chore(deps): batch dependabot npm dependency bumps

[0xisk]

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation Update (if none of the other choices apply)

Batches the open Dependabot npm/yarn bumps into one PR so they review, run CI, and land together instead of as five separate PRs.

Package	Change	Replaces
@biomejs/biome	2.4.16 → 2.5.0	#116
vitest	→ ^4.1.9 (root, builder, cli, simulator)	#117
turbo	^2.9.14 → ^2.9.18	#118
@types/node	25.9.1 → 25.9.3 (root, builder, cli, simulator)	#119
vite	8.0.14 → 8.0.16 (transitive, security group)	#120

Also bumps the biome.json $schema URL to 2.5.0 to match the new CLI.

Validation (local): yarn lint (biome 2.5.0) clean, yarn types clean, yarn test green across all four packages.

PR Checklist

• I have read the Contributing Guide
• I have added tests that prove my fix is effective or that my feature works
• I have added documentation of new methods and any new behavior or changes to existing behavior
• CI Workflows Are Passing

Further comments

Supersedes #116, #117, #118, #119, #120 — those are closed in favour of this batched PR. vite is pinned to exactly 8.0.16 (matching Dependabot's #120) rather than the latest 8.x, to keep the change minimal.

Summary by CodeRabbit

• Chores
  • Updated development tooling dependencies across the project including code formatting tools, Node.js type definitions, build systems, and testing framework to their latest versions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 40f521d8-3e0a-40f5-ba6c-f8e104043e10

📥 Commits

Reviewing files that changed from the base of the PR and between 22048e3 and 61caee2.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (5)

• biome.json
• package.json
• packages/builder/package.json
• packages/cli/package.json
• packages/simulator/package.json

---

Walkthrough

The Biome schema URL in biome.json is updated from version 2.4.15 to 2.5.0. Dev dependencies @biomejs/biome, @types/node, turbo, and vitest are bumped to newer versions across the root package.json and all workspace packages (builder, cli, simulator).

Dev Dependency Updates

Layer / File(s)	Summary
Biome schema and devDependency version bumps biome.json, package.json, packages/builder/package.json, packages/cli/package.json, packages/simulator/package.json	Updates $schema in biome.json to 2.5.0; bumps @biomejs/biome (2.4.16→2.5.0), @types/node (25.9.1→25.9.3), turbo (2.9.14→2.9.18), and vitest (4.1.6→4.1.9) across root and all workspace packages.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• OpenZeppelin/compact-tools#82: Updates the same files (biome.json, root and workspace package.json) with the same type of dev toolchain version bumps (@biomejs/biome, @types/node, vitest).
• OpenZeppelin/compact-tools#110: Touches the same dependency surface, updating @biomejs/biome, @types/node, vitest, and turbo across workspace package.json files.

Suggested reviewers

• pepebndc

Poem

🐇 Hop, hop, versions leap ahead,
Biome two-point-five now leads instead,
Turbo, Vitest, node types too—
All bumped up, fresh, and new!
A tidy warren, neat and bright,
Dependencies updated right. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change—a batch consolidation of Dependabot dependency updates across multiple package.json files, which is the primary purpose of this PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-npm-dependencies

---

_{Comment @coderabbitai help to get the list of available commands.}

[andrew-fleming]

To be comprehensive, I'd pin tar to 7.5.16 in resolutions. Otherwise, LGTM!