fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	^2.4.13 → ^2.4.14
@changesets/changelog-github (source)	^0.6.0 → ^0.7.0
@cloudflare/vite-plugin (source)	^1.34.0 → ^1.36.0
@cloudflare/workers-types	^4.20260430.1 → ^4.20260506.1
@mantine/carousel (source)	^8.3.11 → ^8.3.18
@mantine/charts (source)	^8.3.11 → ^8.3.18
@mantine/code-highlight (source)	^8.3.11 → ^8.3.18
@mantine/core (source)	^8.3.11 → ^8.3.18
@mantine/dates (source)	^8.3.11 → ^8.3.18
@mantine/dropzone (source)	^8.3.11 → ^8.3.18
@mantine/form (source)	^8.3.11 → ^8.3.18
@mantine/hooks (source)	^8.3.11 → ^8.3.18
@mantine/modals (source)	^8.3.11 → ^8.3.18
@mantine/notifications (source)	^8.3.11 → ^8.3.18
@mantine/nprogress (source)	^8.3.11 → ^8.3.18
@tabler/icons-react (source)	^3.41.1 → ^3.42.0
@tanstack/react-query (source)	^5.100.6 → ^5.100.9
@tanstack/react-query-devtools (source)	^5.100.6 → ^5.100.9
@tanstack/react-router (source)	^1.168.26 → ^1.169.2
@tanstack/react-start (source)	^1.167.52 → ^1.167.64
bitflag-js	1.1.0 → 1.1.1
esbuild@<=0.24.2	>=0.25.0 → >=0.28.0
hono (source)	^4.12.16 → ^4.12.17
i18next (source)	^25.7.3 → ^25.10.10
intl-messageformat	11.2.3 → 11.2.4
pnpm (source)	10.17.1 → 10.33.3
postcss (source)	^8.5.12 → ^8.5.14
react-i18next	^16.5.1 → ^16.6.6
turbo (source)	^2.9.6 → ^2.9.9
undici@<5.19.1 (source)	>=5.19.1 → >=5.29.0
undici@<5.26.2 (source)	>=5.26.2 → >=5.29.0
undici@<5.28.4 (source)	>=5.28.4 → >=5.29.0
undici@<5.8.0 (source)	>=5.8.0 → >=5.29.0
undici@<=5.28.2 (source)	>=5.28.3 → >=5.29.0
undici@<=5.8.1 (source)	>=5.8.2 → >=5.29.0
undici@>=2.0.0 <5.19.1 (source)	[>=5.19.1 → >=5.29.0](https://renovatebot.com/diffs/npm/undici@>=2.0.0 <5.19.1/5.19.1/5.29.0)
undici@>=4.5.0 <5.28.5 (source)	[>=5.28.5 → >=5.29.0](https://renovatebot.com/diffs/npm/undici@>=4.5.0 <5.28.5/5.28.5/5.29.0)
wrangler (source)	^4.86.0 → ^4.88.0
zod (source)	^4.4.1 → ^4.4.3

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.14

Compare Source

Patch Changes

• #​9393 491b171 Thanks @​dyc3! - Added the nursery rule useTestHooksOnTop in the test domain. The rule flags lifecycle hooks (beforeEach, beforeAll, afterEach, afterAll) that appear after test cases in the same block, enforcing that hooks are defined before any test case.

• #​10157 eefc5ab Thanks @​dyc3! - Fixed #​7882: The HTML parser will now emit better diagnostics when it encounters a void element with a closing tag, such as <br></br>. Previously, the parser would emit multiple diagnostics with conflicting advice. Now it emits a single diagnostic that clearly states that void elements should not have closing tags.

• #​10054 0e9f569 Thanks @​minseong0324! - noMisleadingReturnType no longer misses widening from concrete object types, class instances, object literals, tuples, functions, and regular expressions to : object.

  A function annotated : object returning an object literal:

  function f(): object {
    return { retry: true };
  }

• #​10116 53269eb Thanks @​jiwon79! - Fixed #​6201: noUselessEscapeInRegex no longer flags an escaped backslash followed by - as a useless escape. Patterns like /[\\-]/ are now considered valid because the second \ is the escaped backslash, not an unnecessary escape of the trailing dash.

• #​10092 33d8543 Thanks @​Conaclos! - Fixed #​9097: organizeImports no longer adds a blank line between a never-matched group and a matched group.

  Given the following organizeImports options:

  {
    "groups": [":NODE:", ":BLANK_LINE:", ":PACKAGE:", ":BLANK_LINE:", ":PATH:"]
  }

  The following code...

  // Comment
  import "package";
  import "./file.js";

  ...was organized as:

  +
    // Comment
    import "package";
  +
    import "./file.js";

  A blank line was added even though the group ':NODE:' doesn't match any imports here.
  :BLANK_LINE: between never-matched groups and matched groups are now ignored.
  The code is now organized as:

    // Comment
    import "package";
  +
    import "./file.js";

• #​10138 a10b6c1 Thanks @​dyc3! - Fixed Vue v-for handling for noUndeclaredVariables and noUnusedVariables. Biome now recognizes variables declared by v-for directives and references to iterated values in Vue templates.

• #​10115 d428d76 Thanks @​minseong0324! - noMisleadingReturnType no longer reports false positives when a union return type's boolean variant is covered by both true and false returns.

• #​9922 7acf1e0 Thanks @​dyc3! - Added the new nursery rule noReactStringRefs, which disallows legacy React string refs such as ref="hello" and this.refs.hello.

  Biome also reports template-literal refs such as ref={`hello`}, so React code can consistently migrate to callback refs, createRef(), or useRef().

• #​10010 f3e76ab Thanks @​dyc3! - Fixed a bug in the LSP file watcher registration so Biome now watches .biome.json and .biome.jsonc configuration files and reloads workspace settings when they change.

• #​10176 8a40ef8 Thanks @​dyc3! - Fixed #​10011: The noThisInStatic rule no longer reports this when it is used as the constructor target in new this(...), which is required for inherited static factory methods.

• #​10163 6867e96 Thanks @​jiwon79! - Fixed #​9884: The useSortedAttributes auto-fix no longer corrupts source code when both an outer JSX element and a nested JSX-valued attribute have unsorted attributes in the same pass. Multiple unsorted groups separated by spread or shorthand attributes within the same JSX element are now reported as a single diagnostic.

• #​10079 d29dd19 Thanks @​Damix48! - Fixed false positive in noAssignInExpressions for Svelte {@​const} blocks. Assignments in {@​const name = value} are now correctly recognized as declarations rather than accidental assignments in expressions.

• #​10080 5d8fdac Thanks @​Damix48! - Fixed parsing of closing parentheses in Svelte {#each} block key expressions. Biome now correctly parses method calls and other parenthesised expressions used as keys.

  For example, the following snippets are now parsed correctly:

  {#each numbers as number, index (number.toString())}
    <p>{number}</p>
  {/each}
  
  {#each numbers as number (key(number))}
    <p>{number}</p>
  {/each}

• #​10140 e7024b9 Thanks @​solithcy! - Fixed #​10135: Biome no longer crashes on missing Svelte template expressions.

  The following code snippet longer panics:

  {#if }
   <p>^ this would previously crash</p>
  {/if}
  {@&#8203;const }
  <p>    ^ this would also crash</p>

• #​10111 7818009 Thanks @​jiwon79! - Fixed #​9997: noDuplicateSelectors no longer reports false positives for selectors inside @scope queries. Biome now treats @scope as a separate at-rule context, like @media, @supports, @container, and @starting-style.

  The following snippet is no longer flagged as a duplicate:

  .Example {
    padding: 0;
  }
  
  @​scope (.theme-dark) {
    .Example {
      color: white;
    }
  }

• #​9926 d62b331 Thanks @​dyc3! - Added the nursery lint rule useMathMinMax, which prefers Math.min() and Math.max() over equivalent ternary comparisons.

  For example, this code:

  const min = a < b ? a : b;

  is much more readable when rewritten as:

  const min = Math.min(a, b);

• #​10115 d428d76 Thanks @​minseong0324! - useExhaustiveSwitchCases now flags missing true/false cases for boolean discriminants, including when boolean is a union variant.

• #​10125 a55a0b6 Thanks @​bmish! - Fixed a resolver bug where packages that define a typed entry point through package.json's main field but omit types were ignored during type-aware resolution. Type-aware rules such as noFloatingPromises can now inspect imports from those packages.

• #​10117 895e809 Thanks @​denizdogan! - Added support for the corner-shape family of CSS properties and the superellipse()/squircle() value functions, so noUnknownProperty and noUnknownFunction no longer flag them as unknown.

  New known properties: corner-shape, corner-block-end-shape, corner-block-start-shape, corner-bottom-left-shape, corner-bottom-right-shape, corner-bottom-shape, corner-end-end-shape, corner-end-start-shape, corner-inline-end-shape, corner-inline-start-shape, corner-left-shape, corner-right-shape, corner-start-end-shape, corner-start-start-shape, corner-top-left-shape, corner-top-right-shape, corner-top-shape.

  New known value functions: superellipse(), squircle().

• #​8620 8df8f73 Thanks @​dyc3! - Fixed #​8062: Added support for parsing Vue v-for directives more accurately.

• #​10191 aa055cd Thanks @​guney! - Now the rule noStaticElementInteractions doesn't trigger custom elements.

• #​9757 2c62594 Thanks @​dyc3! - Fixed #​9099: the HTML formatter collapsing non-text children (inline elements, Svelte expressions, comments) onto a single line when the source had them on separate lines. Biome now preserves the user's intended line breaks for exclusively non-text children.

  For example, the following Svelte snippet is now preserved instead of being collapsed to <div>{name}<!-- comment --></div>:

  <div>
    {name}<!-- comment -->
  </div>

  Similarly, HTML elements like <span> inside a <div> are now preserved when written on their own line:

  <div>
    <span>text</span>
  </div>

• #​10105 e7c1a6d Thanks @​jiwon79! - Fixed #​10039: useReadonlyClassProperties now detects unreassigned private members in class expressions and export default classes, not only in class declarations.

  The following patterns are now correctly flagged:

  const AnonClass = class {
    #prop = 123;
    constructor() {
      console.log(this.#prop);
    }
  };
  
  export default class {
    #prop = 123;
    constructor() {
      console.log(this.#prop);
    }
  }

• #​10141 46a77d0 Thanks @​minseong0324! - Improved noUnnecessaryConditions to detect conditions that are always truthy because they check built-in global class instances such as Date, Map, Set, WeakMap, and Error.

• #​10178 7b05a89 Thanks @​dyc3! - Fixed #​10177: The HTML parser no longer reports lowercase html or doctype text as invalid after void elements such as <br>.

• #​10155 0d4595d Thanks @​jiwon79! - Fixed #​10045: the CSS formatter no longer compounds indentation inside nested functional pseudo-classes such as :not(:where(...)), :is(:where(...)), and similar combinations. The same fix also removes one level of unnecessary indentation that was added inside any pseudo-class function whose argument list wrapped onto multiple lines, including :nth-child(... of ...), ::part(...), and :active-view-transition-type(...).
  The following snippet is now correctly formatted, matching Prettier.

  input:not(
    :where(
      [type="submit"],
      [type="checkbox"],
      [type="radio"],
      [type="button"],
      [type="reset"]
    )
  ) {
    inline-size: 100%;
  }

• #​10112 6f0251e Thanks @​dyc3! - Fixed #​10110: Biome's parser now accepts surrogate code points in JavaScript string \u{...} escapes.

• #​10141 46a77d0 Thanks @​minseong0324! - Improved noMisleadingReturnType to detect object return annotations that hide built-in global class instances such as Date, Map, Set, WeakMap, and Error.

• #​10083 4a664c1 Thanks @​ematipico! - Added two new options to noShadow, both defaulting to true to match typescript-eslint's behavior.

  Fixed #​9482: Added ignoreFunctionTypeParameterNameValueShadow option. When enabled, parameter names inside function type annotations (e.g. (options: unknown) => void) are not flagged as shadowing outer variables.

  Fixed #​7812: Added ignoreTypeValueShadow option. When enabled, a value binding that shares its name with a type-only declaration (type alias or interface) is not flagged, since types and values occupy separate namespaces in TypeScript.

• #​9286 52695cf Thanks @​Hugo-Polloli! - Fixed #​6316: Biome now resolves Svelte $store references to the underlying store binding in semantic analysis, preventing false noUndeclaredVariables diagnostics when the store is declared.

• #​10188 ae659dd Thanks @​dyc3! - Added a new nursery rule noExcessiveNestedCallbacks, which disallows callbacks nested deeper than the configured maximum.

• #​9757 2c62594 Thanks @​dyc3! - Fixed #​9450: the HTML formatter now correctly preserves multiline formatting for nested <template> elements (e.g. <template #body>) when the source has children on separate lines. Previously, the children were collapsed onto a single line.

   <template>
     <UModal>
  -    <template #body> <p>content</p> </template>
  +    <template #body>
  +      <p>content</p>
  +    </template>
     </UModal>
   </template>

• #​10118 c6edcb4 Thanks @​Netail! - Fixed #​10024: biome migrate eslint correctly migrates eslint rules that belong to multiple Biome rules.

changesets/changesets (@​changesets/changelog-github)

v0.7.0

Compare Source

cloudflare/workers-sdk (@​cloudflare/vite-plugin)

v1.36.0

Compare Source

Minor Changes

• #​13810 2b8c0cc Thanks @​jamesopstad! - Stabilize the secrets configuration property

  The secrets property in the Wrangler config file is no longer experimental and will no longer emit an experimental warning when used. Required secrets are validated during local development and deploy, and used as the source of truth for type generation.

  {
    "secrets": {
      "required": ["API_KEY", "DB_PASSWORD"]
    }
  }

Patch Changes

• #​13814 a2f9c26 Thanks @​edmundhung! - Deny additional credential files from the Vite dev server

  The Cloudflare Vite plugin now adds .npmrc, .yarnrc, .yarnrc.yml, and more certificate and key file extensions to server.fs.deny. This prevents common credential files from being fetched directly during local development.

• Updated dependencies [e07825a, 58899d8, 3020214, 0099265, 25f5ef2, bb27219, 194d75e, 12fb5db, 18b9d5b, 9f532f7, 1127114, 3ceadef, 2b8c0cc, 1a5cc86]:

  • wrangler@​4.88.0
  • miniflare@​4.20260504.0

v1.35.0

Compare Source

Minor Changes

• #​13618 c07d0cb Thanks @​jamesopstad! - Support V2 protocol for module fallback service

  When the new_module_registry compatibility flag is set, requests sent to unsafeModuleFallbackService() use a different protocol. The Vite plugin now supports both protocols in its handling of additional module types.

Patch Changes

• #​13363 6457fb3 Thanks @​courtney-sims! - Prepares router-worker for a more gradual rollout by refactoring and separating out the invocation from the business logic. In the future, this will provide space for us to route requests to new versions of router-worker based on their plan, but should make no functional difference today.

• Updated dependencies [22e1a61, 00523c8, b5ac54b, e653edf, e1eff94, 1c4d850, 6d28037, 9a1f014, e539008, 0bf64a7, 0827815, b04eedf, 6457fb3, c07d0cb, e539008]:

  • miniflare@​4.20260430.0
  • wrangler@​4.87.0

cloudflare/workerd (@​cloudflare/workers-types)

v4.20260506.1

Compare Source

v4.20260505.1

Compare Source

v4.20260504.1

Compare Source

v4.20260503.1

Compare Source

v4.20260502.1

Compare Source

v4.20260501.1

Compare Source

mantinedev/mantine (@​mantine/carousel)

v8.3.18

Compare Source

This is the last 8.x release. You are welcome to test 9.0 alpha version and provide feedback before its release on March 31 – https://alpha.mantine.dev/changelog/9-0-0/

• [@mantine/core] PasswordInput: Fix styles api props not resolving correctly in theme (#​8716)

v8.3.17

Compare Source

Changes

• [@mantine/core] Stepper: Fix Google Translate compatibility issues (#​8744)
• [@mantine/hooks] use-list-state: Add memoization to all handlers (#​8739)

v8.3.16

Compare Source

What's Changed

• [@mantine/modals] Fix onClose being called multiple times (#​8727)
• [@mantine/core] Tooltip: Fix component not throwing erro when used with string (#​8694)
• [@mantine/core] NumberInput: Fix incorrect decimal separator parsing in onPaste
• [@mantine/core] AppShell: Fix layout="alt" not working with mode="static"
• [@mantine/stotlight] Fix actions list being rendered when nothing found message was not set (#​8592)

Full Changelog: mantinedev/mantine@8.3.15...8.3.16

v8.3.15

Compare Source

What's Changed

• [@mantine/dropzone] Update react-dropzone to 15.0.0 (#​8667)
• [@mantine/core]TagsInput: Fix duplicate checking bypass with splitChars (#​8686)
• [@mantine/charts] Allow ChartTooltip valueFormatter to return React.ReactNode (#​8650)
• [@mantine/dates] DatePicker: Fix placeholder selector missing in Styles API (#​8663)
• [@mantine/core] Add missing factory types exports (#​8677)
• [@mantine/core] Fix inert attribute being ignored by Checkbox and Switch components (#​8668)

Full Changelog: mantinedev/mantine@8.3.14...8.3.15

v8.3.14

Compare Source

What's Changed

• [@mantine/core] Switch: Fix checkbox not being recognized by Playwright (#​8370, #​8645)
• [@mantine/core] MultiSelect: Fix click on chevron not opening dropdown when clearable is enabled (#​8641)
• [@mantine/modals] Fix types of context modals inferred incorrectly (#​8625)
• [@mantine/core] MultiSelect: Fix clear button overlapping with pills (#​8634)

New Contributors

• @​ckhe1215 made their first contribution in #​8634
• @​RaphalRiad made their first contribution in #​8625

Full Changelog: mantinedev/mantine@8.3.13...8.3.14

v8.3.13

Compare Source

What's Changed

• [@mantine/core] Add openOnFocus prop to Combobox based components (#​5893, #​8623)
• [@mantine/dates] TimePicker: Fix clearing in uncontrolled mode not updating to empty value (#​8622)
• [@mantine/core] ScrollArea: Fix Shift + wheel scroll not working correctly on Windows (#​8619)
• [@mantine/core] Add selectFirstOptionOnDropdownOpen to Combobox based components (#​8597)
• [@mantine/core] ScrollArea: Fix onBottomReached not being called when used in zoomed-in viewports (#​8616)
• [@mantine/core] Popover: Fix aria-controls attribute being set on the target element when the dropdown is not mounted (#​8595)
• [@mantine/core] RangeSlider: Fix incorrect Styles API name (#​8601)
• [@mantine/core] ScrollArea: Fix overscrollBehavior prop not working in ScrollArea.Autosize component (#​8611)

New Contributors

• @​AgentRBY made their first contribution in #​8601
• @​jonathanhuynh70 made their first contribution in #​8595
• @​robert-j-webb made their first contribution in #​8616
• @​Alan-Gomes made their first contribution in #​8597
• @​pggggggggh made their first contribution in #​8622
• @​harry-ignite made their first contribution in #​8623

Full Changelog: mantinedev/mantine@8.3.12...8.3.13

v8.3.12

Compare Source

What's Changed

• [@mantine/core] Popover: Fix flip logic being calculated after shift (#​8590)
• [@mantine/tiptap] Fix bubble menu being overlapped by the toolbar (#​8589)
• [@mantine/core] ScrollArea: Fix incorrect overscroll behavior when scrollbar explicitly set on one side (#​8591)
• [@mantine/core] AppShell: Add static mode support for nested app shells

New Contributors

• @​Hosung99 made their first contribution in #​8591
• @​kykim00 made their first contribution in #​8590

Full Changelog: mantinedev/mantine@8.3.11...8.3.12

tabler/tabler-icons (@​tabler/icons-react)

v3.42.0: Release 3.42.0

Compare Source

18 new icons:

• outline/brand-stellar
• outline/brand-vechain
• outline/clef-staff
• outline/clef
• outline/currency-husd
• outline/currency-tether
• outline/currency-zcash
• outline/device-computer-camera-2
• outline/door-hanger
• outline/earphone-bluetooth
• outline/grape
• outline/hammer-drill
• outline/infinity-2
• outline/lawn-mower
• outline/loader-4
• outline/mosque
• outline/pendulum
• outline/plunger

TanStack/query (@​tanstack/react-query)

v5.100.9

Compare Source

Patch Changes

• Updated dependencies [fcee7bd]:
  • @​tanstack/query-core@​5.100.9

v5.100.8

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.8

v5.100.7

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.7

TanStack/query (@​tanstack/react-query-devtools)

[v5.100.9](https://redirect.github.com/TanStack/query/blob/HEA

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 12pm on Sunday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.53%. Comparing base (8060bd3) to head (e267d30).

Additional details and impacted files

@@           Coverage Diff           @@
##              dev     #136   +/-   ##
=======================================
  Coverage   90.53%   90.53%           
=======================================
  Files           2        2           
  Lines         169      169           
  Branches       45       45           
=======================================
  Hits          153      153           
  Misses         16       16           

Flag	Coverage Δ
i18n	90.53% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.