⬆️ Bump the dependencies group with 8 updates

[dependabot]

Bumps the dependencies group with 8 updates:

Package	From	To
dotenv	17.4.1	17.4.2
@biomejs/biome	2.4.10	2.4.11
@tanstack/react-query	5.96.2	5.99.0
@types/node	25.5.2	25.6.0
postcss	8.5.8	8.5.9
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
vite	8.0.4	8.0.8

Updates dotenv from 17.4.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.10 to 2.4.11

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.11

2.4.11

Patch Changes

• #9350 4af4a3a Thanks @​dyc3! - Added the new nursery rule useConsistentTestIt in the test domain. The rule enforces consistent use of either it or test for test functions in Jest/Vitest suites, with separate control for top-level tests and tests inside describe blocks.

  Invalid:

  test("should fly", () => {}); // Top-level test using 'test' flagged, convert to 'it'
  describe("pig", () => {
  test("should fly", () => {}); // Test inside 'describe' using 'test' flagged, convert to 'it'
  });

• #9429 a2f3f7e Thanks @​ematipico! - Added the new nursery lint rule useExplicitReturnType. It reports TypeScript functions and methods that omit an explicit return type.

  function toString(x: any) {
    // rule triggered, it doesn't declare a return type
    return x.toString();
  }

• #9828 9e40844 Thanks @​ematipico! - Fixed #9484: the formatter no longer panics when formatting files that contain graphql tagged template literals combined with parenthesized expressions.

• #9886 e7c681e Thanks @​ematipico! - Fixed an issue where, occasionally, some bindings and references were not properly tracked, causing false positives from noUnusedVariables and noUndeclaredVariables in Svelte, Vue, and Astro files.

• #9760 5b16d18 Thanks @​myx0m0p! - Fixed #4093: the noDelete rule no longer triggers for delete process.env.FOO, since delete is the documented way to remove environment variables in Node.js.

• #9799 2af8efd Thanks @​minseong0324! - Added the rule noMisleadingReturnType. The rule detects when a function's return type annotation is wider than what the implementation actually returns.

  // Flagged: `: string` is wider than `"loading" | "idle"`
  function getStatus(b: boolean): string {
    if (b) return "loading";
    return "idle";
  }

• #9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useFind to better explain the problem, why it matters, and how to fix it.

• #9755 bff7bdb Thanks @​ematipico! - Improved performance of fix-all operations (--write). Biome is now smarter when it runs lint rules and assist actions. First, it runs only rules that have code fixes, and then runs the rest of the rules.

• #8651 aafca2d Thanks @​siketyan! - Add a new lint rule useDisposables for JavaScript, which detects disposable objects assigned to variables without using or await using syntax. Disposable objects that implement the Disposable or AsyncDisposable interface are intended to be disposed of after use. Not disposing them can lead to resource or memory leaks, depending on the implementation.

  Invalid:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.11

Patch Changes

• #9350 4af4a3a Thanks @​dyc3! - Added the new nursery rule useConsistentTestIt in the test domain. The rule enforces consistent use of either it or test for test functions in Jest/Vitest suites, with separate control for top-level tests and tests inside describe blocks.

  Invalid:

  test("should fly", () => {}); // Top-level test using 'test' flagged, convert to 'it'
  describe("pig", () => {
  test("should fly", () => {}); // Test inside 'describe' using 'test' flagged, convert to 'it'
  });

• #9429 a2f3f7e Thanks @​ematipico! - Added the new nursery lint rule useExplicitReturnType. It reports TypeScript functions and methods that omit an explicit return type.

  function toString(x: any) {
    // rule triggered, it doesn't declare a return type
    return x.toString();
  }

• #9828 9e40844 Thanks @​ematipico! - Fixed #9484: the formatter no longer panics when formatting files that contain graphql tagged template literals combined with parenthesized expressions.

• #9886 e7c681e Thanks @​ematipico! - Fixed an issue where, occasionally, some bindings and references were not properly tracked, causing false positives from noUnusedVariables and noUndeclaredVariables in Svelte, Vue, and Astro files.

• #9760 5b16d18 Thanks @​myx0m0p! - Fixed #4093: the noDelete rule no longer triggers for delete process.env.FOO, since delete is the documented way to remove environment variables in Node.js.

• #9799 2af8efd Thanks @​minseong0324! - Added the rule noMisleadingReturnType. The rule detects when a function's return type annotation is wider than what the implementation actually returns.

  // Flagged: `: string` is wider than `"loading" | "idle"`
  function getStatus(b: boolean): string {
    if (b) return "loading";
    return "idle";
  }

• #9880 7f67749 Thanks @​dyc3! - Improved the diagnostics for useFind to better explain the problem, why it matters, and how to fix it.

• #9755 bff7bdb Thanks @​ematipico! - Improved performance of fix-all operations (--write). Biome is now smarter when it runs lint rules and assist actions. First, it runs only rules that have code fixes, and then runs the rest of the rules.

• #8651 aafca2d Thanks @​siketyan! - Add a new lint rule useDisposables for JavaScript, which detects disposable objects assigned to variables without using or await using syntax. Disposable objects that implement the Disposable or AsyncDisposable interface are intended to be disposed of after use. Not disposing them can lead to resource or memory leaks, depending on the implementation.

  Invalid:

... (truncated)

Commits

• a2933bf ci: release (#9733)
• e8cad58 feat(js_analyze): implement useQwikLoaderLocation (#9809)
• 2af8efd feat(lint): add nursery rule noMisleadingReturnType (#9799)
• a2f3f7e feat(lint): rule useExplicitReturnType (#9429)
• aafca2d feat(js/lint): implement rule useDisposables (#8651)
• 49f00a3 feat(lint): add ternary expression detection to useNullishCoalescing (#9248)
• 4af4a3a feat(lint/js): add useConsistentTestIt (#9350)
• 1417c3b feat(lint/js): add noUselessTypeConversion (#9701)
• See full diff in compare view

Updates @tanstack/react-query from 5.96.2 to 5.99.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.99.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.0
  • @​tanstack/react-query@​5.99.0

@​tanstack/react-query-next-experimental@​5.99.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.99.0

@​tanstack/react-query-persist-client@​5.99.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.99.0
  • @​tanstack/react-query@​5.99.0

@​tanstack/react-query@​5.99.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.99.0

@​tanstack/react-query-devtools@​5.98.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.98.0
  • @​tanstack/react-query@​5.98.0

@​tanstack/react-query-next-experimental@​5.98.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.98.0

@​tanstack/react-query-persist-client@​5.98.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.98.0
  • @​tanstack/react-query@​5.98.0

@​tanstack/react-query@​5.98.0

Patch Changes

• Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.99.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.99.0

5.98.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.98.0

5.97.0

Patch Changes

• Updated dependencies [2bfb12c]:
  • @​tanstack/query-core@​5.97.0

Commits

• adc2543 ci: Version Packages (#10454)
• 6040278 ci: Version Packages (#10451)
• 125067c ci: Version Packages (#10436)
• f699190 test(react-query): replace hardcoded query keys with 'queryKey()' utility (#1...
• f3d3eea test(*): replace deprecated 'toMatchTypeOf' with 'toExtend' (#10413)
• 3d6e001 test(react-query/useSuspenseQueries): replace 'async/await sleep' with 'sleep...
• 7d7a21c test(react-query): replace 'async/await sleep' with 'sleep().then()' in test ...
• See full diff in compare view

Updates @types/node from 25.5.2 to 25.6.0

Commits

• See full diff in compare view

Updates postcss from 8.5.8 to 8.5.9

Release notes

Sourced from postcss's releases.

8.5.9

• Speed up source map encoding paring in case of the error.

Changelog

Sourced from postcss's changelog.

8.5.9

• Speed up source map encoding paring in case of the error.

Commits

• fe88ac2 Release 8.5.9 version
• c551632 Avoid RegExp when we can use simple JS
• 89a6b74 Move SECURITY.txt for docs folder to keep GitHub page cleaner
• 6ceb8a4 Create SECURITY.md
• 02ccae6 Another way to fix CI with .ts ext in tests on old Node.js
• 2c36658 Another way to fix CI with TS on old Node.js
• b906003 Another way to fix CI with old Node.js
• 04d32cd Fix another issue with Node.js 10 on CI
• df86cdf Try to fix Node.js 10 on CI
• 82bec0d Move to oxfmt
• Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates vite from 8.0.4 to 8.0.8

Release notes

Sourced from vite's releases.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.8 (2026-04-09)

Features

• update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

Bug Fixes

• avoid dns.getDefaultResultOrder temporary (#22202) (15f1c15)
• ssr: class property keys hoisting matching imports (#22199) (e137601)

8.0.7 (2026-04-07)

Bug Fixes

• use sync dns.getDefaultResultOrder instead of dns.promises (#22185) (5c05b04)

8.0.6 (2026-04-07)

Features

• update rolldown to 1.0.0-rc.13 (#22097) (51d3e48)

Bug Fixes

• css: avoid mutating sass error multiple times (#22115) (d5081c2)
• optimize-deps: hoist CJS interop assignment (#22156) (17a8f9e)

Performance Improvements

• early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#22151) (56ec256)

Miscellaneous Chores

• create-vite: remove unnecessary DOM.Iterable (#22168) (bdc53ab)
• replace remaining prettier script (#22179) (af71fb2)

8.0.5 (2026-04-06)

Bug Fixes

• apply server.fs check to env transport (#22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#22161) (79f002f)
• check server.fs after stripping query as well (#22160) (a9a3df2)
• disallow referencing files outside the package from sourcemap (#22158) (f05f501)

Commits

• 6e585dc release: v8.0.8
• e137601 fix(ssr): class property keys hoisting matching imports (#22199)
• 15f1c15 fix: avoid dns.getDefaultResultOrder temporary (#22202)
• 6baf587 feat: update rolldown to 1.0.0-rc.15 (#22201)
• fdb2e6f release: v8.0.7
• 5c05b04 fix: use sync dns.getDefaultResultOrder instead of dns.promises (#22185)
• 7b3086f release: v8.0.6
• af71fb2 chore: replace remaining prettier script (#22179)
• 51d3e48 feat: update rolldown to 1.0.0-rc.13 (#22097)
• 17a8f9e fix(optimize-deps): hoist CJS interop assignment (#22156)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions