chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	^2.3.6 -> ^2.3.7
@microsoft/api-extractor (source)	^7.55.0 -> ^7.55.1
@reduxjs/toolkit (source)	^2.10.1 -> ^2.11.0
@rsbuild/core (source)	~1.6.7 -> ~1.6.8
@rstest/core (source)	^0.6.5 -> ^0.6.6
@types/lodash (source)	^4.17.20 -> ^4.17.21
@typescript/native-preview (source)	7.0.0-dev.20251118.1 -> 7.0.0-dev.20251123.1
@vitejs/plugin-vue (source)	^6.0.1 -> ^6.0.2
nx (source)	^22.0.4 -> ^22.1.1
pnpm (source)	10.22.0 -> 10.23.0
pnpm (source)	>=10.22.0 -> >=10.23.0
vitest (source)	^4.0.10 -> ^4.0.13
vue-tsc (source)	^3.1.4 -> ^3.1.5

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.3.7

Compare Source

Patch Changes

• #​8169 7fdcec8 Thanks @​arendjr! - Fixed #​7999: Correctly place await after leading comment in auto-fix action from noFloatingPromises rule.

• #​8157 12d5b42 Thanks @​Conaclos! - Fixed #​8148. noInvalidUseBeforeDeclaration no longer reports some valid use before declarations.

  The following code is no longer reported as invalid:

  class classA {
    C = C;
  }
  const C = 0;

• #​8178 6ba4157 Thanks @​dyc3! - Fixed #​8174, where the HTML parser would parse 2 directives as a single directive because it would not reject whitespace in Vue directives. This would cause the formatter to erroneously merge the 2 directives into one, resulting in broken code.

  - <Component v-else:property="123" />
  + <Component v-else :property="123" />

• #​8088 0eb08e8 Thanks @​db295! - Fixed #​7876: The noUnusedImports rule now ignores imports that are used by @​linkcode and @​linkplain (previously supported @​link and @​see).

  The following code will no longer be a false positive:

  import type { a } from "a"
  
  /**
   * {@​linkcode a}
   */
  function func() {}

• #​8119 8d64655 Thanks @​ematipico! - Improved the detection of the rule noUnnecessaryConditions. Now the rule isn't triggered for variables that are mutated inside a module.

  This logic deviates from the original rule, hence noUnnecessaryConditions is now marked as "inspired".

  In the following example, hey starts as false, but then it's assigned to a string. The rule isn't triggered inside the if check.

  let hey = false;
  
  function test() {
    hey = "string";
  }
  
  if (hey) {
  }

• #​8149 e0a02bf Thanks @​Netail! - Fixed #​8144: Improve noSyncScripts, ignore script tags with type="module" as these are always non-blocking.

• #​8182 e9f068e Thanks @​hirokiokada77! - Fixed #​7877: Range suppressions now handle suppressed categories properly.

  Valid:

  // biome-ignore-start lint: explanation
  const foo = 1;
  // biome-ignore-end lint: explanation

• #​8111 bf1a836 Thanks @​ryan-m-walker! - Added support for parsing and formatting the CSS if function.

  Example

  .basic-style {
    color: if(style(--scheme: dark): #eeeeee; else: #​000000;);
  }

• #​8173 7fc07c1 Thanks @​ematipico! - Fixed #​8138 by reverting an internal refactor that caused a regression to the rule noUnusedPrivateClassMembers.

• #​8119 8d64655 Thanks @​ematipico! - Improved the type inference engine, by resolving types for variables that are assigned to multiple values.

• #​8158 fb1458b Thanks @​dyc3! - Added the useVueValidVText lint rule to enforce valid v-text directives. The rule reports when v-text has an argument, has modifiers, or is missing a value.

  Invalid:

  <div v-text />
  <!-- missing value -->
  <div v-text:aaa="foo" />
  <!-- has argument -->
  <div v-text.bbb="foo" />
  <!-- has modifier -->

• #​8158 fb1458b Thanks @​dyc3! - Fixed useVueValidVHtml so that it will now flag empty strings, e.g. v-html=""

• #​7078 bb7a15c Thanks @​emilyinure! - Fixed #​6675: Now only flags
  noAccumulatingSpread on Object.assign when a new object is being allocated on
  each iteration. Before, all cases using Object.assign with reduce parameters
  were warned despite not making new allocations.

  The following code will no longer be a false positive:

  foo.reduce((acc, bar) => Object.assign(acc, bar), {});

  The following cases which do make new allocations will continue to warn:

  foo.reduce((acc, bar) => Object.assign({}, acc, bar), {});

• #​8175 0c8349e Thanks @​ryan-m-walker! - Fixed CSS formatting of dimension units to use correct casing for Q, Hz and kHz.

  Before:

  .cssUnits {
    a: 1Q;
    b: 1Hz;
    c: 1kHz;
  }

  After:

  .cssUnits {
    a: 1Q;
    b: 1Hz;
    c: 1kHz;
  }

microsoft/rushstack (@​microsoft/api-extractor)

v7.55.1

Compare Source

Fri, 21 Nov 2025 16:13:56 GMT

Version update only

reduxjs/redux-toolkit (@​reduxjs/toolkit)

v2.11.0

Compare Source

web-infra-dev/rsbuild (@​rsbuild/core)

v1.6.8

Compare Source

What's Changed

New Features 🎉

• feat: improve build time printing by @​chenjiahan in #​6607
• feat: improve build time logs with error state by @​chenjiahan in #​6608
• feat(plugin-api): add build time to environment compile hook by @​chenjiahan in #​6584
• feat: add order option to control PostCSS plugin insertion position by @​chenjiahan in #​6622
• feat: add integrity field to manifest when sri is enabled by @​chenjiahan in #​6634

Bug Fixes 🐞

• fix(create-rsbuild): use current package manager in templates by @​chenjiahan in #​6612
• fix: improve browserslist cache key by @​chenjiahan in #​6620
• fix: open base url when no routes are available by @​chenjiahan in #​6630
• fix: improve error handling when loading addons failed by @​chenjiahan in #​6631

Refactor 🔨

• refactor: simplify helper used by the Node addons plugin by @​chenjiahan in #​6626

Document 📖

• docs: fix JSX import source reference in documentation by @​htoooth in #​6614
• docs(meta): add open graph tags example by @​chenjiahan in #​6615
• docs: fix outdated plugin order link by @​chenjiahan in #​6617
• docs: improve environment and compatibility wording by @​chenjiahan in #​6621
• docs: refine webpack migration wording by @​chenjiahan in #​6629
• docs: add detailed JSDoc to manifest data types by @​chenjiahan in #​6632

Other Changes

• chore(deps): update dependency core-js to ~3.47.0 by @​renovate[bot] in #​6609
• chore(deps): update dependency prebundle to v1.6.0 by @​renovate[bot] in #​6610
• chore(deps): update all patch dependencies by @​renovate[bot] in #​6611
• chore(deps): update dependency nano-staged to ^0.9.0 by @​renovate[bot] in #​6618
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in #​6619
• test(e2e): improve test cases for postcss plugins by @​chenjiahan in #​6623
• chore(deps): update module-federation to 0.21.5 and remove unused packages by @​chenjiahan in #​6624
• chore(deps): update dependency nx to ^22.1.1 by @​renovate[bot] in #​6627
• chore(deps): update dependency webpack to ^5.103.0 by @​renovate[bot] in #​6628
• chore: remove unused getStatsAssetsOptions function by @​chenjiahan in #​6633
• chore(deps): update pnpm to v10.23.0 by @​renovate[bot] in #​6637
• chore(deps): update all patch dependencies by @​renovate[bot] in #​6636
• chore(deps): update dependency open to v11 by @​renovate[bot] in #​6638
• release: v1.6.8 by @​chenjiahan in #​6640

New Contributors

• @​htoooth made their first contribution in #​6614

Full Changelog: web-infra-dev/rsbuild@v1.6.7...v1.6.8

web-infra-dev/rstest (@​rstest/core)

v0.6.6

Compare Source

What's Changed

New Features 🎉

• feat(vscode): communicate with worker using ipc instead of websocket by @​claneo in #​691
• feat: support get runtime config via rs.getConfig API by @​9aoy in #​701
• feat: support displaying slow-running tests by @​9aoy in #​706

Bug Fixes 🐞

• fix(vscode): correct icon path by @​fi3ework in #​703
• fix: should load json file correctly by @​9aoy in #​702
• fix: suppress ESModulesLinkingError for exports that might be implemented in mock by @​9aoy in #​704
• fix: describe.each type error by @​9aoy in #​707

Document 📖

• docs: use rspress new UI by @​9aoy in #​697
• docs: update doc ui by @​9aoy in #​699
• docs!: rename filename from camel to kebab by @​9aoy in #​705

Other Changes

• chore: update vscode extension build script by @​9aoy in #​696

Full Changelog: web-infra-dev/rstest@v0.6.5...v0.6.6

microsoft/typescript-go (@​typescript/native-preview)

v7.0.0-dev.20251123.1

Compare Source

v7.0.0-dev.20251122.1

Compare Source

v7.0.0-dev.20251121.1

Compare Source

v7.0.0-dev.20251120.1

Compare Source

v7.0.0-dev.20251119.1

Compare Source

vitejs/vite-plugin-vue (@​vitejs/plugin-vue)

v6.0.2

Bug Fixes

• deps: update all non-major dependencies (#​643) (b702c1f)
• deps: update all non-major dependencies (#​653) (c6bd324)
• deps: update all non-major dependencies (#​663) (dbcd1d0)
• deps: update all non-major dependencies (#​665) (428dde0)
• deps: update all non-major dependencies (#​671) (59e0a51)
• deps: update all non-major dependencies (#​679) (f226dab)
• deps: update all non-major dependencies (#​685) (d990206)
• deps: update all non-major dependencies (#​688) (46edd7e)
• deps: update all non-major dependencies (#​692) (13accf3)
• deps: update all non-major dependencies (#​694) (9c77f01)
• deps: update all non-major dependencies (#​704) (ecb581a)
• fix hmr of dynamically loaded vue sfc modules in apps with tailwind (#​702) (0a883f7)

Miscellaneous Chores

• deps: update dependency rollup to ^4.52.3 (#​674) (dd91393)
• deps: update dependency rollup to ^4.52.5 (#​684) (a291b66)
• deps: update dependency rollup to ^4.53.1 (#​695) (0b238ea)
• deps: update dependency rollup to ^4.53.2 (#​703) (847808f)
• deps: update upstream (#​638) (f7cef18)
• deps: update upstream (#​642) (be57955)
• deps: update upstream (#​652) (3030263)
• deps: update upstream (#​666) (e6ece54)
• deps: update upstream (#​670) (5d3313f)
• deps: update upstream (#​678) (3f0593f)

nrwl/nx (nx)

v22.1.1

Compare Source

22.1.1 (2025-11-21)

🚀 Features

• linter: add util to load eslint rules from a directory (#​33543)
• nx-cloud: prepend nx version to stats metadata (#​33568)

🩹 Fixes

• core: don't presume a task is long running if its marked cacheable (#​33545, #​32610)
• core: daemon command should exit at end (#​33547)
• core: provide error when nested graph construction would occur invoked during createNodes (#​33541, #​29618)
• graph: align exclude flag with others by using findMatchingProjects (#​33550)
• linter: handle various flat config override structures (#​33548, #​31796)
• react: exclude tailwind from CSS modules syntax in component generator (#​33574)
• storybook: remove STORYBOOK_PROJECT_ROOT when running automigrate to prevent hanging (#​33567, #​32492)
• vite: generate .mts config files to force ESM (#​33518)

❤️ Thank You

• AgentEnder @​AgentEnder
• Claude
• Craigory Coppola @​AgentEnder
• Jack Hsu @​jaysoo
• Jason Jean @​FrozenPandaz
• Leosvel Pérez Espinosa @​leosvelperez
• MaxKless @​MaxKless

v22.1.0

Compare Source

22.1.0 (2025-11-19)

🚀 Features

• core: update rust (#​33220)
• core: enable tui by default on windows (#​33314)
• core: batch hash tasks without custom hashers (#​33327)
• core: add OSC 9;4 progress indicator support to TUI (#​33325)
• core: collect resource usage (#​32946)
• core: disable interactivity by default for run-one task outputs in tui (#​33358)
• core: track system metrics and link plugins to workers when possible (#​33411)
• core: pull nx init from latest before executing (#​33446)
• core: export TypeScript schema definitions via wildcard patterns (#​33454, #​33336)
• core: make console daemon check backgroundable and pulling from latest (#​33491)
• core: apply parent env to atomized target (#​33013)
• docker: support inferring additional args for targets with interpolation support (#​32892)
• docker: add skipDefaultTag option to build target (#​33477, #​33506)
• gradle: add custom installation path to options (#​33187)
• gradle: use gitignore to determine dependant task output files (#​33402)
• gradle: allow specifying project and task configuration from gradle build files (#​33264)
• maven: upgrade to version 0.0.8 with automated migration (#​33315)
• maven: add ci-workflow generator (#​33346)
• maven: bump version from 0.0.8 to 0.0.9 (#​33405)
• maven: add option to prefix all maven targets (#​33420)
• misc: remove CI investigation recommendations from agent rules (#​33309)
• nextjs: add support for next 16 (#​33296, #​33207)
• nx-dev: add downloadable resources page and React book blog post (160b4cce34)
• release: support {versionActionsVersion} in docker version scheme (#​33178)
• release: add resolveVersionPlans option to changelog CLI and API (#​33435)
• storybook: add support for storybook 10 (#​33277, #​33141)
• storybook: generate ai instructions for converting from CJS to ESM after migration (#​33395)
• testing: support cypress v15 (#​33393, #​33304)
• vite: add atomizer support for vitest (#​33265)
• vite: add vitest 4 to peerDep range to prevent conflicts (#​33394)
• vitest: split vitest into @​nx/vitest plugin (#​33311)
• vitest: split entrypoint into plugin, generators, executors (#​33426)
• vitest: support vitest 4 (#​33424)

🩹 Fixes

• core: adding output error reason (#​33159)
• core: continue execution when cloud client is unavailable (#​33214)
• core: prevent error message containing [object Object] for invalid {workspaceRoot} placement (#​33203)
• core: fix swapped arguments when resolving catalog references from the filesystem (#​33237)
• core: should find dockerfiles to suggest installing docker plugin (#​33234)
• core: stream without prefixes showing tui (#​33194, #​32535)
• core: ensure daemon writes project graph cache to disk consistently (#​33217)
• core: add accept header to http remote cache get (#​33093, #​33092)
• core: prevent undefined importer crash in pnpm lockfile parsing (#​33223)
• core: split lockfile cache and other performance improvements (#​33256)
• core: turn v8 serializer off by default but fallback to it if json serialization fails (#​33274, #​4, #​2, #​3)
• core: make sure that gemini contextFileName is string before trying to resolve (#​33280)
• core: also look in .nx installation when reading nx.json extends (#​33306)
• core: handle various directories when importing prettier (#​33383)
• core: prevent args from being split by spaces when executing through nx wrapper (#​33362)
• core: correctly identify local workspace dependencies on windows (#​33408)
• core: clean up dead processes from metrics (#​33437)
• core: resolve lockfile cache regression with keyMap state (#​33448, #​33256)
• core: remove system metrics collection and reporting (#​33456)
• core: optimize batch task scheduling to prevent redundant traversals (#​33455, #​33366)
• core: capture stderr in nx add command for better error messages (#​33462)
• core: include require paths when resolving specified plugins (#​33495)
• core: prevent hanging between command end and process exit (#​33500)
• core: resolve all lock ordering deadlocks in metrics collector (#​33513)
• core: avoid leaking memory due by creating an unref'd interval for each daemon connection (#​33532, #​29836)
• core: default input should indeed be default (#​33533)
• docker: handle undefined options when creating graph (#​33235)
• docker: handle dockerfile at project root tag (#​33236)
• docker: guard commitSha null in plugin interpolation (#​33275)
• gradle: bump gradle migration version (#​33479)
• graph: add nx:build-native dependency to typecheck target (#​33428)
• js: update vitest generator import in library generator (#​33430)
• js: improve typescript plugin performance (#​33425, #​33076)
• js: remove redundant typescript project references (#​33438)
• js: skip TS project references migration for non-TS-solution workspaces (#​33467)
• js: sync external references to project's tsconfig.json file if it includes any files (#​33524)
• maven: add support for unbound goals in plugin targets (#​33191)
• maven: use File.isAbsolute for cross-platform path detection (#​33195)
• maven: resolve maven dependencies from project roots (#​33313)
• maven: set migration version to 22.1.0-beta.4 (#​33345)
• maven: forward parameters through target dependencies (#​33365)
• maven: skip maven plugin computation on vercel/netlify (#​33486)
• misc: add explanatory footer to ai agents prompts (#​33182)
• misc: handle null exit codes from crashed child processes (#​33163, #​29204)
• misc: handle ERR_USE_AFTER_CLOSE gracefully in nx init and create-nx-workspace (#​33469)
• module-federation: update @​module-federation packages to fix Koa vulnerability (#​33285, #​33380)
• nextjs: ensure eslint-config-next matches Next.js 14 and 15 versions (#​30259, #​30258, #​30257)
• node: migrate to koa 3.0.3 (#​33208)
• nx-dev: update docs code blocks usage (#​32998)
• nx-dev: add copy-docs back as a dep of serve (#​33215)
• nx-dev: fix GitHub star button styling in mobile view (#​33385)
• nx-dev: error out when failing to parse plugin manifests (#​33498)
• release: changelog renderer should render commit title with breaking changes (#​33439)
• release: ensure file change calculation matches nx affected #​33413 (#​33539, #​33413)
• storybook: remove optional nature of migration (#​33427)
• storybook: normalize version range before comparison (#​33515, #​33514)
• testing: use .cts config files for Jest 30+ to fix __dirname issues (#​33349, #​32236)
• vite: nxViteTsPaths supports local path aliases (#​33241, #​33231)
• vite: prevent race-condition when importing @​vitejs/plugin-vue (#​33307)
• vite: ensure atomizer does not consider projects outside the project root (#​33344)
• vite: ensure createVitest looks only from projectRoot (#​33361)
• vite: support vitest v4 (#​33478)
• vitest: do not fail when cleanedAngularVersion is of incorrect type (#​33436, #​33347)
• webpack: prevent errors when importing @​nx/webpack before typescript is installed (#​33251)

❤️ Thank You

• Caleb Ukle
• Claude
• Colum Ferry @​Coly010
• Coly010 @​Coly010
• Craigory Coppola @​AgentEnder
• Emilio Heinzmann @​emiliosheinz
• Eric Büttner @​tuffz
• FrozenPandaz @​FrozenPandaz
• Hugo Burton @​hugs7
• Jack Hsu @​jaysoo
• James Henry @​JamesHenry
• Jason Jean @​FrozenPandaz
• Juri Strumpflohner
• Leosvel Pérez Espinosa @​leosvelperez
• leosvelperez @​leosvelperez
• Louie Weng @​lourw
• MaxKless @​MaxKless
• Miroslav Jonaš @​meeroslav
• Sander Boelhouwers
• Zachary DeRose @​ZackDeRose

pnpm/pnpm (pnpm)

v10.23.0: pnpm 10.23

Compare Source

Minor Changes

• Added --lockfile-only option to pnpm list #​10020.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #​10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #​10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #​10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #​10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:is-odd@3.0.1) #​8660.
• Don't add an extra slash to the Node.js mirror URL #​10204.
• pnpm store prune should not fail if the store contains Node.js packages #​10131.

Platinum Sponsors

Gold Sponsors

vitest-dev/vitest (vitest)

v4.0.13

Compare Source

   🐞 Bug Fixes

• types:
  • Don't use type from Vite 7.1  -  by @​sheremet-va in #​9071 (6356b)
  • Don't import node.js dependent types in vitest/browser  -  by @​sheremet-va in #​9068 (332af)

   🏎 Performance

• Avoid fetchModule roundtrip if the module is cached  -  by @​sheremet-va in #​9075 (b27e0)
• experimental: If fsCacheModule is enabled, read from the memory when possible  -  by @​sheremet-va in #​9076 (6b9a1)

    View changes on GitHub

v4.0.12

Compare Source

   🐞 Bug Fixes

• Inherit fsModuleCachePath by default  -  by @​sheremet-va in #​9063 (9a8bc)
• Don't import from @opentelemetry/api in public types  -  by @​sheremet-va in #​9066 (e944a)

    View changes on GitHub

[v4.0.11](https://redirect.github.com/vitest-dev/vitest/releases/tag/v4

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 241 workspace projects
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 14, reused 0, downloaded 0, added 0
Progress: resolved 20, reused 0, downloaded 0, added 0
Progress: resolved 39, reused 0, downloaded 0, added 0
Progress: resolved 49, reused 0, downloaded 0, added 0
/tmp/renovate/repos/github/web-infra-dev/rslib/tests/integration/dts-tsgo/bundle/bundled-packages:
 ERR_PNPM_TRUST_DOWNGRADE  High-risk trust downgrade for "@reduxjs/toolkit@2.11.0" (possible package takeover)

This error happened while installing a direct dependency of /tmp/renovate/repos/github/web-infra-dev/rslib/tests/integration/dts-tsgo/bundle/bundled-packages

Earlier versions had provenance attestation, but this version has no trust evidence. A trust downgrade may indicate a supply chain incident.

[netlify]

✅ Deploy Preview for rslib ready!

Name	Link
🔨 Latest commit	9f185ae
🔍 Latest deploy log	https://app.netlify.com/projects/rslib/deploys/6923fad00c8f9e0008ca80e3
😎 Deploy Preview	https://deploy-preview-1361--rslib.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.