chore(deps)(deps-dev): Bump the dev-tools group across 1 directory with 4 updates

[dependabot]

Bumps the dev-tools group with 4 updates in the / directory: @biomejs/biome, lefthook, typescript and vite.

Updates @biomejs/biome from 1.9.4 to 2.4.12

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.12

2.4.12

Patch Changes

• #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

  describe("foo", () => {});
  describe("foo", () => {
    // invalid: same title as previous describe block
    test("baz", () => {});
    test("baz", () => {}); // invalid: same title as previous test case
  });

• #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

• #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

  For example, the following snippets trigger the rule:

  function createComponent(label) {
    function MyComponent() {
      return <div>{label}</div>;
    }
    return MyComponent;
  }

  function Parent() {
    function Child() {
      return <div />;
    }
    return <Child />;
  }

• #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

• #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

• #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.12

Patch Changes

• #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

  describe("foo", () => {});
  describe("foo", () => {
    // invalid: same title as previous describe block
    test("baz", () => {});
    test("baz", () => {}); // invalid: same title as previous test case
  });

• #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

• #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

  For example, the following snippets trigger the rule:

  function createComponent(label) {
    function MyComponent() {
      return <div>{label}</div>;
    }
    return MyComponent;
  }

  function Parent() {
    function Child() {
      return <div />;
    }
    return <Child />;
  }

• #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

• #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

• #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

• #9966 322675e Thanks @​siketyan! - Fixed #9113: Biome now parses and formats @media and other conditional blocks correctly inside embedded CSS snippets.

... (truncated)

Commits

• baaacfc ci: release (#9890)
• e0ba71d feat: implement useIframeSandbox (#9949)
• 2cff700 feat(lint/js): add useVarsOnTop (#9861)
• 27dd7b1 feat(react/js): add noComponentHookFactories (#9916)
• 0d0e611 feat(js_analyze): implement useReactAsyncServerFunction (#9909)
• f1c1363 feat(lint/js): add useStringStartsEndsWith (#9796)
• d417803 feat(js_analyze): implement noJsxNamespace (#9913)
• 9701a33 feat(lint/js): add noIdenticalTestTitle (#9376)
• c499f46 feat(lint): implement useReduceTypeParameter nursery rule (#9577)
• 40bd180 feat(lint/js): add noExcessiveSelectorClasses (#9866)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Updates lefthook from 1.13.6 to 2.1.6

Release notes

Sourced from lefthook's releases.

v2.1.6

Changelog

• bf73ea2f1ea5468c9af7a6f06b5ef8cd43e66040 fix(packaging): do not pipe stdout and stderr (#1382)
• 04da00697cd8a6241023c1962feb720eeaa62698 fix(windows): normalize lefthook path for sh script (#1383)
• de9597a1bf456d2cf0fbcb8816858b6e5cf6b609 fix: log full scoped name for skipped jobs (#1291)
• eb3e70dbbd2442200ec8ff2140a3ee9daa7d9e70 fix: normalize root to always include trailing slash before path replacement (#1381)
• f90f3f570ef9227ddf345a79cec687dac41a5d31 fix: skip pty allocation when stdout is not a terminal (#1393)

v2.1.5

Changelog

• afac466157f88b5a5f9d03eb28acc90b095a4b5d chore(golangci-lint): upgrade to 2.11.4 (#1362)
• f8e73b947e2eefd6950d6a19c20bbde19070809d chore: fix golangci-lint version lookup
• 4564da343b1497f73f8a82f6104e1b5903f8a081 chore: move golangci-lint version to .tool-versions (#1349)
• 236a5bd07c650aaa882963d68ab5e5e654a47681 chore: small cleanup (#1370)
• 5ddf2206dd23e826c5434392e034fa7db523cd3d deps: April 2026 (#1375)
• e26c719f5a85e8ff35871e9724649714d6f05c13 fix: git repository merge issue (#1372)
• 3503a3b102c2b41c298e1e7dc6549181508518a6 fix: prevent lefthook run from overwriting global hooks (#1371)
• f3fc175f6c638fd54ab49b8d7c060898f936c934 fix: use pre-push stdin for push file detection (#1368)

v2.1.4

Changelog

• 21479f941dcf73bd826cd169088983320fdc31d6 fix: bring back {lefthook_job_name} template (#1347)
• c586f14d15cbef841c988420da6e21d903859764 fix: separate more commands' non-option args with -- (#1339)
• 8dcd4aef558c1676d0ac724e220d241a71e6a861 pkg: fix scripts (#1348)
• 2fac7285db9090f0e88478fdcb50353452250655 pkg: make it easier to read (#1340)
• 32af36b1b832891df7dfb7411b4c2e273aefc3d7 pkg: refactor packaging (2) (#1346)
• 5354773b454a8c5e7a916d909782661bc6b1f896 pkg: refactor packaging scripts (#1308)

v2.1.3

Changelog

• 044ebf3a8c36f323d3ca32f4d1c42dc22cfd3cb9 chore(ci): switch artifact attestations gen to actions/attest v4 (#1338)
• 73d1680f6bd934ee2d18071ae14df2338a2ee670 chore: describe ENV variables usage in CLI help output (#1337)
• a9cb6568acb08dfde150b9753afe815abb030e84 chore: small code improvements (#1336)
• 9478fd55f0cd485cd4bbe62187357f27239c43c2 deps: March 2026 (#1330)
• 5afae26dc3a03503ceb0f66be4a8c61aca084662 feat: update minimum go version (#1331)
• 8da90752970ad6733c27cee44e15b3349856b12a fix: support git debug versions (#1334)

v2.1.2

Changelog

• 737a6f71589e6a2e6f704be4d6c485d473c25b69 ci: freeze docmd (#1327)
• 6fb8e50d09202a71683fd0c160ba9458d0fe38be feat: introduce setup hook option (#1326)
• 246f1c99f02be680a8ce24c9d880f2570d25b212 fix: rollback auto-staged changes if unwanted changes detected (#1251)
• af21ce3978a6a9ab79cdc8150e515d4dcd15434d pkg(pypi): fix python packages publishing
• 52c5d93b452c67490b8aa7488761ad19a098fb33 refactor: recovering logic for changesets (#1324)

v2.1.1

Changelog

• beae38f0e4f132d685247310116464a50ac6a11b chore: reduce verbosity of hints in lefthook install (#1303)
• 59c72606e76f6ca42cc5989a28ed79f42cf0d5a7 ci: fix publishing to PyPi
• b6cdb2ed9778561860b244df033c73af23ef0291 docs(install): add missing /v2 suffix for go get -tool (#1304)

... (truncated)

Changelog

Sourced from lefthook's changelog.

2.1.6 (2026-04-16)

• fix: normalize lefthook path for sh script (#1383) by @​AndrewKahr
• fix: normalize root to always include trailing slash before path replacement (#1381) by @​Copilot
• fix: skip pty allocation when stdout is not a terminal (#1393) by @​technicalpickles
• docs: upgrade docmd (#1391) by @​mrexox
• fix: log full scoped name for skipped jobs (#1291) by @​scop
• fix: do not pipe stdout and stderr (#1382) by @​mrexox

2.1.5 (2026-04-06)

• deps: April 2026 (#1375) by @​mrexox
• docs: update documentation and docs for claude (#1373) by @​mrexox
• fix: git repository merge issue (#1372) by @​mrexox
• fix: use pre-push stdin for push file detection (#1368) by @​supitsdu
• chore: small cleanup (#1370) by @​mrexox
• fix: prevent lefthook run from overwriting global hooks (#1371) by @​ivy
• chore: upgrade to 2.11.4 (#1362) by @​scop
• chore: fix golangci-lint version lookup by @​mrexox
• chore: move golangci-lint version to .tool-versions (#1349) by @​scop

2.1.4 (2026-03-12)

• pkg: fix scripts (#1348) by @​mrexox
• fix: bring back {lefthook_job_name} template (#1347) by @​mrexox
• pkg: refactor packaging (2) (#1346) by @​mrexox
• fix: separate more commands' non-option args with -- (#1339) by @​scop
• docs: change logo to point to landing page instead of itself (#1343) by @​igas
• pkg: make it easier to read (#1340) by @​mrexox
• pkg: refactor packaging scripts (#1308) by @​mrexox

2.1.3 (2026-03-07)

• chore: switch artifact attestations gen to actions/attest v4 (#1338) by @​scop
• chore: describe ENV variables usage in CLI help output (#1337) by @​mrexox
• fix: support git debug versions (#1334) by @​mrexox
• deps: March 2026 (#1330) by @​mrexox
• feat: update minimum go version (#1331) by @​mrexox

2.1.2 (2026-03-01)

• feat: introduce setup hook option (#1326) by @​mrexox
• refactor: recovering logic for changesets (#1324) by @​mrexox
• fix: rollback auto-staged changes if unwanted changes detected (#1251) by @​tuchfarber
• docs: improve docs ui (#1323) by @​mrexox
• docs: additional skip example and note about reinstallation (#1319) by @​iloveitaly
• docs: fix incorrect --verbose usage (#1318) by @​iloveitaly
• pkg: fix python packages publishing by @​mrexox

2.1.1 (2026-02-12)

... (truncated)

Commits

• 679ce27 2.1.6: fixes for Windows and AI tools execution
• 04da006 fix(windows): normalize lefthook path for sh script (#1383)
• eb3e70d fix: normalize root to always include trailing slash before path replacemen...
• f90f3f5 fix: skip pty allocation when stdout is not a terminal (#1393)
• 1481e9d docs: upgrade docmd (#1391)
• de9597a fix: log full scoped name for skipped jobs (#1291)
• bf73ea2 fix(packaging): do not pipe stdout and stderr (#1382)
• 4cec579 2.1.5: prevent overwriting global hooks and fix pre-push for sha256 repos
• 5ddf220 deps: April 2026 (#1375)
• 0c16199 docs: update documentation and docs for claude (#1373)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lefthook since your current version.

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Updates vite from 6.4.2 to 8.0.8

Release notes

Sourced from vite's releases.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0-beta.18

Please refer to CHANGELOG.md for details.

v8.0.0-beta.17

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.8 (2026-04-09)

Features

• update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

Bug Fixes

• avoid dns.getDefaultResultOrder temporary (#22202) (15f1c15)
• ssr: class property keys hoisting matching imports (#22199) (e137601)

8.0.7 (2026-04-07)

Bug Fixes

• use sync dns.getDefaultResultOrder instead of dns.promises (#22185) (5c05b04)

8.0.6 (2026-04-07)

Features

• update rolldown to 1.0.0-rc.13 (#22097) (51d3e48)

Bug Fixes

• css: avoid mutating sass error multiple times (#22115) (d5081c2)
• optimize-deps: hoist CJS interop assignment (#22156) (17a8f9e)

Performance Improvements

• early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#22151) (56ec256)

Miscellaneous Chores

• create-vite: remove unnecessary DOM.Iterable (#22168) (bdc53ab)
• replace remaining prettier script (#22179) (af71fb2)

8.0.5 (2026-04-06)

Bug Fixes

• apply server.fs check to env transport (#22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#22161) (79f002f)
• check server.fs after stripping query as well (#22160) (a9a3df2)
• disallow referencing files outside the package from sourcemap (#22158) (f05f501)

8.0.4 (2026-04-06)

Features

• allow esbuild 0.28 as peer deps (#22155) (b0da973)
• hmr: truncate list of files on hmr update (#21535) (d00e806)
• optimizer: log when dependency scanning or bundling takes over 1s (#21797) (f61a1ab)

Bug Fixes

... (truncated)

Commits

• 6e585dc release: v8.0.8
• e137601 fix(ssr): class property keys hoisting matching imports (#22199)
• 15f1c15 fix: avoid dns.getDefaultResultOrder temporary (#22202)
• 6baf587 feat: update rolldown to 1.0.0-rc.15 (#22201)
• fdb2e6f release: v8.0.7
• 5c05b04 fix: use sync dns.getDefaultResultOrder instead of dns.promises (#22185)
• 7b3086f release: v8.0.6
• af71fb2 chore: replace remaining prettier script (#22179)
• 51d3e48 feat: update rolldown to 1.0.0-rc.13 (#22097)
• 17a8f9e fix(optimize-deps): hoist CJS interop assignment (#22156)
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: dependencies, triage. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.