chore(deps): update dev-tools

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	2.2.6 → 2.4.6
@eslint/compat (source)	1.4.0 → 1.4.1
@eslint/css	0.13.0 → 0.14.1
@playwright/test (source)	1.56.1 → 1.58.2
@types/node (source)	22.18.11 → 22.19.15
@types/react (source)	19.2.2 → 19.2.14
@types/react-dom (source)	19.2.2 → 19.2.3
@typescript-eslint/eslint-plugin (source)	8.46.1 → 8.56.1
@typescript-eslint/parser (source)	8.46.1 → 8.56.1
eslint (source)	9.38.0 → 9.39.4
knip (source)	5.66.0 → 5.86.0
turbo (source)	2.5.8 → 2.8.14

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.6

Compare Source

Patch Changes

• #​9305 40869b5 Thanks @​ematipico! - Fixed #​4946: noUnreachable no longer reports code inside finally blocks as unreachable when there is a break, continue, or return in the corresponding try body.

• #​9303 464910c Thanks @​ematipico! - Fixed #​2786: The formatter no longer produces different output on subsequent runs when a case clause has a trailing line comment followed by a single block statement.

• #​9324 6294aa2 Thanks @​arendjr! - Fixed #7730: useAnchorContent now recognises SolidJS's innerHTML the same way as React's dangerouslySetInnerHTML.

• #​9298 1003229 Thanks @​Netail! - Fixed #9296, so comments are moved along with the attributes in the useSortedAttributes assist rule code fix.

• #​9329 855b451 Thanks @​dyc3! - Improved performance of noEmptyBlockStatements. The rule is now smarter about short-circuiting its logic.

• #​9326 85dfe9b Thanks @​dyc3! - Improved performance for noImportCycles by explicitly excluding node_modules from the cycle detection. The performance improvement is directly proportional to how big your dependency tree is.

• #​9323 d5ee469 Thanks @​ematipico! - Fixed #​9217 and biomejs/biome-vscode#959, where the Biome language server didn't correctly resolve the editor setting configurationPath when the provided value is a relative path.

• #​9302 86fbc70 Thanks @​sepagian! - Fixed #​9300: Lowercase component member expressions like <form.Field> in Svelte and Astro files are now correctly formatted.

  -<form .Field></form.Field>
  +<form.Field></form.Field>

v2.4.5

Compare Source

Patch Changes

• #​9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

• #​9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

• #​9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

• #​9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

• #​9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​9178 101b3bb Thanks @​Bertie690! - Fixed #​9172 and #​9168:
  Biome now considers more constructs as valid test assertions.

  Previously, assert, expectTypeOf and assertType
  were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

  Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

  import { expectTypeOf, assert, assertType } from "vitest";
  
  const myStr = "Hello from vitest!";
  it("should be a string", () => {
    expectTypeOf(myStr).toBeString();
  });
  test("should still be a string", () => {
    assertType<string>(myStr);
  });
  it.todo("should still still be a string", () => {
    assert(typeof myStr === "string");
  });

• #​9173 32dad2d Thanks @​dyc3! - Added parsing support for Svelte's new comments-in-tags feature.

  The HTML parser will now accept JS style comments in tags in Svelte files.

  <button
    // single-line comment
    onclick={doTheThing}
  >click me</button>
  
  <div
    /* block comment */
    class="foo"
  >text</div>

• #​8952 1d2ca15 Thanks @​pkallos! - Added the nursery rule useNullishCoalescing. This rule suggests using the nullish coalescing operator (??) instead of logical OR (||) when the left operand may be nullish. This prevents bugs where falsy values like 0, '', or false are incorrectly treated as missing. Addresses #​8043

  // Invalid
  declare const x: string | null;
  const value = x || "default";
  
  // Valid
  const value = x ?? "default";

• #​9243 1992a85 Thanks @​Netail! - Fixed #​7813: improved the diagnostic of the rule useExhaustiveDependencies. The diagnostic now shows the name of the variable to add to the dependency array.

• #​9063 3d0648f Thanks @​taga3s! - Added the nursery rule noVueRefAsOperand. This rule disallows cases where a ref is used as an operand.

  The following code is now flagged:

  import { ref } from "vue";
  
  const count = ref(0);
  count++; // Should be: count.value++

  import { ref } from "vue";
  
  const ok = ref(false);
  if (ok) {
    // Should be: if (ok.value)
    //
  }

• #​9273 f239e20 Thanks @​denbezrukov! - Fixed #​9253: parsing of @container scroll-state(...) queries.

  @​container scroll-state(scrolled: bottom) {
  }
  @​container scroll-state(stuck) {
  }
  @​container scroll-state(not (stuck)) {
  }
  @​container scroll-state((stuck) and (scrolled: bottom)) {
  }
  @​container scroll-state((stuck) or (snapped: x)) {
  }
  @​container main-layout scroll-state(not ((stuck) and (scrolled: bottom))) {
  }

• #​9259 96939c0 Thanks @​ematipico! - Fixed CSS formatter incorrectly collapsing selectors when a BOM (Byte Order Mark) character is present at the start of the file. The formatter now correctly preserves line breaks between comments and selectors in BOM-prefixed CSS files, matching Prettier's behavior.

• #​9251 59e33fb Thanks @​ematipico! - Fixed #​9249: The CSS formatter no longer incorrectly breaks ratio values (like 1 / -1) across lines when followed by comments.

• #​9284 ec3a17f Thanks @​denbezrukov! - Fixed #​9253: removed false-positive diagnostics for valid @container/@supports general-enclosed queries.

  @​container scroll-state(scrolled: bottom) {
  }
  @​supports foo(bar: baz) {
  }

• #​9215 b2619a1 Thanks @​FrederickStempfle! - Fixed #​9189: biome ci in GitHub Actions now correctly disables colors so that ::error/::warning workflow commands are not wrapped in ANSI escape codes.

• #​9256 65ae4c1 Thanks @​ematipico! - Fixed JSON reporter escaping of special characters in diagnostic messages. The JSON reporter now properly escapes double quotes, backslashes, and control characters in error messages and advice text, preventing invalid JSON output when diagnostics contain these characters.

• #​9223 5b9da81 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't write output to a file when --reporter-file was specified. The output is now correctly written to the specified file instead of always going to stdout.

• #​9154 c487e54 Thanks @​abossenbroek! - Fixed #​9115: The noPlaywrightMissingAwait rule no longer produces false positives on jest-dom matchers like toBeVisible, toBeChecked, toHaveAttribute, etc. For matchers shared between Playwright and jest-dom, the rule now checks whether expect()'s argument is a Playwright locator or page object before flagging. Added semantic variable resolution so that extracted Playwright locators (e.g. const loc = page.locator('.item'); expect(loc).toBeVisible()) are still correctly flagged.

• #​9269 33e5cdf Thanks @​dyc3! - Fixed a false positive where noUndeclaredVariables reported bindings from Vue <script setup> as undeclared when used in <template>.

  This change ensures embedded bindings collected from script snippets (like imports and defineModel results) are respected by the rule.

• #​9267 2c2e060 Thanks @​ematipico! - Fixed #​9143 and #​8849: The noUnresolvedImports rule no longer reports false positives for several common patterns:

  • node:fs, node:path, node:url, and other Node.js built-in modules with the node: prefix are now accepted.
  • Packages that declare their TypeScript entry point via "typings" (instead of "types") in package.json now resolve correctly.
  • Named imports from aliased re-export chains (e.g. export { x as y } from "...") are now resolved correctly through the alias.
  • Namespace re-exports (e.g. export * as Ns from "...") are now recognized as own exports of the barrel module.

• #​9254 f7bf12b Thanks @​ematipico! - Fixed #​8842: The CSS formatter now correctly formats @container scroll-state() without adding an unwanted space between the function name and opening parenthesis.

• #​9211 2d0b8e6 Thanks @​ematipico! - Fixed #​7905. Improved the accuracy of type-aware lint rules when analyzing re-exported functions and values.

  Previously, when a binding was imported from another module, its type was not correctly inferred during the type analysis phase. This caused type-aware lint rules to fail to detect issues when working with re-exported imports.

  The following rules now correctly handle re-exported imports:

  • useAwaitThenable
  • noFloatingPromises
  • noMisusedPromises
  • useArraySortCompare

  Example of now-working detection:

  // getValue.ts
  export async function getValue(): Promise<number> {
    return 42;
  }
  
  // reexport.ts
  export { getValue } from "./getValue";
  
  // index.ts
  import { getValue } from "./reexport";
  
  // Previously: no diagnostic (type was unknown)
  // Now: correctly detects that getValue() returns a Promise
  await getValue(); // Valid - properly awaited
  getValue(); // Diagnostic - floating promise

• #​8934 b49707c Thanks @​tim-we! - Fixed #​8265: Biome now correctly detects test framework calls that use three arguments (label, options, callback) (e.g., describe("foo", { retry: 2 }, () => {})). This fixes both formatting and the noDuplicateTestHooks lint rule for test frameworks like Vitest.

• #​9191 688fd34 Thanks @​dyc3! - Fixed #​9180: fixed a panic caused by an interaction between noRedundantUseStrict and the formatter

• #​9048 9bbdf4d Thanks @​ff1451! - Added the nursery rule useNamedCaptureGroup.
  The rule enforces using named capture groups in regular expressions instead of numbered ones. It supports both regex literals and RegExp constructor calls.

  // Invalid: unnamed capture group
  /(foo)/;
  new RegExp("(foo)");
  
  // Valid: named capture group
  /(?<id>foo)/;
  new RegExp("(?<id>foo)");

• #​9255 9b6685b Thanks @​ematipico! - Fixed #9234, where some nursery rules panicked when they were configured with the option level without the corresponding options.

• #​8968 a2b4494 Thanks @​LouisLau-art! - Fixed #​8812: lint/suspicious/noArrayIndexKey will now report index usage anywhere in JSX key template or binary expressions, not only in the last visited identifier.

• #​9266 84935a4 Thanks @​dyc3! - Fixed #​9250: noVueDuplicateKeys will no longer flag keys under watch, preventing false positives.

• #​9056 1f2fe2e Thanks @​ruidosujeira! - Added the nursery rule useArraySome to prefer .some() over verbose existence checks like filter(...).length > 0 and findIndex(...) !== -1, with suggestions for find/findLast existence checks. This also applies to ES2025 iterator helpers such as Iterator.prototype.find.

• #​9163 f87acf6 Thanks @​JUSTIVE! - Added graphql to valid embedded graphql template tags inside JavaScript files, when the feature javascript.experimentalEmbeddedSnippetsEnabled is enabled. This allows proper support for graphql tags used in RelayJS.

  Now, code snippets like the following are correctly formatted and limited:

  import { graphql } from "react-relay";
  
  const query = graphql`
    query {
      user(id: 1) {
        id
        name
      }
    }
  `;

• #​8773 6b01778 Thanks @​xcb3d! - Added the new nursery rule useUnicodeRegex.

  The rule enforces the use of the u or v flag for regular expressions. This ensures proper handling of Unicode characters like emoji.

  // Invalid
  /foo/;
  new RegExp("foo", "gi");
  
  // Valid
  /foo/u;
  new RegExp("foo", "giu");

v2.4.4

Compare Source

Patch Changes

• #​9150 6946835 Thanks @​dyc3! - Fixed #​9138: Astro files containing --- in HTML content (e.g., <h1>---Hi</h1>) are now parsed correctly, both when a frontmatter block is present and when there is no frontmatter at all.

• #​9150 aa6f837 Thanks @​dyc3! - Fixed #​9138: The HTML parser incorrectly failing to parse bracket characters ([ and ]) in text content (e.g. <div>[Foo]</div>).

• #​9151 c0d4b0c Thanks @​dyc3! - Fixed parsing of Svelte directive keywords (use, style) when used as plain text content in HTML/Svelte files. Previously, <p>use JavaScript</p> or <p>style it</p> would incorrectly produce a bogus element instead of proper text content.

• #​9162 7f1e060 Thanks @​dyc3! - Fixed #​9161: The Vue parser now correctly handles colon attributes like xlink:href and xmlns:xlink by parsing them as single attributes instead of splitting them into separate tokens.

• #​9164 458211b Thanks @​dyc3! - Fixed #​9161: The noAssignInExpressions rule no longer flags assignments in Vue v-on directives (e.g., @click="counter += 1"). Assignments in event handlers are idiomatic Vue patterns and are now skipped by the rule.

v2.4.3

Compare Source

Patch Changes

• #​9120 aa40fc2 Thanks @​ematipico! - Fixed #​9109, where the GitHub reporter wasn't correctly enabled when biome ci runs on GitHub Actions.

• #​9128 8ca3f7f Thanks @​dyc3! - Fixed #​9107: The HTML parser can now correctly parse Astro directives (client/set/class/is/server), which fixes the formatting for Astro directives.

• #​9124 f5b0e8d Thanks @​ematipico! - Fixed #​8882 and #​9108: The Astro frontmatter lexer now correctly identifies the closing --- fence when the frontmatter contains multi-line block comments with quote characters, strings that mix quote types (e.g. "it's"), or escaped quote characters (e.g. "\").

• #​9142 3ca066b Thanks @​THernandez03! - Fixed #​9141: The noUnknownAttribute rule no longer reports closedby as an unknown attribute on <dialog> elements.

• #​9126 792013e Thanks @​ematipico! - Added missing Mocha globals to the Test domain: context, run, setup, specify, suite, suiteSetup, suiteTeardown, teardown, xcontext, xdescribe, xit, and xspecify. These are injected by Mocha's BDD and TDD interfaces and were previously flagged as undeclared variables in projects using Mocha.

• #​8855 6918c9e Thanks @​ruidosujeira! - Fixed #​8840. Now the Biome CSS parser correctly parses not + scroll-state inside @container queries.

• #​9111 4fb55cf Thanks @​Jayllyz! - Slightly improved performance of noIrregularWhitespace by adding early return optimization and simplifying character detection logic.

• #​8975 086a0c5 Thanks @​FrankFMY! - Fixed #​8478: useDestructuring no longer suggests destructuring when the variable has a type annotation, like const foo: string = object.foo.

v2.4.2

Compare Source

Patch Changes

• #​9103 fc9850c Thanks @​dyc3! - Fixed #​9098: useImportType no longer incorrectly flags imports used in Svelte control flow blocks ({#if}, {#each}, {#await}, {#key}) as type-only imports.

• #​9106 f4b7296 Thanks @​dyc3! - Updated rule source metadata for rules from html-eslint.

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noConditionalExpect. This rule disallows conditional expect() calls inside tests, which can lead to tests that silently pass when assertions never run.

  // Invalid - conditional expect may not run
  test("conditional", async ({ page }) => {
    if (someCondition) {
      await expect(page).toHaveTitle("Title");
    }
  });
  
  // Valid - unconditional expect
  test("unconditional", async ({ page }) => {
    await expect(page).toHaveTitle("Title");
  });

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightElementHandle. Prefers locators to element handles.

  const el = await page.$(".btn");

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightEval. Disallows page.$eval() and page.$$eval() methods.

  await page.$eval(".btn", (el) => el.textContent);

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightForceOption. Disallows the force option on user interactions.

  await locator.click({ force: true });

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightMissingAwait. Enforces awaiting async Playwright APIs.

  const el = page.locator(".btn");
  el.click(); // Missing await

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightNetworkidle. Disallows deprecated networkidle wait option.

  await page.goto(url, { waitUntil: "networkidle" });

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightPagePause. Disallows page.pause() debugging calls in committed code.

  await page.pause();

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightUselessAwait. Disallows unnecessary await on synchronous Playwright methods.

  // Incorrect - locator() is synchronous
  const loc = await page.locator(".btn");

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightWaitForNavigation. Prefers modern navigation APIs over deprecated waitForNavigation().

  await page.waitForNavigation();

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightWaitForSelector. Prefers locators over deprecated waitForSelector().

  await page.waitForSelector(".btn");

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightWaitForTimeout. Disallows hard-coded timeouts with waitForTimeout().

  await page.waitForTimeout(5000);

• #​8960 4a5ff40 Thanks @​abossenbroek! - Enhanced noSkippedTests to detect Playwright patterns (.fixme, test.describe, test.step, bracket notation, bare calls). Consolidated noPlaywrightSkippedTest into this rule.

• #​9101 0c0fb6f Thanks @​siketyan! - Fixed #9080: The noUnusedVariables rule no longer reports a top-level Props interface or type alias as unused in Astro files.

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule useExpect. This rule ensures that test functions contain at least one expect() assertion.

  // Invalid - test without assertion
  test("no assertion", async ({ page }) => {
    await page.goto("/");
  });
  
  // Valid - test with assertion
  test("has assertion", async ({ page }) => {
    await expect(page).toHaveTitle("Title");
  });

• #​8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule usePlaywrightValidDescribeCallback. Validates that describe callback signatures are not async.

  test.describe("suite", async () => {});

v2.4.1

Compare Source

Patch Changes

• #​9092 6edd600 Thanks @​ematipico! - Fixed #​9052. This PR reverts changes introduced by #​8519, which caused unwanted changes on how paths are resolved.

• #​9091 3bf674d Thanks @​ematipico! - Fixed #​9090, where SCSS files were incorrectly processed by Biome. This was a regressions caused by the latest developments for supporting SCSS out of the box.

• #​9100 66931a8 Thanks @​siketyan! - Fixed #​9081: The noUnknownPseudoElement rule no longer reports false positives for any known pseudo elements in CSS modules. This was a regression introduced in v2.4.0.

• #​9102 d01b903 Thanks @​ematipico! - Fixed #​9095, where Biome didn't print anything in stdin mode. This was a regression caused by a recent, internal refactor.

v2.4.0

Compare Source

Minor Changes

• #​8964 0353fa0 Thanks @​dyc3! - Added ignore option to the useHookAtTopLevel rule.

  You can now specify function names that should not be treated as hooks, even if they follow the use* naming convention.

  Example configuration:

  {
    "linter": {
      "rules": {
        "correctness": {
          "useHookAtTopLevel": {
            "options": {
              "ignore": ["useDebounce", "useCustomUtility"]
            }
          }
        }
      }
    }
  }

• #​8769 d0358b0 Thanks @​rahuld109! - Added the rule useAnchorContent for HTML to enforce that anchor elements have accessible content for screen readers. The rule flags empty anchors, anchors with only whitespace, and anchors where all content is hidden with aria-hidden. Anchors with aria-label or title attributes providing a non-empty accessible name are considered valid.

• #​8742 6340ce6 Thanks @​rahuld109! - Added the rule useMediaCaption to the HTML language. Enforces that audio and video elements have a track element with kind="captions" for accessibility. Muted videos are allowed without captions.

• #​8621 d11130b Thanks @​Netail! - Added support for multiple reporters, and the ability to save reporters on arbitrary files.

Combine two reporters in CI

If you run Biome on GitHub, take advantage of the reporter and still see the errors in console, you can now use both reporters:

biome ci --reporter=default --reporter=github

Save reporter output to a file

With the new --reporter-file CLI option, it's now possible to save the output of all reporters to a file. The file is a path,
so you can pass a relative or an absolute path:

biome ci --reporter=rdjson --reporter-file=/etc/tmp/report.json
biome ci --reporter=summary --reporter-file=./reports/file.txt

You can combine these two features. For example, have the default reporter written on terminal, and the rdjson reporter written on file:

biome ci --reporter=default --reporter=rdjson --reporter-file=/etc/tmp/report.json

The --reporter and --reporter-file flags must appear next to each other, otherwise an error is thrown.

• #​8399 ab88099 Thanks @​ematipico! - The Biome CSS parser is now able to parse Vue SFC syntax such as :slotted and :deep. These pseudo functions are only correctly parsed when the CSS is defined inside .vue components. Otherwise, Biome will a emit a parse error.

  This capability is only available when experimentalFullHtmlSupportedEnabled is set to true.

• #​8663 3dfea16 Thanks @​ematipico! - Added support for Cursor files. When Biome sees a Cursor JSON file, it will parse it with comments enabled and trailing commas enabled:

  • $PROJECT/.cursor/
  • %APPDATA%\Cursor\User\ on Windows
  • ~/Library/Application Support/Cursor/User/ on macOS
  • ~/.config/Cursor/User/ on Linux

• #​8723 fe2c642 Thanks @​cbstns! - Added JSON as a target language for GritQL pattern matching. You can now write Grit plugins for JSON files.

  This enables users to write GritQL patterns that match against JSON files, useful for:

  • Searching and transforming JSON configuration files
  • Enforcing patterns in package.json and other JSON configs
  • Writing custom lint rules for JSON using GritQL

  Example patterns:

  Match all key-value pairs:

  language json
  
  pair(key = $k, value = $v)
  

  Match objects with specific structure:

  language json
  
  JsonObjectValue()
  

  Supports both native Biome AST names (JsonMember, JsonObjectValue) and TreeSitter-compatible names (pair, object, array) for compatibility with existing Grit patterns.

  For more details, see the GritQL documentation.

• #​8814 4d9c676 Thanks @​Netail! - Added ignore option to noUnknownProperty. If an unknown property name matches any of the items provided in ignore, a diagnostic won't be emitted.

• #​8631 4d8f19d Thanks @​Netail! - Add a new reporter --reporter=sarif, that emits diagnostics using the SARIF format.

• #​8270 4f7909d Thanks @​lucasweng! - Added the useIframeTitle lint rule for HTML. The rule enforces the usage of the title attribute for the iframe element.

  Invalid:

  <iframe></iframe> <iframe title=""></iframe>

  Valid:

  <iframe title="title"></iframe>

• #​8164 1d25856 Thanks @​ematipico! - Added a new assist action useSortedInterfaceMembers that sorts TypeScript interface members, for readability.

  It includes an autofix.

  Invalid example.

  interface MixedMembers {
    z: string;
    a: number;
    (): void;
    y: boolean;
  }

  Valid example (after using the assist).

  interface MixedMembers {
    a: number;
    y: boolean;
    z: string;
    (): void;
  }

• #​8647 4c7c06f Thanks @​siketyan! - It's now possible to provide the stacktrace for a fatal error. The stacktrace is only available when the environment variable RUST_BACKTRACE=1 is set, either via the CLI or exported $PATH. This is useful when providing detailed information for debugging purposes:

  RUST_BACKTRACE=1 biome lint

• #​7961 a04c8df Thanks @​siketyan! - The Biome Language Server now reports progress while scanning files and dependencies in the project.

• #​8289 a9025d4 Thanks @​theshadow27! - Fixed #​8024. The rule useIterableCallbackReturn now supports a checkForEach option. When set to false, the rule will skip checking for forEach() callbacks for returning values.

• #​8690 e06e5d1 Thanks @​ematipico! - Added the rule useValidLang to the HTML language.

• #​7847 e90b14f Thanks @​Jagget! - Added support for jsxFactory and jsxFragmentFactory.Biome now respects jsxFactory and jsxFragmentFactory settings from tsconfig.json when using the classic JSX runtime, preventing false positive noUnusedImports errors for custom JSX libraries like Preact.

  // tsconfig.json
  {
    compilerOptions: {
      jsx: "react",
      jsxFactory: "h",
      jsxFragmentFactory: "Fragment",
    },
  }

  // Component.jsx
  import { h, Fragment } from "preact";
  
  function App() {
    return <div>Hello</div>;
  }

• #​8071 7f5bcf4 Thanks @​ematipico! - Added new CLI options to the commands lsp-proxy and start that allow to control the Biome file watcher.

--watcher-kind

Controls how the Biome file watcher should behave. By default, Biome chooses the best watcher strategy for the
current OS, however sometimes this could result in some issues, such as folders locked.

The option accepts the current values:

• recommended: the

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[giselles-ai]

Finished running flow.

Step 1
🟢	On Pull Request Opened Status: Success Updated: Feb 1, 2026 12:49am
Step 2
🟢	gpt-5 Status: Success Updated: Feb 1, 2026 12:51am
Step 3
🟢	Create Pull Request Comment Status: Success Updated: Feb 1, 2026 12:51am

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
liam-app	Ready	Preview, Comment	Mar 21, 2026 1:22pm
liam-assets	Ready	Preview, Comment	Mar 21, 2026 1:22pm
liam-docs	Ready	Preview, Comment	Mar 21, 2026 1:22pm
liam-erd-sample	Ready	Preview, Comment	Mar 21, 2026 1:22pm
liam-storybook	Ready	Preview, Comment	Mar 21, 2026 1:22pm

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[giselles-ai]

Check changeset necessity

Status: NOT REQUIRED

Reason:

• Dev-tools-only updates (Biome, ESLint, @typescript-eslint, @types/*, Playwright, knip, turbo) across the repo; no production code changes.
• Target packages (@liam-hq/cli, @liam-hq/erd-core, @liam-hq/schema, @liam-hq/ui) changed devDependencies only (e.g., @biomejs/biome); no runtime deps, source, or public API modifications.
• No user-facing features, bug fixes, API or behavioral changes—this fits “Development tooling changes” in the guide.
• Updates in apps/internal packages (many on the ignore list) don’t require a changeset per policy.

Changeset (copy & paste):

<!-- No changeset required: dev-tooling updates only -->

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional flags.

[github-actions]

🤖 Agent Deep Modeling Execution

Started at: 2026-03-21 13:22:47 UTC

View Details

Command Output

@liam-hq/agent@0.1.0 execute-deep-modeling /home/runner/work/liam/liam/frontend/internal-packages/agent
pnpm test:integration src/createGraph.integration.test.ts

@liam-hq/agent@0.1.0 test:integration /home/runner/work/liam/liam/frontend/internal-packages/agent
vitest --watch=false --passWithNoTests --config vitest.config.integration.ts src/createGraph.integration.test.ts

RUN v3.2.4 /home/runner/work/liam/liam/frontend/internal-packages/agent

(node:8043) ExperimentalWarning: WASI is an experimental feature and might change at any time
(Use node --trace-warnings ... to show where the warning was created)

✅ [INFO] 2026-03-21T13:22:50.320Z
LangSmith Trace URL: https://smith.langchain.com/o/eed4d2d8-0bd8-4ca4-a452-4da88ef63fd6/projects/p/9324fe51-27a4-4604-a52b-c6cc240f6dcc?searchModel=%7B%22filter%22%3A%22and(eq(is_root%2C%20true)%2C%20and(eq(metadata_key%2C%20%5C%22thread_id%5C%22)%2C%20eq(metadata_value%2C%20%5C%22b143b958-908c-4b11-a9de-4680d5c5acaf%5C%22)))%22%7D
stderr | src/createGraph.integration.test.ts > createGraph Integration > should execute complete workflow
Failed to Failed to send multipart request. Received status [403]: Forbidden. Message:

Context: trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=2bc690cd-815e-4e2f-9d28-1838518d0640; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=fa97e7ab-7376-40b6-befa-54cc59177314; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=649f143e-fbbb-4e69-9e04-23b9b7f672b5; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=d739d5a4-6b97-4d5c-baf3-00f6e44c3520; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=11156382-c675-4ad1-adb4-d595b2dbdc03; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=43875b03-5282-4496-ad28-f4b313d961a8; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=a621550c-ea19-4a29-a139-dbf1b81e9bf0; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=c7a9e428-c70f-463a-87e8-b41772a2a2fc; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=1ef7b372-17ca-4671-ae61-9796faca98ab; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=0adb80dd-90eb-4f07-aeaf-21641f2e5ebd; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=8e77b3a3-54d2-4dec-b3b1-001f7e5fa0db; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=37d32a00-3563-4f57-87ec-92694b2b53ab; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=3037af72-ef51-4163-aeaf-0ec5a0af3f77; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=efe18231-8e4c-491a-b844-a76e804c9a13; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=c098b646-7e5b-4ae0-8e76-b4a48651aebe; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=15ff4dc2-7174-4d76-923e-2bc4e154a5c1; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=ceb65c6b-522b-4ed0-8d59-32fb5e7b9838; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=8e7f217d-0db1-415f-bdcc-272472414c54; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=1f7b72fc-3b89-47ad-a074-63c39f4af8c8; trace=2bc690cd-815e-4e2f-9d28-1838518d0640,id=e1e4d5f1-1d6e-4933-be02-6bac46be6ece

x

⎯⎯⎯⎯⎯⎯⎯ Failed Tests 1 ⎯⎯⎯⎯⎯⎯⎯

FAIL src/createGraph.integration.test.ts > createGraph Integration > should execute complete workflow
WorkflowTerminationError: Error in analyzeRequirementsNode: 401 Incorrect API key provided: sk-proj-********************************************************************************************************************************************************N7kA. You can find your API key at https://platform.openai.com/account/api-keys.

Troubleshooting URL: https://js.langchain.com/docs/troubleshooting/errors/MODEL_AUTHENTICATION/

❯ RunnableCallable.analyzeRequirementsNode [as func] src/pm-agent/nodes/analyzeRequirementsNode.ts:38:11
36|
37| if (analysisResult.isErr()) {
38| throw new WorkflowTerminationError(
| ^
39| analysisResult.error,
40| 'analyzeRequirementsNode',
❯ RunnableCallable.invoke ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/utils.ts:85:21
❯ RunnableSequence.invoke ../../../node_modules/.pnpm/@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemetry+sdk-trace-base@2.2.0_@op_0a8880fa2f45d0308ed941fc53f9c9f1/node_modules/@langchain/core/dist/runnables/base.js:1308:33
❯ runWithRetry ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/retry.ts:103:16
❯ PregelRunner.executeTasksWithRetry ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/runner.ts:330:27
❯ PregelRunner.tick ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/runner.ts:138:50
❯ CompiledStateGraph.runLoop ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/index.ts:2233:9
❯ createAndRunLoop ../../../node_modules/.pnpm/@langchain+langgraph@0.4.9_@langchain+core@0.3.78_@opentelemetry+api@1.9.0_@opentelemet_cd940287faf0db93d41d5fc1f29067cc/node_modules/@langchain/langgraph/src/pregel/index.ts:2092:9

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[1/1]⎯

Test Files 1 failed (1)
Tests 1 failed (1)
Start at 13:22:48
Duration 2.42s (transform 510ms, setup 0ms, collect 1.59s, tests 549ms, environment 0ms, prepare 79ms)

 ELIFECYCLE  Command failed with exit code 1.
/home/runner/work/liam/liam/frontend/internal-packages/agent:
 ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL  @liam-hq/agent@0.1.0 execute-deep-modeling: pnpm test:integration src/createGraph.integration.test.ts
Exit status 1

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 3 additional findings in Devin Review.

[devin-ai-integration]

🟡 turbo updated to 2.8.14 but @turbo/gen left at 2.5.8

The PR updates turbo from 2.5.8 to 2.8.14 (package.json:19) but does not update @turbo/gen which remains at 2.5.8 (package.json:9). These two packages are from the same Turborepo project and were previously kept in sync at 2.5.8. The @turbo/gen package is used by the turbo gen CLI command (invoked via gen:turbo script at package.json:33), and Turborepo recommends keeping turbo and @turbo/gen at matching versions. A 2.5 → 2.8 gap across a major feature gap could cause the turbo gen command to malfunction or produce errors.

---

Was this helpful? React with 👍 or 👎 to provide feedback.