chore(deps-dev): bump the dev-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dev-dependencies group with 6 updates in the / directory:

Package	From	To
@biomejs/biome	2.4.4	2.4.6
@types/node	25.3.0	25.3.5
better-auth	1.5.0	1.5.4
happy-dom	20.7.0	20.8.3
lint-staged	16.2.7	16.3.2
ultracite	7.2.3	7.2.5

Updates @biomejs/biome from 2.4.4 to 2.4.6

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.6

2.4.6

Patch Changes

• #9305 40869b5 Thanks @​ematipico! - Fixed #4946: noUnreachable no longer reports code inside finally blocks as unreachable when there is a break, continue, or return in the corresponding try body.

• #9303 464910c Thanks @​ematipico! - Fixed #2786: The formatter no longer produces different output on subsequent runs when a case clause has a trailing line comment followed by a single block statement.

• #9324 6294aa2 Thanks @​arendjr! - Fixed [#7730](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/7730): useAnchorContent now recognises SolidJS's innerHTML the same way as React's dangerouslySetInnerHTML.

• #9298 1003229 Thanks @​Netail! - Fixed [#9296](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9296), so comments are moved along with the attributes in the useSortedAttributes assist rule code fix.

• #9329 855b451 Thanks @​dyc3! - Improved performance of noEmptyBlockStatements. The rule is now smarter about short-circuiting its logic.

• #9326 85dfe9b Thanks @​dyc3! - Improved performance for noImportCycles by explicitly excluding node_modules from the cycle detection. The performance improvement is directly proportional to how big your dependency tree is.

• #9323 d5ee469 Thanks @​ematipico! - Fixed #9217 and biomejs/biome-vscode#959, where the Biome language server didn't correctly resolve the editor setting configurationPath when the provided value is a relative path.

• #9302 86fbc70 Thanks @​sepagian! - Fixed #9300: Lowercase component member expressions like <form.Field> in Svelte and Astro files are now correctly formatted.

  -<form .Field></form.Field>
  +<form.Field></form.Field>

What's Changed

• fix(js_analyze): move comments with useSortedAttributes action by @​Netail in biomejs/biome#9298
• fix(formatter): switch case comments by @​ematipico in biomejs/biome#9303
• refactor(markdown-parser): promote list structural tokens from skipped trivia to explicit CST nodes by @​jfmcdowell in biomejs/biome#9274
• fix(noUnreachable): handle dead implicit jumps in finally by @​ematipico in biomejs/biome#9305
• refactor(markdown-parser): align newline/prescan paragraph-break checks by @​jfmcdowell in biomejs/biome#9197
• refactor(markdown-parser): promote blank lines between list items to MdNewline nodes by @​jfmcdowell in biomejs/biome#9313
• fix(linter): support SolidJS's innerHTML in useAnchorContent by @​arendjr in biomejs/biome#9324
• fix(lsp): correctly resolve configurationPath by @​ematipico in biomejs/biome#9323
• perf(noImportCycles): exclude node_modules from cycle detection by @​dyc3 in biomejs/biome#9326
• refactor(css_parser): split function parser into modules by @​denbezrukov in biomejs/biome#9325
• refactor(markdown-parser): promote fenced code block skipped trivia to explicit CST nodes by @​jfmcdowell in biomejs/biome#9321
• refactor(css): rename operator_token field to operator by @​denbezrukov in biomejs/biome#9327
• perf: add .skip(1) to .ancestors() calls in a bunch of places by @​dyc3 in biomejs/biome#9330
• perf(noEmptyBlockStatements): short circuit to avoid traversing descendants for comments by @​dyc3 in biomejs/biome#9329
• fix: lowercase component member expressions in Astro/Svelte by @​sepagian in biomejs/biome#9302
• chore: align parser options struct name by @​Netail in biomejs/biome#9332
• feat(css): use ScssExpression in ScssNestingDeclaration and CssGenericProperty by @​denbezrukov in biomejs/biome#9328
• refactor(css): align scss expression node variants by @​denbezrukov in biomejs/biome#9340
• feat(css): use expression in page by @​denbezrukov in biomejs/biome#9342
• ci: release by @​github-actions[bot] in biomejs/biome#9301

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.6

Patch Changes

• #9305 40869b5 Thanks @​ematipico! - Fixed #4946: noUnreachable no longer reports code inside finally blocks as unreachable when there is a break, continue, or return in the corresponding try body.

• #9303 464910c Thanks @​ematipico! - Fixed #2786: The formatter no longer produces different output on subsequent runs when a case clause has a trailing line comment followed by a single block statement.

• #9324 6294aa2 Thanks @​arendjr! - Fixed [#7730](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/7730): useAnchorContent now recognises SolidJS's innerHTML the same way as React's dangerouslySetInnerHTML.

• #9298 1003229 Thanks @​Netail! - Fixed [#9296](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9296), so comments are moved along with the attributes in the useSortedAttributes assist rule code fix.

• #9329 855b451 Thanks @​dyc3! - Improved performance of noEmptyBlockStatements. The rule is now smarter about short-circuiting its logic.

• #9326 85dfe9b Thanks @​dyc3! - Improved performance for noImportCycles by explicitly excluding node_modules from the cycle detection. The performance improvement is directly proportional to how big your dependency tree is.

• #9323 d5ee469 Thanks @​ematipico! - Fixed #9217 and biomejs/biome-vscode#959, where the Biome language server didn't correctly resolve the editor setting configurationPath when the provided value is a relative path.

• #9302 86fbc70 Thanks @​sepagian! - Fixed #9300: Lowercase component member expressions like <form.Field> in Svelte and Astro files are now correctly formatted.

  -<form .Field></form.Field>
  +<form.Field></form.Field>

2.4.5

Patch Changes

• #9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

• #9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

• #9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

• #9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

• #9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #9178 101b3bb Thanks @​Bertie690! - Fixed #9172 and #9168: Biome now considers more constructs as valid test assertions.

  Previously, assert, expectTypeOf and assertType were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

  Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

  import { expectTypeOf, assert, assertType } from "vitest";

... (truncated)

Commits

• cabc56c ci: release (#9301)
• 3bc07ab ci: release (#9188)
• 6b01778 feat(linter): add useUnicodeRegex rule (#8773)
• e43e730 feat(lint/html): add useVueScopedStyles (#9185)
• edf8bb6 feat(lint): add ||= to ??= detection in useNullishCoalescing (#9257)
• 9bbdf4d feat(lint): add nursery rule useNamedCaptureGroup (#9048)
• 1f2fe2e feat: prefer-array-some from eslint-plugin-unicorn (#9056)
• 1d2ca15 feat(lint): add useNullishCoalescing nursery rule (#8952)
• 101b3bb fix(lint): consider more constructs as valid test assertions (#9178)
• 3d0648f feat(biome_js_analyze): implement noVueRefAsOperand (#9063)
• See full diff in compare view

Updates @types/node from 25.3.0 to 25.3.5

Commits

• See full diff in compare view

Updates better-auth from 1.5.0 to 1.5.4

Release notes

Sourced from better-auth's releases.

v1.5.4

   🐞 Bug Fixes

• Move adapter packages to dependencies to fix missing module errors  -  by @​himself65 in better-auth/better-auth#8401 (56857)
• expo: Handle origin override across mutable and immutable requests  -  by @​NathanColosimo, Taesu and @​bytaesu in better-auth/better-auth#8405 (b7a31)

    View changes on GitHub

v1.5.3

   🐞 Bug Fixes

• account: Use accountId instead of id in accountInfo endpoint  -  by @​NathanColosimo and @​himself65 in better-auth/better-auth#8346 (efcc2)
• sso: Use internalAdapter for verification operations  -  by @​himself65 in better-auth/better-auth#8353 (e3bc6)

    View changes on GitHub

v1.5.2

   🐞 Bug Fixes

• Access control indexing type  -  by @​YevheniiKotyrlo and @​himself65 in better-auth/better-auth#8155 (5d7dd)
• Prevent double encoded cookie  -  by @​Oluwatobi-Mustapha and @​himself65 in better-auth/better-auth#8133 (55dd0)
• cookies:
  • Use lookahead heuristic for splitting Set-Cookie headers  -  by @​bytaesu in better-auth/better-auth#8301 (8959c)
• oauth-provider:
  • Allow localhost subdomains in isLocalhost function  -  by @​sicarius97 and @​himself65 in better-auth/better-auth#8286 (4b974)
  • CustomIdTokenClaims should override standard claims  -  by @​gustavovalverde in better-auth/better-auth#7865 (7425f)
• prisma-adapter:
  • Use deleteMany when deleting by non-unique field  -  by @​himself65 in better-auth/better-auth#8314 (e3ff2)
• sso:
  • Prefer UserInfo endpoint over ID token and map sub claim correctly  -  by @​himself65 and Copilot in better-auth/better-auth#8276 (f88bc)

    View changes on GitHub

v1.5.1

   🐞 Bug Fixes

• client: Use direct imports to fix bundler re-export type resolution  -  by @​himself65 in better-auth/better-auth#8261 (63bb7)
• core: Revive date strings in safeJSONParse for pre-parsed objects  -  by @​himself65 in better-auth/better-auth#8248 (56db7)
• db: Support verification operations with secondary storage  -  by @​himself65 in better-auth/better-auth#8247 (8a047)
• expo: Avoid shim require  -  by @​himself65 in better-auth/better-auth#8253 (977bf)
• generic-oauth: Use discovery userinfo endpoint instead of hardcoded URLs  -  by @​himself65 in better-auth/better-auth#8223 (58940)

    View changes on GitHub

v1.5.1-beta.3

   🐞 Bug Fixes

• cookies: Use lookahead heuristic for splitting Set-Cookie headers  -  by @​bytaesu in better-auth/better-auth#8301 (add7b)

    View changes on GitHub

... (truncated)

Commits

• cb9e1bc chore: release v1.5.4
• 56857d6 fix: move adapter packages to dependencies to fix missing module errors (#8401)
• 8e1ddc3 chore: release v1.5.3
• efcc238 fix(account): use accountId instead of id in accountInfo endpoint (#8346)
• 318f827 chore: move adapter packages from deps to optional peer deps (#8303)
• 54c8493 chore: release v1.5.2
• 55dd06e fix: prevent double encoded cookie (#8133)
• 5d7dd9e fix: access control indexing type (#8155)
• 8959cb9 fix(cookies): use lookahead heuristic for splitting Set-Cookie headers (#8301)
• 3715137 chore: release v1.5.1
• Additional commits viewable in compare view

Updates happy-dom from 20.7.0 to 20.8.3

Release notes

Sourced from happy-dom's releases.

v20.8.3

👷‍♂️ Patch fixes

• Throw error if event is not of type Event in EventTarget.dispatchEvent() - By @​capricorn86 in task #2054

v20.8.2

👷‍♂️ Patch fixes

• Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @​capricorn86 in task #2090

v20.8.1

👷‍♂️ Patch fixes

• Make "inert" attribute block focus interactions - By @​coffeeandwork in task #1422

v20.8.0

🎨 Features

• Adds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By @​coffeeandwork in task #1733

v20.7.2

👷‍♂️ Patch fixes

• Properly decode CSS escape sequences in attribute selector values - By @​silverwind

v20.7.1

👷‍♂️ Patch fixes

• Fixes issue related to parsing direct descendants (>) and universal (*) query selectors - By @​Cherry in task #2078

Commits

• 5998eea fix: #2054 Throw error if event is not of type Event in dispatchEvent (#2092)
• 7a11238 fix: #2090 Resets cancelBubble and defaultPrevented when calling initEvent ...
• 7d27984 fix: #1422 Make inert attribute block focus interactions (#2083)
• 53e4ec9 feat: #1733 Adds support for setPointerCapture, hasPointerCapture, and rele...
• 1c73c3f fix: Properly decode CSS escape sequences in attribute selector values (#2080)
• 7fa06b3 fix: #2078 Fixes direct descendants > and universal * query selectors (#2079)
• See full diff in compare view

Updates lint-staged from 16.2.7 to 16.3.2

Release notes

Sourced from lint-staged's releases.

v16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

v16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Changelog

Sourced from lint-staged's changelog.

16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

16.3.0

Minor Changes

• #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

• #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

• #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.

Commits

• dfd6a7a chore(changeset): release
• 2adaf6c fix(Windows): do not spawn tasks as detached since it opens a cmd window on ...
• 60957ce docs: add CONTRIBUTING.md
• 2a74cd2 chore(changeset): release
• cd5d762 refactor: remove nano-spawn dependency completely
• e342cab build(deps): move nano-spawn to dev
• 9aa2cd7 chore(changeset): release
• 0c387bc test: make long-running task longer because of GitHub Actions slowness
• 87467aa refactor: detect incorrect brace expansion exhaustively
• dceabc6 ci: run npm audit in GitHub Actions
• Additional commits viewable in compare view

Updates ultracite from 7.2.3 to 7.2.5

Release notes

Sourced from ultracite's releases.

ultracite@7.2.5

Patch Changes

• 83bafe4: Disable useValidLang rule for SvelteKit app.html to prevent false positives from %lang% placeholder
• 4df6da9: Disable noUndeclaredVariables for Svelte files to fix false positives with template block variables like {#each}

ultracite@7.2.4

Patch Changes

• cfaa912: Remove Jest and Vitest rules from non-test files
• f72f2dc: Add support for copilot hooks
• 66d51fd: Disable import/no-nodejs-modules for Chris Consent
• d1e8490: Create skill

Commits

• 0b4404e Version Packages (#596)
• 7d4fbda Close Ultracite Cloud (#597)
• 5f16b29 Bump deps
• 4df6da9 Resolves #594
• c954097 Bump eslint-plugin-compat from 6.2.1 to 7.0.0 (#587)
• f355bc5 Bump @​shikijs/themes from 3.23.0 to 4.0.0 (#592)
• e49150a Bump @​biomejs/biome from 2.4.0 to 2.4.4 (#585)
• ea24b30 Bump @​vercel/config from 0.0.30 to 0.0.36 (#586)
• aa22c68 Bump shiki from 3.22.0 to 4.0.0 (#588)
• c3a5be6 Bump eslint-plugin-sonarjs from 3.0.7 to 4.0.0 (#589)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.