Update All Dependencies (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	1.9.4 → 2.4.8			devDependencies	major
@fortawesome/fontawesome-svg-core (source)	^6.7.1 → ^7.0.0			dependencies	major
@fortawesome/free-brands-svg-icons (source)	^6.7.1 → ^7.0.0			dependencies	major
@fortawesome/free-regular-svg-icons (source)	^6.7.1 → ^7.0.0			dependencies	major
@fortawesome/free-solid-svg-icons (source)	^6.7.1 → ^7.0.0			dependencies	major
@storybook/addon-a11y (source)	8.4.7 → 10.3.1			devDependencies	major
@storybook/addon-themes (source)	8.4.7 → 10.3.1			devDependencies	major
@storybook/builder-vite (source)	^8.4.7 → ^10.0.0			dependencies	major
@storybook/icons	^1.3.0 → ^2.0.0			devDependencies	major
@types/jsdom (source)	^21.1.7 → ^28.0.0			devDependencies	major
@types/node (source)	^22.10.1 → ^24.0.0			devDependencies	major
@types/node (source)	^18.19.67 → ^24.0.0			devDependencies	major
@types/node (source)	^20.11.24 → ^24.0.0			devDependencies	major
@​types/tar	^6.1.11 → ^7.0.0			devDependencies	major
@vitest/coverage-v8 (source)	^2.1.8 → ^4.0.0			devDependencies	major
actions/checkout	v4 → v6			action	major
actions/setup-node	v4 → v6			action	major
chokidar	^4.0.1 → ^5.0.0			devDependencies	major
daisyui (source)	^4.12.10 → ^4.12.10 || ^5.0.0			peerDependencies	major
jsdom	^25.0.1 → ^29.0.0			devDependencies	major
node	20 → 24			uses-with	major
npm-run-all2	^7.0.0 → ^8.0.0			devDependencies	major
pnpm (source)	9.9.0 → 10.32.1			packageManager	major
pnpm (source)	9 → 10			uses-with	major
pnpm (source)	8 → 10			uses-with	major
pnpm/action-setup	v3 → v5			action	major
purgecss (source)	^7.0.2 → ^8.0.0			devDependencies	major
storybook (source)	^8.4.7 → ^10.0.0			devDependencies	major
tailwindcss (source)	^3.4.4 → ^3.4.4 || ^4.0.0			peerDependencies	major
tailwindcss (source)	^3.4.16 → ^4.0.0			devDependencies	major
tar	^6.2.0 → ^7.0.0			dependencies	major
vite (source)	^6.0.3 → ^8.0.0			devDependencies	major
vite (source)	^6 → ^8.0.0			devDependencies	major
vitest (source)	^2.1.8 → ^4.0.0			devDependencies	major
wait-on	^8.0.1 → ^9.0.0			devDependencies	major

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.8

Compare Source

Patch Changes

• #​9488 bc709f6 Thanks @​mvanhorn! - Fixed #​9463: the "Biome found a configuration file outside of the current working directory" diagnostic now includes the configuration file path and the working directory, giving users actionable information to debug the issue.

• #​9527 2f8bf80 Thanks @​mdm317! - Fixed #​8959: Fixed TypeScript arrow function formatting when a comment appears after =>.

• #​9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleUpdateWithoutWhere to prevent accidental full-table updates when using Drizzle ORM without a .where() clause.

• #​9531 1302740 Thanks @​ematipico! - Fixed #​9187: Astro frontmatter containing regex literals with quotes (/'/, /"/) or dashes (/---/) no longer causes parse errors.

• #​9535 b630d93 Thanks @​leno23! - Fixed #​9524: remove extra space before > when bracketSameLine is true and the self-closing slash is absent in HTML formatter.

• #​9537 81e6306 Thanks @​ematipico! - Fixed #​9238: The HTML parser no longer incorrectly reports --- inside element content (e.g. <td>---</td>) as an "Unexpected value or character" error.

• #​9532 4b64145 Thanks @​ematipico! - Fixed #​9117: biome check --write no longer falsely reports Svelte and Vue files as changed when html.formatter.indentScriptAndStyle is enabled and the files are already correctly formatted.

• #​9528 61451ef Thanks @​ematipico! - Fixed #​9341: Fixed an LSP crash that could corrupt file content when saving with format-on-save enabled.

• #​9538 794f79c Thanks @​ematipico! - Fixed #​9279: The rule noSubstr now detects .substr() and .substring() calls in all expression contexts, including variable declarations, function arguments, return statements, and arrow function bodies.

• #​9462 c23272c Thanks @​ematipico! - Fixed #​9370: The resolver now correctly prioritizes more specific exports patterns over less specific ones. Previously, a pattern like "./*" could match before "./features/*", causing resolution failures for packages with overlapping subpath patterns.

• #​9515 f85c069 Thanks @​shivamtiwari3! - Fixed #​9506 and #​9479: Biome no longer reports false parse errors on <script type="speculationrules"> and <script type="application/ld+json"> tags. These script types contain non-JavaScript content and are now correctly skipped by the embedded language detector.

• #​9514 7fe43c8 Thanks @​ematipico! - Fixed #​6964: Biome now correctly resolves the .gitignore file relative to vcs.root when configured. Previously, the vcs.root setting was ignored and Biome always looked for the ignore file in the workspace directory.

• #​9521 af39936 Thanks @​ematipico! - Fixed #​9483. Now the rule noRedeclare doesn't panic when it encounters constructor overloads.

• #​9490 60cf024 Thanks @​willfarrell! - Added support for modern CSS properties, pseudo-classes, and pseudo-elements.

  New known properties: dynamic-range-limit, overlay, reading-flow, reading-order, scroll-marker-group, scroll-target-group.

  New pseudo-elements: ::checkmark, ::column, ::picker, ::picker-icon, ::scroll-button, ::scroll-marker, ::scroll-marker-group.

  New pseudo-classes: :active-view-transition-type, :has-slotted, :target-after, :target-before, :target-current.

• #​9526 4d42823 Thanks @​ematipico! - Fixed #​9358 and #​9375. Now attributes that have text expressions such as class={buttonClass()} are correctly tracked in Svelte files.

• #​9520 61f53ee Thanks @​ematipico! - Fixed #​9519. Now noUnusedVariables doesn't flag variables that are used as typeof type.

• #​9487 331dc0d Thanks @​mvanhorn! - Fixed #​9477: source.fixAll.biome no longer sorts imports when source.organizeImports.biome is disabled in editor settings. The organize imports action is now excluded from the fix-all pass unless explicitly requested.

• #​9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleDeleteWithoutWhere to prevent accidental full-table deletes when using Drizzle ORM without a .where() clause.

v2.4.7

Compare Source

Patch Changes

• #​9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

  For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

  a {
    accent-color: bar;
  }

• #​9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

  // Invalid
  import { foo } from "foo";
  const bar = 1;
  import { baz } from "baz"; // ← flagged
  
  // Valid
  import { foo } from "foo";
  import { baz } from "baz";
  const bar = 1;

• #​9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

• #​9435 6c5a8f2 Thanks @​siketyan! - Fixed #​9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

• #​9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

• #​9420 a1c46af Thanks @​ematipico! - Fixed #​9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

• #​9416 f2581b8 Thanks @​ematipico! - Fixed #​9131, #​9112, #​9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

• #​9344 cb4d7d7 Thanks @​ematipico! - Fixed #​6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

• #​9360 bc5dd99 Thanks @​ematipico! - Fixed #​7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

• #​9371 29cac17 Thanks @​ematipico! - Fixed #​5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

• #​9043 61e2a02 Thanks @​dyc3! - Fixed #​8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

• #​9354 930c858 Thanks @​denbezrukov! - Improved CSS parser recovery for invalid unicode-range values that mix wildcard ranges with range intervals. For example, Biome now reports clearer diagnostics for invalid syntax like:

  unicode-range: U+11???-2??;
  unicode-range: U+11???-;

  with diagnostics such as:

  × Wildcard ranges cannot be combined with a range interval.
    > unicode-range: U+11???-2??;
                              ^
  
  × Expected a codepoint but instead found ';'.
    > unicode-range: U+11???-;
                               ^
  

• #​9355 78e74a2 Thanks @​SchahinRohani! - Fixed #​9349: Biome now correctly handles Vue dynamic :alt and v-bind:alt bindings in useAltText, preventing false positives in .vue files.

• #​9369 b309dde Thanks @​costajohnt! - Fixed #​9210: useAnchorContent no longer reports an accessibility error for Astro Image components inside links when they provide non-empty alt text.

• #​9345 70c2d4e Thanks @​ematipico! - Fixed #​7214: useOptionalChain now detects optional chain patterns that don't start at the beginning of a logical AND expression. For example, bar && foo && foo.length is now correctly flagged and fixed to bar && foo?.length.

• #​9311 78c4e9b Thanks @​ruidosujeira! - Fixed #​9245: the useSemanticElements rule no longer suggests <output> for role="status" and role="alert". The <output> element is only a relatedConcept of these roles, not a direct semantic equivalent. These roles are now excluded from suggestions, aligning with the intended behavior of the upstream prefer-tag-over-role rule.

• #​9363 b2ffb4a Thanks @​ematipico! - Fixed #​5212: useSemanticElements no longer reports a diagnostic when a semantic element already has its corresponding role attribute (e.g. <nav role="navigation">, <footer role="contentinfo">). These cases are now correctly left to noRedundantRoles.

• #​9364 1bb9edc Thanks @​xvchris! - Fixed #​9357. Improved the information emitted by some diagnostics.

• #​9434 bf12092 Thanks @​siketyan! - Fixed #​9433: noBlankTarget now correctly handles dynamic href attributes, such as <a href={company?.website} target="_blank">.

• #​9351 5046d2b Thanks @​Netail! - Expanded the noNegationElse rule to cover the inequality & strict inequality operator.

• #​9353 2a29e0d Thanks @​Conaclos! - Fixed #​7583:
  organizeImports now
  sorts named specifiers inside bare exports and merges bare exports.

  - export { b, a };
  - export { c };
  + export { a, b, c };

  Also, organizeImports now correctly adds a blank line between an import chunk
  and an export chunk.

    import { A } from "package";
  +
    export { A };

• #​8658 bdcc934 Thanks @​rksvc! - When the domains field is set in the configuration file, domains is now automatically enabled when Biome detects certain dependencies in package.json.

• #​9383 f5c8bf0 Thanks @​ematipico! - Fixed #​6606: The type inference engine now resolves Record<K, V> types, synthesizing them as object types with index signatures. This improves accuracy for type-aware lint rules such as noFloatingPromises, noMisusedPromises, useAwaitThenable, and useArraySortCompare when operating on Record-typed values.

• #​9359 701ddd3 Thanks @​ematipico! - Fixed #​7516: noUnusedImports no longer reports a false positive when a local variable shadows an imported type namespace that is still used in a type annotation.

• #​9473 50e93bd Thanks @​ematipico! - Improved the detection of variables inside Astro files. Now the rule noUnusedVariables and others will trigger fewer false positives.

• #​9459 171b2ee Thanks @​ematipico! - Fixed #​9314. Now Biome doesn't panic when useAriaPropsForRole is configured using an object.

• #​9465 c8918d6 Thanks @​Netail! - Fixed #​9464: Temporal is now correctly detected as a global.

• #​9367 722f0da Thanks @​Netail! - Added the nursery rule noTopLevelLiterals. It requires the root-level value to be an array or object.

  Invalid:

  "just a string"

• #​9333 a294b89 Thanks @​terror! - Fixed #​9310. Now the HTML formatter doesn't mangle elements that are followed by self-closing elements such as <br> or <img>.

• #​9391 4bffb66 Thanks @​ematipico! - Slightly increased the performance of the CLI in projects that have more than ~2K files.

• #​9365 776cb64 Thanks @​Netail! - Added the nursery rule noEmptyObjectKeys, which disallows the use of empty keys in JSON objects.

  Invalid:

  {
    "": "value"
  }

v2.4.6

Compare Source

Patch Changes

• #​9305 40869b5 Thanks @​ematipico! - Fixed #​4946: noUnreachable no longer reports code inside finally blocks as unreachable when there is a break, continue, or return in the corresponding try body.

• #​9303 464910c Thanks @​ematipico! - Fixed #​2786: The formatter no longer produces different output on subsequent runs when a case clause has a trailing line comment followed by a single block statement.

• #​9324 6294aa2 Thanks @​arendjr! - Fixed #7730: useAnchorContent now recognises SolidJS's innerHTML the same way as React's dangerouslySetInnerHTML.

• #​9298 1003229 Thanks @​Netail! - Fixed #9296, so comments are moved along with the attributes in the useSortedAttributes assist rule code fix.

• #​9329 855b451 Thanks @​dyc3! - Improved performance of noEmptyBlockStatements. The rule is now smarter about short-circuiting its logic.

• #​9326 85dfe9b Thanks @​dyc3! - Improved performance for noImportCycles by explicitly excluding node_modules from the cycle detection. The performance improvement is directly proportional to how big your dependency tree is.

• #​9323 d5ee469 Thanks @​ematipico! - Fixed #​9217 and biomejs/biome-vscode#959, where the Biome language server didn't correctly resolve the editor setting configurationPath when the provided value is a relative path.

• #​9302 86fbc70 Thanks @​sepagian! - Fixed #​9300: Lowercase component member expressions like <form.Field> in Svelte and Astro files are now correctly formatted.

  -<form .Field></form.Field>
  +<form.Field></form.Field>

v2.4.5

Compare Source

Patch Changes

• #​9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

• #​9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

• #​9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

• #​9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

• #​9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​9178 101b3bb Thanks @​Bertie690! - Fixed #​9172 and #​9168:
  Biome now considers more constructs as valid test assertions.

  Previously, assert, expectTypeOf and assertType
  were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

  Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

  import { expectTypeOf, assert, assertType } from "vitest";
  
  const myStr = "Hello from vitest!";
  it("should be a string", () => {
    expectTypeOf(myStr).toBeString();
  });
  test("should still be a string", () => {
    assertType<string>(myStr);
  });
  it.todo("should still still be a string", () => {
    assert(typeof myStr === "string");
  });

• #​9173 32dad2d Thanks @​dyc3! - Added parsing support for Svelte's new comments-in-tags feature.

  The HTML parser will now accept JS style comments in tags in Svelte files.

  <button
    // single-line comment
    onclick={doTheThing}
  >click me</button>
  
  <div
    /* block comment */
    class="foo"
  >text</div>

• #​8952 1d2ca15 Thanks @​pkallos! - Added the nursery rule useNullishCoalescing. This rule suggests using the nullish coalescing operator (??) instead of logical OR (||) when the left operand may be nullish. This prevents bugs where falsy values like 0, '', or false are incorrectly treated as missing. Addresses #​8043

  // Invalid
  declare const x: string | null;
  const value = x || "default";
  
  // Valid
  const value = x ?? "default";

• #​9243 1992a85 Thanks @​Netail! - Fixed #​7813: improved the diagnostic of the rule useExhaustiveDependencies. The diagnostic now shows the name of the variable to add to the dependency array.

• #​9063 3d0648f Thanks @​taga3s! - Added the nursery rule noVueRefAsOperand. This rule disallows cases where a ref is used as an operand.

  The following code is now flagged:

  import { ref } from "vue";
  
  const count = ref(0);
  count++; // Should be: count.value++

  import { ref } from "vue";
  
  const ok = ref(false);
  if (ok) {
    // Should be: if (ok.value)
    //
  }

• #​9273 f239e20 Thanks @​denbezrukov! - Fixed #​9253: parsing of @container scroll-state(...) queries.

  @​container scroll-state(scrolled: bottom) {
  }
  @​container scroll-state(stuck) {
  }
  @​container scroll-state(not (stuck)) {
  }
  @​container scroll-state((stuck) and (scrolled: bottom)) {
  }
  @​container scroll-state((stuck) or (snapped: x)) {
  }
  @​container main-layout scroll-state(not ((stuck) and (scrolled: bottom))) {
  }

• #​9259 96939c0 Thanks @​ematipico! - Fixed CSS formatter incorrectly collapsing selectors when a BOM (Byte Order Mark) character is present at the start of the file. The formatter now correctly preserves line breaks between comments and selectors in BOM-prefixed CSS files, matching Prettier's behavior.

• #​9251 59e33fb Thanks @​ematipico! - Fixed #​9249: The CSS formatter no longer incorrectly breaks ratio values (like 1 / -1) across lines when followed by comments.

• #​9284 ec3a17f Thanks @​denbezrukov! - Fixed #​9253: removed false-positive diagnostics for valid @container/@supports general-enclosed queries.

  @​container scroll-state(scrolled: bottom) {
  }
  @​supports foo(bar: baz) {
  }

• #​9215 b2619a1 Thanks @​FrederickStempfle! - Fixed #​9189: biome ci in GitHub Actions now correctly disables colors so that ::error/::warning workflow commands are not wrapped in ANSI escape codes.

• #​9256 65ae4c1 Thanks @​ematipico! - Fixed JSON reporter escaping of special characters in diagnostic messages. The JSON reporter now properly escapes double quotes, backslashes, and control characters in error messages and advice text, preventing invalid JSON output when diagnostics contain these characters.

• #​9223 5b9da81 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't write output to a file when --reporter-file was specified. The output is now correctly written to the specified file instead of always going to stdout.

• #​9154 c487e54 Thanks @​abossenbroek! - Fixed #​9115: The noPlaywrightMissingAwait rule no longer produces false positives on jest-dom matchers like toBeVisible, toBeChecked, toHaveAttribute, etc. For matchers shared between Playwright and jest-dom, the rule now checks whether expect()'s argument is a Playwright locator or page object before flagging. Added semantic variable resolution so that extracted Playwright locators (e.g. const loc = page.locator('.item'); expect(loc).toBeVisible()) are still correctly flagged.

• #​9269 33e5cdf Thanks @​dyc3! - Fixed a false positive where noUndeclaredVariables reported bindings from Vue <script setup> as undeclared when used in <template>.

  This change ensures embedded bindings collected from script snippets (like imports and defineModel results) are respected by the rule.

• #​9267 2c2e060 Thanks @​ematipico! - Fixed #​9143 and #​8849: The noUnresolvedImports rule no longer reports false positives for several common patterns:

  • node:fs, node:path, node:url, and other Node.js built-in modules with the node: prefix are now accepted.
  • Packages that declare their TypeScript entry point via "typings" (instead of "types") in package.json now resolve correctly.
  • Named imports from aliased re-export chains (e.g. `export { x as y } from ".

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.