Skip to content

chore(deps-dev): bump the all-dev-updates group across 1 directory with 6 updates#139

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-dev-updates-b964342fdc
Open

chore(deps-dev): bump the all-dev-updates group across 1 directory with 6 updates#139
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-dev-updates-b964342fdc

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-dev-updates group with 6 updates in the / directory:

Package From To
@biomejs/biome 2.5.0 2.5.3
@tanstack/router-plugin 1.168.18 1.168.19
@vitejs/plugin-react 6.0.2 6.0.3
shadcn 4.11.0 4.13.0
vite 8.0.16 8.1.3
vitest 4.1.9 4.1.10

Updates @biomejs/biome from 2.5.0 to 2.5.3

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.3

2.5.3

Patch Changes

  • #10815 86613d5 Thanks @​WaterWhisperer! - Fixed a parser panic reported in #10708: Biome now recovers when unsupported CSS Modules @value rules or scoped @keyframes names end at EOF.

  • #10534 da9b403 Thanks @​Mokto! - Fixed noUnusedVariables false positives in Svelte files: Svelte store subscriptions ($store references in templates now keep the underlying store binding from being flagged), and $bindable() props that are only written to in the script block (write-only is intentional for bindable props) are no longer reported as unused.

  • #10827 098ba41 Thanks @​Aqu1bp! - Fixed #10698: The noUnsafeOptionalChaining rule now reports unsafe optional chains wrapped in TypeScript as, satisfies, type assertion, and instantiation expressions, such as new (value?.constructor as Constructor)().

  • #10773 3c6513d Thanks @​otkrickey! - Fixed #10772: useVueValidVOn no longer reports a missing handler for v-on directives using a verb modifier (.stop / .prevent) without an expression, e.g. <div @click.stop></div>. The rule also accepts the arg-less object syntax <div v-on="$listeners"></div> instead of reporting a missing event name.

  • #10721 d83c66b Thanks @​minseong0324! - Improved type-aware lint rule inference for built-in globals and indexed function calls. Biome now resolves Error(...), new Error(...), optional Error#stack, and calls through indexed function values such as handlers[0](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/0) more accurately.

  • #10865 6450276 Thanks @​ematipico! - Fixed #10845. Biome Language Server no longer goes in deadlock when the scanner is enabled.

  • #10853 93d8e53 Thanks @​Netail! - Fixed #10840: Astro shorthand attribute syntax is now correctly being parsed from embedded nodes.

  • #10820 bba3092 Thanks @​JamBalaya56562! - Fixed #10619: noProcessEnv now also reports computed (bracket) member access. Previously only dot access was checked, so process["env"] and env["NODE_ENV"] (where env is imported from node:process) were missed. Both static and computed accesses are now reported.

  • #10835 3447b2f Thanks @​dyc3! - Fixed #10824: useDomQuerySelector now supports an ignore option for receiver identifiers that should not be reported.

  • #10875 b12e486 Thanks @​dyc3! - Fixed #10795: --profile-rules now reports timings for each plugin separately as plugin/<pluginName>, matching the naming used by plugin suppressions, instead of aggregating all plugins under a single plugin/plugin entry.

  • #10877 d6bc447 Thanks @​ematipico! - Fixed biome-zed#164: Biome no longer inserts stray whitespace when format-on-type runs after closing delimiters such as ), ], and }.

  • #10867 a21463e Thanks @​dyc3! - Fixed #10864: Biome no longer crashes when checking or linting HTML files with unquoted attribute values such as <textarea rows=4></textarea>.

What's Changed

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.3

Patch Changes

  • #10815 86613d5 Thanks @​WaterWhisperer! - Fixed a parser panic reported in #10708: Biome now recovers when unsupported CSS Modules @value rules or scoped @keyframes names end at EOF.

  • #10534 da9b403 Thanks @​Mokto! - Fixed noUnusedVariables false positives in Svelte files: Svelte store subscriptions ($store references in templates now keep the underlying store binding from being flagged), and $bindable() props that are only written to in the script block (write-only is intentional for bindable props) are no longer reported as unused.

  • #10827 098ba41 Thanks @​Aqu1bp! - Fixed #10698: The noUnsafeOptionalChaining rule now reports unsafe optional chains wrapped in TypeScript as, satisfies, type assertion, and instantiation expressions, such as new (value?.constructor as Constructor)().

  • #10773 3c6513d Thanks @​otkrickey! - Fixed #10772: useVueValidVOn no longer reports a missing handler for v-on directives using a verb modifier (.stop / .prevent) without an expression, e.g. <div @click.stop></div>. The rule also accepts the arg-less object syntax <div v-on="$listeners"></div> instead of reporting a missing event name.

  • #10721 d83c66b Thanks @​minseong0324! - Improved type-aware lint rule inference for built-in globals and indexed function calls. Biome now resolves Error(...), new Error(...), optional Error#stack, and calls through indexed function values such as handlers[0](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/0) more accurately.

  • #10865 6450276 Thanks @​ematipico! - Fixed #10845. Biome Language Server no longer goes in deadlock when the scanner is enabled.

  • #10853 93d8e53 Thanks @​Netail! - Fixed #10840: Astro shorthand attribute syntax is now correctly being parsed from embedded nodes.

  • #10820 bba3092 Thanks @​JamBalaya56562! - Fixed #10619: noProcessEnv now also reports computed (bracket) member access. Previously only dot access was checked, so process["env"] and env["NODE_ENV"] (where env is imported from node:process) were missed. Both static and computed accesses are now reported.

  • #10835 3447b2f Thanks @​dyc3! - Fixed #10824: useDomQuerySelector now supports an ignore option for receiver identifiers that should not be reported.

  • #10875 b12e486 Thanks @​dyc3! - Fixed #10795: --profile-rules now reports timings for each plugin separately as plugin/<pluginName>, matching the naming used by plugin suppressions, instead of aggregating all plugins under a single plugin/plugin entry.

  • #10877 d6bc447 Thanks @​ematipico! - Fixed biome-zed#164: Biome no longer inserts stray whitespace when format-on-type runs after closing delimiters such as ), ], and }.

  • #10867 a21463e Thanks @​dyc3! - Fixed #10864: Biome no longer crashes when checking or linting HTML files with unquoted attribute values such as <textarea rows=4></textarea>.

2.5.2

Patch Changes

  • #10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #10752 f62fb8b Thanks @​ematipico! - Fixed #10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #10796 f1b3ab2 Thanks @​ematipico! - Fixed #10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

... (truncated)

Commits

Updates @tanstack/router-plugin from 1.168.18 to 1.168.19

Release notes

Sourced from @​tanstack/router-plugin's releases.

@​tanstack/router-plugin@​1.168.19

Patch Changes

  • Updated dependencies [9809a06]:
    • @​tanstack/router-core@​1.171.14
    • @​tanstack/react-router@​1.170.17
    • @​tanstack/router-generator@​1.167.18
Changelog

Sourced from @​tanstack/router-plugin's changelog.

1.168.19

Patch Changes

  • Updated dependencies [9809a06]:
    • @​tanstack/router-core@​1.171.14
    • @​tanstack/react-router@​1.170.17
    • @​tanstack/router-generator@​1.167.18
Commits

Updates @vitejs/plugin-react from 6.0.2 to 6.0.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.3 (2026-06-23)

Commits
  • 640fd35 release: plugin-react@6.0.3
  • 889efb0 fix(deps): update all non-major dependencies (#1249)
  • 6c57dd4 fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...
  • 3cc33a7 fix(deps): update react-related dependencies (#1245)
  • c0f7c7f docs: mention the Biome rule in the "Consistent components exports" section (...
  • cd80f0f fix(deps): update all non-major dependencies (#1241)
  • e38acca fix(deps): update all non-major dependencies (#1227)
  • 9a9bb26 perf(react): improve react compiler preset so that slightly more modules are ...
  • See full diff in compare view

Updates shadcn from 4.11.0 to 4.13.0

Release notes

Sourced from shadcn's releases.

shadcn@4.13.0

Minor Changes

shadcn@4.12.0

Minor Changes

shadcn@4.11.1

Patch Changes

Changelog

Sourced from shadcn's changelog.

4.13.0

Minor Changes

4.12.0

Minor Changes

4.11.1

Patch Changes

Commits

Updates vite from 8.0.16 to 8.1.3

Release notes

Sourced from vite's releases.

v8.1.3

Please refer to CHANGELOG.md for details.

v8.1.2

Please refer to CHANGELOG.md for details.

v8.1.1

Please refer to CHANGELOG.md for details.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.3 (2026-07-02)

Bug Fixes

8.1.2 (2026-06-30)

Bug Fixes

  • deps: revert es-module-lexer to 2.1.0 (#22827) (0d3bd7c)
  • restore, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (#22757)" (#22825) (efb98cc)
  • revert, "fix: escape ids with multiple null bytes (#22687)" (cccef55)
  • revert, "fix: resolve pnpm .modules.yaml from workspace root instead of cwd (#22757)" (cf97711)

8.1.1 (2026-06-30)

Features

  • update dynamic import warning to link to Vite docs (#22823) (62bd7af)

Bug Fixes

  • bundled-dev: avoid stack overflow on import.meta.hot.invalidate() (#22797) (709eb8e)
  • bundled-dev: serve assets emitted during HMR/lazy compile (#22745) (5876b2c)
  • bundledDev: skip plugin transform hooks for rolldown-lazy stub modules (#22778) (8f925e2)
  • css: preserve dollar signs in external @import urls with lightningcss (#22718) (9fa7ab4)
  • css: resolve tsconfig paths in CSS and Sass @​import (#22775) (ef0b891)
  • deps: update all non-major dependencies (#22734) (e635f49)
  • deps: update all non-major dependencies (#22804) (8837400)
  • deps: update rolldown-related dependencies (#22591) (2ce6677)
  • escape ids with multiple null bytes (#22687) (833fc30)
  • hide console window when running 'net use' on Windows (#22698) (92b63f2)
  • ignore bundled config temp dir (#22800) (043a810)
  • invert esbuild.jsxSideEffects when converting to oxc.jsx.pure (#22809) (33895ba)
  • optimize-deps: ignore ERR_CLOSED_SERVER in scanner (#22784) (085a0ab)
  • optimizer: scanner should resolve input from root (#22769) (9722b07)
  • resolve pnpm .modules.yaml from workspace root instead of cwd (#22757) (2531ac7)
  • return sourcemap field from some plugins that were lacking (#22782) (7e18bf8)
  • server: handle malformed URI in indexHtmlMiddleware (#22781) (84f5ccc)

Miscellaneous Chores

Code Refactoring

  • css: remove lightningcss null byte bug workaround (#22822) (2dafd3b)
  • use pre-defined environments variable to avoid duplicate Object.values calls (#22790) (1113acf)

... (truncated)

Commits
  • 578ffb8 release: v8.1.3
  • 7103c3a fix(deps): bump es-module-lexer to 2.3.0 (#22838)
  • 1534d36 fix(css): inject inlined CSS after the shebang line (#22717)
  • c4acd69 fix(ssr): correct stacktrace column position for first line (#22828)
  • 2c53054 fix: preload css for nested dynamic imports (#22759)
  • ba31193 release: v8.1.2
  • 0d3bd7c fix(deps): revert es-module-lexer to 2.1.0 (#22827)
  • efb98cc fix: restore, "fix: resolve pnpm .modules.yaml from workspace root instead of...
  • cf97711 fix: revert, "fix: resolve pnpm .modules.yaml from workspace root instead of ...
  • cccef55 fix: revert, "fix: escape ids with multiple null bytes (#22687)"
  • Additional commits viewable in compare view

Updates vitest from 4.1.9 to 4.1.10

Release notes

Sourced from vitest's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • db616d2 chore: release v4.1.10 (#10718)
  • bae52b5 fix(vm): fix external module resolve error with deps optimizer query for enco...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…th 6 updates

Bumps the all-dev-updates group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.5.0` | `2.5.3` |
| [@tanstack/router-plugin](https://github.com/TanStack/router/tree/HEAD/packages/router-plugin) | `1.168.18` | `1.168.19` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `6.0.2` | `6.0.3` |
| [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `4.11.0` | `4.13.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.16` | `8.1.3` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.9` | `4.1.10` |



Updates `@biomejs/biome` from 2.5.0 to 2.5.3
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.3/packages/@biomejs/biome)

Updates `@tanstack/router-plugin` from 1.168.18 to 1.168.19
- [Release notes](https://github.com/TanStack/router/releases)
- [Changelog](https://github.com/TanStack/router/blob/main/packages/router-plugin/CHANGELOG.md)
- [Commits](https://github.com/TanStack/router/commits/@tanstack/router-plugin@1.168.19/packages/router-plugin)

Updates `@vitejs/plugin-react` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react)

Updates `shadcn` from 4.11.0 to 4.13.0
- [Release notes](https://github.com/shadcn-ui/ui/releases)
- [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md)
- [Commits](https://github.com/shadcn-ui/ui/commits/shadcn@4.13.0/packages/shadcn)

Updates `vite` from 8.0.16 to 8.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite)

Updates `vitest` from 4.1.9 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dev-updates
- dependency-name: "@tanstack/router-plugin"
  dependency-version: 1.168.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dev-updates
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dev-updates
- dependency-name: shadcn
  dependency-version: 4.13.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dev-updates
- dependency-name: vite
  dependency-version: 8.1.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-dev-updates
- dependency-name: vitest
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dev-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants