fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	^2.4.0 → ^2.4.11			devDependencies	patch
@changesets/changelog-github (source)	^0.5.2 → ^0.6.0			devDependencies	minor
@changesets/cli (source)	^2.29.8 → ^2.30.0			devDependencies	minor
@effect/cli (source)	^0.73.2 → ^0.75.0			dependencies	minor
@effect/cluster (source)	^0.56.4 → ^0.58.0			dependencies	minor
@effect/experimental (source)	^0.58.0 → ^0.60.0			dependencies	minor
@effect/platform (source)	^0.94.5 → ^0.96.0			dependencies	minor
@effect/platform-node (source)	^0.104.1 → ^0.106.0			dependencies	minor
@effect/printer (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/printer-ansi (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/rpc (source)	^0.73.1 → ^0.75.0			dependencies	minor
@effect/sql (source)	^0.49.0 → ^0.51.0			dependencies	minor
@effect/typeclass (source)	^0.38.0 → ^0.40.0			dependencies	minor
@effect/vitest (source)	^0.27.0 → ^0.29.0			devDependencies	minor
@effect/workflow (source)	^0.16.0 → ^0.18.0			dependencies	minor
@eslint-community/eslint-plugin-eslint-comments	^4.6.0 → ^4.7.1			devDependencies	minor
@eslint/compat (source)	2.0.2 → 2.0.5			devDependencies	patch
@eslint/eslintrc	3.3.3 → 3.3.5			devDependencies	patch
@​prover-coder-ai/eslint-plugin-suggest-members	^0.0.25 → ^0.0.26			devDependencies	patch
@types/node (source)	^24.10.13 → ^24.12.2			devDependencies	minor
@typescript-eslint/eslint-plugin (source)	^8.55.0 → ^8.58.1			devDependencies	minor
@typescript-eslint/parser (source)	^8.55.0 → ^8.58.1			devDependencies	minor
@vitest/coverage-v8 (source)	^4.0.18 → ^4.1.4			devDependencies	minor
@vitest/eslint-plugin	^1.6.9 → ^1.6.15			devDependencies	patch
actions/upload-artifact	v6 → v7			action	major
effect (source)	^3.19.17 → ^3.21.0			dependencies	minor
eslint (source)	^10.0.0 → ^10.2.0			devDependencies	minor
eslint-plugin-simple-import-sort	^12.1.1 → ^13.0.0			devDependencies	major
eslint-plugin-sonarjs (source)	^3.0.7 → ^4.0.2			devDependencies	major
eslint-plugin-sort-destructure-keys	^2.0.0 → ^3.0.0			devDependencies	major
eslint-plugin-unicorn	^63.0.0 → ^64.0.0			devDependencies	major
globals	^17.3.0 → ^17.4.0			devDependencies	minor
jscpd	^4.0.8 → ^4.0.9			devDependencies	patch
pnpm (source)	10.29.3 → 10.33.0			packageManager	minor
typescript (source)	^5.9.3 → ^6.0.2			dependencies	major
typescript-eslint (source)	^8.55.0 → ^8.58.1			devDependencies	minor
vite (source)	^7.3.1 → ^8.0.8			devDependencies	major
vitest (source)	^4.0.18 → ^4.1.4			devDependencies	minor

cc @skulidropek

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.11

Compare Source

Patch Changes

• #​9350 4af4a3a Thanks @​dyc3! - Added the new nursery rule useConsistentTestIt in the test domain. The rule enforces consistent use of either it or test for test functions in Jest/Vitest suites, with separate control for top-level tests and tests inside describe blocks.

  Invalid:

  test("should fly", () => {}); // Top-level test using 'test' flagged, convert to 'it'
  
  describe("pig", () => {
    test("should fly", () => {}); // Test inside 'describe' using 'test' flagged, convert to 'it'
  });

• #​9429 a2f3f7e Thanks @​ematipico! - Added the new nursery lint rule useExplicitReturnType. It reports TypeScript functions and methods that omit an explicit return type.

  function toString(x: any) {
    // rule triggered, it doesn't declare a return type
    return x.toString();
  }

• #​9828 9e40844 Thanks @​ematipico! - Fixed #​9484: the formatter no longer panics when formatting files that contain graphql tagged template literals combined with parenthesized expressions.

• #​9886 e7c681e Thanks @​ematipico! - Fixed an issue where, occasionally, some bindings and references were not properly tracked, causing false positives from noUnusedVariables and noUndeclaredVariables in Svelte, Vue, and Astro files.

• #​9760 5b16d18 Thanks @​myx0m0p! - Fixed #​4093: the noDelete rule no longer triggers for delete process.env.FOO, since delete is the documented way to remove environment variables in Node.js.

• #​9799 2af8efd Thanks @​minseong0324! - Added the rule noMisleadingReturnType. The rule detects when a function's return type annotation is wider than what the implementation actually returns.

  // Flagged: `: string` is wider than `"loading" | "idle"`
  function getStatus(b: boolean): string {
    if (b) return "loading";
    return "idle";
  }

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useFind to better explain the problem, why it matters, and how to fix it.

• #​9755 bff7bdb Thanks @​ematipico! - Improved performance of fix-all operations (--write). Biome is now smarter when it runs lint rules and assist actions. First, it runs only rules that have code fixes, and then runs the rest of the rules.

• #​8651 aafca2d Thanks @​siketyan! - Add a new lint rule useDisposables for JavaScript, which detects disposable objects assigned to variables without using or await using syntax. Disposable objects that implement the Disposable or AsyncDisposable interface are intended to be disposed of after use. Not disposing them can lead to resource or memory leaks, depending on the implementation.

  Invalid:

  function createDisposable(): Disposable {
    return {
      [Symbol.dispose]() {
        // do something
      },
    };
  }
  
  const disposable = createDisposable();

  Valid:

  function createDisposable(): Disposable {
    return {
      [Symbol.dispose]() {
        // do something
      },
    };
  }
  
  using disposable = createDisposable();

• #​9788 53b8e57 Thanks @​MeGaNeKoS! - Fixed #​7760: Added support for CSS scroll-driven animation timeline-range-name keyframe selectors (cover, contain, entry, exit, entry-crossing, exit-crossing). Biome no longer reports parse errors on keyframes like entry 0% { ... } or exit 100% { ... }.

• #​9728 5085424 Thanks @​mkosei! - Fixed #​9696: Astro frontmatter now correctly parses regular expression literals like /\d{4}/.

• #​9261 16b6c49 Thanks @​ematipico! - Fixed #​8409: CSS formatter now correctly places comments after the colon in property declarations.

  Previously, comments that appeared after the colon in CSS property values were incorrectly moved before the property name:

  [lang]:lang(ja) {
  -  /* system-ui,*/ font-family:
  +  font-family: /* system-ui,*/
      Hiragino Sans,
      sans-serif;
  }

• #​9441 957ea4c Thanks @​soconnor-seeq! - Fixed #​1630: LSP project selection now prefers the most specific project root in nested workspaces.

• #​9878 de6210f Thanks @​ematipico! - Fixed #​9118: noUnusedImports no longer reports false positives for default imports used inside Svelte, Vue and Astro components.

• #​9879 ce7e2b7 Thanks @​dyc3! - Fixed a parser diagnostic's message when vue syntax is disabled so that it no longer references the non-existant html.parser.vue option. This option will become available in 2.5.

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useRegexpExec to better explain the problem, why it matters, and how to fix it.

• #​9846 b7134d9 Thanks @​ematipico! - Fixed #​9140: Biome now parses Astro's attribute shorthand inside .astro files. The following snippet no longer reports a parse error:

  ---
  const items = ['a', 'b'];
  ---
  <ul>
    {items.map((item) => <li {item}>row</li>)}
  </ul>

• #​9790 67df09d Thanks @​dyc3! - Fixed #​9781: Trailing comments after a top-level biome-ignore-all format suppression are now preserved instead of being dropped. This applies to JavaScript, CSS, HTML, JSONC, GraphQL, and Grit files.

• #​9745 d87073e Thanks @​ematipico! - Fixed #​9741: the LSP server now correctly returns the organizeImports code action when the client requests it via source.organizeImports.biome in the only filter. Previously, editors with codeAction/resolve support (e.g. Zed) received an empty response because the action was serialized with the wrong kind (source.biome.organizeImports instead of source.organizeImports.biome).

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useArraySome to better explain the problem, why it matters, and how to fix it.

• #​9795 1d09f0f Thanks @​dyc3! - Relaxed useExplicitType for trivially inferrable types.

  Type annotations can now be omitted when types are trivially inferrable from:

  • Binary expressions (const sum = 1 + 1)
  • Comparison expressions (const isEqual = 'a' === 'b', const isTest = process.env.NODE_ENV === 'test')
  • Logical expressions (const and = true && false)
  • Class instantiation (const date = new Date())
  • Array literals (const arr = [1, 2, 3])
  • Conditional expressions (const val = true ? 'yes' : 'no')
  • Function calls (const num = Math.random())
  • Parameter defaults - any expression is now allowed (const fn = (max = MAX_ATTEMPTS) => ...)

  Comparison expressions always return boolean, so any operands are now allowed
  (including property access like process.env.NODE_ENV).

  Parameters with default values no longer require type annotations, as TypeScript
  can infer the type from the default value (even when referencing variables).

  Also removed the redundant any type validation from this rule. The any type
  is now only validated by the dedicated noExplicitAny rule, following the
  Single Responsibility Principle.

• #​9809 e8cad58 Thanks @​Netail! - Added the new nursery rule useQwikLoaderLocation, which enforces that Qwik loader functions are declared in the correct location.

• #​9877 fc9d715 Thanks @​ematipico! - Fixed #​9136 and #​9653: noUndeclaredVariables and noUnusedVariables no longer report false positives on several Svelte template constructs that declare or reference bindings in the host grammar:

  • {#snippet name(params)} — the snippet name and its parameters (including object, array, rest, and nested destructuring) are now tracked.
  • {@​render name(args)} — the snippet name used at the render site is now resolved against the snippet declaration.
  • {#each items as item, index (key)} — the item binding (plain identifier or destructured), the optional index, and the optional key expression are now tracked.
  • {@​const name = value} — the declared name is now tracked as a binding and the initializer is analyzed for undeclared references.
  • {@​debug a, b, c} — each debugged identifier is now analyzed and reported if undeclared.
  • Shorthand attributes <img {src} /> — the curly-shorthand attribute is now analyzed as an expression, so undeclared references inside it are reported.

  For example, the following template no longer triggers either rule:

  <script>
  let items = [];
  let total = 0;
  </script>
  
  {#snippet figure(image)}
      <figure>
          <img src={image.src} alt={image.caption} />
          <figcaption>{image.caption}</figcaption>
      </figure>
  {/snippet}
  
  {#each items as item}
      {@&#8203;const price = item.price}
      {@&#8203;render figure(item)}
      <span>{price}</span>
  {/each}
  
  {@&#8203;debug items, total}

• #​9869 78bce77 Thanks @​Netail! - Updated noDuplicateFieldDefinitionNames to also flag duplicate fields within type extensions, interface extensions & input extensions.

• #​9739 0bc2198 Thanks @​dyc3! - Fixed Grit queries that use native Biome AST node names with the native field names that are in our .ungram grammar files. Queries such as JsConditionalExpression(consequent = $cons, alternate = $alt) now compile successfully in biome search and grit plugins.

• #​9811 2dddca3 Thanks @​dyc3! - Updated noImpliedEval to flag new Function() usages, as its a form of indirect eval, and to include no-new-func as a rule source.

• #​9870 ccf9770 Thanks @​Netail! - Marked eslint-qwik-plugin's unused-server as redundant since it was covered by noUnusedVariables.

• #​9701 1417c3b Thanks @​dyc3! - Added the new nursery rule noUselessTypeConversion, which reports redundant primitive conversion patterns such as String(value) when value is already a string.

• #​9248 49f00a3 Thanks @​pkallos! - useNullishCoalescing now also detects ternary expressions that check for null or undefined and suggests rewriting them with ??. A new ignoreTernaryTests option allows disabling this behavior.

• #​9863 6a44619 Thanks @​ematipico! - Fixed #​9690: biome check --write is now idempotent on HTML files that contain embedded <style> or <script> blocks. Previously, each run reported "Fixed 1 file" even when the file content did not actually change, because the embedded language formatter's output was not re-indented to match the surrounding HTML block.

v2.4.10

Compare Source

Patch Changes

• #​8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

  The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

  // Invalid
  setTimeout("alert('Hello');", 100);
  
  // Valid
  setTimeout(() => alert("Hello"), 100);

• #​9320 93c3b6c Thanks @​taberoajorge! - Fixed #​7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

• #​9630 1dd4a56 Thanks @​raashish1601! - Fixed #​9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

• #​9216 04243b0 Thanks @​FrederickStempfle! - Fixed #​9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

  Previously, only the global process object was flagged:

  import process from "node:process";
  // This was not flagged, but now it is:
  console.log(process.env.NODE_ENV);

• #​9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

• #​9627 06a0f35 Thanks @​ematipico! - Fixed #​191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

  Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

  Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

• #​9643 5bfee36 Thanks @​dyc3! - Fixed #​9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

• #​9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

• #​9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

• #​9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

• #​9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

• #​9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

• #​9623 13b3261 Thanks @​ematipico! - Fixed #​9258: --skip no longer causes suppressions/unused warnings for suppression comments targeting skipped rules or domains.

• #​9631 599dd04 Thanks @​raashish1601! - Fixed #​9625: experimentalEmbeddedSnippetsEnabled no longer crashes when a file mixes formatable CSS-in-JS templates with tagged templates that the embedded formatter can't currently delegate, such as a styled-components interpolation returning `css```.

v2.4.9

Compare Source

Patch Changes

• #​9315 085d324 Thanks @​ematipico! - Added a new nursery CSS rule noDuplicateSelectors, that disallows duplicate selector lists within the same at-rule context.

  For example, the following snippet triggers the rule because the second selector and the first selector are the same:

  /* First selector */
  .x .y .z {
  }
  
  /* Second selector */
  .x {
    .y {
      .z {
      }
    }
  }

• #​9567 b7ab931 Thanks @​ematipico! - Fixed #​7211: useOptionalChain now detects negated logical OR chains. The following code is now considered invalid:

  !foo || !foo.bar;

• #​8670 607ebf9 Thanks @​tt-a1i! - Fixed #​8345: useAdjacentOverloadSignatures no longer reports false positives for static and instance methods with the same name. Static methods and instance methods are now treated as separate overload groups.

  class Kek {
    static kek(): number {
      return 0;
    }
    another(): string {
      return "";
    }
    kek(): number {
      return 1;
    } // no longer reported as non-adjacent
  }

• #​9476 97b80a8 Thanks @​masterkain! - Fixed #9475: Fixed a panic when Biome analyzed ambient TypeScript modules containing class constructor, getter, or setter signatures that reference local type aliases. Biome now handles these declarations without crashing during semantic analysis.

• #​9553 0cd5298 Thanks @​dyc3! - Fixed a bug where enabling the rules of a whole group, would enable rules that belonged to a domain under the same group.

  For example, linter.rules.correctness = "error" no longer enables React- or Qwik-specific correctness rules unless linter.domains.react, linter.domains.qwik, or an explicit rule config also enables them, or their relative dependencies are installed.

• #​9586 4cafb71 Thanks @​dyc3! - Fixed #​8828: Grit patterns using export { $foo } from $source now match named re-exports in JavaScript and TypeScript files.

• #​9550 d4e3d6e Thanks @​dyc3! - Fixed #​9548: Biome now parses conditional expressions whose consequent is an arrow function returning a parenthesized object expression.

• #​8696 a7c19cc Thanks @​Faizanq! - Fixed #​8685 where noUselessLoneBlockStatements would remove empty blocks containing comments. The rule now preserves these blocks since comments may contain important information like TODOs or commented-out code.

• #​9557 6671ac5 Thanks @​datalek! - Fixed #​9557: Biome's LSP server no longer crashes on startup when used with editors that don't send workspaceFolders during initialization. This affected any LSP client that only sends rootUri, which is valid per the LSP specification.

• #​9455 1710cf1 Thanks @​omar-y-abdi! - Fixed #​9174: useExpect now correctly rejects asymmetric matchers in Vitest or Jest like expect.stringContaining(), expect.objectContaining(), and utilities like expect.extend() that are not valid assertions. Previously these constructs caused false negatives, allowing tests without real assertions to pass the lint rule.

• #​9584 956e367 Thanks @​ematipico! - Fixed a bug where Vue directive attribute values like v-bind:class="{'dynamic': true}" were incorrectly parsed as JavaScript statements instead of expressions. Object literals inside directive values like :class, v-if, and v-html are now correctly parsed as expressions, preventing spurious parse errors.

• #​9474 e168494 Thanks @​ematipico! - Added the new nursery rule noUntrustedLicenses. This rule disallows dependencies that ship with invalid licenses or licenses that don't meet the criteria of your project/organisation.

  The rule has the following options:

  • allow: a list of licenses that can be allowed. Useful to bypass possible invalid licenses from downstream dependencies.
  • deny: a list of licenses that should trigger the rule. Useful to deny licenses that don't fit your project/organisation.
    When both deny and allow are provided, deny takes precedence.
  • requireOsiApproved: whether the licenses need to be approved by the Open Source Initiative.
  • requireFsfLibre: whether the licenses need to be approved by the Free Software Foundation.

• #​9544 723798b Thanks @​ViniciusDev26! - Added an unsafe fix to useConsistentMethodSignatures that automatically converts between method-style and property-style signatures.

• #​9555 8a3647b Thanks @​ematipico! - Fixed #188: the Biome Language Server no longer panics when open files change abruptly, such as during git branch checkouts.

• #​9605 f65c637 Thanks @​ematipico! - Fixed #​9589. Now Biome correctly parses object expressions inside props and directives. The following code doesn't emit errors anymore:

  <style is:global define:vars={{ bgLight: light }}>
  <Component name={{ first, name }} />

• #​9565 ccb249e Thanks @​eyupcanakman! - Fixed #​9505: noUselessStringConcat no longer reports tagged template literals as useless string concatenations. Tagged templates invoke a function and can return non-string values, so combining them with + is not equivalent to a single template literal.

• #​9534 4d050df Thanks @​Netail! - Added the nursery rule noInlineStyles. The rule disallows the use of inline style attributes in HTML and the style prop in JSX, including React.createElement calls. Inline styles make code harder to maintain and can interfere with Content Security Policy.

• #​9611 cddaa44 Thanks @​gaauwe! - Fixed a regression where Biome LSP could misread editor settings sent through workspace/didChangeConfiguration when the payload was wrapped in a top-level biome key. This caused requireConfiguration and related settings to be ignored in some editors.

v2.4.8

Compare Source

Patch Changes

• #​9488 bc709f6 Thanks @​mvanhorn! - Fixed #​9463: the "Biome found a configuration file outside of the current working directory" diagnostic now includes the configuration file path and the working directory, giving users actionable information to debug the issue.

• #​9527 2f8bf80 Thanks @​mdm317! - Fixed #​8959: Fixed TypeScript arrow function formatting when a comment appears after =>.

• #​9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleUpdateWithoutWhere to prevent accidental full-table updates when using Drizzle ORM without a .where() clause.

• #​9531 1302740 Thanks @​ematipico! - Fixed #​9187: Astro frontmatter containing regex literals with quotes (/'/, /"/) or dashes (/---/) no longer causes parse errors.

• #​9535 b630d93 Thanks @​leno23! - Fixed #​9524: remove extra space before > when bracketSameLine is true and the self-closing slash is absent in HTML formatter.

• #​9537 81e6306 Thanks @​ematipico! - Fixed #​9238: The HTML parser no longer incorrectly reports --- inside element content (e.g. <td>---</td>) as an "Unexpe

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 2 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 36, reused 0, downloaded 0, added 0
packages/app                             |  WARN  deprecated @effect/schema@0.75.5
Progress: resolved 45, reused 0, downloaded 0, added 0
Progress: resolved 96, reused 0, downloaded 0, added 0
Progress: resolved 142, reused 0, downloaded 0, added 0
Progress: resolved 191, reused 0, downloaded 0, added 0
Progress: resolved 266, reused 0, downloaded 0, added 0
Progress: resolved 359, reused 0, downloaded 0, added 0
Progress: resolved 402, reused 0, downloaded 0, added 0
Progress: resolved 449, reused 0, downloaded 0, added 0
Progress: resolved 590, reused 0, downloaded 0, added 0
Progress: resolved 764, reused 0, downloaded 0, added 0
Progress: resolved 781, reused 0, downloaded 0, added 0
Progress: resolved 786, reused 0, downloaded 0, added 0
Progress: resolved 801, reused 0, downloaded 0, added 0
 ERR_PNPM_UNUSED_PATCH  The following patches were not used: @typescript-eslint/eslint-plugin@8.55.0

Either remove them from "patchedDependencies" or update them to match packages in your dependencies.