fix(deps): update npm-non-major (patch)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	2.4.6 → 2.4.8
@biomejs/biome (source)	2.4.6 → 2.4.8
@tailwindcss/vite (source)	4.2.1 → 4.2.2
astro (source)	6.0.2 → 6.0.7
tailwindcss (source)	4.2.1 → 4.2.2

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.8

Compare Source

Patch Changes

• #​9488 bc709f6 Thanks @​mvanhorn! - Fixed #​9463: the "Biome found a configuration file outside of the current working directory" diagnostic now includes the configuration file path and the working directory, giving users actionable information to debug the issue.

• #​9527 2f8bf80 Thanks @​mdm317! - Fixed #​8959: Fixed TypeScript arrow function formatting when a comment appears after =>.

• #​9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleUpdateWithoutWhere to prevent accidental full-table updates when using Drizzle ORM without a .where() clause.

• #​9531 1302740 Thanks @​ematipico! - Fixed #​9187: Astro frontmatter containing regex literals with quotes (/'/, /"/) or dashes (/---/) no longer causes parse errors.

• #​9535 b630d93 Thanks @​leno23! - Fixed #​9524: remove extra space before > when bracketSameLine is true and the self-closing slash is absent in HTML formatter.

• #​9537 81e6306 Thanks @​ematipico! - Fixed #​9238: The HTML parser no longer incorrectly reports --- inside element content (e.g. <td>---</td>) as an "Unexpected value or character" error.

• #​9532 4b64145 Thanks @​ematipico! - Fixed #​9117: biome check --write no longer falsely reports Svelte and Vue files as changed when html.formatter.indentScriptAndStyle is enabled and the files are already correctly formatted.

• #​9528 61451ef Thanks @​ematipico! - Fixed #​9341: Fixed an LSP crash that could corrupt file content when saving with format-on-save enabled.

• #​9538 794f79c Thanks @​ematipico! - Fixed #​9279: The rule noSubstr now detects .substr() and .substring() calls in all expression contexts, including variable declarations, function arguments, return statements, and arrow function bodies.

• #​9462 c23272c Thanks @​ematipico! - Fixed #​9370: The resolver now correctly prioritizes more specific exports patterns over less specific ones. Previously, a pattern like "./*" could match before "./features/*", causing resolution failures for packages with overlapping subpath patterns.

• #​9515 f85c069 Thanks @​shivamtiwari3! - Fixed #​9506 and #​9479: Biome no longer reports false parse errors on <script type="speculationrules"> and <script type="application/ld+json"> tags. These script types contain non-JavaScript content and are now correctly skipped by the embedded language detector.

• #​9514 7fe43c8 Thanks @​ematipico! - Fixed #​6964: Biome now correctly resolves the .gitignore file relative to vcs.root when configured. Previously, the vcs.root setting was ignored and Biome always looked for the ignore file in the workspace directory.

• #​9521 af39936 Thanks @​ematipico! - Fixed #​9483. Now the rule noRedeclare doesn't panic when it encounters constructor overloads.

• #​9490 60cf024 Thanks @​willfarrell! - Added support for modern CSS properties, pseudo-classes, and pseudo-elements.

  New known properties: dynamic-range-limit, overlay, reading-flow, reading-order, scroll-marker-group, scroll-target-group.

  New pseudo-elements: ::checkmark, ::column, ::picker, ::picker-icon, ::scroll-button, ::scroll-marker, ::scroll-marker-group.

  New pseudo-classes: :active-view-transition-type, :has-slotted, :target-after, :target-before, :target-current.

• #​9526 4d42823 Thanks @​ematipico! - Fixed #​9358 and #​9375. Now attributes that have text expressions such as class={buttonClass()} are correctly tracked in Svelte files.

• #​9520 61f53ee Thanks @​ematipico! - Fixed #​9519. Now noUnusedVariables doesn't flag variables that are used as typeof type.

• #​9487 331dc0d Thanks @​mvanhorn! - Fixed #​9477: source.fixAll.biome no longer sorts imports when source.organizeImports.biome is disabled in editor settings. The organize imports action is now excluded from the fix-all pass unless explicitly requested.

• #​9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleDeleteWithoutWhere to prevent accidental full-table deletes when using Drizzle ORM without a .where() clause.

v2.4.7

Compare Source

Patch Changes

• #​9318 3ac98eb Thanks @​ematipico! - Added new nursery lint rule useBaseline for CSS. The rule reports when CSS properties, property values, at-rules, media conditions, functions, or pseudo-selectors are not part of the configured Baseline tier.

  For example, at the time of writing, the rule will trigger for the use of accent-color because it has limited availability:

  a {
    accent-color: bar;
  }

• #​9272 2de8362 Thanks @​terror! - Added the nursery rule useImportsFirst that enforces all import statements appear before any non-import statements in a module. Inspired by the eslint-plugin-import import/first rule.

  // Invalid
  import { foo } from "foo";
  const bar = 1;
  import { baz } from "baz"; // ← flagged
  
  // Valid
  import { foo } from "foo";
  import { baz } from "baz";
  const bar = 1;

• #​9285 93ea495 Thanks @​dyc3! - Fixed noUndeclaredVariables from erroneously flagging props only used in the template section in Vue SFCs

• #​9435 6c5a8f2 Thanks @​siketyan! - Fixed #​9432: Values referenced as a JSX element in Astro/Vue/Svelte templates are now correctly detected; noUnusedImports and useImportType rules no longer reports these values as false positives.

• #​9362 fc9ca4c Thanks @​Netail! - Extra rule source references. biome migrate eslint should do a bit better detecting rules in your eslint configurations.

• #​9392 b881fea Thanks @​g-ortuno! - Fixed biomejs/biome-vscode#959: LSP now correctly resolves project directory when configurationPath points to a configuration file outside the workspace.

• #​9420 a1c46af Thanks @​ematipico! - Fixed #​9385: noUselessEscapeInString no longer incorrectly flags valid CSS hex escapes (e.g. \e7bb) as useless. The rule now recognizes all hex digits (0-9, a-f, A-F) as valid escape characters in CSS strings.

• #​9416 f2581b8 Thanks @​ematipico! - Fixed #​9131, #​9112, #​9166: the formatter no longer crashes or produces corrupt output when a JS file with experimentalEmbeddedSnippetsEnabled contains non-embedded template literals alongside embedded ones (e.g. console.log(\test`)next tographql(`...`)`).

• #​9344 cb4d7d7 Thanks @​ematipico! - Fixed #​6921: noShadow no longer incorrectly flags destructured variable bindings in sibling scopes as shadowing. Object destructuring, array destructuring, nested patterns, and rest elements are now properly recognized as declarations.

• #​9360 bc5dd99 Thanks @​ematipico! - Fixed #​7125: The rule noShadow no longer incorrectly flags parameters in TypeScript constructor and method overload signatures.

• #​9371 29cac17 Thanks @​ematipico! - Fixed #​5279: Tabs in diagnostic diff output are now rendered at a consistent width across context and changed lines, fixing visual misalignment when source files use tab indentation.

• #​9043 61e2a02 Thanks @​dyc3! - Fixed #​8897: Biome now parses @utility names containing / when Tailwind directives are enabled.

• #​9354 930c858 Thanks @​denbezrukov! - Improved CSS parser recovery for invalid unicode-range values that mix wildcard ranges with range intervals. For example, Biome now reports clearer diagnostics for invalid syntax like:

  unicode-range: U+11???-2??;
  unicode-range: U+11???-;

  with diagnostics such as:

  × Wildcard ranges cannot be combined with a range interval.
    > unicode-range: U+11???-2??;
                              ^
  
  × Expected a codepoint but instead found ';'.
    > unicode-range: U+11???-;
                               ^
  

• #​9355 78e74a2 Thanks @​SchahinRohani! - Fixed #​9349: Biome now correctly handles Vue dynamic :alt and v-bind:alt bindings in useAltText, preventing false positives in .vue files.

• #​9369 b309dde Thanks @​costajohnt! - Fixed #​9210: useAnchorContent no longer reports an accessibility error for Astro Image components inside links when they provide non-empty alt text.

• #​9345 70c2d4e Thanks @​ematipico! - Fixed #​7214: useOptionalChain now detects optional chain patterns that don't start at the beginning of a logical AND expression. For example, bar && foo && foo.length is now correctly flagged and fixed to bar && foo?.length.

• #​9311 78c4e9b Thanks @​ruidosujeira! - Fixed #​9245: the useSemanticElements rule no longer suggests <output> for role="status" and role="alert". The <output> element is only a relatedConcept of these roles, not a direct semantic equivalent. These roles are now excluded from suggestions, aligning with the intended behavior of the upstream prefer-tag-over-role rule.

• #​9363 b2ffb4a Thanks @​ematipico! - Fixed #​5212: useSemanticElements no longer reports a diagnostic when a semantic element already has its corresponding role attribute (e.g. <nav role="navigation">, <footer role="contentinfo">). These cases are now correctly left to noRedundantRoles.

• #​9364 1bb9edc Thanks @​xvchris! - Fixed #​9357. Improved the information emitted by some diagnostics.

• #​9434 bf12092 Thanks @​siketyan! - Fixed #​9433: noBlankTarget now correctly handles dynamic href attributes, such as <a href={company?.website} target="_blank">.

• #​9351 5046d2b Thanks @​Netail! - Expanded the noNegationElse rule to cover the inequality & strict inequality operator.

• #​9353 2a29e0d Thanks @​Conaclos! - Fixed #​7583:
  organizeImports now
  sorts named specifiers inside bare exports and merges bare exports.

  - export { b, a };
  - export { c };
  + export { a, b, c };

  Also, organizeImports now correctly adds a blank line between an import chunk
  and an export chunk.

    import { A } from "package";
  +
    export { A };

• #​8658 bdcc934 Thanks @​rksvc! - When the domains field is set in the configuration file, domains is now automatically enabled when Biome detects certain dependencies in package.json.

• #​9383 f5c8bf0 Thanks @​ematipico! - Fixed #​6606: The type inference engine now resolves Record<K, V> types, synthesizing them as object types with index signatures. This improves accuracy for type-aware lint rules such as noFloatingPromises, noMisusedPromises, useAwaitThenable, and useArraySortCompare when operating on Record-typed values.

• #​9359 701ddd3 Thanks @​ematipico! - Fixed #​7516: noUnusedImports no longer reports a false positive when a local variable shadows an imported type namespace that is still used in a type annotation.

• #​9473 50e93bd Thanks @​ematipico! - Improved the detection of variables inside Astro files. Now the rule noUnusedVariables and others will trigger fewer false positives.

• #​9459 171b2ee Thanks @​ematipico! - Fixed #​9314. Now Biome doesn't panic when useAriaPropsForRole is configured using an object.

• #​9465 c8918d6 Thanks @​Netail! - Fixed #​9464: Temporal is now correctly detected as a global.

• #​9367 722f0da Thanks @​Netail! - Added the nursery rule noTopLevelLiterals. It requires the root-level value to be an array or object.

  Invalid:

  "just a string"

• #​9333 a294b89 Thanks @​terror! - Fixed #​9310. Now the HTML formatter doesn't mangle elements that are followed by self-closing elements such as <br> or <img>.

• #​9391 4bffb66 Thanks @​ematipico! - Slightly increased the performance of the CLI in projects that have more than ~2K files.

• #​9365 776cb64 Thanks @​Netail! - Added the nursery rule noEmptyObjectKeys, which disallows the use of empty keys in JSON objects.

  Invalid:

  {
    "": "value"
  }

tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.2.2

Compare Source

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#​19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#​19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#​19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#​19745)
• Add support for Vite 8 in @tailwindcss/vite (#​19790)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#​19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#​19812)

withastro/astro (astro)

v6.0.7

Compare Source

Patch Changes

• #​15950 acce5e8 Thanks @​matthewp! - Fixes a build regression in projects with multiple frontend integrations where server:defer server islands could fail at runtime when all pages are prerendered.

• #​15988 c93b4a0 Thanks @​ossaidqadri! - Fix styles from dynamically imported components not being injected on first dev server load.

• #​15968 3e7a9d5 Thanks @​chasemccoy! - Fixes renderMarkdown in custom content loaders not resolving images in markdown content. Images referenced in markdown processed by renderMarkdown are now correctly optimized, matching the behavior of the built-in glob() loader.

• #​15990 1e6017f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale would always be the default locale instead of the actual one when using a dynamic route like [locale].astro or [locale]/index.astro. It now resolves to the correct locale from the URL.

• #​15990 1e6017f Thanks @​ematipico! - Fixes an issue where visiting an invalid locale URL (e.g. /asdf/) would show the content of a dynamic [locale] page with a 404 status code, instead of showing your custom 404 page. Now, the correct 404 page is rendered when the locale in the URL doesn't match any configured locale.

• #​15960 1d84020 Thanks @​matthewp! - Fixes Cloudflare dev server islands with prerenderEnvironment: 'node' by sharing the serialized manifest encryption key across dev environments and routing server island requests through the SSR runtime.

• #​15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

  When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

v6.0.6

Compare Source

Patch Changes

• #​15965 2dca307 Thanks @​matthewp! - Fixes client hydration for components imported through Node.js subpath imports (package.json#imports, e.g. #components/*), for example when using the Cloudflare adapter in development.

• #​15770 6102ca2 Thanks @​jpc-ae! - Updates the create astro welcome message to highlight the graceful dev/preview server quit command rather than the kill process shortcut

• #​15953 7eddf22 Thanks @​Desel72! - fix(hmr): eagerly recompile on style-only change to prevent stale slots render

• #​15916 5201ed4 Thanks @​trueberryless! - Fixes InferLoaderSchema type inference for content collections defined with a loader that includes a schema

• #​15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

• #​15944 a5e1acd Thanks @​fkatsuhiro! - Fixes SSR dynamic routes with .html extension (e.g. [slug].html.astro) not working

• #​15937 d236245 Thanks @​ematipico! - Fixes an issue where HMR didn't correctly work on Windows when adding/changing/deleting routes in pages/.

• #​15931 98dfb61 Thanks @​Strernd! - Fix skew protection query params not being applied to island hydration component-url and renderer-url, and ensure query params are appended safely for asset URLs with existing search/hash parts.

• Updated dependencies []:

  • @​astrojs/markdown-remark@​7.0.1

v6.0.5

Compare Source

Patch Changes

• #​15891 b889231 Thanks @​matthewp! - Fix dev routing for server:defer islands when adapters opt into handling prerendered routes in Astro core. Server island requests are now treated as prerender-handler eligible so prerendered pages using prerenderEnvironment: 'node' can load island content without 400 errors.

• #​15890 765a887 Thanks @​matthewp! - Fixes astro:actions validation to check resolved routes, so projects using default static output with at least one prerender = false page or endpoint no longer fail during startup.

• #​15884 dcd2c8e Thanks @​matthewp! - Avoid a MaxListenersExceededWarning during astro dev startup by increasing the shared Vite watcher listener limit when attaching content server listeners.

• #​15904 23d5244 Thanks @​jlukic! - Emit the before-hydration script chunk for the client Vite environment. The chunk was only emitted for prerender and ssr environments, causing a 404 when browsers tried to load it. This broke hydration for any integration using injectScript('before-hydration', ...), including Lit SSR.

• #​15933 325901e Thanks @​ematipico! - Fixes an issue where <style> tags inside SVG components weren't correctly tracked when enabling CSP.

• #​15875 c43ef8a Thanks @​matthewp! - Ensure custom prerenderers are always torn down during build, even when getStaticPaths() throws.

• #​15887 1861fed Thanks @​ematipico! - Fixes an issue where the build incorrectly leaked server entrypoint into the client environment, causing adapters to emit warnings during the build.

• #​15888 925252e Thanks @​matthewp! - Fix a bug where server:defer could fail at runtime in prerendered pages for some adapters (including Cloudflare), causing errors like serverIslandMap?.get is not a function.

• #​15901 07c1002 Thanks @​delucis! - Fixes JSON schema generation for content collection schemas that have differences between their input and output shapes.

• #​15882 759f946 Thanks @​matthewp! - Fix Astro.url.pathname for the root page when using build.format: "file" so it resolves to /index.html instead of /.html during builds.

v6.0.4

Compare Source

Patch Changes

• #​15870 920f10b Thanks @​matthewp! - Prebundle astro/toolbar in dev when custom dev toolbar apps are registered, preventing re-optimization reloads that can hide or break the toolbar.

• #​15876 f47ac53 Thanks @​ematipico! - Fixes redirectToDefaultLocale producing a protocol-relative URL (//locale) instead of an absolute path (/locale) when base is '/'.

• #​15767 e0042f7 Thanks @​matthewp! - Fixes server islands (server:defer) not working when only used in prerendered pages with output: 'server'.

• #​15873 35841ed Thanks @​matthewp! - Fix a dev server bug where newly created pages could miss layout-imported CSS until restart.

• #​15874 ce0669d Thanks @​ematipico! - Fixes a warning when using prefetchAll

• #​15754 58f1d63 Thanks @​rururux! - Fixes a bug where a directory at the project root sharing the same name as a page route would cause the dev server to return a 404 instead of serving the page.

• #​15869 76b3a5e Thanks @​matthewp! - Update the unknown file extension error hint to recommend vite.resolve.noExternal, which is the correct Vite 7 config key.

v6.0.3

Compare Source

Patch Changes

• #​15711 b2bd27b Thanks @​OliverSpeir! - Improves Astro core's dev environment handling for prerendered routes by ensuring route/CSS updates and prerender middleware behavior work correctly across both SSR and prerender environments.

  This enables integrations that use Astro's prerender dev environment (such as Cloudflare with prerenderEnvironment: 'node') to get consistent route matching and HMR behavior during development.

• #​15852 1cdaf9f Thanks @​ematipico! - Fixes a regression where the the routes emitted by the astro:build:done hook didn't have the distURL array correctly populated.

• #​15765 ca76ff1 Thanks @​matthewp! - Hardens server island POST endpoint validation to use own-property checks for improved consistency

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for gitify ready!

Name	Link
🔨 Latest commit	c1425d3
🔍 Latest deploy log	https://app.netlify.com/projects/gitify/deploys/69c098762f374f00083705bd
😎 Deploy Preview	https://deploy-preview-629--gitify.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 94 (🔴 down 3 from production) Accessibility: 97 (no change from production) Best Practices: 100 (no change from production) SEO: 100 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[setchy]

Raised upstream issue with biome: biomejs/biome#9589