import { baz } from "baz";
  const bar = 1;

• #9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

• #9435 6c5a8f2 Thanks @​siketyan! - Fixed #9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

• #9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

• #9420 a1c46af Thanks @​ematipico! - Fixed #9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

• #9416 f2581b8 Thanks @​ematipico! - Fixed #9131, #9112, #9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

• #9344 cb4d7d7 Thanks @​ematipico! - Fixed #6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

• #9360 bc5dd99 Thanks @​ematipico! - Fixed #7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

• #9371 29cac17 Thanks @​ematipico! - Fixed #5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

• #9043 61e2a02 Thanks @​dyc3! - Fixed #8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.7

Patch Changes

• #9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

  For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

  a {
    accent-color: bar;
  }

• #9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

  // Invalid
  import { foo } from "foo";
  const bar = 1;
  import { baz } from "baz"; // ← flagged
  // Valid
  import { foo } from "foo";
  import { baz } from "baz";
  const bar = 1;

• #9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

• #9435 6c5a8f2 Thanks @​siketyan! - Fixed #9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

• #9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

• #9420 a1c46af Thanks @​ematipico! - Fixed #9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

• #9416 f2581b8 Thanks @​ematipico! - Fixed #9131, #9112, #9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

• #9344 cb4d7d7 Thanks @​ematipico! - Fixed #6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

• #9360 bc5dd99 Thanks @​ematipico! - Fixed #7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

• #9371 29cac17 Thanks @​ematipico! - Fixed #5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

• #9043 61e2a02 Thanks @​dyc3! - Fixed #8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

• #9354 930c858 Thanks @​denbezrukov! - Improved CSS parser recovery for invalid unicode-range values that mix wildcard ranges with range intervals. For example, Biome now reports clearer diagnostics for invalid syntax like:

... (truncated)

Commits

• 1f30838 ci: release (#9346)
• 3ac98eb feat(css/lint): useBaseline (#9318)
• 2de8362 feat(lint): add nursery rule useImportsFirst (#9272)
• 776cb64 feat(json_analyze): implement noEmptyObjectKeys (#9365)
• dda9b3d chore: update rule count in readme (#9374)
• 722f0da feat(json_analyze): implement noTopLevelLiterals (#9367)
• See full diff in compare view

Updates @types/node from 25.4.0 to 25.5.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions