Bump the all-npm group with 3 updates

[dependabot]

Bumps the all-npm group with 3 updates: @aws-sdk/client-eventbridge, @biomejs/biome and @types/aws-lambda.

Updates @aws-sdk/client-eventbridge from 3.933.0 to 3.939.0

Release notes

Sourced from @​aws-sdk/client-eventbridge's releases.

v3.939.0

3.939.0(2025-11-24)

Chores

• scripts: reduce api validation to packages/lib only (#7519) (eb74d6a0)

New Features

• client-cloudwatch-logs: New CloudWatch Logs feature - LogGroup Deletion Protection, a capability that allows customers to safeguard their critical CloudWatch log groups from accidental or unintended deletion. (02360329)
• client-cloudfront: Add TrustStore, ConnectionFunction APIs to CloudFront SDK (168505ee)

Bug Fixes

• clients: export enum objects for string shapes (#7521) (62f648df)
• cloudfront-signer: skip extended encoding for query parameters in the base url (#7515) (954d411e)

Tests

• increase beforeAll hook timeouts (#7518) (720ba4cd)

---

For list of updated packages, view updated-packages.md in assets-3.939.0.zip

v3.938.0

3.938.0(2025-11-21)

Chores

• codegen: smithy-aws-typescript-codegen 0.38.0 (#7513) (cdb4d374)

Documentation Changes

• client-elastic-load-balancing-v2: This release adds the health check log feature in ALB, allowing customers to send detailed target health check log data directly to their designated Amazon S3 bucket. (d5c668b7)

New Features

• clients: update client endpoints as of 2025-11-21 (770cf0d9)
• client-redshift: Added support for Amazon Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation. (b030ee0c)
• client-invoicing: Added the CreateProcurementPortalPreference, GetProcurementPortalPreference, PutProcurementPortalPreference, UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and DeleteProcurementPortalPreference APIs for procurement portal preference management. (612d1d7c)
• client-transfer: Adds support for creating Webapps accessible from a VPC. (b863762b)
• client-marketplace-entitlement-service: Endpoint update for new region (764e4bf5)
• client-sagemaker: Enhanced SageMaker HyperPod instance groups with support for MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and taints). Also Added speculative decoding and MaxInstanceCount for model optimization jobs. (86804322)
• client-quicksight: Amazon Quick Suite now supports QuickChat as an embedding type when calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed conversational AI agents directly into their applications. (1fb46165)
• client-sagemaker-runtime-http2: Add support for bidirectional streaming invocations on SageMaker AI real-time endpoints (32887fca)
• client-lex-models-v2: Adds support for Intent Disambiguation, allowing resolution of ambiguous user inputs when multiple intents match by presenting clarifying questions to users. Also adds Speech Detection Sensitivity configuration for optimizing voice activity detection sensitivity levels in various noise environments. (7338fd92)
• client-redshift-serverless: Added UpdateLakehouseConfiguration API to manage Amazon Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation for namespaces. (e45c0a74)
• client-lambda: Launching Enhanced Error Handling and ESM Grouping capabilities for Kafka ESMs (adfe1d80)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-eventbridge's changelog.

3.939.0 (2025-11-24)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.936.0 (2025-11-19)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.935.0 (2025-11-19)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.934.0 (2025-11-18)

Note: Version bump only for package @​aws-sdk/client-eventbridge

Commits

• 1592379 Publish v3.939.0
• a180cc7 Publish v3.936.0
• c31b14b Publish v3.935.0
• ac2be51 chore(codegen): update for smithy/core serde fixes (#7511)
• 3b6a4d9 Publish v3.934.0
• See full diff in compare view

Updates @biomejs/biome from 2.3.6 to 2.3.7

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.7

2.3.7

Patch Changes

• #8169 7fdcec8 Thanks @​arendjr! - Fixed #7999: Correctly place await after leading comment in auto-fix action from noFloatingPromises rule.

• #8157 12d5b42 Thanks @​Conaclos! - Fixed #8148. noInvalidUseBeforeDeclaration no longer reports some valid use before declarations.

  The following code is no longer reported as invalid:

  class classA {
    C = C;
  }
  const C = 0;

• #8178 6ba4157 Thanks @​dyc3! - Fixed #8174, where the HTML parser would parse 2 directives as a single directive because it would not reject whitespace in Vue directives. This would cause the formatter to erroneously merge the 2 directives into one, resulting in broken code.

  - <Component v-else:property="123" />
  + <Component v-else :property="123" />

• #8088 0eb08e8 Thanks @​db295! - Fixed #7876: The noUnusedImports rule now ignores imports that are used by @​linkcode and @​linkplain (previously supported @​link and @​see).

  The following code will no longer be a false positive:

  import type { a } from "a"
  /**
  
  {@​linkcode a}
  */
  function func() {}

#8119 8d64655 Thanks @​ematipico! - Improved the detection of the rule noUnnecessaryConditions. Now the rule isn't triggered for variables that are mutated inside a module.

This logic deviates from the original rule, hence noUnnecessaryConditions is now marked as "inspired".

In the following example, hey starts as false, but then it's assigned to a string. The rule isn't triggered inside the if check.

let hey = false;
function test() {
hey = "string";

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.7

Patch Changes

• #8169 7fdcec8 Thanks @​arendjr! - Fixed #7999: Correctly place await after leading comment in auto-fix action from noFloatingPromises rule.

• #8157 12d5b42 Thanks @​Conaclos! - Fixed #8148. noInvalidUseBeforeDeclaration no longer reports some valid use before declarations.

  The following code is no longer reported as invalid:

  class classA {
    C = C;
  }
  const C = 0;

• #8178 6ba4157 Thanks @​dyc3! - Fixed #8174, where the HTML parser would parse 2 directives as a single directive because it would not reject whitespace in Vue directives. This would cause the formatter to erroneously merge the 2 directives into one, resulting in broken code.

  - <Component v-else:property="123" />
  + <Component v-else :property="123" />

• #8088 0eb08e8 Thanks @​db295! - Fixed #7876: The noUnusedImports rule now ignores imports that are used by @​linkcode and @​linkplain (previously supported @​link and @​see).

  The following code will no longer be a false positive:

  import type { a } from "a"
  /**
  
  {@​linkcode a}
  */
  function func() {}

#8119 8d64655 Thanks @​ematipico! - Improved the detection of the rule noUnnecessaryConditions. Now the rule isn't triggered for variables that are mutated inside a module.

This logic deviates from the original rule, hence noUnnecessaryConditions is now marked as "inspired".

In the following example, hey starts as false, but then it's assigned to a string. The rule isn't triggered inside the if check.

let hey = false;
function test() {
hey = "string";
}

... (truncated)

Commits

• 8e97b89 ci: release (#8161)
• fb1458b feat(lint/html/vue): add useVueValidVText (#8158)
• 2dd38cf fix(schema): domains and feature kind (#8147)
• 803a44a chore: remove gold sponsor (#8135)
• See full diff in compare view

Updates @types/aws-lambda from 8.10.158 to 8.10.159

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions