Update devDependencies (non-major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	^2.4.8 → ^2.4.9
tsdown (source)	^0.21.4 → ^0.21.5

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.9

Compare Source

Patch Changes

• #​9315 085d324 Thanks @​ematipico! - Added a new nursery CSS rule noDuplicateSelectors, that disallows duplicate selector lists within the same at-rule context.

  For example, the following snippet triggers the rule because the second selector and the first selector are the same:

  /* First selector */
  .x .y .z {
  }
  
  /* Second selector */
  .x {
    .y {
      .z {
      }
    }
  }

• #​9567 b7ab931 Thanks @​ematipico! - Fixed #​7211: useOptionalChain now detects negated logical OR chains. The following code is now considered invalid:

  !foo || !foo.bar;

• #​8670 607ebf9 Thanks @​tt-a1i! - Fixed #​8345: useAdjacentOverloadSignatures no longer reports false positives for static and instance methods with the same name. Static methods and instance methods are now treated as separate overload groups.

  class Kek {
    static kek(): number {
      return 0;
    }
    another(): string {
      return "";
    }
    kek(): number {
      return 1;
    } // no longer reported as non-adjacent
  }

• #​9476 97b80a8 Thanks @​masterkain! - Fixed #9475: Fixed a panic when Biome analyzed ambient TypeScript modules containing class constructor, getter, or setter signatures that reference local type aliases. Biome now handles these declarations without crashing during semantic analysis.

• #​9553 0cd5298 Thanks @​dyc3! - Fixed a bug where enabling the rules of a whole group, would enable rules that belonged to a domain under the same group.

  For example, linter.rules.correctness = "error" no longer enables React- or Qwik-specific correctness rules unless linter.domains.react, linter.domains.qwik, or an explicit rule config also enables them, or their relative dependencies are installed.

• #​9586 4cafb71 Thanks @​dyc3! - Fixed #​8828: Grit patterns using export { $foo } from $source now match named re-exports in JavaScript and TypeScript files.

• #​9550 d4e3d6e Thanks @​dyc3! - Fixed #​9548: Biome now parses conditional expressions whose consequent is an arrow function returning a parenthesized object expression.

• #​8696 a7c19cc Thanks @​Faizanq! - Fixed #​8685 where noUselessLoneBlockStatements would remove empty blocks containing comments. The rule now preserves these blocks since comments may contain important information like TODOs or commented-out code.

• #​9557 6671ac5 Thanks @​datalek! - Fixed #​9557: Biome's LSP server no longer crashes on startup when used with editors that don't send workspaceFolders during initialization. This affected any LSP client that only sends rootUri, which is valid per the LSP specification.

• #​9455 1710cf1 Thanks @​omar-y-abdi! - Fixed #​9174: useExpect now correctly rejects asymmetric matchers in Vitest or Jest like expect.stringContaining(), expect.objectContaining(), and utilities like expect.extend() that are not valid assertions. Previously these constructs caused false negatives, allowing tests without real assertions to pass the lint rule.

• #​9584 956e367 Thanks @​ematipico! - Fixed a bug where Vue directive attribute values like v-bind:class="{'dynamic': true}" were incorrectly parsed as JavaScript statements instead of expressions. Object literals inside directive values like :class, v-if, and v-html are now correctly parsed as expressions, preventing spurious parse errors.

• #​9474 e168494 Thanks @​ematipico! - Added the new nursery rule noUntrustedLicenses. This rule disallows dependencies that ship with invalid licenses or licenses that don't meet the criteria of your project/organisation.

  The rule has the following options:

  • allow: a list of licenses that can be allowed. Useful to bypass possible invalid licenses from downstream dependencies.
  • deny: a list of licenses that should trigger the rule. Useful to deny licenses that don't fit your project/organisation.
    When both deny and allow are provided, deny takes precedence.
  • requireOsiApproved: whether the licenses need to be approved by the Open Source Initiative.
  • requireFsfLibre: whether the licenses need to be approved by the Free Software Foundation.

• #​9544 723798b Thanks @​ViniciusDev26! - Added an unsafe fix to useConsistentMethodSignatures that automatically converts between method-style and property-style signatures.

• #​9555 8a3647b Thanks @​ematipico! - Fixed #188: the Biome Language Server no longer panics when open files change abruptly, such as during git branch checkouts.

• #​9605 f65c637 Thanks @​ematipico! - Fixed #​9589. Now Biome correctly parses object expressions inside props and directives. The following code doesn't emit errors anymore:

  <style is:global define:vars={{ bgLight: light }}>
  <Component name={{ first, name }} />

• #​9565 ccb249e Thanks @​eyupcanakman! - Fixed #​9505: noUselessStringConcat no longer reports tagged template literals as useless string concatenations. Tagged templates invoke a function and can return non-string values, so combining them with + is not equivalent to a single template literal.

• #​9534 4d050df Thanks @​Netail! - Added the nursery rule noInlineStyles. The rule disallows the use of inline style attributes in HTML and the style prop in JSX, including React.createElement calls. Inline styles make code harder to maintain and can interfere with Content Security Policy.

• #​9611 cddaa44 Thanks @​gaauwe! - Fixed a regression where Biome LSP could misread editor settings sent through workspace/didChangeConfiguration when the payload was wrapped in a top-level biome key. This caused requireConfiguration and related settings to be ignored in some editors.

rolldown/tsdown (tsdown)

v0.21.5

Compare Source

   🚀 Features

• Update rolldown to 1.0.0-rc.10  -  by @​wChenonly in #​845 (41411)
• Support typescript v6  -  by @​ocavue in #​858 (bffc4)

   🐞 Bug Fixes

• css:
  • Run final minification on merged CSS output  -  by @​sxzz in #​853 (475df)
  • Don't override internal importer  -  by @​Laupetin in #​860 (af40e)
  • Use aliased exports for CSS module keys  -  by @​wChenonly and @​sxzz in #​840 (bb6de)
• deps:
  • External optionalDependencies by default  -  by @​sxzz (cd24d)
  • Resolve subpath extensions for packages without exports field  -  by @​sxzz in #​863 (c5150)
  • Correctly resolve root @types packages for dts deep imports  -  by @​brc-dd and @​sxzz in #​852 (0b276)

    View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 33e4910

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.35%. Comparing base (426c669) to head (33e4910).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #303   +/-   ##
=======================================
  Coverage   97.35%   97.35%           
=======================================
  Files          27       27           
  Lines        1286     1286           
  Branches      323      332    +9     
=======================================
  Hits         1252     1252           
  Misses         34       34           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.