chore(deps-dev): bump the dev-tooling group with 5 updates

[dependabot]

Bumps the dev-tooling group with 5 updates:

Package	From	To
@biomejs/biome	2.4.14	2.4.15
@moonrepo/cli	2.2.3	2.2.4
typescript	6.0.3	5.9.3
vite	8.0.10	8.0.12
vitest	4.1.5	4.1.6

Updates @biomejs/biome from 2.4.14 to 2.4.15

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.15

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Commits

• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• e0a54cc feat(lint/js/vue): add useVueNextTickPromise (#10254)
• 1110256 feat(lint/vue): add noVueImportCompilerMacros (#10238)
• 7f7419c fix: grammar in extends docstring (#10263)
• 0ae5840 feat(lint/js): add useThisForClassMethods (#9807)
• 83f7385 feat(lint/js): add noBaseToString (#9838)
• 64aee45 feat(lint/html/vue): add noVueVOnNumberValues (#10219)
• See full diff in compare view

Updates @moonrepo/cli from 2.2.3 to 2.2.4

Release notes

Sourced from @​moonrepo/cli's releases.

2.2.4

Release Notes

🐞 Fixes

• Fixed an issue where proto's auto-clean would remove tools installed by moon as they weren't marked as used.
• Fixed a regression where moon would fail with Failed to execute git and capture output when .gitmodules referenced a submodule that hadn't been checked out (e.g. update = none). Uninitialized submodules are now skipped, matching the v1 behavior.
• Fixed an issue where toolchain dependency installation would be skipped even when the vendor directory does not exist.
• Fixed an issue where failing actions would not re-run again because their hash would be persisted, even on failure.
• Fixed an issue where WouldBlock errors would trigger when attempting to flush buffered output to the console.
• Fixed an issue where --upstream=none would error for missing dependencies.

🧰 Toolchains

• Python
  • Fixed an issue where the wrong arguments were passed to uv sync depending on whether proto is managing the Python version.
  • Fixed an issue where venv paths were not available to commands run through the toolchain, like uv sync.

⚙️ Internal

• Updated dependencies.

Install moon_cli 2.2.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/moonrepo/moon/releases/download/v2.2.4/moon_cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/moonrepo/moon/releases/download/v2.2.4/moon_cli-installer.ps1 | iex"

Download moon_cli 2.2.4

File	Platform	Checksum
moon_cli-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
moon_cli-x86_64-apple-darwin.tar.xz	Intel macOS	checksum

... (truncated)

Changelog

Sourced from @​moonrepo/cli's changelog.

2.2.4

🐞 Fixes

• Fixed an issue where proto's auto-clean would remove tools installed by moon as they weren't marked as used.
• Fixed a regression where moon would fail with Failed to execute git and capture output when .gitmodules referenced a submodule that hadn't been checked out (e.g. update = none). Uninitialized submodules are now skipped, matching the v1 behavior.
• Fixed an issue where toolchain dependency installation would be skipped even when the vendor directory does not exist.
• Fixed an issue where failing actions would not re-run again because their hash would be persisted, even on failure.
• Fixed an issue where WouldBlock errors would trigger when attempting to flush buffered output to the console.
• Fixed an issue where --upstream=none would error for missing dependencies.

🧰 Toolchains

• Python
  • Fixed an issue where the wrong arguments were passed to uv sync depending on whether proto is managing the Python version.
  • Fixed an issue where venv paths were not available to commands run through the toolchain, like uv sync.

⚙️ Internal

• Updated dependencies.

Commits

• 11c5454 chore: Bump packages
• See full diff in compare view

Updates typescript from 6.0.3 to 5.9.3

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• 5be3346 Bump version to 5.9.2 and LKG
• ad825f2 Bump version to 5.9.1-rc and LKG
• 463a5bf Update LKG
• Additional commits viewable in compare view

Updates vite from 8.0.10 to 8.0.12

Release notes

Sourced from vite's releases.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.12 (2026-05-11)

Features

• update rolldown to 1.0.0 (#22401) (cf0ff41)

Bug Fixes

• deps: update all non-major dependencies (#22420) (2be6000)
• module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#22369) (f5a22e6)
• refer to rolldownOptions instead of deprecated rollupOptions in messages (#22400) (b675c7b)
• worker: apply build.target to worker bundle (#22404) (3c93fde)
• worker: forward define to worker bundle transform (#22408) (d4838a0)

Miscellaneous Chores

• deps: update dependency eslint-plugin-n to v18 (#22423) (2fe7bd2)
• deps: update rolldown-related dependencies (#22421) (66b9eb3)

8.0.11 (2026-05-07)

Features

• update rolldown to 1.0.0-rc.18 (#22360) (3f80524)

Bug Fixes

• deps: update all non-major dependencies (#22334) (672c962)
• deps: update all non-major dependencies (#22382) (5c0cfcb)
• glob: align hmr matcher options with glob enumeration (#22306) (30028f9)
• make separate object instance for each environment (#22276) (7c2aa3b)

Documentation

• create-vite: list react-compiler templates in README (#22347) (7c3a61f)
• explain mergeConfig skips null/undefined (#22325) (2151f70)
• mention native config loader in CLI options (#22348) (0420c5d)
• update evan's x handle (640202a)

Miscellaneous Chores

• deps: update dependency tsdown to ^0.21.10 (#22333) (3b51e05)
• deps: update rolldown-related dependencies (#22383) (555ff36)
• deps: update transitive packages to fix npm audit alerts (#22316) (86aee62)

Code Refactoring

• devtools integration (#22312) (3c8bf06)
• remove unnecessary async (#22296) (b31fd35)
• show direct path type in bad character warning (#22339) (0c162e9)

Tests

... (truncated)

Commits

• 4dce8b4 release: v8.0.12
• b675c7b fix: refer to rolldownOptions instead of deprecated rollupOptions in mess...
• 66b9eb3 chore(deps): update rolldown-related dependencies (#22421)
• 2fe7bd2 chore(deps): update dependency eslint-plugin-n to v18 (#22423)
• 2be6000 fix(deps): update all non-major dependencies (#22420)
• d4838a0 fix(worker): forward define to worker bundle transform (#22408)
• cf0ff41 feat: update rolldown to 1.0.0 (#22401)
• 3c93fde fix(worker): apply build.target to worker bundle (#22404)
• f5a22e6 fix(module-runner): prevent partial-exports race on concurrent imports of in-...
• 66f3194 release: v8.0.11
• Additional commits viewable in compare view

Updates vitest from 4.1.5 to 4.1.6

Release notes

Sourced from vitest's releases.

v4.1.6

   🐞 Bug Fixes

• browser: Provide project reference in ToMatchScreenshotResolvePath  -  by @​macarie and @​sheremet-va in vitest-dev/vitest#10138 (31882)
• Global sequence.concurrent: true with top-level test(..., { concurrent: false }) + depreacte sequential test API and options  -  by @​hi-ogawa, Codex and @​sheremet-va in vitest-dev/vitest#10196 (2847d)
• browser: Simplify orchestrator otel carrier  -  by @​hi-ogawa in vitest-dev/vitest#10285 (18af9)

   🏎 Performance

• Stringify diff objects only once  -  by @​sheremet-va in vitest-dev/vitest#10276 (9f7b1)

    View changes on GitHub

Commits

• a8fd24c chore: release v4.1.6
• 18af98c fix(browser): simplify orchestrator otel carrier (#10285)
• 3188260 feat(browser): provide project reference in ToMatchScreenshotResolvePath (#...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions