chore(deps): update all non-major dependencies#290
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
chore(deps): update all non-major dependencies#290renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
|
|
| Command | Status | Duration | Result |
|---|---|---|---|
nx affected --targets=test:eslint,test:sherif,t... |
❌ Failed | 2m 20s | View ↗ |
nx run-many --targets=build --exclude=examples/** |
✅ Succeeded | 35s | View ↗ |
☁️ Nx Cloud last updated this comment at 2026-04-15 05:53:07 UTC
More templates
@tanstack/devtools
@tanstack/devtools-a11y
@tanstack/devtools-client
@tanstack/devtools-ui
@tanstack/devtools-utils
@tanstack/devtools-vite
@tanstack/devtools-event-bus
@tanstack/devtools-event-client
@tanstack/preact-devtools
@tanstack/react-devtools
@tanstack/solid-devtools
@tanstack/vue-devtools
commit: |
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
26 times, most recently
from
8f5167e to
09c56be
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
23 times, most recently
from
e861232 to
4b90eb1
Compare
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughUpdated GitHub Actions workflows and bumped dependency/devDependency versions across root, packages, and example projects; no source code logic or exported API signatures were changed. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
examples/react/bundling-repro/package.json (1)
18-26: Consider pinning@tanstack/ai-*packages to specific versions.Using
"latest"for these AI packages means builds are non-reproducible and could break unexpectedly when new versions are published. While acceptable for a repro/debugging example, consider pinning to specific versions if this example is used for CI or regression testing.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/react/bundling-repro/package.json` around lines 18 - 26, The package.json currently pins multiple `@tanstack/ai` packages to "latest" which makes builds unreproducible; replace the "latest" specifiers for "@tanstack/ai", "@tanstack/ai-anthropic", "@tanstack/ai-client", "@tanstack/ai-gemini", "@tanstack/ai-ollama", "@tanstack/ai-openai", "@tanstack/ai-react", "@tanstack/react-ai-devtools", and "@tanstack/react-devtools" with concrete version numbers (choose a specific semver like "^X.Y.Z" or an exact "X.Y.Z") to lock dependencies for CI/regression tests and update the lockfile accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@examples/react/bundling-repro/package.json`:
- Around line 18-26: The package.json currently pins multiple `@tanstack/ai`
packages to "latest" which makes builds unreproducible; replace the "latest"
specifiers for "@tanstack/ai", "@tanstack/ai-anthropic", "@tanstack/ai-client",
"@tanstack/ai-gemini", "@tanstack/ai-ollama", "@tanstack/ai-openai",
"@tanstack/ai-react", "@tanstack/react-ai-devtools", and
"@tanstack/react-devtools" with concrete version numbers (choose a specific
semver like "^X.Y.Z" or an exact "X.Y.Z") to lock dependencies for CI/regression
tests and update the lockfile accordingly.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: de66d22c-d3cb-4f54-a7b2-387035694052
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (26)
.github/workflows/autofix.yml.github/workflows/pr.yml.github/workflows/release.ymlexamples/preact/basic/package.jsonexamples/preact/custom-devtools/package.jsonexamples/react/basic/package.jsonexamples/react/bundling-repro/package.jsonexamples/react/custom-devtools/package.jsonexamples/react/drizzle/package.jsonexamples/react/https/package.jsonexamples/react/start/package.jsonexamples/react/time-travel/package.jsonexamples/solid/basic/package.jsonexamples/solid/devtools-ui/package.jsonexamples/solid/start/package.jsonexamples/vue/basic/package.jsonpackage.jsonpackages/devtools-ui/package.jsonpackages/devtools-utils/package.jsonpackages/devtools-vite/package.jsonpackages/devtools/package.jsonpackages/event-bus/package.jsonpackages/preact-devtools/package.jsonpackages/react-devtools/package.jsonpackages/solid-devtools/package.jsonpackages/vue-devtools/package.json
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/release.yml:
- Line 26: Replace mutable action references like uses: actions/checkout@v6.0.2
with the immutable commit SHA form (e.g., uses:
actions/checkout@<FULL_COMMIT_SHA>) while preserving the human-friendly tag as a
trailing comment (e.g., # v6.0.2) to maintain readability; update the checkout
usages in the release workflow (the uses: actions/checkout entries) and apply
the same SHA-pinning pattern to the checkout actions referenced in pr.yml (the
uses: actions/checkout entries on the other specified lines).
In `@package.json`:
- Around line 62-65: The `@tanstack` package upgrades introduce breaking changes:
update our build/docs configs accordingly by (1) in typedoc-related code/configs
(search for any Typedoc config files or usages that expect lower-cased output)
remove or adjust any post-processing that lower-cases Typedoc output and ensure
templates/consumers accept the new casing produced by `@tanstack/typedoc-config`
v0.3.3, and (2) in vite.config.ts (look for references to viteConfig or imports
from `@tanstack/vite-config`) migrate the old viteConfig usage to the new shape:
upgrade to Vite 8+ if not already and replace viteConfig options with
rolldownOptions and use the new native resolve.tsconfigPaths behavior (update
imports, option names, and any tsconfig path resolution code). Make these
changes where viteConfig and Typedoc config objects are defined so the project
builds and docs generate correctly with the new `@tanstack` versions.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 3e3729bd-9872-4d23-b9a5-164d848e5c26
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (26)
.github/workflows/autofix.yml.github/workflows/pr.yml.github/workflows/release.ymlexamples/preact/basic/package.jsonexamples/preact/custom-devtools/package.jsonexamples/react/basic/package.jsonexamples/react/bundling-repro/package.jsonexamples/react/custom-devtools/package.jsonexamples/react/drizzle/package.jsonexamples/react/https/package.jsonexamples/react/start/package.jsonexamples/react/time-travel/package.jsonexamples/solid/basic/package.jsonexamples/solid/devtools-ui/package.jsonexamples/solid/start/package.jsonexamples/vue/basic/package.jsonpackage.jsonpackages/devtools-ui/package.jsonpackages/devtools-utils/package.jsonpackages/devtools-vite/package.jsonpackages/devtools/package.jsonpackages/event-bus/package.jsonpackages/preact-devtools/package.jsonpackages/react-devtools/package.jsonpackages/solid-devtools/package.jsonpackages/vue-devtools/package.json
🚧 Files skipped from review as they are similar to previous changes (17)
- examples/react/time-travel/package.json
- packages/preact-devtools/package.json
- packages/devtools/package.json
- packages/devtools-ui/package.json
- packages/devtools-utils/package.json
- packages/react-devtools/package.json
- examples/solid/devtools-ui/package.json
- packages/solid-devtools/package.json
- .github/workflows/autofix.yml
- examples/solid/basic/package.json
- packages/vue-devtools/package.json
- examples/react/basic/package.json
- examples/vue/basic/package.json
- examples/preact/basic/package.json
- packages/devtools-vite/package.json
- examples/preact/custom-devtools/package.json
- examples/react/start/package.json
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v6.0.1 | ||
| uses: actions/checkout@v6.0.2 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Unpinned GitHub Actions references in workflows:"
rg -nP '^\s*uses:\s*[^@]+@(?![0-9a-f]{40}\b)\S+' .github/workflows
echo
echo "Resolve immutable SHAs for tags touched in this PR:"
for item in "actions/checkout v6.0.2" "changesets/action v1.7.0"; do
repo=$(awk '{print $1}' <<<"$item")
tag=$(awk '{print $2}' <<<"$item")
sha=$(git ls-remote --refs --tags "https://github.com/${repo}.git" \
"refs/tags/${tag}" "refs/tags/${tag}^{}" | awk 'END{print $1}')
printf "%s@%s -> %s\n" "$repo" "$tag" "$sha"
doneRepository: TanStack/devtools
Length of output: 1721
Pin GitHub Actions to immutable commit SHAs.
Lines 26 and 34 use mutable version tags. Pinning to full commit SHAs improves CI integrity and provenance; keep the tag as a trailing comment for readability. Apply the same pattern to all checkout actions in .github/workflows/pr.yml (lines 26, 42, and 56).
Suggested changes
- uses: actions/checkout@v6.0.2
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
...
- uses: changesets/action@v1.7.0
+ uses: changesets/action@e87c8ed249971350e47fab7515075f44eb134e5b # v1.7.0📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| uses: actions/checkout@v6.0.2 | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release.yml at line 26, Replace mutable action references
like uses: actions/checkout@v6.0.2 with the immutable commit SHA form (e.g.,
uses: actions/checkout@<FULL_COMMIT_SHA>) while preserving the human-friendly
tag as a trailing comment (e.g., # v6.0.2) to maintain readability; update the
checkout usages in the release workflow (the uses: actions/checkout entries) and
apply the same SHA-pinning pattern to the checkout actions referenced in pr.yml
(the uses: actions/checkout entries on the other specified lines).
Comment on lines
+62
to
+65
| "@tanstack/eslint-config": "0.4.0", | ||
| "@tanstack/intent": "^0.0.14", | ||
| "@tanstack/typedoc-config": "0.2.1", | ||
| "@tanstack/vite-config": "0.2.1", | ||
| "@testing-library/jest-dom": "^6.8.0", | ||
| "@tanstack/typedoc-config": "0.3.3", | ||
| "@tanstack/vite-config": "0.5.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
`What are the breaking changes (if any) between:
@tanstack/eslint-config0.3.2 -> 0.4.0@tanstack/typedoc-config0.2.1 -> 0.3.3@tanstack/vite-config0.2.1 -> 0.5.0
Please cite official release notes/changelogs.`
💡 Result:
1) @tanstack/eslint-config 0.3.2 → 0.4.0
- No explicit BREAKING change is called out in the release notes; the only noted change is: “update to
@eslint/jsv10”. [1] - However, the official docs for this config state you must have ESLint v9+ installed, which may be a practical breaking requirement if you were on ESLint 8. [2]
2) @tanstack/typedoc-config 0.2.1 → 0.3.3
- Breaking change introduced in 0.3.0: upgrade to TypeDoc v0.28, and “typedoc output is no longer lower-cased” (marked BREAKING in the release notes). [3]
- 0.3.3 is a patch release (“migrate to tsdown”) and does not list breaking changes. [4]
3) @tanstack/vite-config 0.2.1 → 0.5.0
- 0.3.0: update to Vite v7 (major Vite bump; not labeled breaking in the release note, but it is a major underlying dependency change). [5]
- 0.4.0: “support for bundling dependencies” (not labeled breaking). [6]
- Breaking change in 0.5.0: “Bump to Vite 8 with Rolldown. Drops Vite 6/7 support. Switches to
rolldownOptionsand nativeresolve.tsconfigPaths.” [7]
Sources (official release notes/docs): GitHub Releases for TanStack/config and TanStack Config docs. [1][2][3][4][5][6][7]
Address breaking changes in upgraded @tanstack config packages before merge.
Lines 62–65 upgrade three @tanstack config packages with 0.x minor bumps that introduce breaking changes:
- @tanstack/typedoc-config (0.2.1 → 0.3.3): Breaking change in 0.3.0 — "typedoc output is no longer lower-cased" (output format changed).
- @tanstack/vite-config (0.2.1 → 0.5.0): Breaking change in 0.5.0 — drops support for Vite 6/7, requires Vite 8+, and switches configuration from
viteConfigtorolldownOptionswith nativeresolve.tsconfigPaths.
These upgrades require corresponding changes to the codebase configuration (especially vite.config.ts). Verify and apply necessary config adjustments before merging.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@package.json` around lines 62 - 65, The `@tanstack` package upgrades introduce
breaking changes: update our build/docs configs accordingly by (1) in
typedoc-related code/configs (search for any Typedoc config files or usages that
expect lower-cased output) remove or adjust any post-processing that lower-cases
Typedoc output and ensure templates/consumers accept the new casing produced by
`@tanstack/typedoc-config` v0.3.3, and (2) in vite.config.ts (look for references
to viteConfig or imports from `@tanstack/vite-config`) migrate the old viteConfig
usage to the new shape: upgrade to Vite 8+ if not already and replace viteConfig
options with rolldownOptions and use the new native resolve.tsconfigPaths
behavior (update imports, option names, and any tsconfig path resolution code).
Make these changes where viteConfig and Typedoc config objects are defined so
the project builds and docs generate correctly with the new `@tanstack` versions.
There was a problem hiding this comment.
♻️ Duplicate comments (2)
.github/workflows/release.yml (1)
26-34:⚠️ Potential issue | 🟠 MajorPin GitHub Actions to immutable SHAs instead of mutable tags.
Line 26 and Line 34 still use mutable tags (
v6.0.2,v1.7.0). Please pin to full commit SHAs (keep tag as inline comment) to reduce supply-chain risk. This also applies to matching checkout entries in.github/workflows/pr.yml.#!/bin/bash set -euo pipefail echo "Mutable action refs in workflows:" rg -nP '^\s*uses:\s*[^@]+@(?![0-9a-f]{40}\b)\S+' .github/workflows echo echo "Resolve immutable SHAs for tags touched here:" for item in "actions/checkout v6.0.2" "changesets/action v1.7.0"; do repo=$(awk '{print $1}' <<<"$item") tag=$(awk '{print $2}' <<<"$item") sha=$(git ls-remote --refs --tags "https://github.com/${repo}.git" \ "refs/tags/${tag}" "refs/tags/${tag}^{}" | awk 'END{print $1}') printf "%s@%s -> %s\n" "$repo" "$tag" "$sha" done🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release.yml around lines 26 - 34, Replace mutable action refs with immutable commit SHAs: for each uses entry shown (actions/checkout@v6.0.2 and changesets/action@v1.7.0, and any other mutable refs like tanstack/config/.github/setup@main), resolve the tag to its full 40-char commit SHA (e.g., via git ls-remote or the repo's tags API) and update the uses value to repo@<full-sha>, keeping the original tag as an inline comment for readability; also mirror these exact SHA-pinned changes for the matching checkout/uses entries in the pr.yml workflow so all workflow invocations use immutable SHAs.package.json (1)
62-65:⚠️ Potential issue | 🟠 MajorRe-verify breaking config implications for upgraded
@tanstackconfig packages.Line 65 (
@tanstack/vite-config@0.5.0) alongside Line 82 (vite@^7.3.1) may be incompatible depending on current config usage. Line 64 (@tanstack/typedoc-config@0.3.3) can also require doc pipeline adjustments. Please confirm required migrations are already applied before merge.#!/bin/bash set -euo pipefail echo "1) Find usages of `@tanstack/vite-config` and old/new option names:" rg -nP --type=ts --type=js --type=json \ '@tanstack/vite-config|viteConfig|rolldownOptions|resolve\.tsconfigPaths' echo echo "2) Find typedoc config usage and possible output-casing assumptions:" rg -nP --type=ts --type=js --type=json \ '@tanstack/typedoc-config|typedoc|toLowerCase\(|lower-?case' echo echo "3) Show vite versions pinned across manifests:" rg -nP '"vite"\s*:\s*"[^"]+"' --glob '**/package.json'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@package.json` around lines 62 - 65, Upgrade of `@tanstack` packages may introduce breaking config/name changes; re-verify and apply migrations for `@tanstack/vite-config` (0.5.0) vs vite@^7.3.1 and `@tanstack/typedoc-config` (0.3.3). Search the repo for usages of '@tanstack/vite-config', 'viteConfig', 'rollupOptions', and 'resolve.tsconfigPaths' and update any renamed options or import paths in your Vite config (e.g., viteConfig-related exports), verify vite plugin/api compatibility or pin/bump vite accordingly, and search for '@tanstack/typedoc-config', 'typedoc' and any case-transforming assumptions (toLowerCase / lower-case) to update the typedoc pipeline or output casing. After making changes, run the project build/tests and lockfile update to ensure no runtime errors and include migration notes in the PR.
🧹 Nitpick comments (1)
examples/react/bundling-repro/package.json (1)
50-65: Consider adding aengines.nodefield to improve tooling compatibility.The repository and all example packages lack Node version constraints. With Vite
^7.3.1and Wrangler^4.73.0inbundling-repro, and no explicit Node version pinning in CI workflows (pr.yml, release.yml), addingengines.nodeto the root or example package.json files would make local and CI behavior more deterministic.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/react/bundling-repro/package.json` around lines 50 - 65, Add an engines.node field to the package.json (root or this example) to pin a supported Node range for Vite and Wrangler; for example target the current LTS used by those tools (e.g., Node 18.x — something like ">=18.16.0 <21") so local/dev/CI environments are deterministic. Update the package.json containing Vite and Wrangler (the file shown in the diff) to include that engines.node range, and mirror that constraint in CI workflows (pr.yml, release.yml) or GitHub Actions matrix so pipelines use a matching Node version; run the install/test matrix locally or in CI to verify compatibility.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/release.yml:
- Around line 26-34: Replace mutable action refs with immutable commit SHAs: for
each uses entry shown (actions/checkout@v6.0.2 and changesets/action@v1.7.0, and
any other mutable refs like tanstack/config/.github/setup@main), resolve the tag
to its full 40-char commit SHA (e.g., via git ls-remote or the repo's tags API)
and update the uses value to repo@<full-sha>, keeping the original tag as an
inline comment for readability; also mirror these exact SHA-pinned changes for
the matching checkout/uses entries in the pr.yml workflow so all workflow
invocations use immutable SHAs.
In `@package.json`:
- Around line 62-65: Upgrade of `@tanstack` packages may introduce breaking
config/name changes; re-verify and apply migrations for `@tanstack/vite-config`
(0.5.0) vs vite@^7.3.1 and `@tanstack/typedoc-config` (0.3.3). Search the repo for
usages of '@tanstack/vite-config', 'viteConfig', 'rollupOptions', and
'resolve.tsconfigPaths' and update any renamed options or import paths in your
Vite config (e.g., viteConfig-related exports), verify vite plugin/api
compatibility or pin/bump vite accordingly, and search for
'@tanstack/typedoc-config', 'typedoc' and any case-transforming assumptions
(toLowerCase / lower-case) to update the typedoc pipeline or output casing.
After making changes, run the project build/tests and lockfile update to ensure
no runtime errors and include migration notes in the PR.
---
Nitpick comments:
In `@examples/react/bundling-repro/package.json`:
- Around line 50-65: Add an engines.node field to the package.json (root or this
example) to pin a supported Node range for Vite and Wrangler; for example target
the current LTS used by those tools (e.g., Node 18.x — something like ">=18.16.0
<21") so local/dev/CI environments are deterministic. Update the package.json
containing Vite and Wrangler (the file shown in the diff) to include that
engines.node range, and mirror that constraint in CI workflows (pr.yml,
release.yml) or GitHub Actions matrix so pipelines use a matching Node version;
run the install/test matrix locally or in CI to verify compatibility.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: e678879d-8d9a-43d3-ba5e-e0fa5aebf4bb
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (26)
.github/workflows/autofix.yml.github/workflows/pr.yml.github/workflows/release.ymlexamples/preact/basic/package.jsonexamples/preact/custom-devtools/package.jsonexamples/react/basic/package.jsonexamples/react/bundling-repro/package.jsonexamples/react/custom-devtools/package.jsonexamples/react/drizzle/package.jsonexamples/react/https/package.jsonexamples/react/start/package.jsonexamples/react/time-travel/package.jsonexamples/solid/basic/package.jsonexamples/solid/devtools-ui/package.jsonexamples/solid/start/package.jsonexamples/vue/basic/package.jsonpackage.jsonpackages/devtools-ui/package.jsonpackages/devtools-utils/package.jsonpackages/devtools-vite/package.jsonpackages/devtools/package.jsonpackages/event-bus/package.jsonpackages/preact-devtools/package.jsonpackages/react-devtools/package.jsonpackages/solid-devtools/package.jsonpackages/vue-devtools/package.json
🚧 Files skipped from review as they are similar to previous changes (14)
- examples/react/drizzle/package.json
- examples/solid/start/package.json
- packages/devtools-ui/package.json
- packages/solid-devtools/package.json
- examples/solid/basic/package.json
- examples/vue/basic/package.json
- packages/preact-devtools/package.json
- packages/devtools/package.json
- examples/react/https/package.json
- examples/preact/custom-devtools/package.json
- packages/event-bus/package.json
- packages/devtools-vite/package.json
- .github/workflows/autofix.yml
- examples/react/custom-devtools/package.json
There was a problem hiding this comment.
♻️ Duplicate comments (1)
package.json (1)
62-65:⚠️ Potential issue | 🟠 MajorVerify Vite version compatibility with
@tanstack/vite-config0.5.0.The past review correctly identified that
@tanstack/vite-config0.5.0 requires Vite 8+ and drops support for Vite 6/7. However, this PR updatesviteto^7.3.1(Line 82), which would be incompatible with@tanstack/vite-config0.5.0.Either:
- Upgrade
viteto^8.xto match the requirements of@tanstack/vite-config0.5.0, or- Pin
@tanstack/vite-configto a version compatible with Vite 7 (e.g.,0.4.x)Also applies to: 82-82
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@package.json` around lines 62 - 65, The package version mismatch: "@tanstack/vite-config"@0.5.0 requires Vite 8+, but this PR sets "vite" to "^7.3.1"; update package.json so versions are compatible by either (A) bumping "vite" to a 8.x version (e.g., "^8.0.0") to match "@tanstack/vite-config"@0.5.0, or (B) pinning "@tanstack/vite-config" to a Vite-7-compatible release (e.g., "0.4.x"); pick one approach and make the corresponding change to the dependency entry for "vite" or "@tanstack/vite-config" so the two packages are aligned.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@package.json`:
- Around line 62-65: The package version mismatch: "@tanstack/vite-config"@0.5.0
requires Vite 8+, but this PR sets "vite" to "^7.3.1"; update package.json so
versions are compatible by either (A) bumping "vite" to a 8.x version (e.g.,
"^8.0.0") to match "@tanstack/vite-config"@0.5.0, or (B) pinning
"@tanstack/vite-config" to a Vite-7-compatible release (e.g., "0.4.x"); pick one
approach and make the corresponding change to the dependency entry for "vite" or
"@tanstack/vite-config" so the two packages are aligned.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 03c422c2-f992-4780-bceb-2f7fb298b00e
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (29)
.github/workflows/autofix.yml.github/workflows/pr.yml.github/workflows/release.ymlexamples/preact/basic/package.jsonexamples/preact/custom-devtools/package.jsonexamples/react/a11y-devtools/package.jsonexamples/react/basic/package.jsonexamples/react/bundling-repro/package.jsonexamples/react/custom-devtools/package.jsonexamples/react/drizzle/package.jsonexamples/react/https/package.jsonexamples/react/start/package.jsonexamples/react/time-travel/package.jsonexamples/solid/a11y-devtools/package.jsonexamples/solid/basic/package.jsonexamples/solid/devtools-ui/package.jsonexamples/solid/start/package.jsonexamples/vue/basic/package.jsonpackage.jsonpackages/devtools-a11y/package.jsonpackages/devtools-ui/package.jsonpackages/devtools-utils/package.jsonpackages/devtools-vite/package.jsonpackages/devtools/package.jsonpackages/event-bus/package.jsonpackages/preact-devtools/package.jsonpackages/react-devtools/package.jsonpackages/solid-devtools/package.jsonpackages/vue-devtools/package.json
🚧 Files skipped from review as they are similar to previous changes (13)
- packages/devtools-vite/package.json
- packages/event-bus/package.json
- packages/devtools-utils/package.json
- packages/vue-devtools/package.json
- examples/react/start/package.json
- examples/solid/devtools-ui/package.json
- examples/solid/start/package.json
- examples/react/https/package.json
- packages/devtools/package.json
- examples/react/drizzle/package.json
- examples/solid/basic/package.json
- examples/preact/basic/package.json
- packages/devtools-ui/package.json
Contributor
🚀 Changeset Version PreviewNo changeset entries found. Merging this PR will not cause a version bump for any packages. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^7.28.4→^7.29.0^7.28.3→^7.29.1^7.28.4→^7.29.2^7.28.4→^7.29.0^7.28.4→^7.29.02.2.4→2.4.12^1.13.8→^1.32.2^2.10.3→^2.10.5^2.4.3→^2.4.5^1.3.3→^1.3.5^2.1.3→^2.1.5^1.2.0→^1.3.2^4.0.6→^4.2.20.3.2→0.4.0^0.0.14→^0.0.29^1.23.7→^1.29.0^0.1.7→^0.2.21^5.90.1→^5.99.0^5.90.1→^5.99.0^1.132.0→^1.168.22^1.132.0→^1.166.13^1.131.7→^1.166.11^1.132.0→^1.167.41^0.9.0→^0.10.0^1.132.0→^1.167.22^5.90.1→^5.99.0^5.90.1→^5.99.0^1.131.50→^1.168.19^1.131.50→^1.166.13^0.9.0→^0.10.00.4.3→0.5.2^5.90.5→^5.99.0^6.1.0→^6.1.16^10.4.0→^10.4.1^6.8.0→^6.9.1^16.2.0→^16.3.2^4.0.2→^4.0.3^19.2.0→^19.2.14^19.2.0→^19.2.14^19.2.0→^19.2.3^6.0.1→^6.0.6^4.10.0→^4.11.3^1.11.19→^1.11.20^0.31.4→^0.31.10^0.44.5→^0.45.2^9.36.0→^9.39.4^4.2.0→^4.4.1^10.5.1→^10.8.0^2.1.16→^2.1.18^27.0.0→^27.4.0^5.64.0→^5.88.1^2.11.1→^2.13.2^0.561.0→^0.577.0^4.0.2→^4.0.322.1.3→22.6.5^8.16.3→^8.20.0^4.0.3→^4.0.410.24.0→10.33.0^10.28.0→^10.29.1^3.8.1→^3.8.3^3.4.1→^3.5.1^0.3.13→^0.3.18^19.2.0→^19.2.5^19.2.0→^19.2.5^19.2.0→^19.2.5^19.2.0→^19.2.5^1.7.0→^1.11.1^1.9.9→^1.9.12^1.9.9→^1.9.120.9.0→0.11.1^1.6.5→^1.6.11^3.0.2→^3.5.0^4.0.6→^4.2.2^0.2.15→^0.2.16^8.5.0→^8.5.1^1.3.6→^1.4.0~5.9.2→~5.9.3^0.5.8→^0.5.11^8.0.0→^8.0.8^1.17.8→^1.17.12^2.11.11→^2.11.12^6.0.2→^6.1.1^3.5.22→^3.5.32^5.1.0→^5.2.0^4.40.3→^4.82.2^8.18.3→^8.20.0^4.3.5→^4.3.6^5.0.8→^5.0.12Release Notes
biomejs/biome (@biomejs/biome)
v2.4.12Compare Source
Patch Changes
#9376
9701a33Thanks @dyc3! - Added thenursery/noIdenticalTestTitlelint rule. This rule disallows using the same title for twodescribeblocks or two test cases at the same nesting level.#9889
7ae83f2Thanks @dyc3! - Improved the diagnostics foruseForOfto better explain the problem, why it matters, and how to fix it.#9916
27dd7b1Thanks @Jayllyz! - Added a new nursery rulenoComponentHookFactories, that disallows defining React components or custom hooks inside other functions.For example, the following snippets trigger the rule:
#9980
098f1ffThanks @ematipico! - Fixed #9941: Biome now emits awarningdiagnostic when a file exceed thefiles.maxSizelimit.#9942
9956f1dThanks @dyc3! - Fixed #9918:useConsistentTestItno longer panics when applying fixes to chained calls such astest.for([])("x", () => {});.#9891
4d9ac51Thanks @dyc3! - Improved thenoGlobalObjectCallsdiagnostic to better explain why calling global objects likeMathorJSONis invalid and how to fix it.#9902
3f4d103Thanks @ematipico! - Fixed #9901: the commandlint --writeis now idempotent when it's run against HTML-ish files that contains scripts and styles.#9891
4d9ac51Thanks @dyc3! - Improved thenoMultiStrdiagnostic to explain why escaped multiline strings are discouraged and what to use instead.#9966
322675eThanks @siketyan! - Fixed #9113: Biome now parses and formats@mediaand other conditional blocks correctly inside embedded CSS snippets.#9835
f8d49d9Thanks @bmish! - ThenoFloatingPromisesrule now detects floating promises through cross-module generic wrapper functions. Previously, patterns likeexport const fn = trace(asyncFn)— wheretracepreserves the function signature via a generic<F>(fn: F): F— were invisible to the rule when the wrapper was defined in a different file.#9981
02bd8ddThanks @siketyan! - Fixed #9975: Biome now parses nested CSS selectors correctly inside embedded snippets without requiring an explicit&.#9949
e0ba71dThanks @Netail! - Added the nursery ruleuseIframeSandbox, which enforces thesandboxattribute foriframetags.Invalid:
#9913
d417803Thanks @Netail! - Added the nursery rulenoJsxNamespace, which disallows JSX namespace syntax.Invalid:
#9892
e75d70eThanks @dyc3! - Improved thenoSelfComparediagnostic to better explain why comparing a value to itself is suspicious and what to use for NaN checks.#9861
2cff700Thanks @dyc3! - Added the new nursery ruleuseVarsOnTop, which requiresvardeclarations to appear at the top of their containing scope.For example, the following code now triggers the rule:
#9892
e75d70eThanks @dyc3! - Improved thenoThenPropertydiagnostic to better explain why exposingthencan create thenable behavior and how to avoid it.#9892
e75d70eThanks @dyc3! - Improved thenoShorthandPropertyOverridesdiagnostic to explain why later shorthand declarations can unintentionally overwrite earlier longhand properties.#9978
4847715Thanks @mdevils! - Fixed #9744:useExhaustiveDependenciesno longer reports false positives for variables obtained via object destructuring with computed keys, e.g.const { [KEY]: key1 } = props.#9892
e75d70eThanks @dyc3! - Improved thenoRootTypediagnostic to better explain that the reported root type is disallowed by project configuration and how to proceed.#9927
7974ab7Thanks @dyc3! - Added eslint-plugin-unicorn'sno-nested-ternaryas a rule source fornoNestedTernary#9873
19ff706Thanks @minseong0324! -noMisleadingReturnTypenow checks class methods, object methods, and getters in addition to functions.#9888
362b638Thanks @dyc3! - Updated metadata forbiome migrate eslintto better reflect which ESLint rules are redundant versus unsupported versus unimplemented.#9892
e75d70eThanks @dyc3! - Improved thenoAutofocusdiagnostic to better explain why autofocus harms accessibility outside allowed modal contexts.#9982
d6bdf4aThanks @dyc3! - Improved performance of noMagicNumbers.Biome now maps ESLint
no-magic-numberssources more accurately duringbiome migrate eslint.#9889
7ae83f2Thanks @dyc3! - Improved the diagnostics fornoConstantConditionto better explain the problem, why it matters, and how to fix it.#9866
40bd180Thanks @dyc3! - Added a new nursery rulenoExcessiveSelectorClasses, which limits how many class selectors can appear in a single CSS selector.#9796
f1c1363Thanks @dyc3! - Added a new nursery ruleuseStringStartsEndsWith, which prefersstartsWith()andendsWith()over verbose string prefix and suffix checks.The rule uses type information, so it only reports on strings and skips array lookups such as
items[0] === "a".#9942
9956f1dThanks @dyc3! - Fixed the safe fix fornoSkippedTestsso it no longer panics when rewriting skipped test function names such asxit(),xtest(), andxdescribe().#9874
9e570d1Thanks @minseong0324! - Type-aware lint rules now resolve members throughPick<T, K>andOmit<T, K>utility types.#9909
0d0e611Thanks @Netail! - Added the nursery ruleuseReactAsyncServerFunction, which requires React server actions to be async.Invalid:
#9925
29accb3Thanks @ematipico! - Fixed #9910: added support for parsing member expressions in Svelte directive properties. Biome now correctly parses directives likein:renderer.in|global,use:obj.action, and deeply nested forms likein:a.b.c|global.#9904
e7775a5Thanks @ematipico! - Fixed #9626:noUnresolvedImportsno longer reports false positives for named imports from packages that have a corresponding@types/*package installed. For example,import { useState } from "react"with@types/reactinstalled is now correctly recognised.#9942
9956f1dThanks @dyc3! - Fixed the safe fix fornoFocusedTestsso it no longer panics when rewriting focused test function names such asfit()andfdescribe().#9577
c499f46Thanks @tt-a1i! - Added the nursery ruleuseReduceTypeParameter. It flags type assertions on the initial value passed toArray#reduceandArray#reduceRightand recommends using a type parameter instead.#9895
1c8e1efThanks @Netail! - Added extra rule sources from react-xyz.biome migrate eslintshould do a bit better detecting rules in your eslint configurations.#9891
4d9ac51Thanks @dyc3! - Improved thenoInvalidUseBeforeDeclarationdiagnostic to better explain why using a declaration too early is problematic and how to fix it.#9889
7ae83f2Thanks @dyc3! - Improved the diagnostics fornoRedeclareto better explain the problem, why it matters, and how to fix it.#9875
a951586Thanks @minseong0324! - Type-aware lint rules now resolve members throughPartial<T>,Required<T>, andReadonly<T>utility types, preserving optional, readonly, and nullable member flags.v2.4.11Compare Source
Patch Changes
#9350
4af4a3aThanks @dyc3! - Added the new nursery rule useConsistentTestIt in thetestdomain. The rule enforces consistent use of eitheritortestfor test functions in Jest/Vitest suites, with separate control for top-level tests and tests insidedescribeblocks.Invalid:
#9429
a2f3f7eThanks @ematipico! - Added the new nursery lint ruleuseExplicitReturnType. It reports TypeScript functions and methods that omit an explicit return type.#9828
9e40844Thanks @ematipico! - Fixed #9484: the formatter no longer panics when formatting files that containgraphqltagged template literals combined with parenthesized expressions.#9886
e7c681eThanks @ematipico! - Fixed an issue where, occasionally, some bindings and references were not properly tracked, causing false positives from [Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.