Skip to content

fix(deps): update all non-major dependencies #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #117

wants to merge 1 commit into from
+106 −106

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 11, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update
@biomejs/biome (source) ^2.1.3 -> ^2.2.0 age confidence devDependencies minor
@biomejs/biome (source) 2.1.3 -> 2.2.0 age confidence minor
@cloudflare/workers-types ^4.20250807.0 -> ^4.20250813.0 age confidence devDependencies minor
@discordjs/builders (source) ^1.11.2 -> ^1.11.3 age confidence dependencies patch
actions/checkout v4.2.2 -> v4.3.0 age confidence action minor
discord-api-types (source) ^0.38.18 -> ^0.38.20 age confidence dependencies patch
wrangler (source) ^4.28.1 -> ^4.30.0 age confidence devDependencies minor

Release Notes

biomejs/biome (@​biomejs/biome)

v2.2.0

Compare Source

Minor Changes

  • #​5506 1f8755b Thanks @​sakai-ast! - The noRestrictedImports rule has been enhanced with a new patterns option. This option allows for more flexible and powerful import restrictions using gitignore-style patterns.

    You can now define patterns to restrict entire groups of modules. For example, you can disallow imports from any path under import-foo/ except for import-foo/baz.

    {
  "options": {
    "patterns": [
      {
        "group": ["import-foo/*", "!import-foo/baz"],
        "message": "import-foo is deprecated, except for modules in import-foo/baz."
      }
    ]
  }
}

    Invalid examples

    import foo from "import-foo/foo";
import bar from "import-foo/bar";

    Valid examples

    import baz from "import-foo/baz";

    Additionally, the patterns option introduces importNamePattern to restrict specific import names using regular expressions.
    The following example restricts the import names that match x , y or z letters from modules under import-foo/.

    {
  "options": {
    "patterns": [
      {
        "group": ["import-foo/*"],
        "importNamePattern": "[xyz]"
      }
    ]
  }
}

    Invalid examples

    import { x } from "import-foo/foo";

    Valid examples

    import { foo } from "import-foo/foo";

    Furthermore, you can use the invertImportNamePattern boolean option to reverse this logic. When set to true, only the import names that match the importNamePattern will be allowed. The following configuration only allows the import names that match x , y or z letters from modules under import-foo/.

    {
  "options": {
    "patterns": [
      {
        "group": ["import-foo/*"],
        "importNamePattern": "[xyz]",
        "invertImportNamePattern": true
      }
    ]
  }
}

    Invalid examples

    import { foo } from "import-foo/foo";

    Valid examples

    import { x } from "import-foo/foo";

  • #​6506 90c5d6b Thanks @​nazarhussain! - Allow customization of the sort order for different sorting actions. These actions now support a sort option:

    For each of these options, the supported values are the same:

    1. natural. Compares two strings using a natural ASCII order. Uppercase letters come first (e.g. A < a < B < b) and number are compared in a human way (e.g. 9 < 10). This is the default value.
    2. lexicographic. Strings are ordered lexicographically by their byte values. This orders Unicode code points based on their positions in the code charts. This is not necessarily the same as “alphabetical” order, which varies by language and locale.

  • #​7159 df3afdf Thanks @​ematipico! - Added the new rule useBiomeIgnoreFolder. Since v2.2, Biome correctly prevents the indexing and crawling of folders.

    However, the correct pattern has changed. This rule attempts to detect incorrect usage, and promote the new pattern:

    // biome.json
{
  "files": {
    "includes": [
-      "!dist/**",
-      "!**/fixtures/**",
+      "!dist",
+      "!**/fixtures",
    ]
  }
}

  • #​6989 85b1128 Thanks @​arendjr! - Fixed minor inconsistencies in how files.includes was being handled.

    Previously, Biome sometimes failed to properly ignore the contents of a folder if you didn't specify the /** at the end of a glob pattern. This was unfortunate, because it meant we still had to traverse the folder and then apply the glob to every entry inside it.

    This is no longer an issue and we now recommend to ignore folders without using the /** suffix.

  • #​7118 a78e878 Thanks @​avshalomt2! - Added support for .graphqls files. Biome can now format and lint GraphQL files that have the extension .graphqls

  • #​6159 f02a296 Thanks @​bavalpey! - Added a new option to Biome's JavaScript formatter, javascript.formatter.operatorLinebreak, to configure whether long lines should be broken before or after binary operators.

    For example, the following configuration:

    {
  formatter: {
    javascript: {
      operatorLinebreak: "before", // defaults to "after"
    },
  },
}

    Will cause this JavaScript file:

    const VERY_LONG_CONDITION_1234123412341234123412341234 = false;

if (
  VERY_LONG_CONDITION_1234123412341234123412341234 &&
  VERY_LONG_CONDITION_1234123412341234123412341234 &&
  VERY_LONG_CONDITION_1234123412341234123412341234 &&
  VERY_LONG_CONDITION_1234123412341234123412341234
) {
  console.log("DONE");
}

    to be formatted like this:

    const VERY_LONG_CONDITION_1234123412341234123412341234 = false;
if (
  VERY_LONG_CONDITION_1234123412341234123412341234 &&
  VERY_LONG_CONDITION_1234123412341234123412341234 &&
  VERY_LONG_CONDITION_1234123412341234123412341234 &&
  VERY_LONG_CONDITION_1234123412341234123412341234
) {
  console.log("DONE");
}

  • #​7137 a653a0f Thanks @​ematipico! - Promoted multiple lint rules from nursery to stable groups and renamed several rules for consistency.

Promoted rules

The following rules have been promoted from nursery to stable groups:

CSS
GraphQL
JavaScript/TypeScript
Renamed rules

The following rules have been renamed during promotion. The migration tool will automatically update your configuration:

Configuration files using the old rule names will need to be updated. Use the migration tool to automatically update your configuration:

biome migrate --write

  • #​7159 df3afdf Thanks @​ematipico! - Added the new rule noBiomeFirstException. This rule prevents the incorrect usage of patterns inside files.includes.

    This rule catches if the first element of the array contains !. This mistake will cause Biome to analyze no files:

    // biome.json
{
  files: {
    includes: ["!dist/**"], // this is an error
  },
}

  • #​6923 0589f08 Thanks @​ptkagori! - Added Qwik Domain to Biome

    This release introduces Qwik domain support in Biome, enabling Qwik developers to use Biome as a linter and formatter for their projects.

  • #​6989 85b1128 Thanks @​arendjr! - Fixed #​6965: Implemented smarter scanner for project rules.

    Previously, if project rules were enabled, Biome's scanner would scan all dependencies regardless of whether they were used by/reachable from source files or not. While this worked for a first version, it was far from optimal.

    The new scanner first scans everything listed under the files.includes setting, and then descends into the dependencies that were discovered there, including transitive dependencies. This has three main advantages:

    • Dependencies that are not reachable from your source files don't get indexed.
    • Dependencies that have multiple type definitions, such as those with separate definitions for CommonJS and ESM imports, only have the relevant definitions indexed.
    • If vcs.useIgnoreFile is enabled, .gitignore gets respected as well. Assuming you have folders such as build/ or dist/ configured there, those will be automatically ignored by the scanner.

    The change in the scanner also has a more nuanced impact: Previously, if you used files.includes to ignore a file in an included folder, the scanner would still index this file. Now the file is fully ignored, unless you import it.

    As a user you should notice better scanner performance (if you have project rules enabled), and hopefully you need to worry less about configuring files.experimentalScannerIgnores. Eventually our goal is still to deprecate that setting, so if you're using it today, we encourage you to see which ignores are still necessary there, and whether you can achieve the same effect by ignoring paths using files.includes instead.

    None of these changes affect the scanner if no project rules are enabled.

  • #​6731 d6a05b5 Thanks @​ematipico! - The --reporter=summary has been greatly enhanced. It now shows the list of files that contains violations, the files shown are clickable and can be opened from the editor.

    Below an example of the new version:

    reporter/parse ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  i The following files have parsing errors.

  - index.css

reporter/format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  i The following files needs to be formatted.

  - index.css
  - index.ts
  - main.ts

reporter/violations ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  i Some lint rules or assist actions reported some violations.

  Rule Name                                        Diagnostics

  lint/correctness/noUnknownFunction               14 (2 error(s), 12 warning(s), 0 info(s))
  lint/suspicious/noImplicitAnyLet                 16 (12 error(s), 4 warning(s), 0 info(s))
  lint/suspicious/noDoubleEquals                   8 (8 error(s), 0 warning(s), 0 info(s))
  assist/source/organizeImports                    2 (2 error(s), 0 warning(s), 0 info(s))
  lint/suspicious/noRedeclare                      12 (12 error(s), 0 warning(s), 0 info(s))
  lint/suspicious/noDebugger                       8 (8 error(s), 0 warning(s), 0 info(s))

  • #​6896 527db7f Thanks @​ematipico! - Added new functions to the @biomejs/wasm-* packages:

    • fileExists: returns whether the input file exists in the workspace.
    • isPathIgnored: returns whether the input path is ignored.
    • updateModuleGraph: updates the internal module graph of the input path.
    • getModuleGraph: it returns a serialized version of the internal module graph.
    • scanProject: scans the files and directories in the project to build the internal module graph.

  • #​6398 d1a315d Thanks @​josh-! - Added support for tracking stable results in user-provided React hooks that return objects to useExhaustiveDependencies to compliment existing support for array return values. For example:

    // biome.json
{
  // rule options
  useExhaustiveDependencies: {
    level: "error",
    options: {
      hooks: [
        {
          name: "useCustomHook",
          stableResult: ["setMyState"],
        },
      ],
    },
  },
}

    This will allow the following to be validated:

    const { myState, setMyState } = useCustomHook();
const toggleMyState = useCallback(() => {
  setMyState(!myState);
}, [myState]); // Only `myState` needs to be specified here.

  • #​7201 2afaa49 Thanks @​Conaclos! - Implemented #​7174. useConst no longer reports variables that are read before being written.

    Previously, useConst reported uninitialised variables that were read in an inner function before being written, as shown in the following example:

    let v;
function f() {
  return v;
}
v = 0;

    This can produce false positives in the case where f is called before v has been written, as in the following code:

    let v;
function f() {
  return v;
}
console.log(f()); // print `undefined`
v = 0;

    Although this is an expected behavior of the original implementation, we consider it problematic since the rule’s fix is marked as safe.
    To avoid false positives like this, the rule now ignores the previous examples.
    However, this has the disadvantage of resulting in false negatives, such as not reporting the first example.

Patch Changes

  • #​7156 137d111 Thanks @​ematipico! - Fixed #​7152. Now the rule noDuplicateFontNames correctly detects font names with spaces e.g. Liberation Mono. The diagnostic of the rule now points to the first instances of the repeated font.

    The following example doesn't trigger the rule anymore:

    c {
  font-family:
    SF Mono,
    Liberation Mono,
    sans-serif;
}
d {
  font:
    1em SF Mono,
    Liberation Mono,
    sans-serif;
}

  • #​6907 7331bb9 Thanks @​ematipico! - Added a new experimental option that allows parsing of .html files that contain interpolation syntax.

    // biome.json
{
  html: {
    // This is the new, experimental option.
    parser: {
      interpolation: true,
    },
  },
}
    <h1>{{ $title }}</h1>

  • #​7124 3f436b8 Thanks @​Jayllyz! - Added the rule useMaxParams.

    This rule enforces a maximum number of parameters for functions to improve code readability and maintainability. Functions with many parameters are difficult to read, understand, and maintain because they require memorizing parameter order and types.

    // Invalid - too many parameters (default max: 4)
function processData(
  name,
  age,
  email,
  phone,
  address,
  city,
  country,
  zipCode,
) {
  // ...
}

// Valid - within parameter limit
function processData(userData) {
  const { name, age, email, phone, address, city, country, zipCode } =
    userData;
  // ...
}

function calculateSum(a, b, c) {
  return a + b + c;
}

  • #​7161 1a14a59 Thanks @​ematipico! - Fixed #​7160. Now Biome correctly computes ignored files when using formatter.includes, linter.includes and assist.includes inside nested configurations that use "extends": "//".

  • #​7081 a081bbe Thanks @​Jayllyz! - Added the rule noNextAsyncClientComponent.

    This rule prevents the use of async functions for client components in Next.js applications. Client components marked with "use client" directive should not be async as this can cause hydration mismatches, break component rendering lifecycle, and lead to unexpected behavior with React's concurrent features.

    "use client";

// Invalid - async client component
export default async function MyComponent() {
  return <div>Hello</div>;
}

// Valid - synchronous client component
export default function MyComponent() {
  return <div>Hello</div>;
}

  • #​7171 5241690 Thanks @​siketyan! - Fixed #​7162: The noUndeclaredDependencies rule now considers a type-only import as a dev dependency.

    For example, the following code is no longer reported:

    package.json:

    {
  "devDependencies": {
    "type-fest": "*"
  }
}

    foo.ts:

    import type { SetRequired } from "type-fest";

    Note that you still need to declare the package in the devDependencies section in package.json.

v2.1.4

Compare Source

Patch Changes

  • #​7121 b9642ab Thanks @​arendjr! - Fixed #​7111: Imported symbols using aliases are now correctly recognised.

  • #​7103 80515ec Thanks @​omasakun! - Fixed #​6933 and #​6994.

    When the values of private member assignment expressions, increment expressions, etc. are used, those private members are no longer marked as unused.

  • #​6887 0cc38f5 Thanks @​ptkagori! - Added the noQwikUseVisibleTask rule to Qwik.

    This rule is intended for use in Qwik applications to warn about the use of useVisibleTask$() functions which require careful consideration before use.

    Invalid:

    useVisibleTask$(() => {
  console.log("Component is visible");
});

    Valid:

    useTask$(() => {
  console.log("Task executed");
});

  • #​7084 50ca155 Thanks @​ematipico! - Added the new nursery rule noUnnecessararyConditions, which detects whenever some conditions don't
    change during the life cycle of the program, and truthy or false, hence deemed redundant.

    For example, the following snippets will trigger the rule:

    // Always truthy literal conditions
if (true) {
  console.log("always runs");
}
    // Unnecessary condition on constrained string type
function foo(arg: "bar" | "baz") {
  if (arg) {
    // This check is unnecessary
  }
}

  • #​6887 0cc38f5 Thanks @​ptkagori! - Added the useImageSize rule to Biome.

    The useImageSize rule enforces the use of width and height attributes on <img> elements for performance reasons. This rule is intended to prevent layout shifts and improve Core Web Vitals by ensuring images have explicit dimensions.

    Invalid:

    <img src="/image.png" />
<img src="https://example.com/image.png" />
<img src="/image.png" width="200" />
<img src="/image.png" height="200" />

    Valid:

    <img width="200" height="600" src="/static/images/portrait-01.webp" />
<img width="100" height="100" src="https://example.com/image.png" />

  • #​6887 0cc38f5 Thanks @​ptkagori! - Added the useAnchorHref rule to Biome.

    The useAnchorHref rule enforces the presence of an href attribute on <a> elements in JSX. This rule is intended to ensure that anchor elements are always valid and accessible.

    Invalid:

    <a>Link</a>
    <a target="_blank">External</a>

    Valid:

    <a href="/home">Home</a>
    <a href="https://example.com" target="_blank">
  External
</a>

  • #​7100 29fcb05 Thanks @​Jayllyz! - Added the rule noNonNullAssertedOptionalChain.

    This rule prevents the use of non-null assertions (!) immediately after optional chaining expressions (?.). Optional chaining is designed to safely handle nullable values by returning undefined when the chain encounters null or undefined. Using a non-null assertion defeats this purpose and can lead to runtime errors.

    // Invalid - non-null assertion after optional chaining
obj?.prop!;
obj?.method()!;
obj?.[key]!;
obj?.prop!;

// Valid - proper optional chaining usage
obj?.prop;
obj?.method();
obj?.prop ?? defaultValue;
obj!.prop?.method();

  • #​7129 9f4538a Thanks @​drwpow! - Removed option, combobox, listbox roles from useSemanticElements suggestions

  • #​7106 236deaa Thanks @​arendjr! - Fixed #​6985: Inference of return types no longer mistakenly picks up return types of nested functions.

  • #​7102 d3118c6 Thanks @​omasakun! - Fixed #​7101: noUnusedPrivateClassMembers now handles members declared as part of constructor arguments:

    1. If a class member defined in a constructor argument is only used within the constructor, it removes the private modifier and makes it a plain method argument.
    2. If it is not used at all, it will prefix it with an underscore, similar to noUnusedFunctionParameter.

  • #​7104 5395297 Thanks @​harxki! - Reverting to prevent regressions around ref handling

  • #​7143 1a6933a Thanks @​siketyan! - Fixed #​6799: The noImportCycles rule now ignores type-only imports if the new ignoreTypes option is enabled (enabled by default).

    [!WARNING]
    Breaking Change: The noImportCycles rule no longer detects import cycles that include one or more type-only imports by default.
    To keep the old behaviour, you can turn off the ignoreTypes option explicitly:

    {
  "linter": {
    "rules": {
      "nursery": {
        "noImportCycles": {
          "options": {
            "ignoreTypes": false
          }
        }
      }
    }
  }
}

  • #​7099 6cc84cb Thanks @​arendjr! - Fixed #​7062: Biome now correctly considers extended configs when determining the mode for the scanner.

  • #​6887 0cc38f5 Thanks @​ptkagori! - Added the useQwikClasslist rule to Biome.

    This rule is intended for use in Qwik applications to encourage the use of the built-in class prop (which accepts a string, object, or array) instead of the classnames utility library.

    Invalid:

    <div class={classnames({ active: true, disabled: false })} />

    Valid:

    <div classlist={{ active: true, disabled: false }} />

  • #​7019 57c15e6 Thanks @​fireairforce! - Added support in the JS parser for import source(a stage3 proposal). The syntax looks like:

    import source foo from "<specifier>";

  • #​7053 655049e Thanks @​jakeleventhal! - Added the useConsistentTypeDefinitions rule.

    This rule enforces consistent usage of either interface or type for object type definitions in TypeScript.

    The rule accepts an option to specify the preferred style:

    • interface (default): Prefer using interface for object type definitions
    • type: Prefer using type for object type definitions

    Examples:

    // With default option (interface)
// ❌ Invalid
type Point = { x: number; y: number };

// ✅ Valid
interface Point {
  x: number;
  y: number;
}

// With option { style: "type" }
// ❌ Invalid
interface Point {
  x: number;
  y: number;
}

// ✅ Valid
type Point = { x: number; y: number };

    The rule will automatically fix simple cases where conversion is straightforward.

cloudflare/workerd (@​cloudflare/workers-types)

v4.20250813.0

Compare Source

v4.20250812.0

Compare Source

v4.20250810.0

Compare Source

v4.20250809.0

Compare Source

discordjs/discord.js (@​discordjs/builders)

v1.11.3

Compare Source

Bug Fixes

  • contextMenuCommands: Remove regular expression validation (#​10996) (4906aae)
actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

discordjs/discord-api-types (discord-api-types)

v0.38.20

Compare Source

v0.38.19

Compare Source

Features
  • GatewayActivity: add url & status display type fields (#​1326) (5f9c1e1)
cloudflare/workers-sdk (wrangler)

v4.30.0

Compare Source

Minor Changes
Patch Changes

  • #​10217 979984b Thanks @​veggiedefender! - Increase the maxBuffer size for capnp uploads

  • #​10356 80e964c Thanks @​WillTaylorDev! - fix: Update regex for valid branch name to remove 61 char length requirement, allowing for longer branch names to be specified for preview aliases.

  • #​10289 a5a1426 Thanks @​emily-shen! - Cleanup container images created during local dev if no changes have been made.

    We now untag old images that were created by Wrangler/Vite if we find that the image content and configuration is unchanged, so that we don't keep accumulating image tags.

  • #​10315 0c04da9 Thanks @​emily-shen! - Add rollout_active_grace_period option to containers configuration.

    This allows users to configure how long an active container should keep running for during a rollout, before the upgrade is applied.

  • #​10321 b524a6f Thanks @​emily-shen! - print prettier errors during container deployment

  • #​10253 eb32a3a Thanks @​emily-shen! - fix redeploying container apps when previous deploy failed or container (but not image) was deleted.

    Previously this failed with No changes detected but no previous image found as we assumed there would be a previous deployment when an image exists in the registry.

  • #​9990 4288a61 Thanks @​penalosa! - Fix startup profiling when sourcemaps are enabled

  • Updated dependencies [d54d8b7, ae0c806]:

v4.29.1

Compare Source

Patch Changes

v4.29.0

Compare Source

Minor Changes
Patch Changes

  • #​10232 e7cae16 Thanks @​emily-shen! - fix: validate wrangler containers delete ID to ensure a valid ID has been provided. Previously if you provided the container name (or any non-ID shaped string) you would get an auth error instead of a 404.

  • #​10139 3b6ab8a Thanks @​dom96! - Removes mention of cf-requirements when Python Workers are enabled

  • #​10259 c58a05c Thanks @​dario-piotrowicz! - Ensure that maybeStartOrUpdateRemoteProxySession considers the potential account_id from the user's wrangler config

    Currently if the user has an account_id in their wrangler config file, such id won't be taken into consideration for the remote proxy session, the changes here make sure that it is (note that the auth option of maybeStartOrUpdateRemoteProxySession, if provided, takes precedence over this id value).

    The changes here also fix the same issue for wrangler dev and getPlatformProxy (since they use maybeStartOrUpdateRemoteProxySession under the hook).

  • #​10288 42aafa3 Thanks @​tgarg-cf! - Do not attempt to update queue producer settings when deploying a Worker with a queue binding

    Previously, each deployed Worker would update a subset of the queue producer's settings for each queue binding, which could result in broken queue producers or at least conflicts where different Workers tried to set different producer settings on a shared queue.

  • #​10242 70bd966 Thanks @​devin-ai-integration! - Add experimental API to expose Wrangler command tree structure for documentation generation

  • #​10258 d391076 Thanks @​nikitassharma! - Add the option to allow all tiers when creating a container

  • #​10248 422ae22 Thanks @​emily-shen! - fix: re-push container images on deploy even if the only change was to the Dockerfile

  • #​10179 5d5ecd5 Thanks @​pombosilva! - Prevent defining multiple workflows with the same "name" property in the same wrangler file

  • #​10232 e7cae16 Thanks @​emily-shen! - include containers API calls in output of WRANGLER_LOG=debug

  • #​10243 d481901 Thanks [@​devin-ai-integration](http

Configuration

📅 Schedule: Branch creation - "before 9am on monday" in timezone Europe/Gibraltar, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from 6608310 to b94b11c Compare August 14, 2025 14:01
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from b94b11c to 47398c2 Compare August 14, 2025 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants