chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	2.2.2 -> 2.2.4
@​chakra-ui/better-auth	0.2.0 -> 0.3.0
@internationalized/date (source)	3.8.2 -> 3.9.0
@modelcontextprotocol/sdk (source)	1.17.4 -> 1.17.5
@pandacss/dev (source)	1.1.0 -> 1.3.0
@shikijs/rehype (source)	3.11.0 -> 3.12.2
@shikijs/transformers (source)	3.11.0 -> 3.12.2
@storybook/addon-a11y (source)	9.1.3 -> 9.1.5
@storybook/addon-links (source)	9.1.3 -> 9.1.5
@storybook/addon-vitest (source)	9.1.3 -> 9.1.5
@storybook/react-vite (source)	9.1.3 -> 9.1.5
@storybook/sveltekit (source)	9.1.3 -> 9.1.5
@sveltejs/kit (source)	2.36.2 -> 2.38.1
@sveltejs/vite-plugin-svelte (source)	6.1.3 -> 6.2.0
@tanstack/svelte-form (source)	1.19.2 -> 1.19.5
@types/bun (source)	1.2.20 -> 1.2.21
@types/node (source)	24.3.0 -> 24.3.1
@types/react (source)	19.1.11 -> 19.1.12
@types/react-dom (source)	19.1.7 -> 19.1.9
@vitejs/plugin-react (source)	5.0.1 -> 5.0.2
@vitejs/plugin-vue-jsx (source)	5.0.1 -> 5.1.1
@vue/compiler-sfc (source)	3.5.20 -> 3.5.21
better-auth (source)	1.3.7 -> 1.3.9
effect (source)	3.17.9 -> 3.17.13
flexsearch	0.8.205 -> 0.8.212
lefthook	1.12.3 -> 1.13.0
lucide-react (source)	0.541.0 -> 0.544.0
lucide-solid (source)	0.541.0 -> 0.544.0
lucide-svelte (source)	0.541.0 -> 0.544.0
lucide-vue-next (source)	0.541.0 -> 0.544.0
next (source)	15.5.0 -> 15.5.3
nuxt (source)	4.0.3 -> 4.1.1
shiki (source)	3.11.0 -> 3.12.2
storybook (source)	9.1.3 -> 9.1.5
svelte (source)	5.38.3 -> 5.38.9
velite	0.2.4 -> 0.3.0
vercel (source)	47.0.6 -> 47.1.3
vite (source)	7.1.3 -> 7.1.5
vue (source)	3.5.20 -> 3.5.21

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.2.4

Compare Source

Patch Changes

• #​7453 aa8cea3 Thanks @​arendjr! - Fixed #​7242: Aliases specified in package.json's imports section now support having multiple targets as part of an array.

• #​7454 ac17183 Thanks @​arendjr! - Greatly improved performance of noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #​7447 7139aad Thanks @​rriski! - Fixes #​7446. The GritQL $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #​6710 98cf9af Thanks @​arendjr! - Fixed #​4723: Type inference now recognises index signatures and their accesses when they are being indexed as a string.

Example

type BagOfPromises = {
  // This is an index signature definition. It declares that instances of type
  // `BagOfPromises` can be indexed using arbitrary strings.
  [property: string]: Promise<void>;
};

let bag: BagOfPromises = {};
// Because `bag.iAmAPromise` is equivalent to `bag["iAmAPromise"]`, this is
// considered an access to the string index, and a Promise is expected.
bag.iAmAPromise;

• 351bccd Thanks @​ematipico! - Fixed #​7212, now the useOptionalChain rule recognizes optional chaining using typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• 351bccd Thanks @​ematipico! - Fixed #​7323. noUnusedPrivateClassMembers no longer reports as unused TypeScript private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused.
  It is no longer reported.

  class TsBioo {
    private member: number;
  
    set_with_name(name: string, value: number) {
      this[name] = value;
    }
  }

• 351bccd Thanks @​ematipico! - Added the new nursery lint rule noJsxLiterals, which disallows the use of string literals inside JSX.

  The rule catches these cases:

  <>
    <div>test</div> {/* test is invalid */}
    <>test</>
    <div>
      {/* this string is invalid */}
      asdjfl test foo
    </div>
  </>

• 351bccd Thanks @​ematipico! - Fixed an issue (#​6393) where the useHookAtTopLevel rule reported excessive diagnostics for nested hook calls.

  The rule now reports only the offending top-level call site, not sub-hooks of composite hooks.

  // Before: reported twice (useFoo and useBar).
  function useFoo() {
    return useBar();
  }
  function Component() {
    if (cond) useFoo();
  }
  // After: reported once at the call to useFoo().

• #​7461 ea585a9 Thanks @​arendjr! - Improved performance of noPrivateImports by eliminating allocations.

  In one repository, the total runtime of Biome with only noPrivateImports enabled went from ~3.2s down to ~1.4s.

• 351bccd Thanks @​ematipico! - Fixed #​7411. The Biome Language Server had a regression where opening an editor with a file already open wouldn't load the project settings correctly.

• 351bccd Thanks @​ematipico! - Added the new nursery rule noDuplicateDependencies, which verifies that no dependencies are duplicated between the bundledDependencies, bundleDependencies, dependencies, devDependencies, overrides, optionalDependencies, and peerDependencies sections.

  For example, the following snippets will trigger the rule:

  {
    "dependencies": {
      "foo": ""
    },
    "devDependencies": {
      "foo": ""
    }
  }

  {
    "dependencies": {
      "foo": ""
    },
    "optionalDependencies": {
      "foo": ""
    }
  }

  {
    "dependencies": {
      "foo": ""
    },
    "peerDependencies": {
      "foo": ""
    }
  }

• 351bccd Thanks @​ematipico! - Fixed #​3824. Now the option CLI --color is correctly applied to logging too.

v2.2.3

Compare Source

Patch Changes

• #​7353 4d2b719 Thanks @​JeetuSuthar! - Fixed #​7340: The linter now allows the navigation property for view-transition in CSS.

  Previously, the linter incorrectly flagged navigation: auto as an unknown property. This fix adds navigation to the list of known CSS properties, following the CSS View Transitions spec.

• #​7275 560de1b Thanks @​arendjr! - Fixed #​7268: Files that are explicitly passed as CLI arguments are now correctly ignored if they reside in an ignored folder.

• #​7358 963a246 Thanks @​ematipico! - Fixed #​7085, now the rule noDescendingSpecificity correctly calculates the specificity of selectors when they are included inside a media query.

• #​7387 923674d Thanks @​qraqras! - Fixed #​7381, now the useOptionalChain rule recognizes optional chaining using Yoda expressions (e.g., undefined !== foo && foo.bar).

• #​7316 f9636d5 Thanks @​Conaclos! - Fixed #​7289. The rule useImportType now inlines import type into import { type } when the style option is set to inlineType.

  Example:

  import type { T } from "mod";
  // becomes
  import { type T } from "mod";

• #​7350 bb4d407 Thanks @​siketyan! - Fixed #​7261: two characters ・ (KATAKANA MIDDLE DOT, U+30FB) and ･ (HALFWIDTH KATAKANA MIDDLE DOT, U+FF65) are no longer considered as valid characters in identifiers. Property keys containing these character(s) are now preserved as string literals.

• #​7377 811f47b Thanks @​ematipico! - Fixed a bug where the Biome Language Server didn't correctly compute the diagnostics of a monorepo setting, caused by an incorrect handling of the project status.

• #​7245 fad34b9 Thanks @​kedevked! - Added the new lint rule useConsistentArrowReturn.

  This rule enforces a consistent return style for arrow functions.

Invalid

const f = () => {
  return 1;
};

This rule is a port of ESLint's arrow-body-style rule.

• #​7370 e8032dd Thanks @​fireairforce! - Support dynamic import defer and import source. The syntax looks like:

  import.source("foo");
  import.source("x", { with: { attr: "val" } });
  import.defer("foo");
  import.defer("x", { with: { attr: "val" } });

• #​7369 b1f8cbd Thanks @​siketyan! - Range suppressions are now supported for Grit plugins.

  For JavaScript, you can suppress a plugin as follows:

  // biome-ignore-start lint/plugin/preferObjectSpread: reason
  Object.assign({ foo: "bar" }, baz);
  // biome-ignore-end lint/plugin/preferObjectSpread: reason

  For CSS, you can suppress a plugin as follows:

  body {
    /* biome-ignore-start lint/plugin/useLowercaseColors: reason */
    color: #fff;
    /* biome-ignore-end lint/plugin/useLowercaseColors: reason */
  }

• #​7384 099507e Thanks @​ematipico! - Reduced the severity of certain diagnostics emitted when Biome deserializes the configuration files.
  Now these diagnostics are emitted as Information severity, which means that they won't interfere when running commands with --error-on-warnings

• #​7302 2af2380 Thanks @​unvalley! - Fixed #​7301: useReadonlyClassProperties now correctly skips JavaScript files.

• #​7288 94d85f8 Thanks @​ThiefMaster! - Fixed #​7286. Files are now formatted with JSX behavior when javascript.parser.jsxEverywhere is explicitly set.

  Previously, this flag was only used for parsing, but not for formatting, which resulted in incorrect formatting of conditional expressions when JSX syntax is used in .js files.

• #​7311 62154b9 Thanks @​qraqras! - Added the new nursery rule noUselessCatchBinding. This rule disallows unnecessary catch bindings.

  try {
      // Do something
  - } catch (unused) {}
  + } catch {}

• #​7349 45c1dfe Thanks @​ematipico! - Fixed #​4298. Biome now correctly formats CSS declarations when it contains one single value:

  .bar {
  -  --123456789012345678901234567890: var(--1234567890123456789012345678901234567);
  +  --123456789012345678901234567890: var(
  +    --1234567890123456789012345678901234567
  +  );
  }

• #​7295 7638e84 Thanks @​ematipico! - Fixed #​7130. Removed the emission of a false-positive diagnostic. Biome no longer emits the following diagnostic:

  lib/main.ts:1:5 suppressions/unused ━━━━━━━━━━━━━━━━━━━━━━━━━
  
    ⚠ Suppression comment has no effect because the tool is not enabled.
  
    > 1 │ /** biome-ignore-all assist/source/organizeImports: For the lib root file, we don't want to organize exports */
        │     ^^^^^^^^^^^^^^^^
  
  

• #​7377 811f47b Thanks @​ematipico! - Fixed #​7371 where the Biome Language Server didn't correctly recompute the diagnostics when updating a nested configuration file.

• #​7348 ac27fc5 Thanks @​ematipico! - Fixed #​7079. Now the rule useSemanticElements doesn't trigger components and custom elements.

• #​7389 ab06a7e Thanks @​Conaclos! - Fixed #​7344. useNamingConvention no longer reports interfaces defined in global declarations.

  Interfaces declared in global declarations augment existing interfaces.
  Thus, they must be ignored.

  In the following example, useNamingConvention reported HTMLElement.
  It is now ignored.

  export {};
  declare global {
    interface HTMLElement {
      foo(): void;
    }
  }

• #​7315 4a2bd2f Thanks @​vladimir-ivanov! - Fixed #​7310: useReadonlyClassProperties correctly handles nested assignments, avoiding false positives when a class property is assigned within another assignment expression.

  Example of code that previously triggered a false positive but is now correctly ignored:

  class test {
    private thing: number = 0; // incorrectly flagged
  
    public incrementThing(): void {
      const temp = { x: 0 };
      temp.x = this.thing++;
    }
  }

adobe/react-spectrum (@​internationalized/date)

v3.9.0

Compare Source

modelcontextprotocol/typescript-sdk (@​modelcontextprotocol/sdk)

v1.17.5

Compare Source

What's Changed

• Automatic handling of logging level by @​cliffhall in #​882
• Fix the SDK vs Spec types test that is breaking CI by @​cliffhall in #​908

Full Changelog: modelcontextprotocol/typescript-sdk@1.17.4...1.17.5

chakra-ui/panda (@​pandacss/dev)

v1.3.0

Compare Source

Patch Changes

• Updated dependencies [70efd73]
  • @​pandacss/types@​1.3.0
  • @​pandacss/node@​1.3.0
  • @​pandacss/config@​1.3.0
  • @​pandacss/logger@​1.3.0
  • @​pandacss/preset-panda@​1.3.0
  • @​pandacss/token-dictionary@​1.3.0
  • @​pandacss/postcss@​1.3.0
  • @​pandacss/shared@​1.3.0

v1.2.0

Compare Source

Patch Changes

• Updated dependencies [ae7cc8d]
  • @​pandacss/preset-panda@​1.2.0
  • @​pandacss/config@​1.2.0
  • @​pandacss/node@​1.2.0
  • @​pandacss/postcss@​1.2.0
  • @​pandacss/logger@​1.2.0
  • @​pandacss/shared@​1.2.0
  • @​pandacss/token-dictionary@​1.2.0
  • @​pandacss/types@​1.2.0

shikijs/shiki (@​shikijs/rehype)

v3.12.2

Compare Source

   🐞 Bug Fixes

• twoslash: Fix onTwoslashError return value handling  -  by @​Karibash in #​1070 (e86b0)

    View changes on GitHub

v3.12.1

Compare Source

No significant changes

    View changes on GitHub

v3.12.0

Compare Source

   🚀 Features

• vitepress-twoslash:
  • Improve UX for option customization  -  by @​9romise in #​1066 (e3cfd)
  • Twoslash inline type cache for markdown  -  by @​serkodev and @​antfu in #​1063 (dc7fb)

   🐞 Bug Fixes

• remove-notation-escape: Correct escape sequence  -  by @​sor4chi in #​1065 (22d0c)

    View changes on GitHub

storybookjs/storybook (@​storybook/addon-a11y)

v9.1.5

Compare Source

• CSF: Support satisfies x as y syntax - #​32169, thanks @​diagramatics!
• Vitest addon: Handle Playwright installation errors gracefully - #​32329, thanks @​ndelangen!

v9.1.4

Compare Source

• Angular: Properly merge builder options and browserTarget options - #​32272, thanks @​kroeder!
• Core: Optimize bundlesize, by reusing internal/babel in mocking-utils - #​32350, thanks @​ndelangen!
• Svelte & Vue: Add framework-specific docgen option to disable docgen processing - #​32319, thanks @​copilot-swe-agent!
• Svelte: Support @sveltejs/vite-plugin-svelte v6 - #​32320, thanks @​JReinhold!

sveltejs/kit (@​sveltejs/kit)

v2.38.1

Compare Source

Patch Changes

• fix: enable redirects from queries (#​14400)

• fix: remove empty nodes from serialized server load data (#​14404)

• fix: allow commands from within endpoints (#​14343)

v2.38.0

Compare Source

Minor Changes

• feat: add new remote function query.batch (#​14272)

v2.37.1

Compare Source

Patch Changes

• fix: serialize server load data before passing to universal load, to handle mutations and promises (#​14298)

• fix: resolve_route prevent dropping a trailing slash of id (#​14294)

• fix: assign correct status code to form submission error on the client (#​14345)

• fix: un-proxy form.result (#​14346)

v2.37.0

Compare Source

Minor Changes

• feat: automatically resolve query.refresh() promises on the server (#​14332)

• feat: allow query.set() to be called on the server (#​14304)

Patch Changes

• fix: disable CSRF checks in dev (#​14335)

• fix: allow redirects to external URLs from within form functions (#​14329)

• fix: add type definitions for query.set() method to override the value of a remote query function (#​14303)

• fix: ensure uniqueness of form.for(...) across form functions (#​14327)

v2.36.3

Compare Source

Patch Changes

• fix: bump devalue (#​14323)

• chore: consolidate dev checks to use esm-env instead of a __SVELTEKIT_DEV__ global (#​14308)

• fix: reset form inputs by default when using remote form functions (#​14322)

sveltejs/vite-plugin-svelte (@​sveltejs/vite-plugin-svelte)

v6.2.0

Compare Source

Minor Changes

• feat(rolldown-vite): enable optimization.inlineConst by default to ensure treeshaking works with esm-env in svelte (#​1207)

v6.1.4

Compare Source

Patch Changes

• fix: allow preprocess plugin to run twice (#​1206)

• fix(types): update urls to PreprocessorGroup and CompileOptions in type documention (#​1203)

• replace kleur dependency with builtin node:utils styleText (#​1210)

TanStack/form (@​tanstack/svelte-form)

v1.19.5

Compare Source

Version 1.19.5 - 9/9/25, 5:46 PM

Changes

Fix

• form-core: prevent stale reactivity when using Date objects (#​1717) (84387d4) by Minha Kang

Chore

• deps: update all non-major dependencies (#​1725) (26bf445) by renovate[bot]

Ci

• apply automated fixes and generate docs (120294a) by autofix-ci[bot]

Packages

• @​tanstack/angular-form@​1.19.5
• @​tanstack/form-core@​1.19.5
• @​tanstack/react-form@​1.19.5
• @​tanstack/solid-form@​1.19.5
• @​tanstack/svelte-form@​1.19.5
• @​tanstack/vue-form@​1.19.5
• @​tanstack/lit-form@​1.19.5

v1.19.4

Compare Source

Version 1.19.4 - 9/8/25, 5:24 AM

Changes

Fix

• form-core: Trigger listeners and validation on setFieldValue (#​1680) (bfdf39a) by LeCarbonator

Ci

• apply automated fixes and generate docs (ba25b00) by autofix-ci[bot]

Docs

• add focus management docs for React (#​1720) (fbf0163) by Corbin Crutchley
• react-form: fix incorrect error display in example (#​1719) (eee2610) by @​taylous

Packages

• @​tanstack/form-core@​1.19.4
• @​tanstack/angular-form@​1.19.4
• @​tanstack/lit-form@​1.19.4
• @​tanstack/react-form@​1.19.4
• @​tanstack/solid-form@​1.19.4
• @​tanstack/svelte-form@​1.19.4
• @​tanstack/vue-form@​1.19.4

v1.19.3

Compare Source

Version 1.19.3 - 8/28/25, 2:52 PM

Changes

Fix

• Upgrade devalue to fix security vulnerability (#​1716) (24e30ab) by Corbin Crutchley

Chore

• deps: update all non-major dependencies (#​1714) (84c64f7) by renovate[bot]
• deps: update all non-major dependencies (#​1702) (355d9b4) by renovate[bot]

Ci

• apply automated fixes and generate docs (b0e5206) by autofix-ci[bot]
• apply automated fixes and generate docs (d3a1b59) by autofix-ci[bot]

Packages

• @​tanstack/angular-form@​1.19.3
• @​tanstack/form-core@​1.19.3
• @​tanstack/react-form@​1.19.3
• @​tanstack/solid-form@​1.19.3
• @​tanstack/svelte-form@​1.19.3
• @​tanstack/vue-form@​1.19.3
• @​tanstack/lit-form@​1.19.3

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v5.0.2

[Compare Source](https://redirect.github.com/vitejs/vite-plugin-react/

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
ark-docs	Ready	Preview	Sep 11, 2025 2:51pm