chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	^2.4.8 → ^2.4.10
@crowdin/crowdin-api-client	^1.53.3 → ^1.55.1
@dotenvx/dotenvx	^1.55.1 → ^1.60.2
@effect/language-service	^0.80.0 → ^0.84.3
@effect/vitest (source)	^0.28.0 → ^0.29.0
allure-commandline	^2.38.0 → ^2.38.1
allure-js-commons (source)	^3.6.0 → ^3.7.0
allure-vitest (source)	^3.6.0 → ^3.7.0
jsdom	^29.0.0 → ^29.0.2
knip (source)	^5.88.0 → ^5.88.1

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.10

Compare Source

Patch Changes

• #​8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

  The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

  // Invalid
  setTimeout("alert('Hello');", 100);
  
  // Valid
  setTimeout(() => alert("Hello"), 100);

• #​9320 93c3b6c Thanks @​taberoajorge! - Fixed #​7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

• #​9630 1dd4a56 Thanks @​raashish1601! - Fixed #​9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

• #​9216 04243b0 Thanks @​FrederickStempfle! - Fixed #​9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

  Previously, only the global process object was flagged:

  import process from "node:process";
  // This was not flagged, but now it is:
  console.log(process.env.NODE_ENV);

• #​9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

• #​9627 06a0f35 Thanks @​ematipico! - Fixed #​191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

  Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

  Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

• #​9643 5bfee36 Thanks @​dyc3! - Fixed #​9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

• #​9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

• #​9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

• #​9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

• #​9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

• #​9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

• #​9623 13b3261 Thanks @​ematipico! - Fixed #​9258: --skip no longer causes suppressions/unused warnings for suppression comments targeting skipped rules or domains.

• #​9631 599dd04 Thanks @​raashish1601! - Fixed #​9625: experimentalEmbeddedSnippetsEnabled no longer crashes when a file mixes formatable CSS-in-JS templates with tagged templates that the embedded formatter can't currently delegate, such as a styled-components interpolation returning `css```.

v2.4.9

Compare Source

Patch Changes

• #​9315 085d324 Thanks @​ematipico! - Added a new nursery CSS rule noDuplicateSelectors, that disallows duplicate selector lists within the same at-rule context.

  For example, the following snippet triggers the rule because the second selector and the first selector are the same:

  /* First selector */
  .x .y .z {
  }
  
  /* Second selector */
  .x {
    .y {
      .z {
      }
    }
  }

• #​9567 b7ab931 Thanks @​ematipico! - Fixed #​7211: useOptionalChain now detects negated logical OR chains. The following code is now considered invalid:

  !foo || !foo.bar;

• #​8670 607ebf9 Thanks @​tt-a1i! - Fixed #​8345: useAdjacentOverloadSignatures no longer reports false positives for static and instance methods with the same name. Static methods and instance methods are now treated as separate overload groups.

  class Kek {
    static kek(): number {
      return 0;
    }
    another(): string {
      return "";
    }
    kek(): number {
      return 1;
    } // no longer reported as non-adjacent
  }

• #​9476 97b80a8 Thanks @​masterkain! - Fixed #9475: Fixed a panic when Biome analyzed ambient TypeScript modules containing class constructor, getter, or setter signatures that reference local type aliases. Biome now handles these declarations without crashing during semantic analysis.

• #​9553 0cd5298 Thanks @​dyc3! - Fixed a bug where enabling the rules of a whole group, would enable rules that belonged to a domain under the same group.

  For example, linter.rules.correctness = "error" no longer enables React- or Qwik-specific correctness rules unless linter.domains.react, linter.domains.qwik, or an explicit rule config also enables them, or their relative dependencies are installed.

• #​9586 4cafb71 Thanks @​dyc3! - Fixed #​8828: Grit patterns using export { $foo } from $source now match named re-exports in JavaScript and TypeScript files.

• #​9550 d4e3d6e Thanks @​dyc3! - Fixed #​9548: Biome now parses conditional expressions whose consequent is an arrow function returning a parenthesized object expression.

• #​8696 a7c19cc Thanks @​Faizanq! - Fixed #​8685 where noUselessLoneBlockStatements would remove empty blocks containing comments. The rule now preserves these blocks since comments may contain important information like TODOs or commented-out code.

• #​9557 6671ac5 Thanks @​datalek! - Fixed #​9557: Biome's LSP server no longer crashes on startup when used with editors that don't send workspaceFolders during initialization. This affected any LSP client that only sends rootUri, which is valid per the LSP specification.

• #​9455 1710cf1 Thanks @​omar-y-abdi! - Fixed #​9174: useExpect now correctly rejects asymmetric matchers in Vitest or Jest like expect.stringContaining(), expect.objectContaining(), and utilities like expect.extend() that are not valid assertions. Previously these constructs caused false negatives, allowing tests without real assertions to pass the lint rule.

• #​9584 956e367 Thanks @​ematipico! - Fixed a bug where Vue directive attribute values like v-bind:class="{'dynamic': true}" were incorrectly parsed as JavaScript statements instead of expressions. Object literals inside directive values like :class, v-if, and v-html are now correctly parsed as expressions, preventing spurious parse errors.

• #​9474 e168494 Thanks @​ematipico! - Added the new nursery rule noUntrustedLicenses. This rule disallows dependencies that ship with invalid licenses or licenses that don't meet the criteria of your project/organisation.

  The rule has the following options:

  • allow: a list of licenses that can be allowed. Useful to bypass possible invalid licenses from downstream dependencies.
  • deny: a list of licenses that should trigger the rule. Useful to deny licenses that don't fit your project/organisation.
    When both deny and allow are provided, deny takes precedence.
  • requireOsiApproved: whether the licenses need to be approved by the Open Source Initiative.
  • requireFsfLibre: whether the licenses need to be approved by the Free Software Foundation.

• #​9544 723798b Thanks @​ViniciusDev26! - Added an unsafe fix to useConsistentMethodSignatures that automatically converts between method-style and property-style signatures.

• #​9555 8a3647b Thanks @​ematipico! - Fixed #188: the Biome Language Server no longer panics when open files change abruptly, such as during git branch checkouts.

• #​9605 f65c637 Thanks @​ematipico! - Fixed #​9589. Now Biome correctly parses object expressions inside props and directives. The following code doesn't emit errors anymore:

  <style is:global define:vars={{ bgLight: light }}>
  <Component name={{ first, name }} />

• #​9565 ccb249e Thanks @​eyupcanakman! - Fixed #​9505: noUselessStringConcat no longer reports tagged template literals as useless string concatenations. Tagged templates invoke a function and can return non-string values, so combining them with + is not equivalent to a single template literal.

• #​9534 4d050df Thanks @​Netail! - Added the nursery rule noInlineStyles. The rule disallows the use of inline style attributes in HTML and the style prop in JSX, including React.createElement calls. Inline styles make code harder to maintain and can interfere with Content Security Policy.

• #​9611 cddaa44 Thanks @​gaauwe! - Fixed a regression where Biome LSP could misread editor settings sent through workspace/didChangeConfiguration when the payload was wrapped in a top-level biome key. This caused requireConfiguration and related settings to be ignored in some editors.

crowdin/crowdin-api-client-js (@​crowdin/crowdin-api-client)

v1.55.1

Compare Source

What's Changed

• build(deps): bump axios from 1.13.6 to 1.14.0 by @​dependabot[bot] in #​648
• build(deps-dev): bump typescript-eslint from 8.57.2 to 8.58.0 in the dev-dependencies group by @​dependabot[bot] in #​647
• build(deps): pin axios version by @​andrii-bodnar in #​650
• build(deps): bump lodash from 4.17.23 to 4.18.1 by @​dependabot[bot] in #​651

Full Changelog: crowdin/crowdin-api-client-js@1.55.0...1.55.1

v1.55.0

Compare Source

What's Changed

• feat: add support for update options in string batch operations and edit string methods by @​andrii-bodnar in #​645
• feat: add AI Gateway provider methods by @​Copilot in #​646
• build(deps-dev): bump flatted from 3.3.2 to 3.4.2 by @​dependabot[bot] in #​642
• build(deps-dev): bump typescript-eslint from 8.57.1 to 8.57.2 in the dev-dependencies group by @​dependabot[bot] in #​643
• build(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in #​644

Full Changelog: crowdin/crowdin-api-client-js@1.54.0...1.55.0

v1.54.0

Compare Source

What's Changed

• fix(style-guides): simplify dual-platform models with optional groupId by @​YHorodyskyi in #​639
• feat: add AI File Translation methods for Crowdin and Crowdin Enterprise by @​Copilot in #​640

Full Changelog: crowdin/crowdin-api-client-js@1.53.3...1.54.0

dotenvx/dotenvx (@​dotenvx/dotenvx)

v1.60.2

Compare Source

Changed

• Communicate local key and armored key (for Ops stored keys) (#​778)

v1.60.1

Compare Source

Added

• Added missing + key ⛨ for Ops stored keys (#​777)

v1.60.0

Compare Source

Added

• Add spinner with loading messages
  • injecting (run)
  • encrypting (encrypt, set)
  • decrypting (decrypt, get)
  • rotating (rotate)
  • retrieving (keypair)

v1.59.1

Compare Source

Added

• add HELLO key to the kit sample to match most of our examples in the README

v1.59.0

Compare Source

Changed

• encrypt and set now create a .env file if one does not exist (#​771)
• pass --no-create to prevent file creation

v1.58.0

Compare Source

Changed

• Changed runtime injection message to format ⟐ injecting env (N) from FILE · dotenvx@VERSION (#​770)

v1.57.5

Compare Source

Changes

• Improve already installed message (#​768)

v1.57.4

Compare Source

Changes

• Use curl example for install dotenvx.com/ops (#​767)

v1.57.3

Compare Source

Changes

• Simplify installed success message (#​766)

v1.57.2

Compare Source

Changes

• Ran npm audit to update package-lock.json (#​763)

v1.57.1

Compare Source

Changes

• improved error logs and compacted most to a single line (#​755)

• introduced leading log glyphs as a visual status language:

  • ◈ success action (encrypted)
  • ◇ success action (set plain value, decrypted)
  • ⟳ success action (rotated)
  • ○ informational no-op (no changes)
  • ▣ success action for generated/updated support files
  • ⚠ warning
  • ☠ error

v1.57.0

Compare Source

Changed

• color and formatting changes to outputs (#​754)

v1.56.0

Compare Source

Changed

• ops off flag — now respected by get, keypair, rotate, and encrypt (#​750)
• --pp alias — added as shorthand for --pretty-print; toward sunsetting -pp (#​750)

Removed

• Remove support for .env.vault files (#​750)

Effect-TS/language-service (@​effect/language-service)

v0.84.3

Compare Source

Patch Changes

• #​711 892984f Thanks @​mattiamanzati! - Report floating Stream values in Effect projects by parsing Stream types in the diagnostic type parser and checking them in floatingEffect for both v3 and v4 harnesses.

• #​709 0372f58 Thanks @​mattiamanzati! - Fix the Effect v4 completion harness to cover ServiceMap self-in-classes examples instead of the v3-only Context.Tag variants.

• #​712 b7554df Thanks @​mattiamanzati! - Align Effect diagnostic messages with the reviewed neutral wording, preserving the existing version-specific API references while updating both v3 and v4 snapshot fixtures.

v0.84.2

Compare Source

Patch Changes

• #​706 3c0bea6 Thanks @​mattiamanzati! - Fix getTypeAtLocation to ignore type-only heritage expressions like interface X extends Effect.Effect<...> so the language service no longer triggers bogus TS2689 diagnostics.

v0.84.1

Compare Source

Patch Changes

• #​703 dea43b8 Thanks @​mattiamanzati! - Fix effectFnImplicitAny so it does not report false positives when an Effect.fn or Effect.fnUntraced callback gets its contextual function type from a union member.

  For example, nested HttpRouter.add(...) handlers now correctly recognize the inferred request type and produce no diagnostics when the parameter is not actually implicit any.

• #​702 0af9b98 Thanks @​mattiamanzati! - Add Effect v4 support for the runEffectInsideEffect diagnostic so it suggests and fixes Effect.run*With usage based on Effect.services.

  Update the generated metadata, schema, README entry, and v4 harness examples/snapshots to document and verify the new behavior.

v0.84.0

Compare Source

Minor Changes

• #​696 78e78d5 Thanks @​cevr! - Add paired globalDate/globalDateInEffect, globalConsole/globalConsoleInEffect, globalFetch/globalFetchInEffect, globalRandom/globalRandomInEffect, and globalTimers/globalTimersInEffect diagnostics

  Ten new opt-in diagnostics that flag global/DOM APIs both outside and inside Effect generators:

  • globalFetch / globalFetchInEffect — fetch() → HttpClient
  • globalDate / globalDateInEffect — Date.now(), new Date() → Clock/DateTime
  • globalConsole / globalConsoleInEffect — console.log/warn/error/info/debug/trace → Effect.log/Logger
  • globalRandom / globalRandomInEffect — Math.random() → Random service
  • globalTimers / globalTimersInEffect — setTimeout/setInterval → Effect.sleep/Schedule

  All default to off. Enable both variants for full coverage inside and outside Effect generators. Shadow-safe (e.g. const console = yield* Console won't false-positive).

v0.83.1

Compare Source

Patch Changes

• #​698 b11c184 Thanks @​mattiamanzati! - Update the Effect v4 workspace dependencies to 4.0.0-beta.38.

v0.83.0

Compare Source

Minor Changes

• #​695 f057090 Thanks @​mattiamanzati! - Add a config CLI command for updating diagnostic rule severities without rerunning the full setup flow.

• #​693 b5054e3 Thanks @​mattiamanzati! - Add setup CLI preset management for diagnostic severities, including preset metadata, preset-aware customization, and a dedicated config command for adjusting rule severities without rerunning full setup.

v0.82.0

Compare Source

Minor Changes

• #​689 aed2074 Thanks @​f15u! - Adds ability to reference $schema from local installation

• #​692 57fcf35 Thanks @​mattiamanzati! - Add the effectFnImplicitAny diagnostic to mirror noImplicitAny for unannotated Effect.fn and Effect.fnUntraced callback parameters, and support // @​strict in diagnostic example files so test fixtures can enable strict compiler options.

Patch Changes

• #​687 72827c0 Thanks @​mattiamanzati! - Allow the leaking requirements diagnostic to suppress specific leaked services with @effect-expect-leaking comments on the enclosing declaration.

• #​690 77906a9 Thanks @​mattiamanzati! - Fix the class self mismatch diagnostic so it also reports invalid ServiceMap.Service self type parameters.

• #​691 0e16db0 Thanks @​mattiamanzati! - Include start and end in json diagnostics command

v0.81.0

Compare Source

Minor Changes

• #​684 d8d472e Thanks @​mattiamanzati! - Improve setup diagnostic configuration with grouped preview-driven metadata, richer interactive prompt rendering, and support for tsconfig files without compilerOptions.

• #​685 d94f4ad Thanks @​mattiamanzati! - Add a diagnostic for global fetch usage that recommends the Effect HTTP client and include preview fixtures covering both direct and shadowed fetch calls.

Patch Changes

• #​686 5f76175 Thanks @​mattiamanzati! - Extend the node built-in import diagnostic to also recommend the Effect HTTP client for http and https imports.

• #​682 75e1cbe Thanks @​mattiamanzati! - Add diagnostic groups to rule metadata and render the README diagnostics table grouped by those sections.

Effect-TS/effect (@​effect/vitest)

v0.29.0

Compare Source

Patch Changes

• Updated dependencies [f7bb09b, bd7552a, ad1a7eb, 0d32048, 0d32048]:
  • effect@​3.21.0

allure-framework/allure-npm (allure-commandline)

v2.38.1

Compare Source

Full Changelog: allure-framework/allure-npm@2.38.0...2.38.1

allure-framework/allure-js (allure-js-commons)

v3.7.0

Compare Source

What's Changed

🐞 Bug Fixes

• Add 'failed' status to codeceptjs report by @​formaceft-93 in #​1428

⬆️ Dependency Updates

• migrate from eslint/prettier to oxc by @​formaceft-93 in #​1421
• chore: update dependencies to fix vulnerabilities by @​vdvukhzhilov in #​1430
• chore(deps): update octokit/request-action digest to 10df4be by @​renovate[bot] in #​1432
• chore(deps): update dependency @​cucumber/messages to v32 by @​renovate[bot] in #​1422
• Bump xmldom to 0.9.9 by @​epszaw in #​1437
• chore(deps): update oxlint monorepo by @​renovate[bot] in #​1436
• chore(deps): update yarn to v4.13.0 by @​renovate[bot] in #​1438
• chore(deps): update dependency oxlint-tsgolint to v0.19.0 by @​renovate[bot] in #​1435
• chore(deps): update actions/upload-artifact action to v7 by @​renovate[bot] in #​1439
• chore(deps): update actions/setup-node action to v6 by @​renovate[bot] in #​1415

👻 Internal changes

• speedup ci by @​baev in #​1434
• fix: rename Vitest configs to .mts to avoid ERR_REQUIRE_ESM by @​baev in #​1433

Full Changelog: allure-framework/allure-js@v3.6.0...v3.7.0

jsdom/jsdom (jsdom)

v29.0.2

Compare Source

• Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
• Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

v29.0.1

Compare Source

webpro-nl/knip (knip)

v5.88.1: Release 5.88.1

Compare Source

• Bump GitHub actions to their latest versions (#​1624) (bf2ffca) - thanks @​deining!
• Prettier config for other formatters (e.g. unified-prettier) (e034cbd)
• Fix module/namespace regression (resolve #​1603) (394bcba)
• Fix counter type and --fix exit code (37b6f60)
• Restore all ecosystem tests (4d2cd9b)
• Release knip@​5.88.1 (8c25e4b)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: b5cfb97

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Allure Test Report for this PR:

✅ Allure Report | History

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[pkg-pr-new]

create-studiocms

npm i https://pkg.pr.new/create-studiocms@1548

effectify

npm i https://pkg.pr.new/effectify@1548

studiocms

npm i https://pkg.pr.new/studiocms@1548

@studiocms/auth0

npm i https://pkg.pr.new/@studiocms/auth0@1548

@studiocms/blog

npm i https://pkg.pr.new/@studiocms/blog@1548

@studiocms/cloudinary-image-service

npm i https://pkg.pr.new/@studiocms/cloudinary-image-service@1548

@studiocms/devapps

npm i https://pkg.pr.new/@studiocms/devapps@1548

@studiocms/discord

npm i https://pkg.pr.new/@studiocms/discord@1548

@studiocms/github

npm i https://pkg.pr.new/@studiocms/github@1548

@studiocms/google

npm i https://pkg.pr.new/@studiocms/google@1548

@studiocms/html

npm i https://pkg.pr.new/@studiocms/html@1548

@studiocms/markdoc

npm i https://pkg.pr.new/@studiocms/markdoc@1548

@studiocms/markdown-remark

npm i https://pkg.pr.new/@studiocms/markdown-remark@1548

@studiocms/md

npm i https://pkg.pr.new/@studiocms/md@1548

@studiocms/mdx

npm i https://pkg.pr.new/@studiocms/mdx@1548

@studiocms/s3-storage

npm i https://pkg.pr.new/@studiocms/s3-storage@1548

@studiocms/upgrade

npm i https://pkg.pr.new/@studiocms/upgrade@1548

@studiocms/wysiwyg

npm i https://pkg.pr.new/@studiocms/wysiwyg@1548

@withstudiocms/api-spec

npm i https://pkg.pr.new/@withstudiocms/api-spec@1548

@withstudiocms/auth-kit

npm i https://pkg.pr.new/@withstudiocms/auth-kit@1548

@withstudiocms/cli-kit

npm i https://pkg.pr.new/@withstudiocms/cli-kit@1548

@withstudiocms/component-registry

npm i https://pkg.pr.new/@withstudiocms/component-registry@1548

@withstudiocms/config-utils

npm i https://pkg.pr.new/@withstudiocms/config-utils@1548

@withstudiocms/effect

npm i https://pkg.pr.new/@withstudiocms/effect@1548

@withstudiocms/internal_helpers

npm i https://pkg.pr.new/@withstudiocms/internal_helpers@1548

@withstudiocms/kysely

npm i https://pkg.pr.new/@withstudiocms/kysely@1548

@withstudiocms/sdk

npm i https://pkg.pr.new/@withstudiocms/sdk@1548

@withstudiocms/template-lang

npm i https://pkg.pr.new/@withstudiocms/template-lang@1548

commit: b5cfb97