fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	^2.4.10 → ^2.4.13			devDependencies	patch
@changesets/cli (source)	^2.30.0 → ^2.31.0			devDependencies	minor
@effect/platform (source)	^0.96.0 → ^0.96.1			dependencies	patch
@eslint/compat (source)	2.0.4 → 2.0.5			devDependencies	patch
@typescript-eslint/eslint-plugin (source)	^8.58.0 → ^8.59.0			devDependencies	minor
@typescript-eslint/parser (source)	^8.58.0 → ^8.59.0			devDependencies	minor
@vitest/coverage-v8 (source)	^4.1.3 → ^4.1.5			devDependencies	patch
@vitest/eslint-plugin	^1.6.14 → ^1.6.16			devDependencies	patch
effect (source)	^3.21.0 → ^3.21.2			dependencies	patch
eslint (source)	^10.2.0 → ^10.2.1			devDependencies	patch
eslint-plugin-sonarjs (source)	^4.0.2 → ^4.0.3			devDependencies	patch
globals	^17.4.0 → ^17.5.0			devDependencies	minor
jscpd	^4.0.8 → ^4.0.9			devDependencies	patch
next (source)	^16.2.2 → ^16.2.4			dependencies	patch
node	24.14.1 → 24.15.0			uses-with	minor
pnpm (source)	10.33.0 → 10.33.2			packageManager	patch
pnpm/action-setup	v5 → v6			action	major
pnpm/action-setup	v3 → v6			action	major
react (source)	^19.2.4 → ^19.2.5			dependencies	patch
react-dom (source)	^19.2.4 → ^19.2.5			dependencies	patch
typescript (source)	^6.0.2 → ^6.0.3			devDependencies	patch
typescript-eslint (source)	^8.58.0 → ^8.59.0			devDependencies	minor
vite (source)	^8.0.6 → ^8.0.10			devDependencies	patch
vite (source)	^8.0.6 → ^8.0.10			peerDependencies	patch
vitest (source)	^4.1.3 → ^4.1.5			devDependencies	patch

cc @skulidropek

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.13

Compare Source

Patch Changes

• #​9969 c5eb92b Thanks @​officialasishkumar! - Added the nursery rule noUnnecessaryTemplateExpression, which disallows template literals that only contain string literal expressions. These can be replaced with a simpler string literal.

  For example, the following code triggers the rule:

  const a = `${"hello"}`; // can be 'hello'
  const b = `${"prefix"}_suffix`; // can be 'prefix_suffix'
  const c = `${"a"}${"b"}`; // can be 'ab'

• #​10037 f785e8c Thanks @​minseong0324! - Fixed #​9810: noMisleadingReturnType no longer reports false positives on a getter with a matching setter in the same namespace.

  class Store {
    get status(): string {
      if (Math.random() > 0.5) return "loading";
      return "idle";
    }
    set status(v: string) {}
  }

• #​10084 5e2f90c Thanks @​jiwon79! - Fixed #​10034: noUselessEscapeInRegex no longer flags escapes of ClassSetReservedPunctuator characters (&, !, #, %, ,, :, ;, <, =, >, @, `, ~) inside v-flag character classes as useless. These characters are reserved as individual code points in v-mode, so the escape is required.

  The following pattern is now considered valid:

  /[a-z\&]/v;

• #​10063 c9ffa16 Thanks @​Netail! - Added extra rule sources from ESLint CSS. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​10035 946b50e Thanks @​Netail! - Fixed #​10032: useIframeSandbox now flags if there's no initializer value.

• #​9865 68fb8d4 Thanks @​dyc3! - Added the new nursery rule useDomNodeTextContent, which prefers textContent over innerText for DOM node text access and destructuring.

  For example, the following snippet triggers the rule:

  const foo = node.innerText;

• #​10023 bd1e74f Thanks @​ematipico! - Added a new nursery rule noReactNativeDeepImports that disallows deep imports from the react-native package. Internal paths like react-native/Libraries/... are not part of the public API and may change between versions.

  For example, the following code triggers the rule:

  import View from "react-native/Libraries/Components/View/View";

• #​9885 3dce737 Thanks @​dyc3! - Added a new nursery rule useDomQuerySelector that prefers querySelector() and querySelectorAll() over older DOM query methods such as getElementById() and getElementsByClassName().

• #​9995 4da9caf Thanks @​siketyan! - Fixed #​9994: Biome now parses nested CSS rules correctly when declarations follow them inside embedded snippets.

• #​10009 b41cc5a Thanks @​Jayllyz! - Fixed #​10004: noComponentHookFactories no longer reports false positives for object methods and class methods.

• #​9988 eabf54a Thanks @​Netail! - Tweaked the diagnostics range for useAltText, useButtonType, useHtmlLang, useIframeTitle, useValidAriaRole & useIfameSandbox to report on the opening tag instead of the full tag.

• #​10043 fc65902 Thanks @​mujpao! - Fixed #​10003: Biome no longer panics when parsing Svelte files containing {#}.

• #​9815 5cc83b1 Thanks @​dyc3! - Added the new nursery rule noLoopFunc. When enabled, it warns when a function declared inside a loop captures outer variables that can change across iterations.

• #​9702 ef470ba Thanks @​ryan-m-walker! - Added the nursery rule useRegexpTest that enforces RegExp.prototype.test() over String.prototype.match() and RegExp.prototype.exec() in boolean contexts. test() returns a boolean directly, avoiding unnecessary computation of match results.

  Invalid

  if ("hello world".match(/hello/)) {
  }

  Valid

  if (/hello/.test("hello world")) {
  }

• #​9743 245307d Thanks @​leetdavid! - Fixed #​2245: Svelte <script> tag language detection when the generics attribute contains > characters (e.g., <script lang="ts" generics="T extends Record<string, unknown>">). Biome now correctly recognizes TypeScript in such script blocks.

• #​10046 0707de7 Thanks @​Conaclos! - Fixed #​10038: organizeImports now sorts imports in TypeScript modules and declaration files.

    declare module "mymodule" {
  -  	import type { B } from "b";
    	import type { A } from "a";
  +  	import type { B } from "b";
    }

• #​10012 94ccca9 Thanks @​ematipico! - Added the nursery rule noReactNativeLiteralColors, which disallows color literals inside React Native styles.

  The rule belongs to the reactNative domain. It reports properties whose name contains color and whose value is a string literal when they appear inside a StyleSheet.create(...) call or inside a JSX attribute whose name contains style.

  // Invalid
  const Hello = () => <Text style={{ backgroundColor: "#FFFFFF" }}>hi</Text>;
  
  const styles = StyleSheet.create({
    text: { color: "red" },
  });

  // Valid
  const red = "#f00";
  const styles = StyleSheet.create({
    text: { color: red },
  });

• #​10005 131019e Thanks @​ematipico! - Added the nursery rule noReactNativeRawText, which disallows raw text outside of <Text> components in React Native.

  The rule belongs to the new reactNative domain.

  // Invalid
  <View>some text</View>
  <View>{'some text'}</View>

  // Valid
  <View>
    <Text>some text</Text>
  </View>

  Additional components can be allowlisted through the skip option:

  {
    "options": {
      "skip": ["Title"]
    }
  }

• #​9911 1603f78 Thanks @​Netail! - Added the nursery rule noJsxLeakedDollar, which flags text nodes with a trailing $ if the next sibling node is a JSX expression. This could be an unintentional mistake, resulting in a '$' being rendered as text in the output.

  Invalid:

  function MyComponent({ user }) {
    return <div>Hello ${user.name}</div>;
  }

• #​9999 f42405f Thanks @​minseong0324! - Fixed noMisleadingReturnType incorrectly flagging functions with reassigned let variables.

• #​10075 295f97f Thanks @​ematipico! - Fixed #9983: Biome now parses functions declared inside Svelte #snippet blocks without throwing errors.

• #​10006 cf4c1c9 Thanks @​minseong0324! - Fixed #​9810: noMisleadingReturnType incorrectly flagging nested object literals with widened properties.

• #​10033 11ddc05 Thanks @​ematipico! - Added the nursery rule useReactNativePlatformComponents that ensures platform-specific React Native components (e.g. ProgressBarAndroid, ActivityIndicatorIOS) are only imported in files with a matching platform suffix. It also reports when Android and iOS components are mixed in the same file.

  The following code triggers the rule when the file does not have an .android.js suffix:

  // file.js
  import { ProgressBarAndroid } from "react-native";

v2.4.12

Compare Source

Patch Changes

• #​9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

  describe("foo", () => {});
  describe("foo", () => {
    // invalid: same title as previous describe block
    test("baz", () => {});
    test("baz", () => {}); // invalid: same title as previous test case
  });

• #​9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

• #​9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

  For example, the following snippets trigger the rule:

  function createComponent(label) {
    function MyComponent() {
      return <div>{label}</div>;
    }
    return MyComponent;
  }

  function Parent() {
    function Child() {
      return <div />;
    }
    return <Child />;
  }

• #​9980 098f1ff Thanks @​ematipico! - Fixed #​9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

• #​9942 9956f1d Thanks @​dyc3! - Fixed #​9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

• #​9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

• #​9902 3f4d103 Thanks @​ematipico! - Fixed #​9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

• #​9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

• #​9966 322675e Thanks @​siketyan! - Fixed #​9113: Biome now parses and formats @media and other conditional blocks correctly inside embedded CSS snippets.

• #​9835 f8d49d9 Thanks @​bmish! - The noFloatingPromises rule now detects floating promises through cross-module generic wrapper functions. Previously, patterns like export const fn = trace(asyncFn) — where trace preserves the function signature via a generic <F>(fn: F): F — were invisible to the rule when the wrapper was defined in a different file.

• #​9981 02bd8dd Thanks @​siketyan! - Fixed #​9975: Biome now parses nested CSS selectors correctly inside embedded snippets without requiring an explicit &.

• #​9949 e0ba71d Thanks @​Netail! - Added the nursery rule useIframeSandbox, which enforces the sandbox attribute for iframe tags.

  Invalid:

  <iframe></iframe>

• #​9913 d417803 Thanks @​Netail! - Added the nursery rule noJsxNamespace, which disallows JSX namespace syntax.

  Invalid:

  <ns:testcomponent />

• #​9892 e75d70e Thanks @​dyc3! - Improved the noSelfCompare diagnostic to better explain why comparing a value to itself is suspicious and what to use for NaN checks.

• #​9861 2cff700 Thanks @​dyc3! - Added the new nursery rule useVarsOnTop, which requires var declarations to appear at the top of their containing scope.

  For example, the following code now triggers the rule:

  function f() {
    doSomething();
    var value = 1;
  }

• #​9892 e75d70e Thanks @​dyc3! - Improved the noThenProperty diagnostic to better explain why exposing then can create thenable behavior and how to avoid it.

• #​9892 e75d70e Thanks @​dyc3! - Improved the noShorthandPropertyOverrides diagnostic to explain why later shorthand declarations can unintentionally overwrite earlier longhand properties.

• #​9978 4847715 Thanks @​mdevils! - Fixed #​9744: useExhaustiveDependencies no longer reports false positives for variables obtained via object destructuring with computed keys, e.g. const { [KEY]: key1 } = props.

• #​9892 e75d70e Thanks @​dyc3! - Improved the noRootType diagnostic to better explain that the reported root type is disallowed by project configuration and how to proceed.

• #​9927 7974ab7 Thanks @​dyc3! - Added eslint-plugin-unicorn's no-nested-ternary as a rule source for noNestedTernary

• #​9873 19ff706 Thanks @​minseong0324! - noMisleadingReturnType now checks class methods, object methods, and getters in addition to functions.

• #​9888 362b638 Thanks @​dyc3! - Updated metadata for biome migrate eslint to better reflect which ESLint rules are redundant versus unsupported versus unimplemented.

• #​9892 e75d70e Thanks @​dyc3! - Improved the noAutofocus diagnostic to better explain why autofocus harms accessibility outside allowed modal contexts.

• #​9982 d6bdf4a Thanks @​dyc3! - Improved performance of noMagicNumbers.
  Biome now maps ESLint no-magic-numbers sources more accurately during biome migrate eslint.

• #​9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for noConstantCondition to better explain the problem, why it matters, and how to fix it.

• #​9866 40bd180 Thanks @​dyc3! - Added a new nursery rule noExcessiveSelectorClasses, which limits how many class selectors can appear in a single CSS selector.

• #​9796 f1c1363 Thanks @​dyc3! - Added a new nursery rule useStringStartsEndsWith, which prefers startsWith() and endsWith() over verbose string prefix and suffix checks.

  The rule uses type information, so it only reports on strings and skips array lookups such as items[0] === "a".

• #​9942 9956f1d Thanks @​dyc3! - Fixed the safe fix for noSkippedTests so it no longer panics when rewriting skipped test function names such as xit(), xtest(), and xdescribe().

• #​9874 9e570d1 Thanks @​minseong0324! - Type-aware lint rules now resolve members through Pick<T, K> and Omit<T, K> utility types.

• #​9909 0d0e611 Thanks @​Netail! - Added the nursery rule useReactAsyncServerFunction, which requires React server actions to be async.

  Invalid:

  function serverFunction() {
    "use server";
    // ...
  }

• #​9925 29accb3 Thanks @​ematipico! - Fixed #​9910: added support for parsing member expressions in Svelte directive properties. Biome now correctly parses directives like in:renderer.in|global, use:obj.action, and deeply nested forms like in:a.b.c|global.

• #​9904 e7775a5 Thanks @​ematipico! - Fixed #​9626: noUnresolvedImports no longer reports false positives for named imports from packages that have a corresponding @types/* package installed. For example, import { useState } from "react" with @types/react installed is now correctly recognised.

• #​9942 9956f1d Thanks @​dyc3! - Fixed the safe fix for noFocusedTests so it no longer panics when rewriting focused test function names such as fit() and fdescribe().

• #​9577 c499f46 Thanks @​tt-a1i! - Added the nursery rule useReduceTypeParameter. It flags type assertions on the initial value passed to Array#reduce and Array#reduceRight and recommends using a type parameter instead.

  // before: type assertion on initial value
  arr.reduce((sum, num) => sum + num, [] as number[]);
  
  // after: type parameter on the call
  arr.reduce<number[]>((sum, num) => sum + num, []);

• #​9895 1c8e1ef Thanks @​Netail! - Added extra rule sources from react-xyz. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​9891 4d9ac51 Thanks @​dyc3! - Improved the noInvalidUseBeforeDeclaration diagnostic to better explain why using a declaration too early is problematic and how to fix it.

• #​9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for noRedeclare to better explain the problem, why it matters, and how to fix it.

• #​9875 a951586 Thanks @​minseong0324! - Type-aware lint rules now resolve members through Partial<T>, Required<T>, and Readonly<T> utility types, preserving optional, readonly, and nullable member flags.

v2.4.11

Compare Source

Patch Changes

• #​9350 4af4a3a Thanks @​dyc3! - Added the new nursery rule useConsistentTestIt in the test domain. The rule enforces consistent use of either it or test for test functions in Jest/Vitest suites, with separate control for top-level tests and tests inside describe blocks.

  Invalid:

  test("should fly", () => {}); // Top-level test using 'test' flagged, convert to 'it'
  
  describe("pig", () => {
    test("should fly", () => {}); // Test inside 'describe' using 'test' flagged, convert to 'it'
  });

• #​9429 a2f3f7e Thanks @​ematipico! - Added the new nursery lint rule useExplicitReturnType. It reports TypeScript functions and methods that omit an explicit return type.

  function toString(x: any) {
    // rule triggered, it doesn't declare a return type
    return x.toString();
  }

• #​9828 9e40844 Thanks @​ematipico! - Fixed #​9484: the formatter no longer panics when formatting files that contain graphql tagged template literals combined with parenthesized expressions.

• #​9886 e7c681e Thanks @​ematipico! - Fixed an issue where, occasionally, some bindings and references were not properly tracked, causing false positives from noUnusedVariables and noUndeclaredVariables in Svelte, Vue, and Astro files.

• #​9760 5b16d18 Thanks @​myx0m0p! - Fixed #​4093: the noDelete rule no longer triggers for delete process.env.FOO, since delete is the documented way to remove environment variables in Node.js.

• #​9799 2af8efd Thanks @​minseong0324! - Added the rule noMisleadingReturnType. The rule detects when a function's return type annotation is wider than what the implementation actually returns.

  // Flagged: `: string` is wider than `"loading" | "idle"`
  function getStatus(b: boolean): string {
    if (b) return "loading";
    return "idle";
  }

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useFind to better explain the problem, why it matters, and how to fix it.

• #​9755 bff7bdb Thanks @​ematipico! - Improved performance of fix-all operations (--write). Biome is now smarter when it runs lint rules and assist actions. First, it runs only rules that have code fixes, and then runs the rest of the rules.

• #​8651 aafca2d Thanks @​siketyan! - Add a new lint rule useDisposables for JavaScript, which detects disposable objects assigned to variables without using or await using syntax. Disposable objects that implement the Disposable or AsyncDisposable interface are intended to be disposed of after use. Not disposing them can lead to resource or memory leaks, depending on the implementation.

  Invalid:

  function createDisposable(): Disposable {
    return {
      [Symbol.dispose]() {
        // do something
      },
    };
  }
  
  const disposable = createDisposable();

  Valid:

  function createDisposable(): Disposable {
    return {
      [Symbol.dispose]() {
        // do something
      },
    };
  }
  
  using disposable = createDisposable();

• #​9788 53b8e57 Thanks @​MeGaNeKoS! - Fixed #​7760: Added support for CSS scroll-driven animation timeline-range-name keyframe selectors (cover, contain, entry, exit, entry-crossing, exit-crossing). Biome no longer reports parse errors on keyframes like entry 0% { ... } or exit 100% { ... }.

• #​9728 5085424 Thanks @​mkosei! - Fixed #​9696: Astro frontmatter now correctly parses regular expression literals like /\d{4}/.

• #​9261 16b6c49 Thanks @​ematipico! - Fixed #​8409: CSS formatter now correctly places comments after the colon in property declarations.

  Previously, comments that appeared after the colon in CSS property values were incorrectly moved before the property name:

  [lang]:lang(ja) {
  -  /* system-ui,*/ font-family:
  +  font-family: /* system-ui,*/
      Hiragino Sans,
      sans-serif;
  }

• #​9441 957ea4c Thanks @​soconnor-seeq! - Fixed #​1630: LSP project selection now prefers the most specific project root in nested workspaces.

• #​9878 de6210f Thanks @​ematipico! - Fixed #​9118: noUnusedImports no longer reports false positives for default imports used inside Svelte, Vue and Astro components.

• #​9879 ce7e2b7 Thanks @​dyc3! - Fixed a parser diagnostic's message when vue syntax is disabled so that it no longer references the non-existant html.parser.vue option. This option will become available in 2.5.

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useRegexpExec to better explain the problem, why it matters, and how to fix it.

• #​9846 b7134d9 Thanks @​ematipico! - Fixed #​9140: Biome now parses Astro's attribute shorthand inside .astro files. The following snippet no longer reports a parse error:

  ---
  const items = ['a', 'b'];
  ---
  <ul>
    {items.map((item) => <li {item}>row</li>)}
  </ul>

• #​9790 67df09d Thanks @​dyc3! - Fixed #​9781: Trailing comments after a top-level biome-ignore-all format suppression are now preserved instead of being dropped. This applies to JavaScript, CSS, HTML, JSONC, GraphQL, and Grit files.

• #​9745 d87073e Thanks @​ematipico! - Fixed #​9741: the LSP server now correctly returns the organizeImports code action when the client requests it via source.organizeImports.biome in the only filter. Previously, editors with codeAction/resolve support (e.g. Zed) received an empty response because the action was serialized with the wrong kind (source.biome.organizeImports instead of source.organizeImports.biome).

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useArraySome to better explain the problem, why it matters, and how to fix it.

• #​9795 1d09f0f Thanks @​dyc3! - Relaxed useExplicitType for trivially inferrable types.

  Type annotations can now be omitted when types are trivially inferrable from:

  • Binary expressions (const sum = 1 + 1)
  • Comparison expressions (const isEqual = 'a' === 'b', const isTest = process.env.NODE_ENV === 'test')
  • Logical expressions (const and = true && false)
  • Class instantiation (const date = new Date())
  • Array literals (const arr = [1, 2, 3])
  • Conditional expressions (const val = true ? 'yes' : 'no')
  • Function calls (const num = Math.random())
  • Parameter defaults - any expression is now allowed (const fn = (max = MAX_ATTEMPTS) => ...)

  Comparison expressions always return boolean, so any operands are now allowed
  (including property access like process.env.NODE_ENV).

  Parameters with default values no longer require type annotations, as TypeScript
  can infer the type from the default value (even when referencing variables).

  Also removed the redundant any type validation from this rule. The any type
  is now only validated by the dedicated noExplicitAny rule, following the
  Single Responsibility Principle.

• #​9809 e8cad58 Thanks @​Netail! - Added the new nursery rule useQwikLoaderLocation, which enforces that Qwik loader functions are declared in the correct location.

• #​9877 fc9d715 Thanks @​ematipico! - Fixed #​9136 and #​9653: noUndeclaredVariables and noUnusedVariables no longer report false positives on several Svelte template constructs that declare or reference bindings in the host grammar:

  • {#snippet name(params)} — the snippet name and its parameters (including object, array, rest, and nested destructuring) are now tracked.
  • {@​render name(args)} — the snippet name used at the render site is now resolved against the snippet declaration.
  • {#each items as item, index (key)} — the item binding (plain identifier or destructured), the optional index, and the optional key expression are now tracked.
  • {@​const name = value} — the declared name is now tracked as a binding and the initializer is analyzed for undeclared references.
  • {@​debug a, b, c} — each debugged identifier is now analyzed and reported if undeclared.
  • Shorthand attributes <img {src} /> — the curly-shorthand attribute is now analyzed as an expression, so undeclared references inside it are reported.

  For example, the following template no longer triggers either rule:

  <script>
  let items = [];
  let total = 0;
  </script>
  
  {#snippet figure(image)}
      <figure>
          <img src={image.src} alt={image.caption} />
          <figcaption>{image.caption}<
  

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.