chore(deps): update patch npm dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@biomejs/biome (source)	^2.3.5 -> ^2.3.6
@rspack/plugin-react-refresh	^1.5.2 -> ^1.5.3
@rspress/core (source)	2.0.0-rc.0 -> 2.0.0-rc.1
@rspress/plugin-algolia (source)	2.0.0-rc.0 -> 2.0.0-rc.1
@rspress/plugin-client-redirects (source)	2.0.0-rc.0 -> 2.0.0-rc.1
@rspress/plugin-llms (source)	2.0.0-rc.0 -> 2.0.0-rc.1
@rspress/plugin-rss (source)	2.0.0-rc.0 -> 2.0.0-rc.1
@rspress/plugin-sitemap (source)	2.0.0-rc.0 -> 2.0.0-rc.1
@types/watchpack (source)	^2.4.4 -> ^2.4.5
case-police (source)	~2.1.0 -> ~2.1.1
cspell (source)	^9.3.0 -> ^9.3.2
glob	^11.0.3 -> ^11.1.0
html-webpack-plugin	^5.6.4 -> ^5.6.5
lint-staged	^16.2.6 -> ^16.2.7

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.3.6

Compare Source

Patch Changes

• #​8100 82b9a8e Thanks @​Netail! - Added the nursery rule useFind. Enforce the use of Array.prototype.find() over Array.prototype.filter() followed by [0] when looking for a single result.

  Invalid:

  [1, 2, 3].filter((x) => x > 1)[0];
  
  [1, 2, 3].filter((x) => x > 1).at(0);

• #​8118 dbc7021 Thanks @​hirokiokada77! - Fixed #​8117: useValidLang now accepts valid BCP 47 language tags with script subtags.

  Valid:

  <html lang="zh-Hans-CN"></html>

• #​7672 f1d5725 Thanks @​Netail! - Added the nursery rule useConsistentGraphqlDescriptions, requiring all descriptions to follow the same style (either block or inline) inside GraphQL files.

  Invalid:

  enum EnumValue {
    "this is a description"
    DEFAULT
  }

  Valid:

  enum EnumValue {
    """
    this is a description
    """
    DEFAULT
  }

• #​8026 f102661 Thanks @​matanshavit! - Fixed #​8004: noParametersOnlyUsedInRecursion now correctly detects recursion by comparing function bindings instead of just names.

  Previously, the rule incorrectly flagged parameters when a method had the same name as an outer function but called the outer function (not itself):

  function notRecursive(arg) {
    return arg;
  }
  
  const obj = {
    notRecursive(arg) {
      return notRecursive(arg); // This calls the outer function, not the method itself
    },
  };

  Biome now properly distinguishes between these cases and will not report false positives.

• #​8097 5fc5416 Thanks @​dyc3! - Added the nursery rule noVueVIfWithVFor. This rule disallows v-for and v-if on the same element.

  <!-- Invalid -->
  <div v-for="item in items" v-if="item.isActive">
    {{ item.name }}
  </div>

• #​8085 7983940 Thanks @​Netail! - Added the nursery rule noForIn. Disallow iterating using a for-in loop.

  Invalid:

  for (const i in array) {
    console.log(i, array[i]);
  }

• #​8086 2b41e82 Thanks @​matanshavit! - Fixed #​8045: The noNestedTernary rule now correctly detects nested ternary expressions even when they are wrapped in parentheses (e.g. foo ? (bar ? 1 : 2) : 3).

  Previously, the rule would not flag nested ternaries like foo ? (bar ? 1 : 2) : 3 because the parentheses prevented detection. The rule now looks through parentheses to identify nested conditionals.

  Previously not detected (now flagged):

  const result = foo ? (bar ? 1 : 2) : 3;

  Still valid (non-nested with parentheses):

  const result = foo ? bar : baz;

• #​8075 e403868 Thanks @​YTomm! - Fixed #​7948: The useReadonlyClassProperties code fix when checkAllProperties is enabled will no longer insert a newline after readonly and the class property.

• #​8102 47d940e Thanks @​lucasweng! - Fixed #​8027. useReactFunctionComponents no longer reports class components that implement componentDidCatch using class expressions.

  The rule now correctly recognizes error boundaries defined as class expressions:

  const ErrorBoundary = class extends Component {
    componentDidCatch(error, info) {}
  
    render() {
      return this.props.children;
    }
  };

• #​8097 5fc5416 Thanks @​dyc3! - Added the nursery rule useVueHyphenatedAttributes, which encourages using kebab case for attribute names, per the Vue style guide's recommendations.

  <!-- Invalid -->
  <MyComponent myProp="value" />
  
  <!-- Valid -->
  <MyComponent my-prop="value" />

• #​8108 0f0a658 Thanks @​Netail! - Added the nursery rule noSyncScripts. Prevent the usage of synchronous scripts.

  Invalid:

  <script src="https://third-party-script.js" />

  Valid:

  <script src="https://third-party-script.js" async />
  <script src="https://third-party-script.js" defer />

• #​8098 1fdcaf0 Thanks @​Jayllyz! - Added documentation URLs to rule descriptions in the JSON schema.

• #​8097 5fc5416 Thanks @​dyc3! - Fixed an issue with the HTML parser where it would treat Vue directives with dynamic arguments as static arguments instead.

• #​7684 f4433b3 Thanks @​vladimir-ivanov! - Changed noUnusedPrivateClassMembers to align more fully with meaningful reads.

  This rule now distinguishes more carefully between writes and reads of private class members.

  • A meaningful read is any access that affects program behavior.
  • For example, this.#x += 1 both reads and writes #x, so it counts as usage.
  • Pure writes without a read (e.g. this.#x = 1 with no getter) are no longer treated as usage.

  This change ensures that private members are only considered “used” when they are actually read in a way that influences execution.

  Invalid examples (previously valid)

  class UsedMember {
    set #x(value) {
      doSomething(value);
    }
  
    foo() {
      // This assignment does not actually read #x, because there is no getter.
      // Previously, this was considered a usage, but now it’s correctly flagged.
      this.#x = 1;
    }
  }

  Valid example (Previously invalid)

  class Foo {
    #usedOnlyInWriteStatement = 5;
  
    method() {
      // This counts as a meaningful read because we both read and write the value.
      this.#usedOnlyInWriteStatement += 42;
    }
  }

• #​7684 f4433b3 Thanks @​vladimir-ivanov! - Improved detection of used private class members

  The analysis for private class members has been improved: now the tool only considers a private member “used” if it is actually referenced in the code.

  • Previously, some private members might have been reported as used even if they weren’t actually accessed.
  • With this change, only members that are truly read or called in the code are counted as used.
  • Members that are never accessed will now be correctly reported as unused.

  This makes reports about unused private members more accurate and helps you clean up truly unused code.

  Example (previously valid)

  type YesNo = "yes" | "no";
  
  export class SampleYesNo {
    private yes: () => void;
    private no: () => void;
    private dontKnow: () => void; // <- will now report as unused
  
    on(action: YesNo): void {
      this[action]();
    }
  }

• #​7681 b406db6 Thanks @​kedevked! - Added the new lint rule, useSpread, ported from the ESLint rule prefer-spread.

  This rule enforces the use of the spread syntax (...) over Function.prototype.apply() when calling variadic functions, as spread syntax is generally more concise and idiomatic in modern JavaScript (ES2015+).

  The rule provides a safe fix.

Invalid

Math.max.apply(Math, args);
foo.apply(undefined, args);
obj.method.apply(obj, args);

Valid

Math.max(...args);
foo(...args);
obj.method(...args);

// Allowed: cases where the `this` binding is intentionally changed
foo.apply(otherObj, args);

• #​7287 aa55c8d Thanks @​ToBinio! - Fixed #​7205: The noDuplicateTestHooks rule now treats chained describe variants (e.g., describe.each/for/todo) as proper describe scopes, eliminating false positives.

  The following code will no longer be a false positive:

  describe("foo", () => {
    describe.for([])("baz", () => {
      beforeEach(() => {});
    });
  
    describe.todo("qux", () => {
      beforeEach(() => {});
    });
  
    describe.todo.each([])("baz", () => {
      beforeEach(() => {});
    });
  });

• #​8013 0c0edd4 Thanks @​Jayllyz! - Added the GraphQL nursery rule useUniqueGraphqlOperationName. This rule ensures that all GraphQL operations within a document have unique names.

  Invalid:

  query user {
    user {
      id
    }
  }
  
  query user {
    user {
      id
      email
    }
  }

  Valid:

  query user {
    user {
      id
    }
  }
  
  query userWithEmail {
    user {
      id
      email
    }
  }

• #​8084 c2983f9 Thanks @​dyc3! - Fixed #​8080: The HTML parser, when parsing Vue, can now properly handle Vue directives with no argument, modifiers, or initializer (e.g. v-else). It will no longer treat subsequent valid attributes as bogus.

  <p v-else class="flex">World</p>
  <!-- Fixed: class now gets parsed as it's own attribute -->

• #​8104 041196b Thanks @​Conaclos! - Fixed noInvalidUseBeforeDeclaration.
  The rule no longer reports a use of an ambient variable before its declarations.
  The rule also completely ignores TypeScript declaration files.
  The following code is no longer reported as invalid:

  CONSTANT;
  declare const CONSTANT: number;

• #​8060 ba7b076 Thanks @​dyc3! - Added the nursery rule useVueValidVBind, which enforces the validity of v-bind directives in Vue files.

  Invalid v-bind usages include:

  <Foo v-bind />
  <!-- Missing argument -->
  <Foo v-bind:foo />
  <!-- Missing value -->
  <Foo v-bind:foo.bar="baz" />
  <!-- Invalid modifier -->

• #​8113 fb8e3e7 Thanks @​Conaclos! - Fixed noInvalidUseBeforeDeclaration.
  The rule now reports invalid use of classes, enums, and TypeScript's import-equals before their declarations.

  The following code is now reported as invalid:

  new C();
  class C {}

• #​8077 0170dcb Thanks @​dyc3! - Added the rule useVueValidVElseIf to enforce valid v-else-if directives in Vue templates. This rule reports invalid v-else-if directives with missing conditional expressions or when not preceded by a v-if or v-else-if directive.

• #​8077 0170dcb Thanks @​dyc3! - Added the rule useVueValidVElse to enforce valid v-else directives in Vue templates. This rule reports v-else directives that are not preceded by a v-if or v-else-if directive.

• #​8077 0170dcb Thanks @​dyc3! - Added the rule useVueValidVHtml to enforce valid usage of the v-html directive in Vue templates. This rule reports v-html directives with missing expressions, unexpected arguments, or unexpected modifiers.

• #​8077 0170dcb Thanks @​dyc3! - Added the rule useVueValidVIf to enforce valid v-if directives in Vue templates. It disallows arguments and modifiers, and ensures a value is provided.

• #​8077 0170dcb Thanks @​dyc3! - Added the rule useVueValidVOn to enforce valid v-on directives in Vue templates. This rule reports invalid v-on / shorthand @ directives with missing event names, invalid modifiers, or missing handler expressions.

rspack-contrib/rspack-plugin-react-refresh (@​rspack/plugin-react-refresh)

v1.5.3

Compare Source

What's Changed

• test: migrate tests to rstest by @​9aoy in #​60
• chore: switch to compiler.rspack by @​chenjiahan in #​61
• chore(deps): update actions/checkout action to v5 by @​renovate[bot] in #​63
• chore(deps): update all non-major dependencies by @​renovate[bot] in #​62
• docs: move license headers to THIRDPARTY.md by @​chenjiahan in #​64

New Contributors

• @​9aoy made their first contribution in #​60

Full Changelog: rstackjs/rspack-plugin-react-refresh@v1.5.2...v1.5.3

web-infra-dev/rspress (@​rspress/core)

v2.0.0-rc.1

Compare Source

What's Changed

New Features 🎉

• feat(theme): add transition isPending UI to Sidebar by @​SoonIter in #​2778
• feat(plugin-twoslash): Make it possible to configure compilerOptions for TypeScript in twoslash by @​Karibash in #​2773

Bug Fixes 🐞

• fix(theme): nprogress bar color by @​SoonIter in #​2770
• fix(theme): button gradient color and add line-height back by @​SoonIter in #​2771
• fix(theme): Link click area should be same by @​SoonIter in #​2777
• fix(search): SearchPanel Enter keyboard not work regression by @​SoonIter in #​2775
• fix(route): should be compatiable to lowercase routePath by @​SoonIter in #​2776
• fix(theme): scroll should work in afterNav by @​SoonIter in #​2779
• fix(theme): line-height of SourceCode component by @​SoonIter in #​2783
• fix(theme): adjust line-height of sidebar and outline by @​SoonIter in #​2784
• fix(theme): unused code by @​SoonIter in #​2781
• fix(theme): section-header margin-top wrong selector by @​SoonIter in #​2782
• fix(theme): h2 gap and twoslash codeblock style by @​SoonIter in #​2786
• fix(theme): moon svg white border by @​SoonIter in #​2788

Other Changes

• Release v2.0.0-rc.0 by @​SoonIter in #​2756
• chore(theme): NavScreenItem should handle external link by @​SoonIter in #​2780
• chore(deps): update glob and rollup to solve security vulnerabilities by @​Timeless0911 in #​2785
• Release v2.0.0-rc.1 by @​SoonIter in #​2789

Full Changelog: web-infra-dev/rspress@v2.0.0-rc.0...v2.0.0-rc.1

antfu/case-police (case-police)

v2.1.1

Compare Source

No significant changes

    View changes on GitHub

streetsidesoftware/cspell (cspell)

v9.3.2

Compare Source

Fixes

fix: Add Zig programming language dictionary (#​7998)

fix: Add Zig programming language dictionary (#​7998)

---

fix: Search for TypeScript config files. (#​7997)

fix: Search for TypeScript config files. (#​7997)

TypeScript files were allowed, but would not be automatically found.

---

Dictionary Updates

fix: Workflow Bot -- Update Dictionaries (main) (#​8004)

fix: Workflow Bot -- Update Dictionaries (main) (#​8004)

v9.3.1

Compare Source

Fixes

fix: Support Deno (#​7966)

fix: Support Deno (#​7966)

jantimon/html-webpack-plugin (html-webpack-plugin)

v5.6.5

Compare Source

lint-staged/lint-staged (lint-staged)

v16.2.7

Compare Source

Patch Changes

• #​1711 ef74c8d Thanks @​iiroj! - Do not display a "failed to spawn" error message when a task fails normally. This message is reserved for when the task didn't run because spawning it failed.

---

Configuration

📅 Schedule: Branch creation - "before 8am on wednesday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for rspack canceled.

Name	Link
🔨 Latest commit	ff8fb6e
🔍 Latest deploy log	https://app.netlify.com/projects/rspack/deploys/691e7c22e9b53f00070faf6c

[github-actions]

📦 Binary Size-limit

Comparing ff8fb6e to feat: support prefetch and preload in css extract plugin (#12237) by harpsealjs

🙈 Size remains the same at 47.62MB

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[codspeed-hq]

CodSpeed Performance Report

Merging #12242 will not alter performance

_{Comparing renovate/patch-npm-dependencies (ff8fb6e) with main (aa49744)}

Summary

✅ 17 untouched