fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	^2.4.0 → ^2.4.9			devDependencies	patch
@changesets/changelog-github (source)	^0.5.2 → ^0.6.0			devDependencies	minor
@changesets/cli (source)	^2.29.8 → ^2.30.0			devDependencies	minor
@effect/cli (source)	^0.73.2 → ^0.75.0			dependencies	minor
@effect/cluster (source)	^0.56.4 → ^0.58.0			dependencies	minor
@effect/experimental (source)	^0.58.0 → ^0.60.0			dependencies	minor
@effect/platform (source)	^0.94.5 → ^0.96.0			dependencies	minor
@effect/platform-node (source)	^0.104.1 → ^0.106.0			dependencies	minor
@effect/printer (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/printer-ansi (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/rpc (source)	^0.73.1 → ^0.75.0			dependencies	minor
@effect/sql (source)	^0.49.0 → ^0.51.0			dependencies	minor
@effect/typeclass (source)	^0.38.0 → ^0.40.0			dependencies	minor
@effect/vitest (source)	^0.27.0 → ^0.29.0			devDependencies	minor
@effect/workflow (source)	^0.16.0 → ^0.18.0			dependencies	minor
@eslint-community/eslint-plugin-eslint-comments	^4.6.0 → ^4.7.1			devDependencies	minor
@eslint/compat (source)	2.0.2 → 2.0.3			devDependencies	patch
@eslint/eslintrc	3.3.3 → 3.3.5			devDependencies	patch
@types/node (source)	^24.10.13 → ^24.12.0			devDependencies	minor
@typescript-eslint/eslint-plugin (source)	^8.55.0 → ^8.57.2			devDependencies	minor
@typescript-eslint/parser (source)	^8.55.0 → ^8.57.2			devDependencies	minor
@vitest/coverage-v8 (source)	^4.0.18 → ^4.1.1			devDependencies	minor
@vitest/eslint-plugin	^1.6.9 → ^1.6.13			devDependencies	patch
actions/upload-artifact	v6 → v7			action	major
effect (source)	^3.19.17 → ^3.21.0			dependencies	minor
eslint (source)	^10.0.0 → ^10.1.0			devDependencies	minor
eslint-plugin-sonarjs (source)	^3.0.7 → ^4.0.2			devDependencies	major
eslint-plugin-sort-destructure-keys	^2.0.0 → ^3.0.0			devDependencies	major
globals	^17.3.0 → ^17.4.0			devDependencies	minor
node	24.13.1 → 24.14.1			uses-with	minor
pnpm (source)	10.29.3 → 10.33.0			packageManager	minor
pnpm/action-setup	v4 → v5			action	major
typescript (source)	^5.9.3 → ^6.0.2			devDependencies	major
typescript-eslint (source)	^8.55.0 → ^8.57.2			devDependencies	minor
vite (source)	^7.3.1 → ^8.0.2			devDependencies	major
vitest (source)	^4.0.18 → ^4.1.1			devDependencies	minor

cc @skulidropek

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.9

Compare Source

Patch Changes

• #​9315 085d324 Thanks @​ematipico! - Added a new nursery CSS rule noDuplicateSelectors, that disallows duplicate selector lists within the same at-rule context.

  For example, the following snippet triggers the rule because the second selector and the first selector are the same:

  /* First selector */
  .x .y .z {
  }
  
  /* Second selector */
  .x {
    .y {
      .z {
      }
    }
  }

• #​9567 b7ab931 Thanks @​ematipico! - Fixed #​7211: useOptionalChain now detects negated logical OR chains. The following code is now considered invalid:

  !foo || !foo.bar;

• #​8670 607ebf9 Thanks @​tt-a1i! - Fixed #​8345: useAdjacentOverloadSignatures no longer reports false positives for static and instance methods with the same name. Static methods and instance methods are now treated as separate overload groups.

  class Kek {
    static kek(): number {
      return 0;
    }
    another(): string {
      return "";
    }
    kek(): number {
      return 1;
    } // no longer reported as non-adjacent
  }

• #​9476 97b80a8 Thanks @​masterkain! - Fixed #9475: Fixed a panic when Biome analyzed ambient TypeScript modules containing class constructor, getter, or setter signatures that reference local type aliases. Biome now handles these declarations without crashing during semantic analysis.

• #​9553 0cd5298 Thanks @​dyc3! - Fixed a bug where enabling the rules of a whole group, would enable rules that belonged to a domain under the same group.

  For example, linter.rules.correctness = "error" no longer enables React- or Qwik-specific correctness rules unless linter.domains.react, linter.domains.qwik, or an explicit rule config also enables them, or their relative dependencies are installed.

• #​9586 4cafb71 Thanks @​dyc3! - Fixed #​8828: Grit patterns using export { $foo } from $source now match named re-exports in JavaScript and TypeScript files.

• #​9550 d4e3d6e Thanks @​dyc3! - Fixed #​9548: Biome now parses conditional expressions whose consequent is an arrow function returning a parenthesized object expression.

• #​8696 a7c19cc Thanks @​Faizanq! - Fixed #​8685 where noUselessLoneBlockStatements would remove empty blocks containing comments. The rule now preserves these blocks since comments may contain important information like TODOs or commented-out code.

• #​9557 6671ac5 Thanks @​datalek! - Fixed #​9557: Biome's LSP server no longer crashes on startup when used with editors that don't send workspaceFolders during initialization. This affected any LSP client that only sends rootUri, which is valid per the LSP specification.

• #​9455 1710cf1 Thanks @​omar-y-abdi! - Fixed #​9174: useExpect now correctly rejects asymmetric matchers in Vitest or Jest like expect.stringContaining(), expect.objectContaining(), and utilities like expect.extend() that are not valid assertions. Previously these constructs caused false negatives, allowing tests without real assertions to pass the lint rule.

• #​9584 956e367 Thanks @​ematipico! - Fixed a bug where Vue directive attribute values like v-bind:class="{'dynamic': true}" were incorrectly parsed as JavaScript statements instead of expressions. Object literals inside directive values like :class, v-if, and v-html are now correctly parsed as expressions, preventing spurious parse errors.

• #​9474 e168494 Thanks @​ematipico! - Added the new nursery rule noUntrustedLicenses. This rule disallows dependencies that ship with invalid licenses or licenses that don't meet the criteria of your project/organisation.

  The rule has the following options:

  • allow: a list of licenses that can be allowed. Useful to bypass possible invalid licenses from downstream dependencies.
  • deny: a list of licenses that should trigger the rule. Useful to deny licenses that don't fit your project/organisation.
    When both deny and allow are provided, deny takes precedence.
  • requireOsiApproved: whether the licenses need to be approved by the Open Source Initiative.
  • requireFsfLibre: whether the licenses need to be approved by the Free Software Foundation.

• #​9544 723798b Thanks @​ViniciusDev26! - Added an unsafe fix to useConsistentMethodSignatures that automatically converts between method-style and property-style signatures.

• #​9555 8a3647b Thanks @​ematipico! - Fixed #188: the Biome Language Server no longer panics when open files change abruptly, such as during git branch checkouts.

• #​9605 f65c637 Thanks @​ematipico! - Fixed #​9589. Now Biome correctly parses object expressions inside props and directives. The following code doesn't emit errors anymore:

  <style is:global define:vars={{ bgLight: light }}>
  <Component name={{ first, name }} />

• #​9565 ccb249e Thanks @​eyupcanakman! - Fixed #​9505: noUselessStringConcat no longer reports tagged template literals as useless string concatenations. Tagged templates invoke a function and can return non-string values, so combining them with + is not equivalent to a single template literal.

• #​9534 4d050df Thanks @​Netail! - Added the nursery rule noInlineStyles. The rule disallows the use of inline style attributes in HTML and the style prop in JSX, including React.createElement calls. Inline styles make code harder to maintain and can interfere with Content Security Policy.

• #​9611 cddaa44 Thanks @​gaauwe! - Fixed a regression where Biome LSP could misread editor settings sent through workspace/didChangeConfiguration when the payload was wrapped in a top-level biome key. This caused requireConfiguration and related settings to be ignored in some editors.

v2.4.8

Compare Source

Patch Changes

• #​9488 bc709f6 Thanks @​mvanhorn! - Fixed #​9463: the "Biome found a configuration file outside of the current working directory" diagnostic now includes the configuration file path and the working directory, giving users actionable information to debug the issue.

• #​9527 2f8bf80 Thanks @​mdm317! - Fixed #​8959: Fixed TypeScript arrow function formatting when a comment appears after =>.

• #​9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleUpdateWithoutWhere to prevent accidental full-table updates when using Drizzle ORM without a .where() clause.

• #​9531 1302740 Thanks @​ematipico! - Fixed #​9187: Astro frontmatter containing regex literals with quotes (/'/, /"/) or dashes (/---/) no longer causes parse errors.

• #​9535 b630d93 Thanks @​leno23! - Fixed #​9524: remove extra space before > when bracketSameLine is true and the self-closing slash is absent in HTML formatter.

• #​9537 81e6306 Thanks @​ematipico! - Fixed #​9238: The HTML parser no longer incorrectly reports --- inside element content (e.g. <td>---</td>) as an "Unexpected value or character" error.

• #​9532 4b64145 Thanks @​ematipico! - Fixed #​9117: biome check --write no longer falsely reports Svelte and Vue files as changed when html.formatter.indentScriptAndStyle is enabled and the files are already correctly formatted.

• #​9528 61451ef Thanks @​ematipico! - Fixed #​9341: Fixed an LSP crash that could corrupt file content when saving with format-on-save enabled.

• #​9538 794f79c Thanks @​ematipico! - Fixed #​9279: The rule noSubstr now detects .substr() and .substring() calls in all expression contexts, including variable declarations, function arguments, return statements, and arrow function bodies.

• #​9462 c23272c Thanks @​ematipico! - Fixed #​9370: The resolver now correctly prioritizes more specific exports patterns over less specific ones. Previously, a pattern like "./*" could match before "./features/*", causing resolution failures for packages with overlapping subpath patterns.

• #​9515 f85c069 Thanks @​shivamtiwari3! - Fixed #​9506 and #​9479: Biome no longer reports false parse errors on <script type="speculationrules"> and <script type="application/ld+json"> tags. These script types contain non-JavaScript content and are now correctly skipped by the embedded language detector.

• #​9514 7fe43c8 Thanks @​ematipico! - Fixed #​6964: Biome now correctly resolves the .gitignore file relative to vcs.root when configured. Previously, the vcs.root setting was ignored and Biome always looked for the ignore file in the workspace directory.

• #​9521 af39936 Thanks @​ematipico! - Fixed #​9483. Now the rule noRedeclare doesn't panic when it encounters constructor overloads.

• #​9490 60cf024 Thanks @​willfarrell! - Added support for modern CSS properties, pseudo-classes, and pseudo-elements.

  New known properties: dynamic-range-limit, overlay, reading-flow, reading-order, scroll-marker-group, scroll-target-group.

  New pseudo-elements: ::checkmark, ::column, ::picker, ::picker-icon, ::scroll-button, ::scroll-marker, ::scroll-marker-group.

  New pseudo-classes: :active-view-transition-type, :has-slotted, :target-after, :target-before, :target-current.

• #​9526 4d42823 Thanks @​ematipico! - Fixed #​9358 and #​9375. Now attributes that have text expressions such as class={buttonClass()} are correctly tracked in Svelte files.

• #​9520 61f53ee Thanks @​ematipico! - Fixed #​9519. Now noUnusedVariables doesn't flag variables that are used as typeof type.

• #​9487 331dc0d Thanks @​mvanhorn! - Fixed #​9477: source.fixAll.biome no longer sorts imports when source.organizeImports.biome is disabled in editor settings. The organize imports action is now excluded from the fix-all pass unless explicitly requested.

• #​9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleDeleteWithoutWhere to prevent accidental full-table deletes when using Drizzle ORM without a .where() clause.

v2.4.7

Compare Source

Patch Changes

• #​9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

  For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

  a {
    accent-color: bar;
  }

• #​9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

  // Invalid
  import { foo } from "foo";
  const bar = 1;
  import { baz } from "baz"; // ← flagged
  
  // Valid
  import { foo } from "foo";
  import { baz } from "baz";
  const bar = 1;

• #​9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

• #​9435 6c5a8f2 Thanks @​siketyan! - Fixed #​9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

• #​9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

• #​9420 a1c46af Thanks @​ematipico! - Fixed #​9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

• #​9416 f2581b8 Thanks @​ematipico! - Fixed #​9131, #​9112, #​9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

• #​9344 cb4d7d7 Thanks @​ematipico! - Fixed #​6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

• #​9360 bc5dd99 Thanks @​ematipico! - Fixed #​7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

• #​9371 29cac17 Thanks @​ematipico! - Fixed #​5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

• #​9043 61e2a02 Thanks @​dyc3! - Fixed #​8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

• #​9354 930c858 Thanks @​denbezrukov! - Improved CSS parser recovery for invalid unicode-range values that mix wildcard ranges with range intervals. For example, Biome now reports clearer diagnostics for invalid syntax like:

  unicode-range: U+11???-2??;
  unicode-range: U+11???-;

  with diagnostics such as:

  × Wildcard ranges cannot be combined with a range interval.
    > unicode-range: U+11???-2??;
                              ^
  
  × Expected a codepoint but instead found ';'.
    > unicode-range: U+11???-;
                               ^
  

• #​9355 78e74a2 Thanks @​SchahinRohani! - Fixed #​9349: Biome now correctly handles Vue dynamic :alt and v-bind:alt bindings in useAltText, preventing false positives in .vue files.

• #​9369 b309dde Thanks @​costajohnt! - Fixed #​9210: useAnchorContent no longer reports an accessibility error for Astro Image components inside links when they provide non-empty alt text.

• #​9345 70c2d4e Thanks @​ematipico! - Fixed #​7214: useOptionalChain now detects optional chain patterns that don't start at the beginning of a logical AND expression. For example, bar && foo && foo.length is now correctly flagged and fixed to bar && foo?.length.

• #​9311 78c4e9b Thanks @​ruidosujeira! - Fixed #​9245: the useSemanticElements rule no longer suggests <output> for role="status" and role="alert". The <output> element is only a relatedConcept of these roles, not a direct semantic equivalent. These roles are now excluded from suggestions, aligning with the intended behavior of the upstream prefer-tag-over-role rule.

• #​9363 b2ffb4a Thanks @​ematipico! - Fixed #​5212: useSemanticElements no longer reports a diagnostic when a semantic element already has its corresponding role attribute (e.g. <nav role="navigation">, <footer role="contentinfo">). These cases are now correctly left to noRedundantRoles.

• #​9364 1bb9edc Thanks @​xvchris! - Fixed #​9357. Improved the information emitted by some diagnostics.

• #​9434 bf12092 Thanks @​siketyan! - Fixed #​9433: noBlankTarget now correctly handles dynamic href attributes, such as <a href={company?.website} target="_blank">.

• #​9351 5046d2b Thanks @​Netail! - Expanded the noNegationElse rule to cover the inequality & strict inequality operator.

• #​9353 2a29e0d Thanks @​Conaclos! - Fixed #​7583:
  organizeImports now
  sorts named specifiers inside bare exports and merges bare exports.

  - export { b, a };
  - export { c };
  + export { a, b, c };

  Also, organizeImports now correctly adds a blank line between an import chunk
  and an export chunk.

    import { A } from "package";
  +
    export { A };

• #​8658 bdcc934 Thanks @​rksvc! - When the domains field is set in the configuration file, domains is now automatically enabled when Biome detects certain dependencies in package.json.

• #​9383 f5c8bf0 Thanks @​ematipico! - Fixed #​6606: The type inference engine now resolves Record<K, V> types, synthesizing them as object types with index signatures. This improves accuracy for type-aware lint rules such as noFloatingPromises, noMisusedPromises, useAwaitThenable, and useArraySortCompare when operating on Record-typed values.

• #​9359 701ddd3 Thanks @​ematipico! - Fixed #​7516: noUnusedImports no longer reports a false positive when a local variable shadows an imported type namespace that is still used in a type annotation.

• #​9473 50e93bd Thanks @​ematipico! - Improved the detection of variables inside Astro files. Now the rule noUnusedVariables and others will trigger fewer false positives.

• #​9459 171b2ee Thanks @​ematipico! - Fixed #​9314. Now Biome doesn't panic when useAriaPropsForRole is configured using an object.

• #​9465 c8918d6 Thanks @​Netail! - Fixed #​9464: Temporal is now correctly detected as a global.

• #​9367 722f0da Thanks @​Netail! - Added the nursery rule noTopLevelLiterals. It requires the root-level value to be an array or object.

  Invalid:

  "just a string"

• #​9333 a294b89 Thanks @​terror! - Fixed #​9310. Now the HTML formatter doesn't mangle elements that are followed by self-closing elements such as <br> or <img>.

• #​9391 4bffb66 Thanks @​ematipico! - Slightly increased the performance of the CLI in projects that have more than ~2K files.

• #​9365 776cb64 Thanks @​Netail! - Added the nursery rule noEmptyObjectKeys, which disallows the use of empty keys in JSON objects.

  Invalid:

  {
    "": "value"
  }

v2.4.6

Compare Source

Patch Changes

• #​9305 40869b5 Thanks @​ematipico! - Fixed #​4946: noUnreachable no longer reports code inside finally blocks as unreachable when there is a break, continue, or return in the corresponding try body.

• #​9303 464910c Thanks @​ematipico! - Fixed #​2786: The formatter no longer produces different output on subsequent runs when a case clause has a trailing line comment followed by a single block statement.

• #​9324 6294aa2 Thanks @​arendjr! - Fixed #7730: useAnchorContent now recognises SolidJS's innerHTML the same way as React's dangerouslySetInnerHTML.

• #​9298 1003229 Thanks @​Netail! - Fixed #9296, so comments are moved along with the attributes in the useSortedAttributes assist rule code fix.

• #​9329 855b451 Thanks @​dyc3! - Improved performance of noEmptyBlockStatements. The rule is now smarter about short-circuiting its logic.

• #​9326 85dfe9b Thanks @​dyc3! - Improved performance for noImportCycles by explicitly excluding node_modules from the cycle detection. The performance improvement is directly proportional to how big your dependency tree is.

• #​9323 d5ee469 Thanks @​ematipico! - Fixed #​9217 and biomejs/biome-vscode#959, where the Biome language server didn't correctly resolve the editor setting configurationPath when the provided value is a relative path.

• #​9302 86fbc70 Thanks @​sepagian! - Fixed [#​9300](https://redirect.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 2 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
packages/app                             |  WARN  deprecated @effect/schema@0.75.5
Progress: resolved 43, reused 0, downloaded 0, added 0
Progress: resolved 46, reused 0, downloaded 0, added 0
Progress: resolved 147, reused 0, downloaded 0, added 0
Progress: resolved 190, reused 0, downloaded 0, added 0
Progress: resolved 294, reused 0, downloaded 0, added 0
Progress: resolved 367, reused 0, downloaded 0, added 0
Progress: resolved 497, reused 0, downloaded 0, added 0
Progress: resolved 661, reused 0, downloaded 0, added 0
Progress: resolved 781, reused 0, downloaded 0, added 0
 ERR_PNPM_UNUSED_PATCH  The following patches were not used: @typescript-eslint/eslint-plugin@8.55.0

Either remove them from "patchedDependencies" or update them to match packages in your dependencies.
Progress: resolved 808, reused 0, downloaded 0, added 0