chore(deps): update all non-major dependencies

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
biome		patch	2.2.3 -> 2.2.4
github.com/alecthomas/repr	require	patch	v0.5.1 -> v0.5.2
uv		patch	0.8.15 -> 0.8.17

---

Release Notes

biomejs/biome (biome)

v2.2.4: Biome CLI v2.2.4

2.2.4

Patch Changes

• #​7453
  aa8cea3 Thanks @​arendjr! - Fixed #​7242: Aliases specified in
  package.json's imports section now support having multiple targets as part of an array.

• #​7454
  ac17183 Thanks @​arendjr! - Greatly improved performance of
  noImportCycles by eliminating allocations.

  In one repository, the total runtime of Biome with only noImportCycles enabled went from ~23s down to ~4s.

• #​7447
  7139aad Thanks @​rriski! - Fixes #​7446. The GritQL
  $... spread metavariable now correctly matches members in object literals, aligning its behavior with arrays and function calls.

• #​6710
  98cf9af Thanks @​arendjr! - Fixed #​4723: Type inference now recognises
  index signatures and their accesses when they are being indexed as a string.

Example

type BagOfPromises = {
  // This is an index signature definition. It declares that instances of type
  // `BagOfPromises` can be indexed using arbitrary strings.
  [property: string]: Promise<void>;
};

let bag: BagOfPromises = {};
// Because `bag.iAmAPromise` is equivalent to `bag["iAmAPromise"]`, this is
// considered an access to the string index, and a Promise is expected.
bag.iAmAPromise;

• #​7415
  d042f18 Thanks @​qraqras! - Fixed #​7212, now the
  useOptionalChain rule recognizes optional chaining using
  typeof (e.g., typeof foo !== 'undefined' && foo.bar).

• #​7419
  576baf4 Thanks @​Conaclos! - Fixed #​7323.
  noUnusedPrivateClassMembers no longer reports as unused TypeScript
  private members if the rule encounters a computed access on this.

  In the following example, member as previously reported as unused. It is no longer reported.

  class TsBioo {
    private member: number;
  
    set_with_name(name: string, value: number) {
      this[name] = value;
    }
  }

• 
  351bccd Thanks @​ematipico! - Added the new nursery lint rule
  noJsxLiterals, which disallows the use of string literals inside JSX.

  The rule catches these cases:

  <>
    <div>test</div> {/* test is invalid */}
    <>test</>
    <div>
      {/* this string is invalid */}
      asdjfl test foo
    </div>
  </>

• #​7406
  b906112 Thanks @​mdevils! - Fixed an issue (#​6393) where the useHookAtTopLevel rule reported excessive diagnostics for nested hook calls.

  The rule now reports only the offending top-level call site, not sub-hooks of composite hooks.

  // Before: reported twice (useFoo and useBar).
  function useFoo() {
    return useBar();
  }
  function Component() {
    if (cond) useFoo();
  }
  // After: reported once at the call to useFoo().

• #​7461
  ea585a9 Thanks @​arendjr! - Improved performance of
  noPrivateImports by eliminating allocations.

  In one repository, the total runtime of Biome with only noPrivateImports enabled went from ~3.2s down to ~1.4s.

• 
  351bccd Thanks @​ematipico! - Fixed #​7411. The Biome Language Server had a regression where opening an editor with a file already open wouldn't load the project settings correctly.

• #​7142
  53ff5ae Thanks @​Netail! - Added the new nursery rule
  noDuplicateDependencies, which verifies that no dependencies are duplicated between the
  bundledDependencies, bundleDependencies, dependencies, devDependencies, overrides,
  optionalDependencies, and peerDependencies sections.

  For example, the following snippets will trigger the rule:

  {
    "dependencies": {
      "foo": ""
    },
    "devDependencies": {
      "foo": ""
    }
  }

  {
    "dependencies": {
      "foo": ""
    },
    "optionalDependencies": {
      "foo": ""
    }
  }

  {
    "dependencies": {
      "foo": ""
    },
    "peerDependencies": {
      "foo": ""
    }
  }

• 
  351bccd Thanks @​ematipico! - Fixed #​3824. Now the option CLI
  --color is correctly applied to logging too.

alecthomas/repr (github.com/alecthomas/repr)

v0.5.2

Compare Source

astral-sh/uv (uv)

v0.8.17

Compare Source

Released on 2025-09-10.

Enhancements

• Improve error message for HTTP validation in auth services (#​15768)
• Respect PYX_API_URL when suggesting uv auth login on 401 (#​15774)
• Add pyx as a supported PyTorch index URL (#​15769)

Bug fixes

• Avoid initiating login flow for invalid API keys (#​15773)
• Do not search for a password for requests with a token attached already (#​15772)
• Filter pre-release Python versions in uv init --script (#​15747)

v0.8.16

Compare Source

Enhancements

• Allow --editable to override editable = false annotations (#​15712)
• Allow editable = false for workspace sources (#​15708)
• Show a dedicated error for virtual environments in source trees on build (#​15748)
• Support Android platform tags (#​15646)
• Support iOS platform tags (#​15640)
• Support scripts with inline metadata in --with-requirements and --requirements (#​12763)

Preview features

• Support --no-project in uv format (#​15572)
• Allow uv format in unmanaged projects (#​15553)

Bug fixes

• Avoid erroring when match-runtime target is optional (#​15671)
• Ban empty usernames and passwords in uv auth (#​15743)
• Error early for parent path in build backend (#​15733)
• Retry on IO errors during HTTP/2 streaming (#​15675)
• Support recursive requirements and constraints inclusion (#​15657)
• Use token store credentials for uv publish (#​15759)
• Fix virtual environment activation script compatibility with latest nushell (#​15272)
• Skip Python interpreters that cannot be queried with permission errors (#​15685)

Documentation

• Clarify that uv auth commands take a URL (#​15664)
• Improve the CLI help for options that accept requirements files (#​15706)
• Adds example for caching for managed Python downloads in Docker builds (#​15689)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.