Skip to content

Bump the dependencies group across 1 directory with 2 updates#142

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/dependencies-0db7c79132
Open

Bump the dependencies group across 1 directory with 2 updates#142
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/dependencies-0db7c79132

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 2 updates in the / directory: @biomejs/biome and ultracite.

Updates @biomejs/biome from 2.4.16 to 2.5.2

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.2

2.5.2

Patch Changes

  • #10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #10752 f62fb8b Thanks @​ematipico! - Fixed #10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #10796 f1b3ab2 Thanks @​ematipico! - Fixed #10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

    // No longer flagged (returns are `string`):
    function getValue(b: boolean): string {
      if (b) return "a" as string;
      return "b" as string;
    }
    // Now also reported, like as const (returns false):
    function isReady(): boolean {
    return false as false;
    }

  • #10678 8f073a7 Thanks @​PranavAchar01! - Fixed #7718: Biome now correctly parses CSS nesting selectors when & appears as a trailing sub-selector after a type selector, e.g. h1& { color: red; }.

  • #10756 5ec965a Thanks @​denbezrukov! - Fixed CSS formatter output for selector lists with allowWrongLineComments and // comments after a selector comma. Biome now keeps the selector before the line comment inline instead of breaking it across descendant combinators.

    -.powerPathNavigator
    -  .helm
    -  button.pressedButton, // pressed
    +.powerPathNavigator .helm button.pressedButton, // pressed
     .powerPathNavigator .helm button:active:not(.disabledButton) {
     }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.2

Patch Changes

  • #10595 f458028 Thanks @​pkallos! - Added the option ignoreBooleanCoercion to useNullishCoalescing. When enabled, Biome ignores || and ||= used inside a Boolean() call, where coalescing on falsy values is intentional.

  • #10798 4a32b63 Thanks @​pkallos! - Added the option ignorePrimitives to useNullishCoalescing. When enabled, Biome ignores ||, ||=, and ternary expressions whose non-nullish operands are all primitives the option opts out of. Use true to ignore all primitives, or an object selecting string, number, boolean, or bigint.

  • #10545 f3d4c00 Thanks @​Mokto! - Added the new nursery rule noSvelteUnnecessaryStateWrap, which reports unnecessary $state() wrapping of classes from svelte/reactivity that are already reactive.

    <script>
    import { SvelteMap } from "svelte/reactivity";
    const map = $state(new SvelteMap()); // redundant
    </script>
  • #10752 f62fb8b Thanks @​ematipico! - Fixed #10739. Now the rule useValidAutocomplete correctly flags the autoComplete attribute.

  • #10796 f1b3ab2 Thanks @​ematipico! - Fixed #10768. Improved the performance of the Biome Language Server by cancelling certain in-flight operations when there are fast updates.

  • #10719 aa649b5 Thanks @​minseong0324! - Fixed noMisleadingReturnType false positive on returns that use a widening type assertion: "a" as string is no longer reported as misleading. The rule now also reports a literal-pinning assertion such as false as false, matching the existing as const behavior.

    // No longer flagged (returns are `string`):
    function getValue(b: boolean): string {
      if (b) return "a" as string;
      return "b" as string;
    }
    // Now also reported, like as const (returns false):
    function isReady(): boolean {
    return false as false;
    }

  • #10678 8f073a7 Thanks @​PranavAchar01! - Fixed #7718: Biome now correctly parses CSS nesting selectors when & appears as a trailing sub-selector after a type selector, e.g. h1& { color: red; }.

  • #10756 5ec965a Thanks @​denbezrukov! - Fixed CSS formatter output for selector lists with allowWrongLineComments and // comments after a selector comma. Biome now keeps the selector before the line comment inline instead of breaking it across descendant combinators.

    -.powerPathNavigator
    -  .helm
    -  button.pressedButton, // pressed
    +.powerPathNavigator .helm button.pressedButton, // pressed
     .powerPathNavigator .helm button:active:not(.disabledButton) {
     }
  • #10757 6232fcd Thanks @​PranavAchar01! - Fixed #8269: the CSS parser now accepts Tailwind @variant and @utility names that start with a digit, such as the 2xl breakpoint.

... (truncated)

Commits

Updates ultracite from 7.8.3 to 7.9.2

Release notes

Sourced from ultracite's releases.

ultracite@7.9.2

Patch Changes

  • c335a1f: Add **/node_modules and **/.git to the shared ignore patterns. oxlint only skips node_modules when a .gitignore lists it, so in projects without one, ultracite fix would lint and autofix files inside node_modules — corrupting installed packages (e.g. rewriting var enum wrappers in typescript/lib/typescript.js to self-referencing const, causing "Cannot access 'Comparison' before initialization" when oxlint loads eslint-plugin-sonarjs). Fixes #737.

ultracite@7.9.1

Patch Changes

  • ecd10cc: Disable sonarjs/no-implicit-dependencies and github/no-implicit-buggy-globals in the oxlint and ESLint presets. Both produce false positives through oxlint's JS plugin bridge: no-implicit-dependencies has no dependency-manifest resolution so it flags builtin (bun:test) and workspace imports as missing dependencies, and no-implicit-buggy-globals misreads module-scoped declarations such as Astro frontmatter as implicit globals.

  • c76f59d: Disable sonarjs/file-name-differ-from-class in the oxlint and ESLint presets. It fires on any file whose name differs from an exported class, which is noise for the many config and module files that export objects rather than classes.

  • 29e30ce: Fold the github and sonarjs rules into the oxlint core preset. The standalone ultracite/oxlint/github and ultracite/oxlint/sonarjs presets are removed — ultracite ships framework presets, not individual plugins. Their rules now live in ultracite/oxlint/core, so every oxlint setup gets eslint-plugin-github and eslint-plugin-sonarjs through oxlint's JS plugin bridge, matching how the ESLint preset already bundles them into core.

    This is a breaking change to generated configs: ultracite/oxlint/github and ultracite/oxlint/sonarjs no longer exist. Re-run ultracite init to regenerate oxlint.config.ts.

    Also fixed: nine sonarjs rules (async-test-assertions, hooks-before-test-cases, no-duplicate-test-title, no-empty-test-title, no-floating-point-equality, no-forced-browser-interaction, no-trivial-assertions, prefer-specific-assertions, super-linear-regex) that exist in eslint-plugin-sonarjs but that oxlint's JS plugin bridge does not register. Naming them made oxlint hard-fail config parsing, which broke ultracite fix/check for oxlint projects using the sonarjs preset. They are omitted from oxlint core (still enabled in the ESLint preset), and a test now runs oxlint against core to catch this class of regression.

    The React Doctor, github, and sonarjs plugins are installed into your project's devDependencies at init (as the ESLint plugins already were), rather than bundled as dependencies of ultracite — oxlint resolves JS plugin specifiers from the project root, so they must be installed there directly.

  • 8a4291f: Upgrade to Oxlint 1.72.0 and Oxfmt 0.57.0. Oxfmt 0.57 adds native CSS and GraphQL formatters. The five new non-nursery Oxlint rules from the 1.71/1.72 releases are already covered by the presets (node/no-sync, node/no-mixed-requires, unicorn/prefer-number-coercion, unicorn/max-nested-calls, vue/no-async-in-computed-properties). The markdown ::: container-directive fence patch (which keeps proseWrap: "never" from folding fences into prose) was regenerated against the 0.57 bundle.

ultracite@7.9.0

Minor Changes

  • aea7fc0: Update Biome to 2.5.2 and enable the newly-stabilized rules. This adds coverage for the rules promoted out of nursery in Biome 2.5.0, including noShadow, noUnnecessaryConditions, noUnusedInstantiation (formerly noFloatingClasses), useArrayFind, useDestructuring, useGlobalThis, useErrorCause, noNestedPromises, GraphQL validation rules, and the recommended Vue/Next.js domain rules.
  • 2687cf9: Align the ESLint and Biome presets with the oxlint preset, which is now the benchmark for rule decisions across linters. ESLint: rules that oxlint deliberately disables are now off (no-console, no-continue, id-length, new-cap, max-depth, no-implicit-coercion, no-underscore-dangle, init-declarations, n/no-sync, promise/always-return, promise/catch-or-return, import-x/no-commonjs, import-x/no-dynamic-require, import-x/no-nodejs-modules, import-x/unambiguous, import-x/no-anonymous-default-export, @typescript-eslint/explicit-member-accessibility, @typescript-eslint/explicit-module-boundary-types, @typescript-eslint/no-require-imports, and the unicorn rules explicit-length-check, max-nested-calls, no-process-exit, prefer-global-this, prefer-string-raw, prefer-top-level-await); consistent-type-definitions now enforces interface instead of type, matching oxlint and Biome; no-void allows statement position to coexist with no-floating-promises; import-x/no-named-as-default is enabled; and curly and no-unexpected-multiline are re-enabled past eslint-config-prettier. Biome: noAwaitInLoops and noIncrementDecrement are now errors and the useSortedKeys assist is on (matching no-await-in-loop, no-plusplus, and sort-keys in the other presets), while useGlobalThis is off (matching unicorn/prefer-global-this).
  • 73c1993: Require ESLint 10 for ESLint setups. The plugin suite upgrade (notably eslint-plugin-unicorn 70 and eslint-plugin-astro 2) requires ESLint 10, but ultracite init still installed eslint@^9.0.0, which crashed at config load time. Init now installs eslint@^10.0.0 and @eslint/js@^10.0.0, and the presets are fixed for ESLint 10 compatibility: settings.react.version is pinned to 19.0.0 instead of "detect" (detection uses an API removed in ESLint 10), react/jsx-filename-extension and react/forward-ref-uses-ref are disabled (their implementations use removed APIs; the former is already off in the oxlint preset and the latter is covered by react-doctor/no-react19-deprecated-apis), the react config re-applies eslint-config-prettier so JSX formatting rules stay off (several crash under ESLint 10), and import-x/no-unused-modules is disabled (it is a warning-emitting no-op under ESLint 10). Note that some plugins (eslint-plugin-github, eslint-plugin-react, eslint-plugin-jsx-a11y, eslint-plugin-solid, @tanstack/eslint-plugin-start) have not yet updated their declared peer ranges to include ESLint 10 even though they work at runtime, so strict package managers may report peer dependency warnings.
  • 4cfdf3d: Add eslint-plugin-jsdoc to the ESLint preset. The oxlint preset already enforces a set of jsdoc rules, but the ESLint preset had no jsdoc coverage at all. The plugin is now installed by ultracite init for ESLint setups and enables the same rule selection the oxlint preset enforces (check-access, check-property-names, check-tag-names, empty-tags, implements-on-classes, no-defaults, and the require-* description/name/type rules), keeping the two presets in lockstep.
  • 0b8fc12: Upgrade the ESLint plugin suite and enable the new rules that ship with it. Notable bumps: eslint-plugin-unicorn 64 → 70 (adds a large batch of new correctness and quality rules), eslint-plugin-astro 1 → 2 (adds no-omitted-end-tags, now requires ESLint 10), eslint-plugin-sonarjs 4.0 → 4.1 (adds test-assertion and ReDoS rules like super-linear-regex), eslint-plugin-svelte 3.19 → 3.20 (adds no-at-const-tags), plus @typescript-eslint, eslint-plugin-import-x, eslint-plugin-n, @vitest/eslint-plugin, and others. Two Unicorn rules that were renamed are re-mapped in the config (prefer-dom-node-datasetdom-node-dataset, prevent-abbreviationsname-replacements). Two new Unicorn rules are disabled: prefer-temporal (since Temporal still lacks broad runtime support) and no-asterisk-prefix-in-documentation-comments (it fights the conventional JSDoc comment style).
  • 4440393: Bring the oxlint preset closer to ESLint parity with two new presets that run ESLint plugins through oxlint's JS plugin support: ultracite/oxlint/github (eslint-plugin-github) and ultracite/oxlint/sonarjs (eslint-plugin-sonarjs, 187 rules — type-aware rules are excluded since the JS plugin bridge provides no type information, and no-reference-error is off because the bridge provides no globals). ultracite init now adds both presets to generated oxlint configs and installs the two plugins; existing configs are untouched until the next init, and either preset can be dropped from extends to opt out (the plugins add roughly 1–3s to a lint run for the JS runtime bridge). Rule decisions mirror the oxlint benchmark in both directions: the ESLint preset now disables sonarjs/file-header (it errored on every file), sonarjs/arrow-function-convention (fights the formatter), sonarjs/cyclomatic-complexity, sonarjs/max-lines, sonarjs/max-lines-per-function, sonarjs/nested-control-flow (duplicates of core rules the preset disables), sonarjs/shorthand-property-grouping (conflicts with sort-keys), and github/no-dataset (conflicts with unicorn/prefer-dom-node-dataset), and sets sonarjs/cognitive-complexity to 20 to match Biome's noExcessiveCognitiveComplexity. Switching linters with init no longer removes dependencies that the newly selected linter still needs.
  • f7025b1: Extend cross-linter parity to the framework presets and add an automated parity check. The oxlint react preset now explicitly lists all 102 non-nursery react/react-perf/jsx-a11y rules (previously only ~20 were configured, so most a11y and correctness rules silently never ran) and the next preset lists all 21 nextjs rules, with decisions matching the ESLint presets. The revived exhaustiveness test (the oxlint --rules markdown output it parsed is empty as of oxlint 1.72, so it was passing vacuously) also caught five newly stabilized rules which are now enabled: getter-return, no-unreachable, oxc/branches-sharing-code, unicorn/prefer-export-from, and unicorn/prefer-single-call. ESLint preset fixes that fell out of the audit: no-loss-of-precision and no-duplicate-imports are re-enabled for TypeScript files (their @typescript-eslint twins were removed in v8, leaving TS uncovered), no-duplicate-imports gets allowSeparateTypeImports to match oxlint, the react/vue configs now only re-apply the react/-vue/-prefixed entries of eslint-config-prettier so they can't clobber unrelated rules, the svelte preset keeps the formatting rules disabled that eslint-plugin-svelte's own prettier preset lists, and astro/semi is off (Prettier owns formatting). A new compare-rule-parity script runs as part of validate:configs: it resolves the effective ESLint rule sets with ESLint's own config resolution, normalizes names to oxlint's, and fails on any divergence not recorded in an explicit allowlist — currently just two entries (sonarjs/no-reference-error, unicorn/number-literal-case), both with documented reasons.
  • 223233f: Add React Doctor rules to the ESLint and Oxlint React, Next.js, and TanStack presets. This enables React Doctor's own rules — the "You Might Not Need an Effect" family (no-fetch-in-effect, no-derived-state, no-mirror-prop-effect, etc.) plus its render-performance, hydration, server-component, security, and framework-specific rules — via eslint-plugin-react-doctor and the oxlint-plugin-react-doctor JS plugin. Rules that React Doctor ports from eslint-plugin-react, eslint-plugin-react-hooks, and eslint-plugin-jsx-a11y are intentionally left off to avoid duplicate diagnostics with the plugins Ultracite already ships.

Patch Changes

  • d247ff2: Migrate stale linter and formatter configuration when switching toolchains during init. Running ultracite init now removes config files and dependencies for unselected Biome, ESLint/Prettier/Stylelint, or Oxlint/Oxfmt setups before writing the selected toolchain config.
  • e24068b: Sort package.json keys when using Biome

ultracite@7.8.4

Patch Changes

  • e4ddd22: Ignore .yarn directories by default
  • a1d5c06: Configure Oxfmt to never wrap prose (proseWrap: "never")
  • df709a4: Ignore .wrangler and .wrangler-dry-run output directories by default
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 2 updates in the / directory: [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) and [ultracite](https://github.com/haydenbleasel/ultracite).


Updates `@biomejs/biome` from 2.4.16 to 2.5.2
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.2/packages/@biomejs/biome)

Updates `ultracite` from 7.8.3 to 7.9.2
- [Release notes](https://github.com/haydenbleasel/ultracite/releases)
- [Commits](https://github.com/haydenbleasel/ultracite/compare/ultracite@7.8.3...ultracite@7.9.2)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: ultracite
  dependency-version: 7.9.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants