chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	2.3.13 → 2.3.14			devDependencies	patch
@microsoft/api-extractor (source)	^7.56.0 → ^7.56.3			devDependencies	patch
@rslib/core (source)	0.19.4 → 0.19.5			devDependencies	patch
@rstest/core (source)	0.8.1 → 0.8.4			devDependencies	patch
@types/node (source)	24.10.9 → 24.10.13			devDependencies	patch
eslint-plugin-react-refresh	^0.4.26 → ^0.5.0			devDependencies	minor
eslint-plugin-svelte (source)	^3.14.0 → ^3.15.0			devDependencies	minor
node	24.13.0 → 24.13.1			uses-with	patch
pnpm (source)	10.28.2 → 10.29.2			packageManager	minor
typescript-eslint (source)	^8.54.0 → ^8.55.0			devDependencies	minor

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.3.14

Compare Source

Patch Changes

• #​8921 29e2435 Thanks @​siketyan! - Fixed #​8759: The useConsistentTypeDefinitions rule no longer converts empty object type declarations into interfaces, as it will conflict with the noEmptyInterface rule and can cause an infinite loop when both rules are enabled.

• #​8928 ccaeac4 Thanks @​taga3s! - Added the nursery rule useGlobalThis. This rule enforces using globalThis over window, self and global.

• #​8602 9a18daa Thanks @​dyc3! - Added the new nursery rule noVueArrowFuncInWatch. This rule forbids using arrow functions in watchers in Vue components, because arrow functions do not give access to the component instance (via this), while regular functions do.

• #​8905 9b1eea8 Thanks @​ryan-m-walker! - Fixed #​8428: Improved parsing recovery when encountering qualified rules inside CSS @page at-rule blocks.

• #​8900 f788cff Thanks @​mdevils! - Fixed #​8802: useExhaustiveDependencies now correctly suggests dependencies without including callback-scoped variables or method names.

  When accessing object properties with a callback-scoped variable, only the object path is suggested:

  // Now correctly suggests `props.value` instead of `props.value[day]`
  useMemo(() => {
    return WeekdayValues.filter((day) => props.value[day]);
  }, [props.value]);

  When calling methods on objects, only the object is suggested as a dependency:

  // Now correctly suggests `props.data` instead of `props.data.forEach`
  useMemo(() => {
    props.data.forEach((item) => console.log(item));
  }, [props.data]);

• #​8913 e1e20ea Thanks @​dyc3! - Fixed #​8363: HTML parser no longer crashes when encountering a < character followed by a digit in text content (e.g., <12 months). The parser now correctly emits an "Unescaped < bracket character" error instead of treating <12 as a tag name and crashing.

• #​8910 2fb63a4 Thanks @​dyc3! - Fixed #​8774: Type aliases with generic parameters that have extends constraints now properly indent comments after the equals sign.

  Previously, comments after the = in type aliases with extends constraints were not indented:

  -type A<B, C extends D> = // Some comment
  -undefined;
  +type A<B, C extends D> =
  +    // Some comment
  +    undefined;

• #​8916 ea4bd04 Thanks @​ryan-m-walker! - Fixed #​4013, where comments in member chains caused unnecessary line breaks.

  // Before
  aFunction.b().c.d();
  
  // After
  aFunction.b().c.d();

• #​8945 fa66fe3 Thanks @​fireairforce! - Fixed #​8354: Don't remove quotes when type memeber is new.

  // Input:
  type X = {
    "new"(): string;
    "foo"(): string;
  };
  
  // Format Output:
  type X = {
    "new()": string;
    foo(): string;
  };

• #​8927 0ef3da5 Thanks @​littleKitchen! - Fixed #​8907: useExhaustiveDependencies now correctly recognizes stable hook results (like useState setters and useRef values) when declared with let.

• #​8931 4561751 Thanks @​koshin01! - Added the new nursery rule noRedundantDefaultExport, which flags redundant default exports where the default export references the same identifier as a named export.

• #​8900 f788cff Thanks @​mdevils! - Fixed #​8883: useExhaustiveDependencies no longer produces false positives when props are destructured in the function body of arrow function components without parentheses around the parameter.

  type Props = { msg: string };
  
  // Arrow function without parentheses around `props`
  const Component: React.FC<Props> = (props) => {
    const { msg } = props;
    // Previously, this incorrectly reported `msg` as unnecessary
    useEffect(() => console.log(msg), [msg]);
  };

• #​8861 3531687 Thanks @​dyc3! - Added the noDeprecatedMediaType CSS rule to flag deprecated media types like tv and handheld.

• #​8775 7ea71cd Thanks @​igas! - Fixed the noUnnecessararyConditions rule to prevent trigger for optional fallback patterns.

• #​8860 95f1eea Thanks @​dyc3! - Added the nursery rule noHexColors, which flags the use of hexadecimal color codes in CSS and suggests using named colors or RGB/RGBA/HSL/HSLA formats instead.

• #​8786 d876a38 Thanks @​Bertie690! - Added the nursery rule useConsistentMethodSignatures.
  Inspired by the similarly named version from typescript-eslint, this rule aims to enforce a consistent style for methods used inside object types and interfaces.

Examples

Invalid code with style set to "property" (the default):

interface Foo {
  method(a: string): void;
}

Invalid code with style set to "method":

type Bar = {
  prop: (a: string) => void;
}

• #​8864 5e97119 Thanks @​dyc3! - Improved the summary provided by biome migrate eslint to be clearer on why rules were not migrated. Biome now specifies a reason when a rule is not migrated, such as being incompatible with the formatter or not implemented yet. This helps users make more informed decisions when migrating their ESLint configurations to Biome.

• #​8924 99b4cd1 Thanks @​tmohammad78! - Fixed #​8920: noUnknownFunction now knows about sibling-count, and sibling-index css functions

• #​8900 f788cff Thanks @​mdevils! - Fixed #​8885: useExhaustiveDependencies no longer incorrectly reports variables as unnecessary dependencies when they are derived from expressions containing post/pre-increment operators (++/--) or compound assignment operators (+=, -=, etc.).

  let renderCount = 0;
  
  export const MyComponent = () => {
    // `count` is now correctly recognized as a required dependency
    // because `renderCount++` can produce different values between renders
    const count = renderCount++;
  
    useEffect(() => {
      console.log(count);
    }, [count]); // no longer reports `count` as unnecessary
  };

• #​8619 d78e01d Thanks @​Netail! - Added the nursery rule useInputName. Require mutation arguments to be called “input”, and the input type to be called Mutation name + “Input”.

  Invalid:

  type Mutation {
    SetMessage(message: String): String
  }

• #​8922 871b45e Thanks @​siketyan! - Fixed #​8829: Revamped the noGlobalDirnameFilename rule to catch many false negatives that have not been reported.

microsoft/rushstack (@​microsoft/api-extractor)

v7.56.3

Compare Source

Sat, 07 Feb 2026 01:13:26 GMT

Patches

• Upgrade lodash dependency from ~4.17.15 to ~4.17.23.

v7.56.2

Compare Source

Wed, 04 Feb 2026 20:42:47 GMT

Patches

• Update minimatch dependency from 10.0.3 to 10.1.2

v7.56.1

Compare Source

Wed, 04 Feb 2026 16:13:27 GMT

Version update only

web-infra-dev/rslib (@​rslib/core)

v0.19.5

Compare Source

What's Changed

Document 📖

• docs: add guide for using Rspress with Rslib by @​SoonIter in #​1471
• docs: add Rsdoctor guide by @​Timeless0911 in #​1472
• docs: fix Rspress plugin URLs to official-plugins path by @​SoonIter in #​1474

Other Changes

• chore(deps): update all non-major dependencies by @​renovate[bot] in #​1470
• chore(deps): upgrade Rspack to v1.7.5 by @​Timeless0911 in #​1473
• chore(deps): bump Rsbuild 1.7.3 by @​Timeless0911 in #​1475
• Release v0.19.5 by @​Timeless0911 in #​1476

Full Changelog: web-infra-dev/rslib@v0.19.4...v0.19.5

web-infra-dev/rstest (@​rstest/core)

v0.8.4

Compare Source

What's Changed

New Features 🎉

• feat(ui): add viewport option by @​fi3ework in #​945

Performance 🚀

• perf(browser): add lightweight scheduler page for headless mode by @​fi3ework in #​952

Bug Fixes 🐞

• fix: reorganize the logic of color and remove the forced default values by @​fi3ework in #​946
• fix: setup files run only once with no-isolate by @​claneo in #​947
• fix(browser): unify error reporting and avoid duplicate error messages by @​fi3ework in #​950
• fix: should return the same spy instance when respy by @​9aoy in #​955
• fix(core): include worker stderr in unexpected-exit summary by @​fi3ework in #​956

Document 📖

• docs: update vitest migration guide by @​9aoy in #​953
• docs(migration): use diff code block by @​9aoy in #​954
• docs: add TypeScript typings guide for custom matchers by @​9aoy in #​957

Other Changes

• test: drop browser mode test from no-isolate test by @​fi3ework in #​944
• refactor(browser): centralize browser config validation in @​rstest/browser by @​fi3ework in #​951
• test(browser-mode): guard headed e2e case by display availability by @​fi3ework in #​958
• chore(deps): bump rspress 2.0 by @​9aoy in #​918
• chore(deps): update dependency axios to v1.13.5 [security] by @​renovate[bot] in #​959

Full Changelog: web-infra-dev/rstest@v0.8.3...v0.8.4

v0.8.3

Compare Source

What's Changed

Bug Fixes 🐞

• fix(core): align color env priority and improve agent detection by @​fi3ework in #​936
• fix: should not load real implementation when module is mocked by @​9aoy in #​934
• fix: should respect project's slowTestThreshold configuration by @​9aoy in #​938
• fix(browser): avoid log out deleting virtual module by @​fi3ework in #​939

Other Changes

• ci: browser mode less flaky by @​fi3ework in #​932
• chore(deps): bump rsbuild v1.7.3 by @​9aoy in #​937
• test(browser): fix flaky by @​fi3ework in #​940
• ci: add preview release summary to GitHub Actions by @​fi3ework in #​941
• test(e2e): unify timeout time, less flaky by @​fi3ework in #​942

Full Changelog: web-infra-dev/rstest@v0.8.2...v0.8.3

v0.8.2

Compare Source

Highlights 💡

Introducing Markdown reporter for agent 🤖

Rstest automatically detects AI coding agent (Claude Code, Cursor, Codex, opencode, etc.) and switches to Markdown output — no configuration needed.

The structured Markdown format is easier for LLMs to parse and understand compared to traditional terminal output. Each failure includes a one-click repro command so agents can quickly rerun and debug individual test cases. Output is intelligently truncated to stay within context limits even when many tests fail, saving tokens and reducing cost.

For detailed configuration options, see https://rstest.rs/guide/basic/reporters#markdown-reporter.

md-reporter.mp4

What's Changed

New Features 🎉

• feat(core): use md reporter for AI agent by default by @​fi3ework in #​911
• feat: support test sharding by @​9aoy in #​921
• feat: not update snapshots that were not run on test failure by @​9aoy in #​910
• feat: support filter test by full test name by @​9aoy in #​916
• feat(core): support inspector mode for worker pool by @​fi3ework in #​919

Bug Fixes 🐞

• fix(e2e): ensure environment variables are truly unset in CLI helper by @​fi3ework in #​909
• fix(vscode): relax @​rstest/core version requirement by @​fi3ework in #​914
• fix(browser): fix headless config and enable coverage support by @​fi3ework in #​922
• fix(vscode): Unable to use the “Run Tests in File or Folder” feature by @​claneo in #​920
• fix: exit with code 1 when coverage report generate error by @​9aoy in #​924
• fix(coverage): only apply coverage plugin for main js rule by @​9aoy in #​925
• fix(vscode): stderr logs not written to output by @​claneo in #​926
• fix(reporter): create jUnit output dir tree if needed by @​joshuapetryk in #​927

Document 📖

• docs: clarify mock behavior in vitest migration guide by @​9aoy in #​912

Other Changes

• test(e2e): refactor browser snapshot tests for better isolation by @​fi3ework in #​913
• chore: bump browserlist by @​fi3ework in #​923
• test(browser-mode): add comprehensive e2e test coverage by @​fi3ework in #​929
• ci: fix E2E error by @​fi3ework in #​930

New Contributors

• @​joshuapetryk made their first contribution in #​927

Full Changelog: web-infra-dev/rstest@v0.8.1...v0.8.2

ArnaudBarre/eslint-plugin-react-refresh (eslint-plugin-react-refresh)

v0.5.0

Compare Source

Breaking changes

• The package now ships as ESM and requires ESLint 9 + node 20. Because legacy config doesn't support ESM, this requires to use flat config
• A new reactRefresh export is available and prefered over the default export. It's an object with two properties:
  • plugin: The plugin object with the rules
  • configs: An object containing configuration presets, each exposed as a function. These functions accept your custom options, merge them with sensible defaults for that config, and return the final config object.
• customHOCs option was renamed to extraHOCs
• Validation of HOCs calls is now more strict, you may need to add some HOCs to the extraHOCs option

Config example:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig(
  /* Main config */
  reactRefresh.configs.vite({ extraHOCs: ["someLibHOC"] }),
);

Config example without config:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig({
  files: ["**/*.ts", "**/*.tsx"],
  plugins: {
    // other plugins
    "react-refresh": reactRefresh.plugin,
  },
  rules: {
    // other rules
    "react-refresh/only-export-components": [
      "warn",
      { extraHOCs: ["someLibHOC"] },
    ],
  },
});

Why

This version follows a revamp of the internal logic to better make the difference between random call expressions like export const Enum = Object.keys(Record) and actual React HOC calls like export const MemoComponent = memo(Component). (fixes #​93)

The rule now handles ternaries and patterns like export default customHOC(props)(Component) which makes it able to correctly support files like this one given this config:

{
  "react-refresh/only-export-components": [
    "warn",
    { "extraHOCs": ["createRootRouteWithContext"] }
  ]
}

[!NOTE]
Actually createRoute functions from TanStack Router are not React HOCs, they return route objects that fake to be a memoized component but are not. When only doing createRootRoute({ component: Foo }), HMR will work fine, but as soon as you add a prop to the options that is not a React component, HMR will not work. I would recommend to avoid adding any TanStack function to extraHOCs it you want to preserve good HMR in the long term. Bluesky thread.

Because I'm not 100% sure this new logic doesn't introduce any false positive, this is done in a major-like version. This also give me the occasion to remove the hardcoded connect from the rule. If you are using connect from react-redux, you should now add it to extraHOCs like this:

{
  "react-refresh/only-export-components": ["warn", { "extraHOCs": ["connect"] }]
}

sveltejs/eslint-plugin-svelte (eslint-plugin-svelte)

v3.15.0

Compare Source

Minor Changes

• #​1472 a314e4f Thanks @​copilot-swe-agent! - feat: add support for ESLint v10

• #​1461 d8e1dc1 Thanks @​marekdedic! - feat(no-navigation-without-resolve): for links, the rule now reports on the whole attribute

actions/node-versions (node)

v24.13.1: 24.13.1

Compare Source

Node.js 24.13.1

pnpm/pnpm (pnpm)

v10.29.2

Compare Source

v10.29.1: pnpm 10.29.1

Compare Source

Minor Changes

• The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
• Support configuring auditLevel in the pnpm-workspace.yaml file #​10540.
• Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #​10436.

Patch Changes

• Fixed pnpm list --json returning incorrect paths when using global virtual store #​10187.

• Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #​10290.

• Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #​10497.

• Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #​10176.

• Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #​10281.

• Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #​10460.

• Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #​10540.

• update tar to version 7.5.7 to fix security issue

  Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842

• Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #​10325.

• Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #​10271.

• pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #​10561.

• Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #​10457.

Platinum Sponsors

Gold Sponsors

typescript-eslint/typescript-eslint (typescript-eslint)

v8.55.0

Compare Source

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.