chore(deps): bump the monorepo-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the monorepo-dependencies group with 9 updates in the / directory:

Package	From	To
@biomejs/biome	2.3.14	2.4.5
@changesets/changelog-github	0.5.2	0.6.0
@changesets/cli	2.29.8	2.30.0
@types/node	25.2.3	25.3.3
lint-staged	16.2.7	16.3.2
preact	10.28.3	10.28.4
turbo	2.8.6	2.8.13
preact-render-to-string	6.6.5	6.6.6
es-module-lexer	1.7.0	2.0.0

Updates @biomejs/biome from 2.3.14 to 2.4.5

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.5

2.4.5

Patch Changes

• #9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

• #9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

• #9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

• #9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

• #9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9178 101b3bb Thanks @​Bertie690! - Fixed #9172 and #9168: Biome now considers more constructs as valid test assertions.

  Previously, assert, expectTypeOf and assertType were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

  Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

  import { expectTypeOf, assert, assertType } from "vitest";
  const myStr = "Hello from vitest!";
  it("should be a string", () => {
  expectTypeOf(myStr).toBeString();
  });
  test("should still be a string", () => {
  assertType<string>(myStr);
  });
  it.todo("should still still be a string", () => {
  assert(typeof myStr === "string");
  });

• #9173 32dad2d Thanks @​dyc3! - Added parsing support for Svelte's new comments-in-tags feature.

  The HTML parser will now accept JS style comments in tags in Svelte files.

  <button
    // single-line comment
    onclick={doTheThing}
  >click me</button>
  <div

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.5

Patch Changes

• #9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

• #9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

• #9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

• #9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

• #9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9178 101b3bb Thanks @​Bertie690! - Fixed #9172 and #9168: Biome now considers more constructs as valid test assertions.

  Previously, assert, expectTypeOf and assertType were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

  Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

  import { expectTypeOf, assert, assertType } from "vitest";
  const myStr = "Hello from vitest!";
  it("should be a string", () => {
  expectTypeOf(myStr).toBeString();
  });
  test("should still be a string", () => {
  assertType<string>(myStr);
  });
  it.todo("should still still be a string", () => {
  assert(typeof myStr === "string");
  });

• #9173 32dad2d Thanks @​dyc3! - Added parsing support for Svelte's new comments-in-tags feature.

  The HTML parser will now accept JS style comments in tags in Svelte files.

  <button
    // single-line comment
    onclick={doTheThing}
  >click me</button>
  <div
  /* block comment */
  class="foo"

... (truncated)

Commits

• 3bc07ab ci: release (#9188)
• 6b01778 feat(linter): add useUnicodeRegex rule (#8773)
• e43e730 feat(lint/html): add useVueScopedStyles (#9185)
• edf8bb6 feat(lint): add ||= to ??= detection in useNullishCoalescing (#9257)
• 9bbdf4d feat(lint): add nursery rule useNamedCaptureGroup (#9048)
• 1f2fe2e feat: prefer-array-some from eslint-plugin-unicorn (#9056)
• 1d2ca15 feat(lint): add useNullishCoalescing nursery rule (#8952)
• 101b3bb fix(lint): consider more constructs as valid test assertions (#9178)
• 3d0648f feat(biome_js_analyze): implement noVueRefAsOperand (#9063)
• 6c296ea ci: release (#9160)
• Additional commits viewable in compare view

Updates @changesets/changelog-github from 0.5.2 to 0.6.0

Release notes

Sourced from @​changesets/changelog-github's releases.

@​changesets/changelog-github@​0.6.0

Minor Changes

• #1850 fd0bc2e Thanks @​mixelburg! - Linkify issue references in changelog entries.

Patch Changes

• #1810 27fd8f4 Thanks @​hirasso! - Replace deprecated String.prototype.trimRight with String.prototype.trimEnd

• Updated dependencies [d4b8ad8, e462d89]:

  • @​changesets/get-github-info@​0.8.0

Commits

• 3ab4d89 Version Packages (#1817)
• 1772598 Fix changelog entry insertion when no package title is present in the `CHANGE...
• 6df3a5e Allow versioned private packages to depend on skipped packages without requir...
• 2a73025 Fix confusing 'Question-2' prompt label when using external editor (#1857)
• 667fe5a Support ESM for custom changelog and commit options (#1774)
• e462d89 Add scopes automatically in the GitHub new token link in the printed error me...
• 503fcaa Support absolute paths in status output flag (#1776)
• d4b8ad8 Improve error messages when fetching from GitHub api (#1781)
• ece0376 Improve baseBranch docs (#1778)
• 0e8e01e Allow Changesets to be executed from non-root directories (#1806)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​changesets/changelog-github since your current version.

Updates @changesets/cli from 2.29.8 to 2.30.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.30.0

Minor Changes

• #1840 057cca2 Thanks @​wotan-allfather! - Add --since flag to add command

  The add command now supports a --since flag that allows you to specify which branch, tag, or git ref to use when detecting changed packages. This is useful for gitflow workflows where you have multiple target branches and the baseBranch config option doesn't cover all use cases.

  Example: changeset add --since=develop

  If not provided, the command falls back to the baseBranch value in your .changeset/config.json.

• #1845 2b4a66a Thanks @​Andarist! - Delegate OTP prompting to the package manager instead of handling it in-process. This allows Changesets to use the package manager's native web auth support.

• #1774 667fe5a Thanks @​bluwy! - Support importing custom commit option ES module. Previously, it used require() which only worked for CJS modules, however now it uses import() which supports both CJS and ES modules.

• #1839 73b1809 Thanks @​leochiu-a! - Add a --message (-m) flag to changeset add (and default changeset) so the changeset summary can be provided from the command line. When --message is present, the summary prompt is skipped while the final confirmation step is kept.

• #1806 0e8e01e Thanks @​luisadame! - Changeset CLI can now be run from the nested directories in the project, where the .changeset directory has to be found in one of the parent directories

Patch Changes

• #1849 9dc3230 Thanks @​Andarist! - Compute the terminal's size lazily to avoid spurious stderr output in non-interactive mode

• #1857 2a73025 Thanks @​mixelburg! - Fix confusing prompt labels when entering changeset summary after external editor fallback

• #1842 6df3a5e Thanks @​RodrigoHamuy! - Allow private packages to depend on skipped packages without requiring them to also be skipped. Private packages are not published to npm, so it is safe for them to have dependencies on ignored or unversioned packages.

• #1776 503fcaa Thanks @​bluwy! - Support absolute paths in changeset status --output <path>

• Updated dependencies [667fe5a, 1772598, b6f4c74, 6df3a5e, 6df3a5e, 27fd8f4]:

  • @​changesets/apply-release-plan@​7.1.0
  • @​changesets/config@​3.1.3
  • @​changesets/get-release-plan@​4.0.15
  • @​changesets/read@​0.6.7

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​changesets/cli since your current version.

Updates @types/node from 25.2.3 to 25.3.3

Commits

• See full diff in compare view

Updates lint-staged from 16.2.7 to 16.3.2

Release notes

Sourced from lint-staged's releases.

v16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Changelog

Sourced from lint-staged's changelog.

16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Commits

• dfd6a7a chore(changeset): release
• 2adaf6c fix(Windows): do not spawn tasks as detached since it opens a cmd window on ...
• 60957ce docs: add CONTRIBUTING.md
• 2a74cd2 chore(changeset): release
• cd5d762 refactor: remove nano-spawn dependency completely
• e342cab build(deps): move nano-spawn to dev
• 9aa2cd7 chore(changeset): release
• 0c387bc test: make long-running task longer because of GitHub Actions slowness
• 87467aa refactor: detect incorrect brace expansion exhaustively
• dceabc6 ci: run npm audit in GitHub Actions
• Additional commits viewable in compare view

Updates preact from 10.28.3 to 10.28.4

Release notes

Sourced from preact's releases.

10.28.4

Fixes

• Fix crash where a synchronous effect render unmounts the tree (#5026, thanks @​JoviDeCroock)

Performance

• Core size optimizations (#5022, thanks @​JoviDeCroock)
• Hooks size optimizations (#5021, thanks @​JoviDeCroock)
• Make oldProps diffing more compact (#5004) (#5019, thanks @​JoviDeCroock)
• Compat size optimizations (#5020, thanks @​JoviDeCroock)
• Land size optimization separately (#5018, thanks @​JoviDeCroock)

Commits

• b4f9cab 10.28.4 (#5027)
• 8cbed5f Fix crash where a synchronous effect render unmounts the tree (#5026)
• 4ac7204 Core size optimizations (#5022)
• e02fd69 Make forEach --> some (#5021)
• 387d8f2 refactor(diff): make oldProps diffing more compact (#5004) (#5019)
• 084b75f Transform forEach to some and consolidate condition (#5020)
• 3c8506d Land size optimization separately (#5018)
• See full diff in compare view

Updates turbo from 2.8.6 to 2.8.13

Release notes

Sourced from turbo's releases.

Turborepo v2.8.13

What's Changed

@​turbo/repository

• feat: Add experimentalObservability with an OTel backend by @​bkonkle in vercel/turborepo#11130
• release(library): 0.0.1-canary.20 by @​github-actions[bot] in vercel/turborepo#12116

Examples

• feat: Add with-otel example with pre-configured Grafana dashboard by @​anthonyshew in vercel/turborepo#12043
• examples: Upgrade with-react-native-web example to use latest versions by @​serjooo in vercel/turborepo#12085
• fix: Duplicate /signup? in Vercel URL by @​04cb in vercel/turborepo#12088
• examples: Fix markdown links inside code blocks in basic README by @​sleitor in vercel/turborepo#11946

Changelog

• fix: Suppress npm upgrade notices in integration tests and consolidate test helpers by @​anthonyshew in vercel/turborepo#12036
• fix: Replace flaky pnpx symlink-dir with native NTFS junctions in find-turbo test by @​anthonyshew in vercel/turborepo#12039
• fix: Prevent corepack download prompt from hanging prysk tests on Windows by @​anthonyshew in vercel/turborepo#12041
• fix: Send OTEL metrics without requiring --summarize flag by @​anthonyshew in vercel/turborepo#12042
• docs: Fix incorrect otel future flag bypass claim by @​anthonyshew in vercel/turborepo#12047
• fix: Address root causes of 9 flaky tests and remove retry workarounds by @​anthonyshew in vercel/turborepo#12045
• test: Port 6 prysk CLI tests to pure Rust by @​anthonyshew in vercel/turborepo#12048
• docs: Fix experimentalObservability config reference by @​bkonkle in vercel/turborepo#12052
• test: Port 10 more prysk tests to pure Rust by @​anthonyshew in vercel/turborepo#12051
• test: Port 14 more prysk tests to Rust (single-package + commands) by @​anthonyshew in vercel/turborepo#12054
• test: Port 13 more prysk tests to Rust by @​anthonyshew in vercel/turborepo#12057
• fix: Exclude peer dependencies from workspace external dep resolution by @​anthonyshew in vercel/turborepo#12050
• test: Port all 15 workspace-configs prysk tests to Rust by @​anthonyshew in vercel/turborepo#12058
• perf: Stream file contents during hashing to lower memory usage by @​anthonyshew in vercel/turborepo#12059
• fix: Treat npm: alias dependencies as external, not workspace references by @​anthonyshew in vercel/turborepo#12061
• test: Port 18 more prysk tests to Rust (other/ + lockfile-aware-caching/) by @​anthonyshew in vercel/turborepo#12062
• fix: Preserve file: protocol entries in pruned yarn v1 lockfile by @​anthonyshew in vercel/turborepo#12064
• perf: Use stack-allocated OidHash in FileHashes and skip expanded hashes on normal runs by @​anthonyshew in vercel/turborepo#12065
• test: Port all 8 find-turbo prysk tests to Rust by @​anthonyshew in vercel/turborepo#12066
• fix: Support pnpm per-workspace lockfiles in turbo prune by @​anthonyshew in vercel/turborepo#12067
• test: Port final 2 prysk tests to Rust (100% complete) by @​anthonyshew in vercel/turborepo#12068
• fix: Resolve Berry prune failure when resolutions contain patch overrides by @​anthonyshew in vercel/turborepo#12069
• test: Add lockfile fixture for yarn berry resolution pruning (issue #2791) by @​anthonyshew in vercel/turborepo#12071
• refactor: Clean up test infrastructure and eliminate duplication by @​anthonyshew in vercel/turborepo#12072
• fix: Retain injected workspace package entries during pnpm lockfile pruning by @​anthonyshew in vercel/turborepo#12073
• refactor: Clean up test infrastructure + improve test quality by @​anthonyshew in vercel/turborepo#12074
• perf: Speed up lockfile test suite by @​anthonyshew in vercel/turborepo#12078
• fix: Preserve file: and link: protocol entries in pruned bun lockfile by @​anthonyshew in vercel/turborepo#12076
• fix: Stop running unnecessary npm install in engines tests by @​anthonyshew in vercel/turborepo#12081
• test: Add lockfile fixture for pnpm v9 injected workspace deps (issue #8243) by @​anthonyshew in vercel/turborepo#12082
• fix: Filter orphaned Yarn packageExtensions entries during lockfile pruning by @​anthonyshew in vercel/turborepo#12084
• fix: Align experimentalObservability on object maps rather than arrays by @​bkonkle in vercel/turborepo#12089
• fix: Prevent yarn integration tests from hanging on corepack prompts by @​anthonyshew in vercel/turborepo#12090
• fix: Prevent turbo dev from hanging when daemon file watching fails by @​anthonyshew in vercel/turborepo#12091
• perf: Optimize npm lockfile parser by @​anthonyshew in vercel/turborepo#12093
• chore: Trim unused dependency features for faster compilation by @​anthonyshew in vercel/turborepo#12094
• fix: Prevent lockfile-aware yarn test from hanging on corepack downloads by @​anthonyshew in vercel/turborepo#12095

... (truncated)

Commits

• 0c5af8f publish 2.8.13 to registry
• 3d6ab7f ci: Use base Windows runners for Rust test partitions (#12131)
• 421f198 release(turborepo): 2.8.13-canary.17 (#12132)
• 5cac526 ci: Optimize Rust caching in CI pipelines (#12130)
• 8579ddd fix: Correct dependency iteration order so dependencies takes precedence ov...
• 42f8e2f release(turborepo): 2.8.13-canary.16 (#12128)
• a6481f8 fix: Omit None otel fields during turbo prune serialization (#12126)
• 2a72aed release(turborepo): 2.8.13-canary.15 (#12127)
• 92018dc fix: Microfrontends merges with into root config instead of replacing it (#...
• 09d6daa fix: Stabilize flaky watch_file_change_reruns_affected_package test (#12123)
• Additional commits viewable in compare view

Updates preact-render-to-string from 6.6.5 to 6.6.6

Release notes

Sourced from preact-render-to-string's releases.

v6.6.6

Patch Changes

• #446 b7b288c Thanks @​JoviDeCroock! - Fix issues regarding streaming full HTML documents

Changelog

Sourced from preact-render-to-string's changelog.

6.6.6

Patch Changes

• #446 b7b288c Thanks @​JoviDeCroock! - Fix issues regarding streaming full HTML documents

Commits

• 4c47e70 Merge pull request #447 from preactjs/changeset-release/main
• e71cb4e Version Packages
• 867be3e Merge pull request #448 from preactjs/document-streaming
• 5e1b20b Apply suggestion from @​JoviDeCroock
• 6c0ace6 Apply suggestions from code review
• 811f05b Add streaming to readme
• e5dbe50 Merge pull request #446 from preactjs/chunked-rendering-fixes
• b7b288c Add doctype html and changeset
• c63d294 Fixes
• 7dd1349 Fix client code as well
• Additional commits viewable in compare view

Updates es-module-lexer from 1.7.0 to 2.0.0

Release notes

Sourced from es-module-lexer's releases.

2.0.0

What's Changed

• feat: support import attribute item parsing by @​guybedford in guybedford/es-module-lexer#194
• breaking: remove import assertions by @​guybedford in guybedford/es-module-lexer#191
• fix: global reference by @​guybedford in guybedford/es-module-lexer#193

Full Changelog: guybedford/es-module-lexer@1.7.0...2.0.0

Commits

• 0603c6f 2.0.0
• 066ce56 feat: support import attribute item parsing (#194)
• fd6f6ab breaking: remove import assertions (#191)
• e21f663 fix: global reference (#193)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.