Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@biomejs/biome (source)	2.4.9 → 2.4.11			devDependencies	patch
@rive-app/react-webgl2	4.27.3 → 4.28.0			dependencies	minor
@tauri-apps/plugin-dialog	2.6.0 → 2.7.0			dependencies	minor
ai (source)	6.0.142 → 6.0.158			dependencies	patch	6.0.159
etcetera	0.8 → 0.11			dependencies	minor
i18next (source)	26.0.3 → 26.0.4			dependencies	patch
postcss (source)	8.5.8 → 8.5.9			devDependencies	patch
react-hook-form (source)	7.72.0 → 7.72.1			dependencies	patch
react-resizable-panels (source)	4.8.0 → 4.10.0			dependencies	minor
tauri-plugin-dialog	>=2,<2.7 → >=2, <2.8			dependencies	minor
tokio-tungstenite	0.21.0 → 0.29.0			dependencies	minor
vite (source)	7.3.1 → 7.3.2			devDependencies	patch

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.11

Compare Source

Patch Changes

• #​9350 4af4a3a Thanks @​dyc3! - Added the new nursery rule useConsistentTestIt in the test domain. The rule enforces consistent use of either it or test for test functions in Jest/Vitest suites, with separate control for top-level tests and tests inside describe blocks.

  Invalid:

  test("should fly", () => {}); // Top-level test using 'test' flagged, convert to 'it'
  
  describe("pig", () => {
    test("should fly", () => {}); // Test inside 'describe' using 'test' flagged, convert to 'it'
  });

• #​9429 a2f3f7e Thanks @​ematipico! - Added the new nursery lint rule useExplicitReturnType. It reports TypeScript functions and methods that omit an explicit return type.

  function toString(x: any) {
    // rule triggered, it doesn't declare a return type
    return x.toString();
  }

• #​9828 9e40844 Thanks @​ematipico! - Fixed #​9484: the formatter no longer panics when formatting files that contain graphql tagged template literals combined with parenthesized expressions.

• #​9886 e7c681e Thanks @​ematipico! - Fixed an issue where, occasionally, some bindings and references were not properly tracked, causing false positives from noUnusedVariables and noUndeclaredVariables in Svelte, Vue, and Astro files.

• #​9760 5b16d18 Thanks @​myx0m0p! - Fixed #​4093: the noDelete rule no longer triggers for delete process.env.FOO, since delete is the documented way to remove environment variables in Node.js.

• #​9799 2af8efd Thanks @​minseong0324! - Added the rule noMisleadingReturnType. The rule detects when a function's return type annotation is wider than what the implementation actually returns.

  // Flagged: `: string` is wider than `"loading" | "idle"`
  function getStatus(b: boolean): string {
    if (b) return "loading";
    return "idle";
  }

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useFind to better explain the problem, why it matters, and how to fix it.

• #​9755 bff7bdb Thanks @​ematipico! - Improved performance of fix-all operations (--write). Biome is now smarter when it runs lint rules and assist actions. First, it runs only rules that have code fixes, and then runs the rest of the rules.

• #​8651 aafca2d Thanks @​siketyan! - Add a new lint rule useDisposables for JavaScript, which detects disposable objects assigned to variables without using or await using syntax. Disposable objects that implement the Disposable or AsyncDisposable interface are intended to be disposed of after use. Not disposing them can lead to resource or memory leaks, depending on the implementation.

  Invalid:

  function createDisposable(): Disposable {
    return {
      [Symbol.dispose]() {
        // do something
      },
    };
  }
  
  const disposable = createDisposable();

  Valid:

  function createDisposable(): Disposable {
    return {
      [Symbol.dispose]() {
        // do something
      },
    };
  }
  
  using disposable = createDisposable();

• #​9788 53b8e57 Thanks @​MeGaNeKoS! - Fixed #​7760: Added support for CSS scroll-driven animation timeline-range-name keyframe selectors (cover, contain, entry, exit, entry-crossing, exit-crossing). Biome no longer reports parse errors on keyframes like entry 0% { ... } or exit 100% { ... }.

• #​9728 5085424 Thanks @​mkosei! - Fixed #​9696: Astro frontmatter now correctly parses regular expression literals like /\d{4}/.

• #​9261 16b6c49 Thanks @​ematipico! - Fixed #​8409: CSS formatter now correctly places comments after the colon in property declarations.

  Previously, comments that appeared after the colon in CSS property values were incorrectly moved before the property name:

  [lang]:lang(ja) {
  -  /* system-ui,*/ font-family:
  +  font-family: /* system-ui,*/
      Hiragino Sans,
      sans-serif;
  }

• #​9441 957ea4c Thanks @​soconnor-seeq! - Fixed #​1630: LSP project selection now prefers the most specific project root in nested workspaces.

• #​9878 de6210f Thanks @​ematipico! - Fixed #​9118: noUnusedImports no longer reports false positives for default imports used inside Svelte, Vue and Astro components.

• #​9879 ce7e2b7 Thanks @​dyc3! - Fixed a parser diagnostic's message when vue syntax is disabled so that it no longer references the non-existant html.parser.vue option. This option will become available in 2.5.

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useRegexpExec to better explain the problem, why it matters, and how to fix it.

• #​9846 b7134d9 Thanks @​ematipico! - Fixed #​9140: Biome now parses Astro's attribute shorthand inside .astro files. The following snippet no longer reports a parse error:

  ---
  const items = ['a', 'b'];
  ---
  <ul>
    {items.map((item) => <li {item}>row</li>)}
  </ul>

• #​9790 67df09d Thanks @​dyc3! - Fixed #​9781: Trailing comments after a top-level biome-ignore-all format suppression are now preserved instead of being dropped. This applies to JavaScript, CSS, HTML, JSONC, GraphQL, and Grit files.

• #​9745 d87073e Thanks @​ematipico! - Fixed #​9741: the LSP server now correctly returns the organizeImports code action when the client requests it via source.organizeImports.biome in the only filter. Previously, editors with codeAction/resolve support (e.g. Zed) received an empty response because the action was serialized with the wrong kind (source.biome.organizeImports instead of source.organizeImports.biome).

• #​9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useArraySome to better explain the problem, why it matters, and how to fix it.

• #​9795 1d09f0f Thanks @​dyc3! - Relaxed useExplicitType for trivially inferrable types.

  Type annotations can now be omitted when types are trivially inferrable from:

  • Binary expressions (const sum = 1 + 1)
  • Comparison expressions (const isEqual = 'a' === 'b', const isTest = process.env.NODE_ENV === 'test')
  • Logical expressions (const and = true && false)
  • Class instantiation (const date = new Date())
  • Array literals (const arr = [1, 2, 3])
  • Conditional expressions (const val = true ? 'yes' : 'no')
  • Function calls (const num = Math.random())
  • Parameter defaults - any expression is now allowed (const fn = (max = MAX_ATTEMPTS) => ...)

  Comparison expressions always return boolean, so any operands are now allowed
  (including property access like process.env.NODE_ENV).

  Parameters with default values no longer require type annotations, as TypeScript
  can infer the type from the default value (even when referencing variables).

  Also removed the redundant any type validation from this rule. The any type
  is now only validated by the dedicated noExplicitAny rule, following the
  Single Responsibility Principle.

• #​9809 e8cad58 Thanks @​Netail! - Added the new nursery rule useQwikLoaderLocation, which enforces that Qwik loader functions are declared in the correct location.

• #​9877 fc9d715 Thanks @​ematipico! - Fixed #​9136 and #​9653: noUndeclaredVariables and noUnusedVariables no longer report false positives on several Svelte template constructs that declare or reference bindings in the host grammar:

  • {#snippet name(params)} — the snippet name and its parameters (including object, array, rest, and nested destructuring) are now tracked.
  • {@​render name(args)} — the snippet name used at the render site is now resolved against the snippet declaration.
  • {#each items as item, index (key)} — the item binding (plain identifier or destructured), the optional index, and the optional key expression are now tracked.
  • {@​const name = value} — the declared name is now tracked as a binding and the initializer is analyzed for undeclared references.
  • {@​debug a, b, c} — each debugged identifier is now analyzed and reported if undeclared.
  • Shorthand attributes <img {src} /> — the curly-shorthand attribute is now analyzed as an expression, so undeclared references inside it are reported.

  For example, the following template no longer triggers either rule:

  <script>
  let items = [];
  let total = 0;
  </script>
  
  {#snippet figure(image)}
      <figure>
          <img src={image.src} alt={image.caption} />
          <figcaption>{image.caption}</figcaption>
      </figure>
  {/snippet}
  
  {#each items as item}
      {@&#8203;const price = item.price}
      {@&#8203;render figure(item)}
      <span>{price}</span>
  {/each}
  
  {@&#8203;debug items, total}

• #​9869 78bce77 Thanks @​Netail! - Updated noDuplicateFieldDefinitionNames to also flag duplicate fields within type extensions, interface extensions & input extensions.

• #​9739 0bc2198 Thanks @​dyc3! - Fixed Grit queries that use native Biome AST node names with the native field names that are in our .ungram grammar files. Queries such as JsConditionalExpression(consequent = $cons, alternate = $alt) now compile successfully in biome search and grit plugins.

• #​9811 2dddca3 Thanks @​dyc3! - Updated noImpliedEval to flag new Function() usages, as its a form of indirect eval, and to include no-new-func as a rule source.

• #​9870 ccf9770 Thanks @​Netail! - Marked eslint-qwik-plugin's unused-server as redundant since it was covered by noUnusedVariables.

• #​9701 1417c3b Thanks @​dyc3! - Added the new nursery rule noUselessTypeConversion, which reports redundant primitive conversion patterns such as String(value) when value is already a string.

• #​9248 49f00a3 Thanks @​pkallos! - useNullishCoalescing now also detects ternary expressions that check for null or undefined and suggests rewriting them with ??. A new ignoreTernaryTests option allows disabling this behavior.

• #​9863 6a44619 Thanks @​ematipico! - Fixed #​9690: biome check --write is now idempotent on HTML files that contain embedded <style> or <script> blocks. Previously, each run reported "Fixed 1 file" even when the file content did not actually change, because the embedded language formatter's output was not re-indented to match the surrounding HTML block.

v2.4.10

Compare Source

Patch Changes

• #​8838 f3a6a6b Thanks @​baeseokjae! - Added new lint nursery rule noImpliedEval.

  The rule detects implied eval() usage through functions like setTimeout, setInterval, and setImmediate when called with string arguments.

  // Invalid
  setTimeout("alert('Hello');", 100);
  
  // Valid
  setTimeout(() => alert("Hello"), 100);

• #​9320 93c3b6c Thanks @​taberoajorge! - Fixed #​7664: noUnusedVariables no longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const, function, or class) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.

• #​9630 1dd4a56 Thanks @​raashish1601! - Fixed #​9629: noNegationElse now keeps ternary branch comments attached to the correct branch when applying its fixer.

• #​9216 04243b0 Thanks @​FrederickStempfle! - Fixed #​9061: noProcessEnv now also detects process.env when process is imported from the "process" or "node:process" modules.

  Previously, only the global process object was flagged:

  import process from "node:process";
  // This was not flagged, but now it is:
  console.log(process.env.NODE_ENV);

• #​9692 61b7ec5 Thanks @​mkosei! - Fixed Svelte #each destructuring parsing and formatting for nested patterns such as [key, { a, b }].

• #​9627 06a0f35 Thanks @​ematipico! - Fixed #​191: Improved the performance of how the Biome Language Server pulls code actions and diagnostics.

  Before, code actions were pulled and computed all at once in one request. This approach couldn't work in big files, and caused Biome to stale and have CPU usage spikes up to 100%.

  Now, code actions are pulled and computed lazily, and Biome won't choke anymore in big files.

• #​9643 5bfee36 Thanks @​dyc3! - Fixed #​9347: useVueValidVBind no longer reports valid object bindings like v-bind="props".

• #​9627 06a0f35 Thanks @​ematipico! - Fixed assist diagnostics being invisible when using --diagnostic-level=error. Enforced assist violations (e.g. useSortedKeys) were filtered out before being promoted to errors, causing biome check to incorrectly return success.

• #​9695 9856a87 Thanks @​dyc3! - Added the new nursery rule noUnsafePlusOperands, which reports + and += operations that use object-like, symbol, unknown, or never operands, or that mix number with bigint.

• #​9627 06a0f35 Thanks @​ematipico! - Fixed duplicate parse errors in check and ci output. When a file had syntax errors, the same parse error was printed twice and the error count was inflated.

• #​9627 06a0f35 Thanks @​ematipico! - Improved the performance of the commands lint and check when they are called with --write.

• #​9627 06a0f35 Thanks @​ematipico! - Fixed --diagnostic-level not fully filtering diagnostics. Setting --diagnostic-level=error now correctly excludes warnings and infos from both the output and the summary counts.

• #​9623 13b3261 Thanks @​ematipico! - Fixed #​9258: --skip no longer causes suppressions/unused warnings for suppression comments targeting skipped rules or domains.

• #​9631 599dd04 Thanks @​raashish1601! - Fixed #​9625: experimentalEmbeddedSnippetsEnabled no longer crashes when a file mixes formatable CSS-in-JS templates with tagged templates that the embedded formatter can't currently delegate, such as a styled-components interpolation returning `css```.

rive-app/rive-react (@​rive-app/react-webgl2)

v4.28.0

Compare Source

• feat: bump js runtime to 2.37.0 for fallback font API exposure. Also add github issue template 7f37c25
• chore: remove react-webgl variant with the deprecation of @​rive-app/webgl 5830cad
• fix: typo in contributing 4161ded

tauri-apps/plugins-workspace (@​tauri-apps/plugin-dialog)

v2.7.0

Compare Source

vercel/ai (ai)

v6.0.158

Compare Source

Patch Changes

• 295beba: fix(ai): fix lastAssistantMessageIsCompleteWithApprovalResponses to no longer ignore providerExecuted tool approvals

v6.0.157

Compare Source

Patch Changes

• ff11aee: fix(ai): fix providerExecuted tool approvals being passed to language model twice

v6.0.156

Compare Source

Patch Changes

• Updated dependencies [08c5ac3]
  • @​ai-sdk/gateway@​3.0.95

v6.0.155

Compare Source

Patch Changes

• 06764c5: fix(ai): skip passing invalid JSON inputs to response messages

v6.0.154

Compare Source

Patch Changes

• Updated dependencies [37a378e]
  • @​ai-sdk/gateway@​3.0.94

v6.0.153

Compare Source

Patch Changes

• f152133: feat (ai/core): support plain string model IDs in rerank() function

  The rerank() function now accepts plain model strings (e.g., 'cohere/rerank-v3.5') in addition to RerankingModel objects, matching the behavior of generateText, embed, and other core functions.

v6.0.152

Compare Source

Patch Changes

• d42076d: Add AI Gateway hint to provider READMEs

v6.0.151

Compare Source

Patch Changes

• Updated dependencies [ec18852]
  • @​ai-sdk/gateway@​3.0.93

v6.0.150

Compare Source

Patch Changes

• 1003609: fix(ai): skip stringifying text when streaming partial text
• Updated dependencies [9de7d7b]
  • @​ai-sdk/gateway@​3.0.92

v6.0.149

Compare Source

Patch Changes

• Updated dependencies [3aca847]
  • @​ai-sdk/gateway@​3.0.91

v6.0.148

Compare Source

Patch Changes

• Updated dependencies [e923a24]
  • @​ai-sdk/gateway@​3.0.90

v6.0.147

Compare Source

Patch Changes

• Updated dependencies [6247886]
  • @​ai-sdk/provider-utils@​4.0.23
  • @​ai-sdk/gateway@​3.0.89

v6.0.146

Compare Source

Patch Changes

• Updated dependencies [5f439a1]
  • @​ai-sdk/gateway@​3.0.88

v6.0.145

Compare Source

Patch Changes

• Updated dependencies [ffd431a]
  • @​ai-sdk/gateway@​3.0.87

v6.0.144

Compare Source

Patch Changes

• 0469aed: fix: allow inline data URLs in download validation
• Updated dependencies [0469aed]
• Updated dependencies [15bfbd2]
  • @​ai-sdk/provider-utils@​4.0.22
  • @​ai-sdk/gateway@​3.0.86

v6.0.143

Compare Source

Patch Changes

• Updated dependencies [85e476d]
  • @​ai-sdk/gateway@​3.0.85

lunacookies/etcetera (etcetera)

v0.11.0

Compare Source

What's Changed

• chore(README): fix documentation link by @​hasezoey in #​34
• Small docs fix that confused me when I was looking at example on docs.rs by @​Ac5000 in #​38
• crate: use std::env::home_dir, bump to edition 2024, raise MSRV to 1.87 by @​utkarshgupta137 in #​39

New Contributors

• @​hasezoey made their first contribution in #​34
• @​Ac5000 made their first contribution in #​38

Full Changelog: lunacookies/etcetera@v0.10.0...v0.11.0

v0.10.0

Compare Source

What's Changed

• Allow compatibility with recent versions of home in #​31
• Support non-UTF8 dirs in #​32
• Add note about MSRV & fix CI in #​33

This version raises MSRV to 1.81.0. But if you pin home to <0.5.11 in Cargo.lock, then the MSRV will be 1.70.0.

Full Changelog: lunacookies/etcetera@v0.9.0...v0.10.0

v0.9.0

Compare Source

What's Changed

• Make macOS bundle ID match the directories crate in #​22
• Make the traits dyn-compatible in #​25
• windows-sys: bump & replace SHGetFolderPathW with SHGetKnownFolderPath in #​30
• crate: bump to edition 2021 & raise MSRV to 1.70.0 in #​30

Full Changelog: lunacookies/etcetera@v0.8.0...v0.9.0

i18next/i18next (i18next)

v26.0.4

Compare Source

• fix(types): inline formatting options like {{price, currency(EUR)}} are now correctly resolved to their base format type (e.g. number for currency) instead of falling back to string 2378

postcss/postcss (postcss)

v8.5.9

Compare Source

• Speed up source map encoding paring in case of the error.

react-hook-form/react-hook-form (react-hook-form)

v7.72.1: Version 7.72.1

Compare Source

🐞 fix: add isDirty check for numeric string keys in defaultValues (issue #​13346) (#​13347)
🐞 fix: prevent setValue with shouldDirty from polluting unrelated dirty fields (#​13326)
🐞 fix: memoize control in HookFormControlContext to prevent render conflicts (#​13272) (#​13312)
🐞 fix: isNameInFieldArray should check all ancestor paths for nested field arrays (#​13318)
🐞 fix: #​13320 formState.isValid incorrect on Controller re-mount (#​13324)

thanks to @​6810779s, @​candymask0712, @​olagokemills, @​shahmir-oscilar & @​bae080311

bvaughn/react-resizable-panels (react-resizable-panels)

v4.10.0

Compare Source

• 705: Add data-separator="focus" state for Separator elements for more consistent custom CSS styles.

v4.9.0

Compare Source

• 702: Add disableDoubleClick prop to Separator to enable turning off the double-click size reset behavior.

snapview/tokio-tungstenite (tokio-tungstenite)

v0.29.0

Compare Source

• Update tungstenite to 0.29.0. See tungstenite release.

v0.28.0

Compare Source

• Update tungstenite to 0.18.0. See tungstenite release.

v0.27.0

Compare Source

• See performance updates in tungstenite-rs.

v0.26.2

Compare Source

• Update tungstenite, see changes here.

v0.26.1

Compare Source

• Update tungstenite to address an issue that might cause UB in certain cases.

v0.26.0

Compare Source

• Update tungstenite to 0.26.0 (breaking changes).

v0.25.0

Compare Source

• Update tungstenite to 0.25.0 (important updates!).

v0.24.0

• Update dependencies (TLS, tungstenite).
• Return a runtime error when WSS URLs are used without a proper TLS feature enabled.

v0.23.1

• Introduce a url feature (proxies to tungstenite/url).

v0.23.0

• Update tungstenite to 0.23.0.
• Disable default features on TLS crates.

v0.22.0

Compare Source

• Update TLS dependencies.
• Update tungstenite to match 0.22.0.

vitejs/vite (vite)

v7.3.2

Compare Source

Please refer to CHANGELOG.md for details.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bdd1290de6

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Revert tokio-tungstenite bump until ACP bridge is migrated

Upgrading tokio-tungstenite from 0.21 to 0.29 introduces a breaking tungstenite::Message API change (Text now carries Utf8Bytes), but the ACP bridge still constructs and handles text frames as String (for example Message::Text(payload.to_string()) in src-tauri/src/services/acp/manager/thread.rs:76). With this dependency bump alone, the Tauri backend no longer type-checks; either pin back to 0.21.x or migrate the call sites to the new constructors/conversions (e.g. Message::text(...) / .into()).

Useful? React with 👍 / 👎.