fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	2.4.4 → 2.4.6			devDependencies	patch
@icons-pack/react-simple-icons (source)	13.11.2 → 13.12.0			dependencies	minor
@tanstack/devtools-vite (source)	0.5.2 → 0.5.3			devDependencies	patch
@tanstack/react-devtools (source)	0.9.6 → 0.9.9			devDependencies	patch
@tanstack/react-form (source)	1.28.3 → 1.28.4			dependencies	patch
@tanstack/react-form-devtools (source)	0.2.16 → 0.2.17			devDependencies	patch
@tanstack/react-router (source)	1.163.3 → 1.166.2			devDependencies	minor
@tanstack/react-router-devtools (source)	1.163.3 → 1.166.2			devDependencies	minor
@tanstack/router-cli (source)	1.164.0 → 1.166.2			devDependencies	minor
@tanstack/router-devtools (source)	1.163.3 → 1.166.2			dependencies	minor
@tanstack/router-plugin (source)	1.164.0 → 1.166.2			devDependencies	minor
@tauri-apps/cli	2.10.0 → 2.10.1			devDependencies	patch
@types/node (source)	24.11.0 → 24.12.0			devDependencies	minor
actions/setup-node	6.2.0 → 6.3.0			action	minor
i18next (source)	25.8.13 → 25.8.14			dependencies	patch
lint-staged	16.3.1 → 16.3.2			devDependencies	patch
lucide-react (source)	^0.576.0 → ^0.577.0			dependencies	minor
lucide-static (source)	^0.576.0 → ^0.577.0			dependencies	minor
motion	12.34.3 → 12.35.0			dependencies	minor
postcss (source)	8.5.6 → 8.5.8			devDependencies	patch
react-i18next	16.5.4 → 16.5.5			dependencies	patch
react-resizable-panels (source)	4.7.0 → 4.7.1			dependencies	patch
tauri (source)	2.10.2 → 2.10.3			dependencies	patch
tauri-build (source)	2.5.5 → 2.5.6			build-dependencies	patch
zip	8.1.0 → 8.2.0			dependencies	minor

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.6

Compare Source

Patch Changes

• #​9305 40869b5 Thanks @​ematipico! - Fixed #​4946: noUnreachable no longer reports code inside finally blocks as unreachable when there is a break, continue, or return in the corresponding try body.

• #​9303 464910c Thanks @​ematipico! - Fixed #​2786: The formatter no longer produces different output on subsequent runs when a case clause has a trailing line comment followed by a single block statement.

• #​9324 6294aa2 Thanks @​arendjr! - Fixed #7730: useAnchorContent now recognises SolidJS's innerHTML the same way as React's dangerouslySetInnerHTML.

• #​9298 1003229 Thanks @​Netail! - Fixed #9296, so comments are moved along with the attributes in the useSortedAttributes assist rule code fix.

• #​9329 855b451 Thanks @​dyc3! - Improved performance of noEmptyBlockStatements. The rule is now smarter about short-circuiting its logic.

• #​9326 85dfe9b Thanks @​dyc3! - Improved performance for noImportCycles by explicitly excluding node_modules from the cycle detection. The performance improvement is directly proportional to how big your dependency tree is.

• #​9323 d5ee469 Thanks @​ematipico! - Fixed #​9217 and biomejs/biome-vscode#959, where the Biome language server didn't correctly resolve the editor setting configurationPath when the provided value is a relative path.

• #​9302 86fbc70 Thanks @​sepagian! - Fixed #​9300: Lowercase component member expressions like <form.Field> in Svelte and Astro files are now correctly formatted.

  -<form .Field></form.Field>
  +<form.Field></form.Field>

v2.4.5

Compare Source

Patch Changes

• #​9185 e43e730 Thanks @​dyc3! - Added the nursery rule useVueScopedStyles for Vue SFCs. This rule enforces that <style> blocks have the scoped attribute (or module for CSS Modules), preventing style leakage and conflicts between components.

• #​9184 49c8fde Thanks @​chocky335! - Improved plugin performance by batching all plugins into a single syntax visitor with a kind-to-plugin lookup map, reducing per-node dispatch overhead from O(N) to O(1) where N is the number of plugins.

• #​9283 071c700 Thanks @​dyc3! - Fixed noUndeclaredVariables erroneously flagging functions and variables defined in the <script setup> section of Vue SFCs.

• #​9221 4612133 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't contain the duration of the command.

• #​9294 1805c8f Thanks @​Netail! - Extra rule source reference. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​9178 101b3bb Thanks @​Bertie690! - Fixed #​9172 and #​9168:
  Biome now considers more constructs as valid test assertions.

  Previously, assert, expectTypeOf and assertType
  were not recognized as valid assertions by Biome's linting rules, producing false positives in lint/nursery/useExpect and other similar rules.

  Now, these rules will no longer produce errors in test cases that used these constructs instead of expect:

  import { expectTypeOf, assert, assertType } from "vitest";
  
  const myStr = "Hello from vitest!";
  it("should be a string", () => {
    expectTypeOf(myStr).toBeString();
  });
  test("should still be a string", () => {
    assertType<string>(myStr);
  });
  it.todo("should still still be a string", () => {
    assert(typeof myStr === "string");
  });

• #​9173 32dad2d Thanks @​dyc3! - Added parsing support for Svelte's new comments-in-tags feature.

  The HTML parser will now accept JS style comments in tags in Svelte files.

  <button
    // single-line comment
    onclick={doTheThing}
  >click me</button>
  
  <div
    /* block comment */
    class="foo"
  >text</div>

• #​8952 1d2ca15 Thanks @​pkallos! - Added the nursery rule useNullishCoalescing. This rule suggests using the nullish coalescing operator (??) instead of logical OR (||) when the left operand may be nullish. This prevents bugs where falsy values like 0, '', or false are incorrectly treated as missing. Addresses #​8043

  // Invalid
  declare const x: string | null;
  const value = x || "default";
  
  // Valid
  const value = x ?? "default";

• #​9243 1992a85 Thanks @​Netail! - Fixed #​7813: improved the diagnostic of the rule useExhaustiveDependencies. The diagnostic now shows the name of the variable to add to the dependency array.

• #​9063 3d0648f Thanks @​taga3s! - Added the nursery rule noVueRefAsOperand. This rule disallows cases where a ref is used as an operand.

  The following code is now flagged:

  import { ref } from "vue";
  
  const count = ref(0);
  count++; // Should be: count.value++

  import { ref } from "vue";
  
  const ok = ref(false);
  if (ok) {
    // Should be: if (ok.value)
    //
  }

• #​9273 f239e20 Thanks @​denbezrukov! - Fixed #​9253: parsing of @container scroll-state(...) queries.

  @​container scroll-state(scrolled: bottom) {
  }
  @​container scroll-state(stuck) {
  }
  @​container scroll-state(not (stuck)) {
  }
  @​container scroll-state((stuck) and (scrolled: bottom)) {
  }
  @​container scroll-state((stuck) or (snapped: x)) {
  }
  @​container main-layout scroll-state(not ((stuck) and (scrolled: bottom))) {
  }

• #​9259 96939c0 Thanks @​ematipico! - Fixed CSS formatter incorrectly collapsing selectors when a BOM (Byte Order Mark) character is present at the start of the file. The formatter now correctly preserves line breaks between comments and selectors in BOM-prefixed CSS files, matching Prettier's behavior.

• #​9251 59e33fb Thanks @​ematipico! - Fixed #​9249: The CSS formatter no longer incorrectly breaks ratio values (like 1 / -1) across lines when followed by comments.

• #​9284 ec3a17f Thanks @​denbezrukov! - Fixed #​9253: removed false-positive diagnostics for valid @container/@supports general-enclosed queries.

  @​container scroll-state(scrolled: bottom) {
  }
  @​supports foo(bar: baz) {
  }

• #​9215 b2619a1 Thanks @​FrederickStempfle! - Fixed #​9189: biome ci in GitHub Actions now correctly disables colors so that ::error/::warning workflow commands are not wrapped in ANSI escape codes.

• #​9256 65ae4c1 Thanks @​ematipico! - Fixed JSON reporter escaping of special characters in diagnostic messages. The JSON reporter now properly escapes double quotes, backslashes, and control characters in error messages and advice text, preventing invalid JSON output when diagnostics contain these characters.

• #​9223 5b9da81 Thanks @​ematipico! - Fixed an issue where the JSON reporter didn't write output to a file when --reporter-file was specified. The output is now correctly written to the specified file instead of always going to stdout.

• #​9154 c487e54 Thanks @​abossenbroek! - Fixed #​9115: The noPlaywrightMissingAwait rule no longer produces false positives on jest-dom matchers like toBeVisible, toBeChecked, toHaveAttribute, etc. For matchers shared between Playwright and jest-dom, the rule now checks whether expect()'s argument is a Playwright locator or page object before flagging. Added semantic variable resolution so that extracted Playwright locators (e.g. const loc = page.locator('.item'); expect(loc).toBeVisible()) are still correctly flagged.

• #​9269 33e5cdf Thanks @​dyc3! - Fixed a false positive where noUndeclaredVariables reported bindings from Vue <script setup> as undeclared when used in <template>.

  This change ensures embedded bindings collected from script snippets (like imports and defineModel results) are respected by the rule.

• #​9267 2c2e060 Thanks @​ematipico! - Fixed #​9143 and #​8849: The noUnresolvedImports rule no longer reports false positives for several common patterns:

  • node:fs, node:path, node:url, and other Node.js built-in modules with the node: prefix are now accepted.
  • Packages that declare their TypeScript entry point via "typings" (instead of "types") in package.json now resolve correctly.
  • Named imports from aliased re-export chains (e.g. export { x as y } from "...") are now resolved correctly through the alias.
  • Namespace re-exports (e.g. export * as Ns from "...") are now recognized as own exports of the barrel module.

• #​9254 f7bf12b Thanks @​ematipico! - Fixed #​8842: The CSS formatter now correctly formats @container scroll-state() without adding an unwanted space between the function name and opening parenthesis.

• #​9211 2d0b8e6 Thanks @​ematipico! - Fixed #​7905. Improved the accuracy of type-aware lint rules when analyzing re-exported functions and values.

  Previously, when a binding was imported from another module, its type was not correctly inferred during the type analysis phase. This caused type-aware lint rules to fail to detect issues when working with re-exported imports.

  The following rules now correctly handle re-exported imports:

  • useAwaitThenable
  • noFloatingPromises
  • noMisusedPromises
  • useArraySortCompare

  Example of now-working detection:

  // getValue.ts
  export async function getValue(): Promise<number> {
    return 42;
  }
  
  // reexport.ts
  export { getValue } from "./getValue";
  
  // index.ts
  import { getValue } from "./reexport";
  
  // Previously: no diagnostic (type was unknown)
  // Now: correctly detects that getValue() returns a Promise
  await getValue(); // Valid - properly awaited
  getValue(); // Diagnostic - floating promise

• #​8934 b49707c Thanks @​tim-we! - Fixed #​8265: Biome now correctly detects test framework calls that use three arguments (label, options, callback) (e.g., describe("foo", { retry: 2 }, () => {})). This fixes both formatting and the noDuplicateTestHooks lint rule for test frameworks like Vitest.

• #​9191 688fd34 Thanks @​dyc3! - Fixed #​9180: fixed a panic caused by an interaction between noRedundantUseStrict and the formatter

• #​9048 9bbdf4d Thanks @​ff1451! - Added the nursery rule useNamedCaptureGroup.
  The rule enforces using named capture groups in regular expressions instead of numbered ones. It supports both regex literals and RegExp constructor calls.

  // Invalid: unnamed capture group
  /(foo)/;
  new RegExp("(foo)");
  
  // Valid: named capture group
  /(?<id>foo)/;
  new RegExp("(?<id>foo)");

• #​9255 9b6685b Thanks @​ematipico! - Fixed #9234, where some nursery rules panicked when they were configured with the option level without the corresponding options.

• #​8968 a2b4494 Thanks @​LouisLau-art! - Fixed #​8812: lint/suspicious/noArrayIndexKey will now report index usage anywhere in JSX key template or binary expressions, not only in the last visited identifier.

• #​9266 84935a4 Thanks @​dyc3! - Fixed #​9250: noVueDuplicateKeys will no longer flag keys under watch, preventing false positives.

• #​9056 1f2fe2e Thanks @​ruidosujeira! - Added the nursery rule useArraySome to prefer .some() over verbose existence checks like filter(...).length > 0 and findIndex(...) !== -1, with suggestions for find/findLast existence checks. This also applies to ES2025 iterator helpers such as Iterator.prototype.find.

• #​9163 f87acf6 Thanks @​JUSTIVE! - Added graphql to valid embedded graphql template tags inside JavaScript files, when the feature javascript.experimentalEmbeddedSnippetsEnabled is enabled. This allows proper support for graphql tags used in RelayJS.

  Now, code snippets like the following are correctly formatted and limited:

  import { graphql } from "react-relay";
  
  const query = graphql`
    query {
      user(id: 1) {
        id
        name
      }
    }
  `;

• #​8773 6b01778 Thanks @​xcb3d! - Added the new nursery rule useUnicodeRegex.

  The rule enforces the use of the u or v flag for regular expressions. This ensures proper handling of Unicode characters like emoji.

  // Invalid
  /foo/;
  new RegExp("foo", "gi");
  
  // Valid
  /foo/u;
  new RegExp("foo", "giu");

icons-pack/react-simple-icons (@​icons-pack/react-simple-icons)

v13.12.0

Compare Source

Minor Changes

• f8305e4 Thanks @​wootsbot! - Bump simple-icons

TanStack/devtools (@​tanstack/devtools-vite)

v0.5.3

Compare Source

Patch Changes

• Updated dependencies [cf23787]:
  • @​tanstack/devtools-client@​0.0.6

TanStack/devtools (@​tanstack/react-devtools)

v0.9.9

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/devtools@​0.10.10

v0.9.8

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/devtools@​0.10.9

v0.9.7

Compare Source

Patch Changes

• Updated dependencies [d05a9af]:
  • @​tanstack/devtools@​0.10.8

TanStack/form (@​tanstack/react-form)

v1.28.4

Compare Source

Patch Changes

• Refactor internals for substancially faster performance (#​2035)

• Updated dependencies [f88faaf]:

  • @​tanstack/form-core@​1.28.4

TanStack/form (@​tanstack/react-form-devtools)

v0.2.17

Compare Source

Patch Changes

• Updated dependencies []:
  • @​tanstack/form-devtools@​0.2.17

TanStack/router (@​tanstack/react-router)

v1.166.2

Compare Source

Version 1.166.2 - 3/4/26, 8:36 PM

Changes

Fix

• handle beforeLoad throwing notFound correctly (#​6811) (9c81d5a) by Manuel Schiller

Chore

• ensure no nx cloud is used for benchmark (#​6817) (9f35318) by @​beaussan

Test

• refactor client-nav benchmarks for flame profiling (#​6816) (7083bcb) by @​Sheraff
• client nav benchmark can detect granular re-rendering changes (#​6808) (2217f7c) by @​Sheraff
• add cross-framework SSR request-loop benchmarks (#​6803) (3318878) by @​Sheraff
• add cross-framework client navigation benchmarks (#​6800) (1acc8ea) by @​Sheraff

Packages

• @​tanstack/router-core@​1.166.2
• @​tanstack/solid-router@​1.166.2
• @​tanstack/react-router@​1.166.2
• @​tanstack/vue-router@​1.166.2
• @​tanstack/solid-router-ssr-query@​1.166.2
• @​tanstack/react-router-ssr-query@​1.166.2
• @​tanstack/vue-router-ssr-query@​1.166.2
• @​tanstack/router-ssr-query-core@​1.166.2
• @​tanstack/zod-adapter@​1.166.2
• @​tanstack/valibot-adapter@​1.166.2
• @​tanstack/arktype-adapter@​1.166.2
• @​tanstack/router-devtools@​1.166.2
• @​tanstack/solid-router-devtools@​1.166.2
• @​tanstack/react-router-devtools@​1.166.2
• @​tanstack/vue-router-devtools@​1.166.2
• @​tanstack/router-devtools-core@​1.166.2
• @​tanstack/router-generator@​1.166.2
• @​tanstack/router-cli@​1.166.2
• @​tanstack/router-plugin@​1.166.2
• @​tanstack/router-vite-plugin@​1.166.2
• @​tanstack/solid-start@​1.166.2
• @​tanstack/solid-start-client@​1.166.2
• @​tanstack/solid-start-server@​1.166.2
• @​tanstack/vue-start@​1.166.2
• @​tanstack/vue-start-client@​1.166.2
• @​tanstack/vue-start-server@​1.166.2
• @​tanstack/start-client-core@​1.166.2
• @​tanstack/start-server-core@​1.166.2
• @​tanstack/start-storage-context@​1.166.2
• @​tanstack/react-start@​1.166.2
• @​tanstack/react-start-client@​1.166.2
• @​tanstack/react-start-server@​1.166.2
• @​tanstack/start-plugin-core@​1.166.2
• @​tanstack/start-static-server-functions@​1.166.2

tauri-apps/tauri (@​tauri-apps/cli)

v2.10.1: @​tauri-apps/cli v2.10.1

Compare Source

[2.10.1]

Bug Fixes

• 35c35f27a (#​14931 by @​lucasfernog) Support comma-separated list of Cargo features on all commands.
• 0d1cb83ba (#​14932 by @​lucasfernog) Fix missing Cargo args when running mobile dev and build commands.
• 33754ae5e (#​15022 by @​Legend-Master) Fix updater signing private keys generated using tauri signer generate with empty password can't be used (The keys generated during tauri were broken between v2.9.3 and v2.10.0, you'll need to regenerate them)

What's Changed

• 7be58a1c6 (#​14894 by @​Legend-Master) Log patching bundle type information again

Dependencies

• Upgraded to tauri-cli@2.10.1

actions/setup-node (actions/setup-node)

v6.3.0

Compare Source

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in #​1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in #​1491
• Replace uuid with crypto.randomUUID() by @​trivikr in #​1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in #​1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in #​1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in #​1495

New Contributors

• @​susnux made their first contribution in #​1283

Full Changelog: actions/setup-node@v6...v6.3.0

i18next/i18next (i18next)

v25.8.14

Compare Source

• fix: getCleanedCode now replaces all underscores

lint-staged/lint-staged (lint-staged)

v16.3.2

Compare Source

Patch Changes

• #​1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

lucide-icons/lucide (lucide-react)

v0.577.0: Version 0.577.0

Compare Source

What's Changed

• chore(deps): bump rollup from 4.53.3 to 4.59.0 by @​dependabot[bot] in #​4106
• fix(repo): correctly ignore docs/releaseMetadata via .gitignore by @​bhavberi in #​4100
• feat(icons): added ellipse icon by @​KISHORE-KUMAR-S in #​3749

New Contributors

• @​bhavberi made their first contribution in #​4100
• @​KISHORE-KUMAR-S made their first contribution in #​3749

Full Changelog: lucide-icons/lucide@0.576.0...0.577.0

motiondivision/motion (motion)

v12.35.0

Compare Source

Added

• ViewTimeline support for scroll and useScroll.

v12.34.5

Compare Source

Fixed

• Ensure final WAAPI styles are always committed synchronously to prevent flash of incorrect styles in Firefox.
• Prevent Next.js from caching typeof window checks.
• Improve projection node cleanup.
• Variant propagation fixed for asynchronously-mounted children.

v12.34.4

Compare Source

Fixed

• Ensure onComplete fires at the end of an animation sequence.

postcss/postcss (postcss)

v8.5.8

Compare Source

• Fixed Processor#version.

v8.5.7

Compare Source

• Improved source map annotation cleaning performance (by CodeAnt AI).

i18next/react-i18next (react-i18next)

v16.5.5

Compare Source

• fix: prevent crash in useSSR, getInitialProps and Translation when no i18next instance is available (e.g. in monorepo setups with duplicate react-i18next copies) — now logs a clear warning instead of throwing 1604

bvaughn/react-resizable-panels (react-resizable-panels)

v4.7.1

Compare Source

• 678: Change default overflow styles to support shadows

zip-rs/zip2 (zip)

v8.2.0

Compare Source

🚀 Features

• allow custom salt (#​680)
• Support compressing bzip2 when feature bzip2-rs is enabled, since bzip2/bzip2-sys now supports it (#​685)
• enforce clippy in CI (#​674)

🐛 Bug Fixes

• zip64 central header (issue 617) (#​629)
• allow aes password as bytes (#​686)
• handle extra field padding (#​682)

🚜 Refactor

• Simplify 2 type conversions in src/write.rs (#​687)

⚡ Performance

• AI tweaks for string type conversions in src/types.rs (#​670)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

---

• Branch has one or more failed status checks

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
soulfire-client	Ready	Preview, Comment	Mar 6, 2026 1:30am