chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	^2.1.1 -> ^2.1.4			devDependencies	patch
@iconify-json/noto-v1	^1.2.1 -> ^1.2.2			devDependencies	patch
@playwright/test (source)	^1.53.2 -> ^1.54.2			devDependencies	patch
@rsbuild/core (source)	^1.4.2 -> ^1.4.15			devDependencies	patch
@rslib/core (source)	^0.10.4 -> ^0.11.2			devDependencies	minor
@types/node (source)	^22.15.34 -> ^22.17.1			devDependencies	patch
@​winner-fed/utils	^0.16.4 -> ^0.16.10			devDependencies	patch
@​winner-fed/winjs	^0.16.4 -> ^0.16.10			devDependencies	patch
node	18 -> 18.20.8			uses-with	minor
playwright (source)	^1.53.2 -> ^1.54.2			devDependencies	patch
simple-git-hooks	^2.13.0 -> ^2.13.1			devDependencies	patch
typescript (source)	^5.7.3 -> ^5.9.2			devDependencies	patch
typescript (source)	^5.8.3 -> ^5.9.2			devDependencies	patch

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.1.4

Compare Source

Patch Changes

• #​7121 b9642ab Thanks @​arendjr! - Fixed #​7111: Imported symbols using aliases are now correctly recognised.

• #​7103 80515ec Thanks @​omasakun! - Fixed #​6933 and #​6994.

  When the values of private member assignment expressions, increment expressions, etc. are used, those private members are no longer marked as unused.

• #​6887 0cc38f5 Thanks @​ptkagori! - Added the noQwikUseVisibleTask rule to Qwik.

  This rule is intended for use in Qwik applications to warn about the use of useVisibleTask$() functions which require careful consideration before use.

  Invalid:

  useVisibleTask$(() => {
    console.log("Component is visible");
  });

  Valid:

  useTask$(() => {
    console.log("Task executed");
  });

• #​7084 50ca155 Thanks @​ematipico! - Added the new nursery rule noUnnecessararyConditions, which detects whenever some conditions don't
  change during the life cycle of the program, and truthy or false, hence deemed redundant.

  For example, the following snippets will trigger the rule:

  // Always truthy literal conditions
  if (true) {
    console.log("always runs");
  }

  // Unnecessary condition on constrained string type
  function foo(arg: "bar" | "baz") {
    if (arg) {
      // This check is unnecessary
    }
  }

• #​6887 0cc38f5 Thanks @​ptkagori! - Added the useImageSize rule to Biome.

  The useImageSize rule enforces the use of width and height attributes on <img> elements for performance reasons. This rule is intended to prevent layout shifts and improve Core Web Vitals by ensuring images have explicit dimensions.

  Invalid:

  <img src="/image.png" />
  <img src="https://example.com/image.png" />
  <img src="/image.png" width="200" />
  <img src="/image.png" height="200" />

  Valid:

  <img width="200" height="600" src="/static/images/portrait-01.webp" />
  <img width="100" height="100" src="https://example.com/image.png" />

• #​6887 0cc38f5 Thanks @​ptkagori! - Added the useAnchorHref rule to Biome.

  The useAnchorHref rule enforces the presence of an href attribute on <a> elements in JSX. This rule is intended to ensure that anchor elements are always valid and accessible.

  Invalid:

  <a>Link</a>

  <a target="_blank">External</a>

  Valid:

  <a href="/home">Home</a>

  <a href="https://example.com" target="_blank">
    External
  </a>

• #​7100 29fcb05 Thanks @​Jayllyz! - Added the rule noNonNullAssertedOptionalChain.

  This rule prevents the use of non-null assertions (!) immediately after optional chaining expressions (?.). Optional chaining is designed to safely handle nullable values by returning undefined when the chain encounters null or undefined. Using a non-null assertion defeats this purpose and can lead to runtime errors.

  // Invalid - non-null assertion after optional chaining
  obj?.prop!;
  obj?.method()!;
  obj?.[key]!;
  obj?.prop!;
  
  // Valid - proper optional chaining usage
  obj?.prop;
  obj?.method();
  obj?.prop ?? defaultValue;
  obj!.prop?.method();

• #​7129 9f4538a Thanks @​drwpow! - Removed option, combobox, listbox roles from useSemanticElements suggestions

• #​7106 236deaa Thanks @​arendjr! - Fixed #​6985: Inference of return types no longer mistakenly picks up return types of nested functions.

• #​7102 d3118c6 Thanks @​omasakun! - Fixed #​7101: noUnusedPrivateClassMembers now handles members declared as part of constructor arguments:

  1. If a class member defined in a constructor argument is only used within the constructor, it removes the private modifier and makes it a plain method argument.
  2. If it is not used at all, it will prefix it with an underscore, similar to noUnusedFunctionParameter.

• #​7104 5395297 Thanks @​harxki! - Reverting to prevent regressions around ref handling

• #​7143 1a6933a Thanks @​siketyan! - Fixed #​6799: The noImportCycles rule now ignores type-only imports if the new ignoreTypes option is enabled (enabled by default).

  [!WARNING]
  Breaking Change: The noImportCycles rule no longer detects import cycles that include one or more type-only imports by default.
  To keep the old behaviour, you can turn off the ignoreTypes option explicitly:

  {
    "linter": {
      "rules": {
        "nursery": {
          "noImportCycles": {
            "options": {
              "ignoreTypes": false
            }
          }
        }
      }
    }
  }

• #​7099 6cc84cb Thanks @​arendjr! - Fixed #​7062: Biome now correctly considers extended configs when determining the mode for the scanner.

• #​6887 0cc38f5 Thanks @​ptkagori! - Added the useQwikClasslist rule to Biome.

  This rule is intended for use in Qwik applications to encourage the use of the built-in class prop (which accepts a string, object, or array) instead of the classnames utility library.

  Invalid:

  <div class={classnames({ active: true, disabled: false })} />

  Valid:

  <div classlist={{ active: true, disabled: false }} />

• #​7019 57c15e6 Thanks @​fireairforce! - Added support in the JS parser for import source(a stage3 proposal). The syntax looks like:

  import source foo from "<specifier>";

• #​7053 655049e Thanks @​jakeleventhal! - Added the useConsistentTypeDefinitions rule.

  This rule enforces consistent usage of either interface or type for object type definitions in TypeScript.

  The rule accepts an option to specify the preferred style:

  • interface (default): Prefer using interface for object type definitions
  • type: Prefer using type for object type definitions

  Examples:

  // With default option (interface)
  // ❌ Invalid
  type Point = { x: number; y: number };
  
  // ✅ Valid
  interface Point {
    x: number;
    y: number;
  }
  
  // With option { style: "type" }
  // ❌ Invalid
  interface Point {
    x: number;
    y: number;
  }
  
  // ✅ Valid
  type Point = { x: number; y: number };

  The rule will automatically fix simple cases where conversion is straightforward.

web-infra-dev/rsbuild (@​rsbuild/core)

v1.4.15

Compare Source

What's Changed

New Features 🎉

• feat(core): add action option to rsbuild.initConfigs by @​colinaaa in https://github.com/web-infra-dev/rsbuild/pull/5753
• feat: add support for custom HMR client in environments by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5773

Bug Fixes 🐞

• fix: appendRules helper not work in some cases by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5781

Refactor 🔨

• refactor: extracting environment error creation by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5766
• refactor(server): move writeToDisk config resolution to middleware by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5769
• refactor: remove unnecessary async and update type definitions by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5777

Document 📖

• docs: add tool selection to build performance guide by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5765
• docs: add rslint to the list of Rstack tools by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5774
• docs: add version badges to Rstack tools table by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5776

Other Changes

• chore: remove unnecessary issues write permission from release workflow by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5756
• ci: remove ecosystem CI workflow trigger from release by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5757
• chore(deps): update dependency heading-case to v1 by @​renovate[bot] inhttps://github.com/web-infra-dev/rsbuild/pull/57611
• chore(deps): update dependency core-js to ~3.45.0 by @​renovate[bot] inhttps://github.com/web-infra-dev/rsbuild/pull/57600
• chore(deps): update @​rslint/core to v0.1.4 by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5762
• chore(deps): update all patch dependencies by @​renovate[bot] inhttps://github.com/web-infra-dev/rsbuild/pull/57599
• chore: update array type syntax to use parentheses consistently by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5763
• test: organize HMR e2e test cases by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5770
• test(e2e): uncomment and simplify some cases by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5771
• chore: ignore output directories in Rslint config by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5775
• chore(deps): update @​rstest/core to v0.1.2 by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5780
• chore(deps): update module federation to v0.18.0 by @​renovate[bot] inhttps://github.com/web-infra-dev/rsbuild/pull/57788
• chore(deps): update sass to ^1.90.0 by @​renovate[bot] inhttps://github.com/web-infra-dev/rsbuild/pull/57799
• release: 1.4.15 by @​chenjiahan in https://github.com/web-infra-dev/rsbuild/pull/5782

Full Changelog: web-infra-dev/rsbuild@v1.4.14...v1.4.15

web-infra-dev/rslib (@​rslib/core)

v0.11.2

Compare Source

What's Changed

Trusted Publishing

All Rslib npm packages are now published based on npm's trusted publishing, making Rslib's npm packages more secure and transparent.

See:

• https://github.blog/changelog/2025-07-31-npm-trusted-publishing-with-oidc-is-generally-available/
• https://docs.npmjs.com/trusted-publishers

Document 📖

• docs: add llms copy button by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1146

Other Changes

• chore(deps): update all non-major dependencies by @​renovate[bot] inhttps://github.com/web-infra-dev/rslib/pull/11455
• chore: enable trusted publishing for npm packages by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1147
• chore(deps): update dependency heading-case to v1 by @​renovate[bot] inhttps://github.com/web-infra-dev/rslib/pull/11499
• chore(deps): update all non-major dependencies by @​renovate[bot] inhttps://github.com/web-infra-dev/rslib/pull/11488
• Release v0.11.2 by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1150

Full Changelog: web-infra-dev/rslib@v0.11.1...v0.11.2

v0.11.1

Compare Source

What's Changed

New Features 🎉

• feat(dts): support dts.alias by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1135

Bug Fixes 🐞

• fix: should not throw minify error when using import.meta in iife output by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1125
• fix: determine wasmLoading by target by @​fi3ework in https://github.com/web-infra-dev/rslib/pull/1136
• fix(dts): clean correct tsbuildinfo file by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1138

Other Changes

• chore: add open collective funding link by @​chenjiahan in https://github.com/web-infra-dev/rslib/pull/1126
• chore(deps): bump Rsbuild 1.4.10 and Rstest 0.0.10 by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1127
• chore(deps): update all non-major dependencies by @​renovate[bot] inhttps://github.com/web-infra-dev/rslib/pull/11322
• chore(deps): update dependency cross-env to v10 by @​renovate[bot] inhttps://github.com/web-infra-dev/rslib/pull/11333
• chore(deps): bump Rsbuild 1.4.12 by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1139
• chore(deps): update all non-major dependencies by @​renovate[bot] inhttps://github.com/web-infra-dev/rslib/pull/11411
• Release v0.11.1 by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1142

Full Changelog: web-infra-dev/rslib@v0.11.0...v0.11.1

v0.11.0

Compare Source

Breaking changes 🚨

redirect.asset

Boolean values are no longer supported for redirect.asset, see the documentation of redirect.asset for more details. (#​1119)

Please note the following changes that may require adjustments to your configurations:

export default defineConfig({
  lib: [
    {
      redirect: {
-       asset: true,
+       asset: {
+         path: true,
+         extension: true,
+       },
      },
    },
  ],
});

export default defineConfig({
  lib: [
    {
      redirect: {
-       asset: false,
+       asset: {
+         path: false,
+         extension: false,
+       },
      },
    },
  ],
});

What's Changed

New Features 🎉

• feat!: support redirect.asset.path and redirect.asset.extension by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1119

Bug Fixes 🐞

• fix(dts): error log of set declarationDir when dts.build is true by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1120

Other Changes

• chore(deps): update all non-major dependencies by @​renovate[bot] inhttps://github.com/web-infra-dev/rslib/pull/11211
• chore: fix pnpm dedupe by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1123
• chore(deps): update all non-major dependencies by @​renovate[bot] inhttps://github.com/web-infra-dev/rslib/pull/11222
• Release v0.11.0 by @​Timeless0911 in https://github.com/web-infra-dev/rslib/pull/1124

Full Changelog: web-infra-dev/rslib@v0.10.6...v0.11.0

actions/node-versions (node)

v18.20.8: 18.20.8

Compare Source

Node.js 18.20.8

v18.20.7: 18.20.7

Compare Source

Node.js 18.20.7

v18.20.6: 18.20.6

Compare Source

Node.js 18.20.6

v18.20.5: 18.20.5

Compare Source

Node.js 18.20.5

v18.20.4: 18.20.4

Compare Source

Node.js 18.20.4

v18.20.3: 18.20.3

Compare Source

Node.js 18.20.3

v18.20.2: 18.20.2

Compare Source

Node.js 18.20.2

v18.20.1: 18.20.1

Compare Source

Node.js 18.20.1

v18.20.0: 18.20.0

Compare Source

Node.js 18.20.0

v18.19.1: 18.19.1

Compare Source

Node.js 18.19.1

v18.19.0: 18.19.0

Compare Source

Node.js 18.19.0

v18.18.2: 18.18.2

Compare Source

Node.js 18.18.2

v18.18.1: 18.18.1

Compare Source

Node.js 18.18.1

v18.18.0: 18.18.0

Compare Source

Node.js 18.18.0

v18.17.1: 18.17.1

Compare Source

Node.js 18.17.1

v18.17.0: 18.17.0

Compare Source

Node.js 18.17.0

v18.16.1: 18.16.1

Compare Source

Node.js 18.16.1

v18.16.0: 18.16.0

Compare Source

Node.js 18.16.0

v18.15.0: 18.15.0

Compare Source

Node.js 18.15.0

v18.14.2: 18.14.2

Compare Source

Node.js 18.14.2

v18.14.1: 18.14.1

Compare Source

Node.js 18.14.1

v18.14.0: 18.14.0

Compare Source

Node.js 18.14.0

v18.13.0: 18.13.0

Compare Source

Node.js 18.13.0

v18.12.1: 18.12.1

Compare Source

Node.js 18.12.1

v18.12.0: 18.12.0

Compare Source

Node.js 18.12.0

v18.11.0: 18.11.0

Compare Source

Node.js 18.11.0

v18.10.0: 18.10.0

Compare Source

Node.js 18.10.0

v18.9.1: 18.9.1

Compare Source

Node.js 18.9.1

v18.9.0: 18.9.0

Compare Source

Node.js 18.9.0

v18.8.0: 18.8.0

Compare Source

Node.js 18.8.0

v18.7.0: 18.7.0

Compare Source

Node.js 18.7.0

v18.6.0: 18.6.0

Compare Source

Node.js 18.6.0

v18.5.0: 18.5.0

Compare Source

Node.js 18.5.0

v18.4.0: 18.4.0

Compare Source

Node.js 18.4.0

v18.3.0: 18.3.0

Compare Source

Node.js 18.3.0

v18.2.0: 18.2.0

Compare Source

Node.js 18.2.0

v18.1.0: 18.1.0

Compare Source

Node.js 18.1.0

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.