chore(deps): update all non-major dependencies#290
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
chore(deps): update all non-major dependencies#290renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
|
|
| Command | Status | Duration | Result |
|---|---|---|---|
nx affected --targets=test:eslint,test:sherif,t... |
❌ Failed | 2m 19s | View ↗ |
nx run-many --targets=build --exclude=examples/** |
✅ Succeeded | 36s | View ↗ |
☁️ Nx Cloud last updated this comment at 2026-04-09 17:51:09 UTC
More templates
@tanstack/devtools
@tanstack/devtools-a11y
@tanstack/devtools-client
@tanstack/devtools-ui
@tanstack/devtools-utils
@tanstack/devtools-vite
@tanstack/devtools-event-bus
@tanstack/devtools-event-client
@tanstack/preact-devtools
@tanstack/react-devtools
@tanstack/solid-devtools
@tanstack/vue-devtools
commit: |
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
26 times, most recently
from
8f5167e to
09c56be
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
23 times, most recently
from
e861232 to
4b90eb1
Compare
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughUpdated GitHub Actions workflows and bumped dependency/devDependency versions across root, packages, and example projects; no source code logic or exported API signatures were changed. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
examples/react/bundling-repro/package.json (1)
18-26: Consider pinning@tanstack/ai-*packages to specific versions.Using
"latest"for these AI packages means builds are non-reproducible and could break unexpectedly when new versions are published. While acceptable for a repro/debugging example, consider pinning to specific versions if this example is used for CI or regression testing.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/react/bundling-repro/package.json` around lines 18 - 26, The package.json currently pins multiple `@tanstack/ai` packages to "latest" which makes builds unreproducible; replace the "latest" specifiers for "@tanstack/ai", "@tanstack/ai-anthropic", "@tanstack/ai-client", "@tanstack/ai-gemini", "@tanstack/ai-ollama", "@tanstack/ai-openai", "@tanstack/ai-react", "@tanstack/react-ai-devtools", and "@tanstack/react-devtools" with concrete version numbers (choose a specific semver like "^X.Y.Z" or an exact "X.Y.Z") to lock dependencies for CI/regression tests and update the lockfile accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@examples/react/bundling-repro/package.json`:
- Around line 18-26: The package.json currently pins multiple `@tanstack/ai`
packages to "latest" which makes builds unreproducible; replace the "latest"
specifiers for "@tanstack/ai", "@tanstack/ai-anthropic", "@tanstack/ai-client",
"@tanstack/ai-gemini", "@tanstack/ai-ollama", "@tanstack/ai-openai",
"@tanstack/ai-react", "@tanstack/react-ai-devtools", and
"@tanstack/react-devtools" with concrete version numbers (choose a specific
semver like "^X.Y.Z" or an exact "X.Y.Z") to lock dependencies for CI/regression
tests and update the lockfile accordingly.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: de66d22c-d3cb-4f54-a7b2-387035694052
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (26)
.github/workflows/autofix.yml.github/workflows/pr.yml.github/workflows/release.ymlexamples/preact/basic/package.jsonexamples/preact/custom-devtools/package.jsonexamples/react/basic/package.jsonexamples/react/bundling-repro/package.jsonexamples/react/custom-devtools/package.jsonexamples/react/drizzle/package.jsonexamples/react/https/package.jsonexamples/react/start/package.jsonexamples/react/time-travel/package.jsonexamples/solid/basic/package.jsonexamples/solid/devtools-ui/package.jsonexamples/solid/start/package.jsonexamples/vue/basic/package.jsonpackage.jsonpackages/devtools-ui/package.jsonpackages/devtools-utils/package.jsonpackages/devtools-vite/package.jsonpackages/devtools/package.jsonpackages/event-bus/package.jsonpackages/preact-devtools/package.jsonpackages/react-devtools/package.jsonpackages/solid-devtools/package.jsonpackages/vue-devtools/package.json
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/release.yml:
- Line 26: Replace mutable action references like uses: actions/checkout@v6.0.2
with the immutable commit SHA form (e.g., uses:
actions/checkout@<FULL_COMMIT_SHA>) while preserving the human-friendly tag as a
trailing comment (e.g., # v6.0.2) to maintain readability; update the checkout
usages in the release workflow (the uses: actions/checkout entries) and apply
the same SHA-pinning pattern to the checkout actions referenced in pr.yml (the
uses: actions/checkout entries on the other specified lines).
In `@package.json`:
- Around line 62-65: The `@tanstack` package upgrades introduce breaking changes:
update our build/docs configs accordingly by (1) in typedoc-related code/configs
(search for any Typedoc config files or usages that expect lower-cased output)
remove or adjust any post-processing that lower-cases Typedoc output and ensure
templates/consumers accept the new casing produced by `@tanstack/typedoc-config`
v0.3.3, and (2) in vite.config.ts (look for references to viteConfig or imports
from `@tanstack/vite-config`) migrate the old viteConfig usage to the new shape:
upgrade to Vite 8+ if not already and replace viteConfig options with
rolldownOptions and use the new native resolve.tsconfigPaths behavior (update
imports, option names, and any tsconfig path resolution code). Make these
changes where viteConfig and Typedoc config objects are defined so the project
builds and docs generate correctly with the new `@tanstack` versions.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 3e3729bd-9872-4d23-b9a5-164d848e5c26
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (26)
.github/workflows/autofix.yml.github/workflows/pr.yml.github/workflows/release.ymlexamples/preact/basic/package.jsonexamples/preact/custom-devtools/package.jsonexamples/react/basic/package.jsonexamples/react/bundling-repro/package.jsonexamples/react/custom-devtools/package.jsonexamples/react/drizzle/package.jsonexamples/react/https/package.jsonexamples/react/start/package.jsonexamples/react/time-travel/package.jsonexamples/solid/basic/package.jsonexamples/solid/devtools-ui/package.jsonexamples/solid/start/package.jsonexamples/vue/basic/package.jsonpackage.jsonpackages/devtools-ui/package.jsonpackages/devtools-utils/package.jsonpackages/devtools-vite/package.jsonpackages/devtools/package.jsonpackages/event-bus/package.jsonpackages/preact-devtools/package.jsonpackages/react-devtools/package.jsonpackages/solid-devtools/package.jsonpackages/vue-devtools/package.json
🚧 Files skipped from review as they are similar to previous changes (17)
- examples/react/time-travel/package.json
- packages/preact-devtools/package.json
- packages/devtools/package.json
- packages/devtools-ui/package.json
- packages/devtools-utils/package.json
- packages/react-devtools/package.json
- examples/solid/devtools-ui/package.json
- packages/solid-devtools/package.json
- .github/workflows/autofix.yml
- examples/solid/basic/package.json
- packages/vue-devtools/package.json
- examples/react/basic/package.json
- examples/vue/basic/package.json
- examples/preact/basic/package.json
- packages/devtools-vite/package.json
- examples/preact/custom-devtools/package.json
- examples/react/start/package.json
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v6.0.1 | ||
| uses: actions/checkout@v6.0.2 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Unpinned GitHub Actions references in workflows:"
rg -nP '^\s*uses:\s*[^@]+@(?![0-9a-f]{40}\b)\S+' .github/workflows
echo
echo "Resolve immutable SHAs for tags touched in this PR:"
for item in "actions/checkout v6.0.2" "changesets/action v1.7.0"; do
repo=$(awk '{print $1}' <<<"$item")
tag=$(awk '{print $2}' <<<"$item")
sha=$(git ls-remote --refs --tags "https://github.com/${repo}.git" \
"refs/tags/${tag}" "refs/tags/${tag}^{}" | awk 'END{print $1}')
printf "%s@%s -> %s\n" "$repo" "$tag" "$sha"
doneRepository: TanStack/devtools
Length of output: 1721
Pin GitHub Actions to immutable commit SHAs.
Lines 26 and 34 use mutable version tags. Pinning to full commit SHAs improves CI integrity and provenance; keep the tag as a trailing comment for readability. Apply the same pattern to all checkout actions in .github/workflows/pr.yml (lines 26, 42, and 56).
Suggested changes
- uses: actions/checkout@v6.0.2
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
...
- uses: changesets/action@v1.7.0
+ uses: changesets/action@e87c8ed249971350e47fab7515075f44eb134e5b # v1.7.0📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| uses: actions/checkout@v6.0.2 | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release.yml at line 26, Replace mutable action references
like uses: actions/checkout@v6.0.2 with the immutable commit SHA form (e.g.,
uses: actions/checkout@<FULL_COMMIT_SHA>) while preserving the human-friendly
tag as a trailing comment (e.g., # v6.0.2) to maintain readability; update the
checkout usages in the release workflow (the uses: actions/checkout entries) and
apply the same SHA-pinning pattern to the checkout actions referenced in pr.yml
(the uses: actions/checkout entries on the other specified lines).
package.json
Outdated
Comment on lines
+62
to
+65
| "@tanstack/eslint-config": "0.4.0", | ||
| "@tanstack/intent": "^0.0.14", | ||
| "@tanstack/typedoc-config": "0.2.1", | ||
| "@tanstack/vite-config": "0.2.1", | ||
| "@testing-library/jest-dom": "^6.8.0", | ||
| "@tanstack/typedoc-config": "0.3.3", | ||
| "@tanstack/vite-config": "0.5.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
`What are the breaking changes (if any) between:
@tanstack/eslint-config0.3.2 -> 0.4.0@tanstack/typedoc-config0.2.1 -> 0.3.3@tanstack/vite-config0.2.1 -> 0.5.0
Please cite official release notes/changelogs.`
💡 Result:
1) @tanstack/eslint-config 0.3.2 → 0.4.0
- No explicit BREAKING change is called out in the release notes; the only noted change is: “update to
@eslint/jsv10”. [1] - However, the official docs for this config state you must have ESLint v9+ installed, which may be a practical breaking requirement if you were on ESLint 8. [2]
2) @tanstack/typedoc-config 0.2.1 → 0.3.3
- Breaking change introduced in 0.3.0: upgrade to TypeDoc v0.28, and “typedoc output is no longer lower-cased” (marked BREAKING in the release notes). [3]
- 0.3.3 is a patch release (“migrate to tsdown”) and does not list breaking changes. [4]
3) @tanstack/vite-config 0.2.1 → 0.5.0
- 0.3.0: update to Vite v7 (major Vite bump; not labeled breaking in the release note, but it is a major underlying dependency change). [5]
- 0.4.0: “support for bundling dependencies” (not labeled breaking). [6]
- Breaking change in 0.5.0: “Bump to Vite 8 with Rolldown. Drops Vite 6/7 support. Switches to
rolldownOptionsand nativeresolve.tsconfigPaths.” [7]
Sources (official release notes/docs): GitHub Releases for TanStack/config and TanStack Config docs. [1][2][3][4][5][6][7]
Address breaking changes in upgraded @tanstack config packages before merge.
Lines 62–65 upgrade three @tanstack config packages with 0.x minor bumps that introduce breaking changes:
- @tanstack/typedoc-config (0.2.1 → 0.3.3): Breaking change in 0.3.0 — "typedoc output is no longer lower-cased" (output format changed).
- @tanstack/vite-config (0.2.1 → 0.5.0): Breaking change in 0.5.0 — drops support for Vite 6/7, requires Vite 8+, and switches configuration from
viteConfigtorolldownOptionswith nativeresolve.tsconfigPaths.
These upgrades require corresponding changes to the codebase configuration (especially vite.config.ts). Verify and apply necessary config adjustments before merging.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@package.json` around lines 62 - 65, The `@tanstack` package upgrades introduce
breaking changes: update our build/docs configs accordingly by (1) in
typedoc-related code/configs (search for any Typedoc config files or usages that
expect lower-cased output) remove or adjust any post-processing that lower-cases
Typedoc output and ensure templates/consumers accept the new casing produced by
`@tanstack/typedoc-config` v0.3.3, and (2) in vite.config.ts (look for references
to viteConfig or imports from `@tanstack/vite-config`) migrate the old viteConfig
usage to the new shape: upgrade to Vite 8+ if not already and replace viteConfig
options with rolldownOptions and use the new native resolve.tsconfigPaths
behavior (update imports, option names, and any tsconfig path resolution code).
Make these changes where viteConfig and Typedoc config objects are defined so
the project builds and docs generate correctly with the new `@tanstack` versions.
There was a problem hiding this comment.
♻️ Duplicate comments (2)
.github/workflows/release.yml (1)
26-34:⚠️ Potential issue | 🟠 MajorPin GitHub Actions to immutable SHAs instead of mutable tags.
Line 26 and Line 34 still use mutable tags (
v6.0.2,v1.7.0). Please pin to full commit SHAs (keep tag as inline comment) to reduce supply-chain risk. This also applies to matching checkout entries in.github/workflows/pr.yml.#!/bin/bash set -euo pipefail echo "Mutable action refs in workflows:" rg -nP '^\s*uses:\s*[^@]+@(?![0-9a-f]{40}\b)\S+' .github/workflows echo echo "Resolve immutable SHAs for tags touched here:" for item in "actions/checkout v6.0.2" "changesets/action v1.7.0"; do repo=$(awk '{print $1}' <<<"$item") tag=$(awk '{print $2}' <<<"$item") sha=$(git ls-remote --refs --tags "https://github.com/${repo}.git" \ "refs/tags/${tag}" "refs/tags/${tag}^{}" | awk 'END{print $1}') printf "%s@%s -> %s\n" "$repo" "$tag" "$sha" done🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release.yml around lines 26 - 34, Replace mutable action refs with immutable commit SHAs: for each uses entry shown (actions/checkout@v6.0.2 and changesets/action@v1.7.0, and any other mutable refs like tanstack/config/.github/setup@main), resolve the tag to its full 40-char commit SHA (e.g., via git ls-remote or the repo's tags API) and update the uses value to repo@<full-sha>, keeping the original tag as an inline comment for readability; also mirror these exact SHA-pinned changes for the matching checkout/uses entries in the pr.yml workflow so all workflow invocations use immutable SHAs.package.json (1)
62-65:⚠️ Potential issue | 🟠 MajorRe-verify breaking config implications for upgraded
@tanstackconfig packages.Line 65 (
@tanstack/vite-config@0.5.0) alongside Line 82 (vite@^7.3.1) may be incompatible depending on current config usage. Line 64 (@tanstack/typedoc-config@0.3.3) can also require doc pipeline adjustments. Please confirm required migrations are already applied before merge.#!/bin/bash set -euo pipefail echo "1) Find usages of `@tanstack/vite-config` and old/new option names:" rg -nP --type=ts --type=js --type=json \ '@tanstack/vite-config|viteConfig|rolldownOptions|resolve\.tsconfigPaths' echo echo "2) Find typedoc config usage and possible output-casing assumptions:" rg -nP --type=ts --type=js --type=json \ '@tanstack/typedoc-config|typedoc|toLowerCase\(|lower-?case' echo echo "3) Show vite versions pinned across manifests:" rg -nP '"vite"\s*:\s*"[^"]+"' --glob '**/package.json'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@package.json` around lines 62 - 65, Upgrade of `@tanstack` packages may introduce breaking config/name changes; re-verify and apply migrations for `@tanstack/vite-config` (0.5.0) vs vite@^7.3.1 and `@tanstack/typedoc-config` (0.3.3). Search the repo for usages of '@tanstack/vite-config', 'viteConfig', 'rollupOptions', and 'resolve.tsconfigPaths' and update any renamed options or import paths in your Vite config (e.g., viteConfig-related exports), verify vite plugin/api compatibility or pin/bump vite accordingly, and search for '@tanstack/typedoc-config', 'typedoc' and any case-transforming assumptions (toLowerCase / lower-case) to update the typedoc pipeline or output casing. After making changes, run the project build/tests and lockfile update to ensure no runtime errors and include migration notes in the PR.
🧹 Nitpick comments (1)
examples/react/bundling-repro/package.json (1)
50-65: Consider adding aengines.nodefield to improve tooling compatibility.The repository and all example packages lack Node version constraints. With Vite
^7.3.1and Wrangler^4.73.0inbundling-repro, and no explicit Node version pinning in CI workflows (pr.yml, release.yml), addingengines.nodeto the root or example package.json files would make local and CI behavior more deterministic.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/react/bundling-repro/package.json` around lines 50 - 65, Add an engines.node field to the package.json (root or this example) to pin a supported Node range for Vite and Wrangler; for example target the current LTS used by those tools (e.g., Node 18.x — something like ">=18.16.0 <21") so local/dev/CI environments are deterministic. Update the package.json containing Vite and Wrangler (the file shown in the diff) to include that engines.node range, and mirror that constraint in CI workflows (pr.yml, release.yml) or GitHub Actions matrix so pipelines use a matching Node version; run the install/test matrix locally or in CI to verify compatibility.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/release.yml:
- Around line 26-34: Replace mutable action refs with immutable commit SHAs: for
each uses entry shown (actions/checkout@v6.0.2 and changesets/action@v1.7.0, and
any other mutable refs like tanstack/config/.github/setup@main), resolve the tag
to its full 40-char commit SHA (e.g., via git ls-remote or the repo's tags API)
and update the uses value to repo@<full-sha>, keeping the original tag as an
inline comment for readability; also mirror these exact SHA-pinned changes for
the matching checkout/uses entries in the pr.yml workflow so all workflow
invocations use immutable SHAs.
In `@package.json`:
- Around line 62-65: Upgrade of `@tanstack` packages may introduce breaking
config/name changes; re-verify and apply migrations for `@tanstack/vite-config`
(0.5.0) vs vite@^7.3.1 and `@tanstack/typedoc-config` (0.3.3). Search the repo for
usages of '@tanstack/vite-config', 'viteConfig', 'rollupOptions', and
'resolve.tsconfigPaths' and update any renamed options or import paths in your
Vite config (e.g., viteConfig-related exports), verify vite plugin/api
compatibility or pin/bump vite accordingly, and search for
'@tanstack/typedoc-config', 'typedoc' and any case-transforming assumptions
(toLowerCase / lower-case) to update the typedoc pipeline or output casing.
After making changes, run the project build/tests and lockfile update to ensure
no runtime errors and include migration notes in the PR.
---
Nitpick comments:
In `@examples/react/bundling-repro/package.json`:
- Around line 50-65: Add an engines.node field to the package.json (root or this
example) to pin a supported Node range for Vite and Wrangler; for example target
the current LTS used by those tools (e.g., Node 18.x — something like ">=18.16.0
<21") so local/dev/CI environments are deterministic. Update the package.json
containing Vite and Wrangler (the file shown in the diff) to include that
engines.node range, and mirror that constraint in CI workflows (pr.yml,
release.yml) or GitHub Actions matrix so pipelines use a matching Node version;
run the install/test matrix locally or in CI to verify compatibility.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: e678879d-8d9a-43d3-ba5e-e0fa5aebf4bb
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (26)
.github/workflows/autofix.yml.github/workflows/pr.yml.github/workflows/release.ymlexamples/preact/basic/package.jsonexamples/preact/custom-devtools/package.jsonexamples/react/basic/package.jsonexamples/react/bundling-repro/package.jsonexamples/react/custom-devtools/package.jsonexamples/react/drizzle/package.jsonexamples/react/https/package.jsonexamples/react/start/package.jsonexamples/react/time-travel/package.jsonexamples/solid/basic/package.jsonexamples/solid/devtools-ui/package.jsonexamples/solid/start/package.jsonexamples/vue/basic/package.jsonpackage.jsonpackages/devtools-ui/package.jsonpackages/devtools-utils/package.jsonpackages/devtools-vite/package.jsonpackages/devtools/package.jsonpackages/event-bus/package.jsonpackages/preact-devtools/package.jsonpackages/react-devtools/package.jsonpackages/solid-devtools/package.jsonpackages/vue-devtools/package.json
🚧 Files skipped from review as they are similar to previous changes (14)
- examples/react/drizzle/package.json
- examples/solid/start/package.json
- packages/devtools-ui/package.json
- packages/solid-devtools/package.json
- examples/solid/basic/package.json
- examples/vue/basic/package.json
- packages/preact-devtools/package.json
- packages/devtools/package.json
- examples/react/https/package.json
- examples/preact/custom-devtools/package.json
- packages/event-bus/package.json
- packages/devtools-vite/package.json
- .github/workflows/autofix.yml
- examples/react/custom-devtools/package.json
There was a problem hiding this comment.
♻️ Duplicate comments (1)
package.json (1)
62-65:⚠️ Potential issue | 🟠 MajorVerify Vite version compatibility with
@tanstack/vite-config0.5.0.The past review correctly identified that
@tanstack/vite-config0.5.0 requires Vite 8+ and drops support for Vite 6/7. However, this PR updatesviteto^7.3.1(Line 82), which would be incompatible with@tanstack/vite-config0.5.0.Either:
- Upgrade
viteto^8.xto match the requirements of@tanstack/vite-config0.5.0, or- Pin
@tanstack/vite-configto a version compatible with Vite 7 (e.g.,0.4.x)Also applies to: 82-82
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@package.json` around lines 62 - 65, The package version mismatch: "@tanstack/vite-config"@0.5.0 requires Vite 8+, but this PR sets "vite" to "^7.3.1"; update package.json so versions are compatible by either (A) bumping "vite" to a 8.x version (e.g., "^8.0.0") to match "@tanstack/vite-config"@0.5.0, or (B) pinning "@tanstack/vite-config" to a Vite-7-compatible release (e.g., "0.4.x"); pick one approach and make the corresponding change to the dependency entry for "vite" or "@tanstack/vite-config" so the two packages are aligned.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@package.json`:
- Around line 62-65: The package version mismatch: "@tanstack/vite-config"@0.5.0
requires Vite 8+, but this PR sets "vite" to "^7.3.1"; update package.json so
versions are compatible by either (A) bumping "vite" to a 8.x version (e.g.,
"^8.0.0") to match "@tanstack/vite-config"@0.5.0, or (B) pinning
"@tanstack/vite-config" to a Vite-7-compatible release (e.g., "0.4.x"); pick one
approach and make the corresponding change to the dependency entry for "vite" or
"@tanstack/vite-config" so the two packages are aligned.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 03c422c2-f992-4780-bceb-2f7fb298b00e
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (29)
.github/workflows/autofix.yml.github/workflows/pr.yml.github/workflows/release.ymlexamples/preact/basic/package.jsonexamples/preact/custom-devtools/package.jsonexamples/react/a11y-devtools/package.jsonexamples/react/basic/package.jsonexamples/react/bundling-repro/package.jsonexamples/react/custom-devtools/package.jsonexamples/react/drizzle/package.jsonexamples/react/https/package.jsonexamples/react/start/package.jsonexamples/react/time-travel/package.jsonexamples/solid/a11y-devtools/package.jsonexamples/solid/basic/package.jsonexamples/solid/devtools-ui/package.jsonexamples/solid/start/package.jsonexamples/vue/basic/package.jsonpackage.jsonpackages/devtools-a11y/package.jsonpackages/devtools-ui/package.jsonpackages/devtools-utils/package.jsonpackages/devtools-vite/package.jsonpackages/devtools/package.jsonpackages/event-bus/package.jsonpackages/preact-devtools/package.jsonpackages/react-devtools/package.jsonpackages/solid-devtools/package.jsonpackages/vue-devtools/package.json
🚧 Files skipped from review as they are similar to previous changes (13)
- packages/devtools-vite/package.json
- packages/event-bus/package.json
- packages/devtools-utils/package.json
- packages/vue-devtools/package.json
- examples/react/start/package.json
- examples/solid/devtools-ui/package.json
- examples/solid/start/package.json
- examples/react/https/package.json
- packages/devtools/package.json
- examples/react/drizzle/package.json
- examples/solid/basic/package.json
- examples/preact/basic/package.json
- packages/devtools-ui/package.json
Contributor
🚀 Changeset Version PreviewNo changeset entries found. Merging this PR will not cause a version bump for any packages. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^7.28.4→^7.29.0^7.28.3→^7.29.1^7.28.4→^7.29.2^7.28.4→^7.29.0^7.28.4→^7.29.02.2.4→2.4.11^1.13.8→^1.31.2^2.10.3→^2.10.5^2.4.3→^2.4.5^1.3.3→^1.3.5^2.1.3→^2.1.5^1.2.0→^1.3.2^4.0.6→^4.2.20.3.2→0.4.0^0.0.14→^0.0.29^1.23.7→^1.28.6^0.1.7→^0.2.20^5.90.1→^5.97.0^5.90.1→^5.97.0^1.132.0→^1.168.10^1.132.0→^1.166.11^1.131.7→^1.166.10^1.132.0→^1.167.16^0.9.0→^0.9.3^1.132.0→^1.167.12^5.90.1→^5.97.0^5.90.1→^5.97.0^1.131.50→^1.168.9^1.131.50→^1.166.11^0.9.0→^0.9.30.4.3→0.5.2^5.90.5→^5.97.0^6.1.0→^6.1.14^10.4.0→^10.4.1^6.8.0→^6.9.1^16.2.0→^16.3.2^4.0.2→^4.0.3^19.2.0→^19.2.14^19.2.0→^19.2.14^19.2.0→^19.2.3^6.0.1→^6.0.5^4.10.0→^4.11.2^1.11.19→^1.11.20^0.31.4→^0.31.10^0.44.5→^0.45.2^9.36.0→^9.39.4^4.2.0→^4.4.1^10.5.1→^10.8.0^2.1.16→^2.1.18^27.0.0→^27.4.0^5.64.0→^5.88.1^2.11.1→^2.13.2^0.561.0→^0.577.0^4.0.2→^4.0.322.1.3→22.6.4^8.16.3→^8.20.0^4.0.3→^4.0.410.24.0→10.33.0^10.28.0→^10.29.1^3.4.1→^3.5.1^0.3.13→^0.3.18^19.2.0→^19.2.5^19.2.0→^19.2.5^19.2.0→^19.2.5^19.2.0→^19.2.5^1.7.0→^1.11.1^1.9.9→^1.9.12^1.9.9→^1.9.120.9.0→0.11.1^1.6.5→^1.6.11^3.0.2→^3.5.0^4.0.6→^4.2.2^0.2.15→^0.2.16^8.5.0→^8.5.1^1.3.6→^1.4.0~5.9.2→~5.9.3^0.5.8→^0.5.11^8.0.0→^8.0.8^1.17.8→^1.17.12^2.11.11→^2.11.12^6.0.2→^6.1.1^3.5.22→^3.5.32^5.1.0→^5.2.0^4.40.3→^4.81.1^8.18.3→^8.20.0^4.3.5→^4.3.6^5.0.8→^5.0.12Release Notes
biomejs/biome (@biomejs/biome)
v2.4.11Compare Source
Patch Changes
#9350
4af4a3aThanks @dyc3! - Added the new nursery rule useConsistentTestIt in thetestdomain. The rule enforces consistent use of eitheritortestfor test functions in Jest/Vitest suites, with separate control for top-level tests and tests insidedescribeblocks.Invalid:
#9429
a2f3f7eThanks @ematipico! - Added the new nursery lint ruleuseExplicitReturnType. It reports TypeScript functions and methods that omit an explicit return type.#9828
9e40844Thanks @ematipico! - Fixed #9484: the formatter no longer panics when formatting files that containgraphqltagged template literals combined with parenthesized expressions.#9886
e7c681eThanks @ematipico! - Fixed an issue where, occasionally, some bindings and references were not properly tracked, causing false positives fromnoUnusedVariablesandnoUndeclaredVariablesin Svelte, Vue, and Astro files.#9760
5b16d18Thanks @myx0m0p! - Fixed #4093: thenoDeleterule no longer triggers fordelete process.env.FOO, sincedeleteis the documented way to remove environment variables in Node.js.#9799
2af8efdThanks @minseong0324! - Added the rulenoMisleadingReturnType. The rule detects when a function's return type annotation is wider than what the implementation actually returns.#9880
7f67749Thanks @dyc3! - Improved the diagnostics foruseFindto better explain the problem, why it matters, and how to fix it.#9755
bff7bdbThanks @ematipico! - Improved performance of fix-all operations (--write). Biome is now smarter when it runs lint rules and assist actions. First, it runs only rules that have code fixes, and then runs the rest of the rules.#8651
aafca2dThanks @siketyan! - Add a new lint ruleuseDisposablesfor JavaScript, which detects disposable objects assigned to variables withoutusingorawait usingsyntax. Disposable objects that implement theDisposableorAsyncDisposableinterface are intended to be disposed of after use. Not disposing them can lead to resource or memory leaks, depending on the implementation.Invalid:
Valid:
#9788
53b8e57Thanks @MeGaNeKoS! - Fixed #7760: Added support for CSS scroll-driven animationtimeline-range-namekeyframe selectors (cover,contain,entry,exit,entry-crossing,exit-crossing). Biome no longer reports parse errors on keyframes likeentry 0% { ... }orexit 100% { ... }.#9728
5085424Thanks @mkosei! - Fixed #9696: Astro frontmatter now correctly parses regular expression literals like/\d{4}/.#9261
16b6c49Thanks @ematipico! - Fixed #8409: CSS formatter now correctly places comments after the colon in property declarations.Previously, comments that appeared after the colon in CSS property values were incorrectly moved before the property name:
[lang]:lang(ja) { - /* system-ui,*/ font-family: + font-family: /* system-ui,*/ Hiragino Sans, sans-serif; }#9441
957ea4cThanks @soconnor-seeq! - Fixed #1630: LSP project selection now prefers the most specific project root in nested workspaces.#9878
de6210fThanks @ematipico! - Fixed #9118:noUnusedImportsno longer reports false positives for default imports used inside Svelte, Vue and Astro components.#9879
ce7e2b7Thanks @dyc3! - Fixed a parser diagnostic's message when vue syntax is disabled so that it no longer references the non-existanthtml.parser.vueoption. This option will become available in 2.5.#9880
7f67749Thanks @dyc3! - Improved the diagnostics foruseRegexpExecto better explain the problem, why it matters, and how to fix it.#9846
b7134d9Thanks @ematipico! - Fixed #9140: Biome now parses Astro's attribute shorthand inside.astrofiles. The following snippet no longer reports a parse error:#9790
67df09dThanks @dyc3! - Fixed #9781: Trailing comments after a top-levelbiome-ignore-all formatsuppression are now preserved instead of being dropped. This applies to JavaScript, CSS, HTML, JSONC, GraphQL, and Grit files.#9745
d87073eThanks @ematipico! - Fixed #9741: the LSP server now correctly returns theorganizeImportscode action when the client requests it viasource.organizeImports.biomein theonlyfilter. Previously, editors withcodeAction/resolvesupport (e.g. Zed) received an empty response because the action was serialized with the wrong kind (source.biome.organizeImportsinstead ofsource.organizeImports.biome).#9880
7f67749Thanks @dyc3! - Improved the diagnostics foruseArraySometo better explain the problem, why it matters, and how to fix it.#9795
1d09f0fThanks @dyc3! - RelaxeduseExplicitTypefor trivially inferrable types.Type annotations can now be omitted when types are trivially inferrable from:
const sum = 1 + 1)const isEqual = 'a' === 'b',const isTest = process.env.NODE_ENV === 'test')const and = true && false)const date = new Date())const arr = [1, 2, 3])const val = true ? 'yes' : 'no')const num = Math.random())const fn = (max = MAX_ATTEMPTS) => ...)Comparison expressions always return
boolean, so any operands are now allowed(including property access like
process.env.NODE_ENV).Parameters with default values no longer require type annotations, as TypeScript
can infer the type from the default value (even when referencing variables).
Also removed the redundant
anytype validation from this rule. Theanytypeis now only validated by the dedicated
noExplicitAnyrule, following theSingle Responsibility Principle.
#9809
e8cad58Thanks @Netail! - Added the new nursery ruleuseQwikLoaderLocation, which enforces that Qwik loader functions are declared in the correct location.#9877
fc9d715Thanks @ematipico! - Fixed #9136 and #9653:noUndeclaredVariablesandnoUnusedVariablesno longer report false positives on several Svelte template constructs that declare or reference bindings in the host grammar:{#snippet name(params)}— the snippet name and its parameters (including object, array, rest, and nested destructuring) are now tracked.{@​render name(args)}— the snippet name used at the render site is now resolved against the snippet declaration.{#each items as item, index (key)}— theitembinding (plain identifier or destructured), the optionalindex, and the optionalkeyexpression are now tracked.{@​const name = value}— the declared name is now tracked as a binding and the initializer is analyzed for undeclared references.{@​debug a, b, c}— each debugged identifier is now analyzed and reported if undeclared.<img {src} />— the curly-shorthand attribute is now analyzed as an expression, so undeclared references inside it are reported.For example, the following template no longer triggers either rule:
#9869
78bce77Thanks @Netail! - UpdatednoDuplicateFieldDefinitionNamesto also flag duplicate fields within type extensions, interface extensions & input extensions.#9739
0bc2198Thanks @dyc3! - Fixed Grit queries that use native Biome AST node names with the native field names that are in our.ungramgrammar files. Queries such asJsConditionalExpression(consequent = $cons, alternate = $alt)now compile successfully inbiome searchand grit plugins.#9811
2dddca3Thanks @dyc3! - UpdatednoImpliedEvalto flagnew Function()usages, as its a form of indirecteval, and to includeno-new-funcas a rule source.#9870
ccf9770Thanks @Netail! - Marked eslint-qwik-plugin'sunused-serveras redundant since it was covered bynoUnusedVariables.#9701
1417c3bThanks @dyc3! - Added the new nursery rulenoUselessTypeConversion, which reports redundant primitive conversion patterns such asString(value)whenvalueis already a string.#9248
49f00a3Thanks @pkallos! -useNullishCoalescingnow also detects ternary expressions that check fornullorundefinedand suggests rewriting them with??. A newignoreTernaryTestsoption allows disabling this behavior.#9863
6a44619Thanks @ematipico! - Fixed #9690:biome check --writeis now idempotent on HTML files that contain embedded<style>or<script>blocks. Previously, each run reported "Fixed 1 file" even when the file content did not actually change, because the embedded language formatter's output was not re-indented to match the surrounding HTML block.v2.4.10Compare Source
Patch Changes
#8838
f3a6a6bThanks @baeseokjae! - Added new lint nursery rulenoImpliedEval.The rule detects implied
eval()usage through functions likesetTimeout,setInterval, andsetImmediatewhen called with string arguments.#9320
93c3b6cThanks @taberoajorge! - Fixed #7664:noUnusedVariablesno longer reports false positives for TypeScript namespace declarations that participate in declaration merging with an exported or used value declaration (const,function, orclass) of the same name. The reverse direction is also handled: a value declaration merged with an exported namespace is no longer flagged.#9630
1dd4a56Thanks @raashish1601! - Fixed #9629:noNegationElsenow keeps ternary branch comments attached to the correct branch wheConfiguration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.