fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/core (source)	^7.28.0 -> ^7.28.3
@biomejs/biome (source)	2.1.3 -> 2.2.0
@cloudflare/workers-types	^4.20250806.0 -> ^4.20250816.0
@eslint/js (source)	^9.32.0 -> ^9.33.0
@hono/node-server	^1.18.1 -> ^1.19.0
@inquirer/prompts (source)	^7.8.0 -> ^7.8.3
@mantine/core (source)	^8.2.3 -> ^8.2.5
@mantine/hooks (source)	^8.2.3 -> ^8.2.5
@prisma/client (source)	^6.13.0 -> ^6.14.0
@sentry/react (source)	^10.1.0 -> ^10.5.0
@sentry/solid (source)	^10.1.0 -> ^10.5.0
@sentry/vite-plugin (source)	^4.0.2 -> ^4.1.1
@sentry/vue (source)	^10.1.0 -> ^10.5.0
@tailwindcss/vite (source)	^4.1.11 -> ^4.1.12
@types/react (source)	^19.1.9 -> ^19.1.10
@typescript-eslint/parser (source)	^8.39.0 -> ^8.39.1
@typescript-eslint/utils (source)	^8.39.0 -> ^8.39.1
aws-cdk (source)	^2.1024.0 -> ^2.1025.0
aws-cdk-lib (source)	^2.209.1 -> ^2.211.0
babel-preset-solid (source)	^1.9.6 -> ^1.9.9
browserless (source)	^10.7.11 -> ^10.7.13
bumpp	^10.2.2 -> ^10.2.3
cdk (source)	^2.1024.0 -> ^2.1025.0
esbuild	^0.25.8 -> ^0.25.9
eslint (source)	^9.32.0 -> ^9.33.0
fastify (source)	^5.4.0 -> ^5.5.0
hono (source)	^4.8.12 -> ^4.9.2
lucide-react (source)	^0.536.0 -> ^0.539.0
prisma (source)	^6.13.0 -> ^6.14.0
puppeteer (source)	^24.16.0 -> ^24.16.2
solid-js (source)	^1.9.7 -> ^1.9.9
tailwindcss (source)	^4.1.11 -> ^4.1.12
tsx (source)	^4.20.3 -> ^4.20.4
turbo (source)	2.5.5 -> 2.5.6
turbo (source)	^2.5.5 -> ^2.5.6
tw-animate-css	^1.3.6 -> ^1.3.7
typescript-eslint (source)	^8.39.0 -> ^8.39.1
vike	^0.4.236 -> ^0.4.237
vite (source)	^7.0.6 -> ^7.1.2
wrangler (source)	^4.28.0 -> ^4.30.0

---

Release Notes

babel/babel (@​babel/core)

v7.28.3

Compare Source

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #​17443 [static blocks] Do not inject new static fields after static code (@​nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #​17465 fix(parser/typescript): parse import("./a", {with:{},}) (@​easrng)
  • #​17478 fix(parser): stop subscript parsing on async arrow (@​JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #​17363 Do not save last yield in call in temp var (@​nicolo-ribaudo)

📝 Documentation

• #​17448 move eslint-{parser,plugin} docs to the website (@​JLHwung)

🏠 Internal

• #​17454 Enable type checking for scripts and babel-worker.cjs (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #​17444 Optimize do expression output (@​JLHwung)

biomejs/biome (@​biomejs/biome)

v2.2.0

Compare Source

Minor Changes

• #​5506 1f8755b Thanks @​sakai-ast! - The noRestrictedImports rule has been enhanced with a new patterns option. This option allows for more flexible and powerful import restrictions using gitignore-style patterns.

  You can now define patterns to restrict entire groups of modules. For example, you can disallow imports from any path under import-foo/ except for import-foo/baz.

  {
    "options": {
      "patterns": [
        {
          "group": ["import-foo/*", "!import-foo/baz"],
          "message": "import-foo is deprecated, except for modules in import-foo/baz."
        }
      ]
    }
  }

  Invalid examples

  import foo from "import-foo/foo";
  import bar from "import-foo/bar";

  Valid examples

  import baz from "import-foo/baz";

  Additionally, the patterns option introduces importNamePattern to restrict specific import names using regular expressions.
  The following example restricts the import names that match x , y or z letters from modules under import-foo/.

  {
    "options": {
      "patterns": [
        {
          "group": ["import-foo/*"],
          "importNamePattern": "[xyz]"
        }
      ]
    }
  }

  Invalid examples

  import { x } from "import-foo/foo";

  Valid examples

  import { foo } from "import-foo/foo";

  Furthermore, you can use the invertImportNamePattern boolean option to reverse this logic. When set to true, only the import names that match the importNamePattern will be allowed. The following configuration only allows the import names that match x , y or z letters from modules under import-foo/.

  {
    "options": {
      "patterns": [
        {
          "group": ["import-foo/*"],
          "importNamePattern": "[xyz]",
          "invertImportNamePattern": true
        }
      ]
    }
  }

  Invalid examples

  import { foo } from "import-foo/foo";

  Valid examples

  import { x } from "import-foo/foo";

• #​6506 90c5d6b Thanks @​nazarhussain! - Allow customization of the sort order for different sorting actions. These actions now support a sort option:

  • assist/source/useSortedKeys now has a sortOrder option
  • assist/source/useSortedAttributes now has a sortOrder option
  • assist/source/organizeImports now has an identifierOrder option

  For each of these options, the supported values are the same:

  1. natural. Compares two strings using a natural ASCII order. Uppercase letters come first (e.g. A < a < B < b) and number are compared in a human way (e.g. 9 < 10). This is the default value.
  2. lexicographic. Strings are ordered lexicographically by their byte values. This orders Unicode code points based on their positions in the code charts. This is not necessarily the same as “alphabetical” order, which varies by language and locale.

• #​7159 df3afdf Thanks @​ematipico! - Added the new rule useBiomeIgnoreFolder. Since v2.2, Biome correctly prevents the indexing and crawling of folders.

  However, the correct pattern has changed. This rule attempts to detect incorrect usage, and promote the new pattern:

  // biome.json
  {
    "files": {
      "includes": [
  -      "!dist/**",
  -      "!**/fixtures/**",
  +      "!dist",
  +      "!**/fixtures",
      ]
    }
  }

• #​6989 85b1128 Thanks @​arendjr! - Fixed minor inconsistencies in how files.includes was being handled.

  Previously, Biome sometimes failed to properly ignore the contents of a folder if you didn't specify the /** at the end of a glob pattern. This was unfortunate, because it meant we still had to traverse the folder and then apply the glob to every entry inside it.

  This is no longer an issue and we now recommend to ignore folders without using the /** suffix.

• #​7118 a78e878 Thanks @​avshalomt2! - Added support for .graphqls files. Biome can now format and lint GraphQL files that have the extension .graphqls

• #​6159 f02a296 Thanks @​bavalpey! - Added a new option to Biome's JavaScript formatter, javascript.formatter.operatorLinebreak, to configure whether long lines should be broken before or after binary operators.

  For example, the following configuration:

  {
    formatter: {
      javascript: {
        operatorLinebreak: "before", // defaults to "after"
      },
    },
  }

  Will cause this JavaScript file:

  const VERY_LONG_CONDITION_1234123412341234123412341234 = false;
  
  if (
    VERY_LONG_CONDITION_1234123412341234123412341234 &&
    VERY_LONG_CONDITION_1234123412341234123412341234 &&
    VERY_LONG_CONDITION_1234123412341234123412341234 &&
    VERY_LONG_CONDITION_1234123412341234123412341234
  ) {
    console.log("DONE");
  }

  to be formatted like this:

  const VERY_LONG_CONDITION_1234123412341234123412341234 = false;
  if (
    VERY_LONG_CONDITION_1234123412341234123412341234 &&
    VERY_LONG_CONDITION_1234123412341234123412341234 &&
    VERY_LONG_CONDITION_1234123412341234123412341234 &&
    VERY_LONG_CONDITION_1234123412341234123412341234
  ) {
    console.log("DONE");
  }

• #​7137 a653a0f Thanks @​ematipico! - Promoted multiple lint rules from nursery to stable groups and renamed several rules for consistency.

Promoted rules

The following rules have been promoted from nursery to stable groups:

CSS

• Promoted noImportantStyles to the complexity group.
• Promoted noUnknownAtRules to the suspicious group.

GraphQL

• Promoted useGraphqlNamedOperations to the correctness group.
• Promoted useGraphqlNamingConvention to the style group.

JavaScript/TypeScript

• Promoted noExcessiveLinesPerFunction to the complexity group.
• Promoted noImplicitCoercions to the complexity group.
• Promoted useIndexOf to the complexity group.
• Promoted noGlobalDirnameFilename to the correctness group.
• Promoted noNestedComponentDefinitions to the correctness group.
• Promoted noProcessGlobal to the correctness group.
• Promoted noReactPropAssignments to the correctness group.
• Promoted noRestrictedElements to the correctness group.
• Promoted noSolidDestructuredProps to the correctness group.
• Promoted useJsonImportAttributes to the correctness group.
• Promoted useParseIntRadix to the correctness group.
• Promoted useSingleJsDocAsterisk to the correctness group.
• Promoted useUniqueElementIds to the correctness group.
• Promoted noAwaitInLoops to the performance group.
• Promoted noUnwantedPolyfillio to the performance group.
• Promoted useGoogleFontPreconnect to the performance group.
• Promoted useSolidForComponent to the performance group.
• Promoted noMagicNumbers to the style group.
• Promoted useConsistentObjectDefinitions to the style group.
• Promoted useExportsLast to the style group.
• Promoted useGroupedAccessorPairs to the style group.
• Promoted useNumericSeparators to the style group.
• Promoted useObjectSpread to the style group.
• Promoted useReadonlyClassProperties to the style group.
• Promoted useSymbolDescription to the style group.
• Promoted useUnifiedTypeSignatures to the style group.
• Promoted noBitwiseOperators to the suspicious group.
• Promoted noConstantBinaryExpressions to the suspicious group.
• Promoted noTsIgnore to the suspicious group.
• Promoted noUnassignedVariables to the suspicious group.
• Promoted noUselessRegexBackrefs to the suspicious group.
• Promoted noUselessStringEscapes to the suspicious group.
• Promoted useConsistentIterableCallbackReturnValues to the suspicious group.
• Promoted useStaticResponseMethods to the suspicious group.

Renamed rules

The following rules have been renamed during promotion. The migration tool will automatically update your configuration:

• Renamed noAwaitInLoop to noAwaitInLoops.
• Renamed noConstantBinaryExpression to noConstantBinaryExpressions.
• Renamed noDestructuredProps to noSolidDestructuredProps.
• Renamed noImplicitCoercion to noImplicitCoercions.
• Renamed noReactPropAssign to noReactPropAssignments.
• Renamed noUnknownAtRule to noUnknownAtRules.
• Renamed noUselessBackrefInRegex to noUselessRegexBackrefs.
• Renamed useAdjacentGetterSetter to useGroupedAccessorPairs.
• Renamed useConsistentObjectDefinition to useConsistentObjectDefinitions.
• Renamed useConsistentResponse to useStaticResponseMethods.
• Renamed useForComponent to useSolidForComponent.
• Renamed useJsonImportAttribute to useJsonImportAttributes.
• Renamed useNamedOperation to useGraphqlNamedOperations.
• Renamed useNamingConvention to useGraphqlNamingConvention.
• Renamed useUnifiedTypeSignature to useUnifiedTypeSignatures.

Configuration files using the old rule names will need to be updated. Use the migration tool to automatically update your configuration:

biome migrate --write

• #​7159 df3afdf Thanks @​ematipico! - Added the new rule noBiomeFirstException. This rule prevents the incorrect usage of patterns inside files.includes.

  This rule catches if the first element of the array contains !. This mistake will cause Biome to analyze no files:

  // biome.json
  {
    files: {
      includes: ["!dist/**"], // this is an error
    },
  }

• #​6923 0589f08 Thanks @​ptkagori! - Added Qwik Domain to Biome

  This release introduces Qwik domain support in Biome, enabling Qwik developers to use Biome as a linter and formatter for their projects.

  • Added the Qwik domain infrastructure to Biome.
  • Enabled the following rules for Qwik:
    • useJsxKeyInIterable
    • noReactSpecificProps

• #​6989 85b1128 Thanks @​arendjr! - Fixed #​6965: Implemented smarter scanner for project rules.

  Previously, if project rules were enabled, Biome's scanner would scan all dependencies regardless of whether they were used by/reachable from source files or not. While this worked for a first version, it was far from optimal.

  The new scanner first scans everything listed under the files.includes setting, and then descends into the dependencies that were discovered there, including transitive dependencies. This has three main advantages:

  • Dependencies that are not reachable from your source files don't get indexed.
  • Dependencies that have multiple type definitions, such as those with separate definitions for CommonJS and ESM imports, only have the relevant definitions indexed.
  • If vcs.useIgnoreFile is enabled, .gitignore gets respected as well. Assuming you have folders such as build/ or dist/ configured there, those will be automatically ignored by the scanner.

  The change in the scanner also has a more nuanced impact: Previously, if you used files.includes to ignore a file in an included folder, the scanner would still index this file. Now the file is fully ignored, unless you import it.

  As a user you should notice better scanner performance (if you have project rules enabled), and hopefully you need to worry less about configuring files.experimentalScannerIgnores. Eventually our goal is still to deprecate that setting, so if you're using it today, we encourage you to see which ignores are still necessary there, and whether you can achieve the same effect by ignoring paths using files.includes instead.

  None of these changes affect the scanner if no project rules are enabled.

• #​6731 d6a05b5 Thanks @​ematipico! - The --reporter=summary has been greatly enhanced. It now shows the list of files that contains violations, the files shown are clickable and can be opened from the editor.

  Below an example of the new version:

  reporter/parse ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  
    i The following files have parsing errors.
  
    - index.css
  
  reporter/format ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  
    i The following files needs to be formatted.
  
    - index.css
    - index.ts
    - main.ts
  
  reporter/violations ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  
    i Some lint rules or assist actions reported some violations.
  
    Rule Name                                        Diagnostics
  
    lint/correctness/noUnknownFunction               14 (2 error(s), 12 warning(s), 0 info(s))
    lint/suspicious/noImplicitAnyLet                 16 (12 error(s), 4 warning(s), 0 info(s))
    lint/suspicious/noDoubleEquals                   8 (8 error(s), 0 warning(s), 0 info(s))
    assist/source/organizeImports                    2 (2 error(s), 0 warning(s), 0 info(s))
    lint/suspicious/noRedeclare                      12 (12 error(s), 0 warning(s), 0 info(s))
    lint/suspicious/noDebugger                       8 (8 error(s), 0 warning(s), 0 info(s))
  
  

• #​6896 527db7f Thanks @​ematipico! - Added new functions to the @biomejs/wasm-* packages:

  • fileExists: returns whether the input file exists in the workspace.
  • isPathIgnored: returns whether the input path is ignored.
  • updateModuleGraph: updates the internal module graph of the input path.
  • getModuleGraph: it returns a serialized version of the internal module graph.
  • scanProject: scans the files and directories in the project to build the internal module graph.

• #​6398 d1a315d Thanks @​josh-! - Added support for tracking stable results in user-provided React hooks that return objects to useExhaustiveDependencies to compliment existing support for array return values. For example:

  // biome.json
  {
    // rule options
    useExhaustiveDependencies: {
      level: "error",
      options: {
        hooks: [
          {
            name: "useCustomHook",
            stableResult: ["setMyState"],
          },
        ],
      },
    },
  }

  This will allow the following to be validated:

  const { myState, setMyState } = useCustomHook();
  const toggleMyState = useCallback(() => {
    setMyState(!myState);
  }, [myState]); // Only `myState` needs to be specified here.

• #​7201 2afaa49 Thanks @​Conaclos! - Implemented #​7174. useConst no longer reports variables that are read before being written.

  Previously, useConst reported uninitialised variables that were read in an inner function before being written, as shown in the following example:

  let v;
  function f() {
    return v;
  }
  v = 0;

  This can produce false positives in the case where f is called before v has been written, as in the following code:

  let v;
  function f() {
    return v;
  }
  console.log(f()); // print `undefined`
  v = 0;

  Although this is an expected behavior of the original implementation, we consider it problematic since the rule’s fix is marked as safe.
  To avoid false positives like this, the rule now ignores the previous examples.
  However, this has the disadvantage of resulting in false negatives, such as not reporting the first example.

Patch Changes

• #​7156 137d111 Thanks @​ematipico! - Fixed #​7152. Now the rule noDuplicateFontNames correctly detects font names with spaces e.g. Liberation Mono. The diagnostic of the rule now points to the first instances of the repeated font.

  The following example doesn't trigger the rule anymore:

  c {
    font-family:
      SF Mono,
      Liberation Mono,
      sans-serif;
  }
  d {
    font:
      1em

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.