Skip to content

RENOVATE: Update all non-major dependencies#157

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-non-major
Open

RENOVATE: Update all non-major dependencies#157
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-non-major

Conversation

@renovate

@renovate renovate Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence Type Update
@biomejs/biome (source) 2.5.22.5.4 age confidence devDependencies patch
@biomejs/biome (source) 2.5.22.5.4 age confidence patch
actions/setup-node v6.4.0v6.5.0 age confidence action minor
cloudflare/cloudflared 2026.6.12026.7.2 age confidence minor
grafana/otel-lgtm 0.28.00.29.1 age confidence minor
prettier (source) 3.9.43.9.5 age confidence devDependencies patch
ultracite (source) 7.8.47.9.4 age confidence devDependencies minor

Release Notes

biomejs/biome (@​biomejs/biome)

v2.5.4

Compare Source

Patch Changes
  • #​10665 55ff995 Thanks @​dyc3! - Improved the performance of the HTML parser slightly in our synthetic benchmarks.

  • #​10894 f4fb10e Thanks @​ematipico! - Fixed #​6392: On-type formatting no longer moves comments before an if statement into its body.

  • #​10939 f2799db Thanks @​Netail! - Fixed #​10930: noLabelWithoutControl now correctly detects text interpolation in Astro, Svelte & Vue as valid accessible content.

  • #​10945 ae15d98 Thanks @​Netail! - Fixed #​10942: Svelte directives don't throw an accidental debug log anymore.

  • #​10842 5e1abfe Thanks @​JamBalaya56562! - Fixed #​9196: biome check --write --unsafe no longer hangs forever when applying the noCommentText code fix.

    The rule's fix now wraps the comment in a real JSX expression container ({/* comment */}) instead of re-inserting the braces as plain JSX text, so the fixed code is no longer reported again by the same rule.

  • #​10891 ecca79e Thanks @​ematipico! - Fixed #10885: prevented a module-inference regression introduced by a housekeeping change.

  • #​10886 60c8043 Thanks @​dyc3! - Fixed #​10727: Biome now breaks the arguments of curried test.each, it.each, describe.each, and test.for calls when they exceed the configured line width.

    - test.each([[1, 2]])("a description that is long enough to push the hugged opening line beyond the print width", (a, b) => {
    -   expect(a).toBe(b);
    - });
    + test.each([[1, 2]])(
    +   "a description that is long enough to push the hugged opening line beyond the print width",
    +   (a, b) => {
    +     expect(a).toBe(b);
    +   },
    + );
  • #​10895 01a85f0 Thanks @​ematipico! - Biome will now remove stale Unix daemon sockets from older Biome versions when starting a newer daemon.

v2.5.3

Compare Source

Patch Changes
  • #​10815 86613d5 Thanks @​WaterWhisperer! - Fixed a parser panic reported in #​10708: Biome now recovers when unsupported CSS Modules @value rules or scoped @keyframes names end at EOF.

  • #​10534 da9b403 Thanks @​Mokto! - Fixed noUnusedVariables false positives in Svelte files: Svelte store subscriptions ($store references in templates now keep the underlying store binding from being flagged), and $bindable() props that are only written to in the script block (write-only is intentional for bindable props) are no longer reported as unused.

  • #​10827 098ba41 Thanks @​Aqu1bp! - Fixed #​10698: The noUnsafeOptionalChaining rule now reports unsafe optional chains wrapped in TypeScript as, satisfies, type assertion, and instantiation expressions, such as new (value?.constructor as Constructor)().

  • #​10773 3c6513d Thanks @​otkrickey! - Fixed #​10772: useVueValidVOn no longer reports a missing handler for v-on directives using a verb modifier (.stop / .prevent) without an expression, e.g. <div @&#8203;click.stop></div>. The rule also accepts the arg-less object syntax <div v-on="$listeners"></div> instead of reporting a missing event name.

  • #​10721 d83c66b Thanks @​minseong0324! - Improved type-aware lint rule inference for built-in globals and indexed function calls. Biome now resolves Error(...), new Error(...), optional Error#stack, and calls through indexed function values such as handlers[0]() more accurately.

  • #​10865 6450276 Thanks @​ematipico! - Fixed #​10845. Biome Language Server no longer goes in deadlock when the scanner is enabled.

  • #​10853 93d8e53 Thanks @​Netail! - Fixed #​10840: Astro shorthand attribute syntax is now correctly being parsed from embedded nodes.

  • #​10820 bba3092 Thanks @​JamBalaya56562! - Fixed #​10619: noProcessEnv now also reports computed (bracket) member access. Previously only dot access was checked, so process["env"] and env["NODE_ENV"] (where env is imported from node:process) were missed. Both static and computed accesses are now reported.

  • #​10835 3447b2f Thanks @​dyc3! - Fixed #​10824: useDomQuerySelector now supports an ignore option for receiver identifiers that should not be reported.

  • #​10875 b12e486 Thanks @​dyc3! - Fixed #​10795: --profile-rules now reports timings for each plugin separately as plugin/<pluginName>, matching the naming used by plugin suppressions, instead of aggregating all plugins under a single plugin/plugin entry.

  • #​10877 d6bc447 Thanks @​ematipico! - Fixed biome-zed#164: Biome no longer inserts stray whitespace when format-on-type runs after closing delimiters such as ), ], and }.

  • #​10867 a21463e Thanks @​dyc3! - Fixed #​10864: Biome no longer crashes when checking or linting HTML files with unquoted attribute values such as <textarea rows=4></textarea>.

actions/setup-node (actions/setup-node)

v6.5.0

Compare Source

What's Changed

Full Changelog: actions/setup-node@v6.4.0...v6.5.0

cloudflare/cloudflared (cloudflare/cloudflared)

v2026.7.2

Compare Source

SHA256 Checksums:
cloudflared-amd64.pkg: bc6d9d21d447af25ee437ff6669905a1c843362739d8ef50f647a0c4b016ac52
cloudflared-arm64.pkg: 011f985b710d1aff335d69d107847b1a121433bd4680e792cfdf6557cec1989d
cloudflared-darwin-amd64.tgz: a5afb0ba3da859da47bebc9a918d5b196bf7e4aec23589419b46356731bcc75f
cloudflared-darwin-arm64.tgz: 0588df58494a6cadd38b9deb6078908a5054063c80784d92fdb8d4a5f3de1c67
cloudflared-fips-linux-amd64: a4e3b8f2191ce3f6ad97f2f05e1ff629b7188a6d16a55188e7ec42110a3cef8e
cloudflared-fips-linux-amd64.deb: ca80c7312aa29fd91e880f0bd8592aa12811f1913551fbf5bd238617bfb32e30
cloudflared-fips-linux-x86_64.rpm: 161c36941608661c27f68c4b545d3a58f7a6f229776c7b2607e5e9f0a7cd5a10
cloudflared-linux-386: cbad04f2700ae4d4971fe07e9ded67327142f2d3338aef86ae04e6042f7ce990
cloudflared-linux-386.deb: dd4d7a07fd17b1494a32209ca02408a52b095d36995df235e8358eafba5c2a29
cloudflared-linux-386.rpm: a27d7182c21da107ca37c970993b90ac093b3f06e2b0b01de95c695dc30defbf
cloudflared-linux-aarch64.rpm: 90667866ad18c502ba6921b8db58645dc8a29ea3290f3fbdba1d30d82d6d2f4d
cloudflared-linux-amd64: ec905ea7b7e327ff8abdde8cb64697a2152de74dbcdbf6aec9db8364eb3886cd
cloudflared-linux-amd64.deb: 88195157a136199a86977c122a22084dae6907480bbe3640222b7b55834afc3a
cloudflared-linux-arm: 80dc01d7e284f269395824de841f8c7396c6641871eacc46add53a394b4548f4
cloudflared-linux-arm.deb: cb8af4fd776503327d701115a59f3267b949691bdd43707ff5742b456b73aa4b
cloudflared-linux-arm.rpm: 1a08bb17cd739043d93e69aeb7f3f02d0fb63508f2fa5154025cdb575efbea30
cloudflared-linux-arm64: 405df476437e027fc6d18729a5a77155c0a33a6082aeee60a799a688f3052e66
cloudflared-linux-arm64.deb: ddd7d2a0d55a1879485ac34354e936424f1df92e306bfa6428a81908aaddbe87
cloudflared-linux-armhf: e4f86d1a24cfcd065268f2bc874d0510f278f12842c0d220ce6e887489b16a70
cloudflared-linux-armhf.deb: 2f6ae79aa05128747c3f0c5ca520e72af8e4eb060a95ae16188a80ae762e0bf9
cloudflared-linux-armhf.rpm: 2df5714d7ed108773a399ac8544a13b3e2debe54d455f38e2453e784066488f8
cloudflared-linux-x86_64.rpm: 243ae0f3e25225b322fca700ac45be53fe3f6821f9a43a944a36cd9e9f9895ad
cloudflared-windows-386.exe: 32decf512bb37dfcf8f915e923b8132803cb0f7262995d0b168495694b1ee2d7
cloudflared-windows-386.msi: 0219784e6489e418ae00dc22ff99dc56addd6da84a2af0f9bcee3a2bc65538c7
cloudflared-windows-amd64.exe: cdb5d4432f6ae1595654a692a51308b69d2bf7af961f5578d9391837cf072df9
cloudflared-windows-amd64.msi: d783b28eb067b1b901e27b84f89f802d0d1437a02c8b957207a3038fcf94b0c8

v2026.7.1

Compare Source

SHA256 Checksums:
cloudflared-amd64.pkg: 172f8421b4d6d7e3b8bb15c94d83e7c3719ef0ccbbee1c26bb4cb7527d091792
cloudflared-arm64.pkg: 00a70af97f887d9143a4f4345a8bd9c3ef887d186c1f2c232bf17edd5d3e643d
cloudflared-darwin-amd64.tgz: 117d5e0e8c2d4ae26b2a9ec428c3e2e719a1b7405a5734a977c7fd99a6089d12
cloudflared-darwin-arm64.tgz: a580c3cc8ae1c5f09d2bd5f870ef8699eadcb81af7db2d58ae488117d572c053
cloudflared-fips-linux-amd64: 54e1a1ec3f087659ab56103130a9f2a08ecc2b289fb24479ebceddacaac01393
cloudflared-fips-linux-amd64.deb: 338025764cba69832a78c8d73364ca051f5ed4ddf69d34fe613745468b855c38
cloudflared-fips-linux-x86_64.rpm: 940efa080eb6fcfc6ffed36041955118fbda449f257e6c1e5ee08d659034c589
cloudflared-linux-386: 8452c2b93f2bfa89f1249bceaec128c90424e25a6ef600f57d92b1fbd0cb502f
cloudflared-linux-386.deb: 67399ccd21a024a58b6fe3a8ab8b093c1daeb80b9e2817fb16a96681d8313f0d
cloudflared-linux-386.rpm: 41ad25da705d57569eb7d09f775c17728a4773ec4affe24ee969c7937c629655
cloudflared-linux-aarch64.rpm: 53a59e6c15f07c253ea9719e6bfd8ce0b64e98335d422f16185e762e4cfb809b
cloudflared-linux-amd64: 79a0ade7fc854f62c1aaef48424d9d979e8c2fcd039189d24db82b84cd146be1
cloudflared-linux-amd64.deb: 79f790b45e6a9152c6cf63f60f4901e3d8a029f7f4be1345a24cd2373aba8e7d
cloudflared-linux-arm: 17cedcb83d8239c5f81f6d57b7d50a384f0d57fd523af2763f47ac6cade77bf9
cloudflared-linux-arm.deb: 4f9e089334ef5bc2af111d25764d99dd4ac5fc3c347909fc0b390063c706d535
cloudflared-linux-arm.rpm: 87a85965885de62b232c7b99b395c821a99ad6eaa2e43d3eb77aa321603faf80
cloudflared-linux-arm64: 18f2c9bfc7a67a971bd96f1a5a1935def3c1e52aa386626f1566f04e9b5478d6
cloudflared-linux-arm64.deb: 4cc3570b4f86ca8b90d7d86d327a2138ade04905d5177a98652f461292725043
cloudflared-linux-armhf: 3df46bcb6308d3a974159557572c2b82a15f2c8de9e6d065457778fc90474ee0
cloudflared-linux-armhf.deb: ddf2e2076d37911479b9250dd5e822fabe06787f7703ff63b8423127130a8d4d
cloudflared-linux-armhf.rpm: 6ba2695f894ed4b82fbb35e08a7c12ef011456e3951eb9b5397a39cb4b61849c
cloudflared-linux-x86_64.rpm: 0bf0252e7eef2275217e54ebd636db5e94059a3975e4dddcea2bc70cec26629c
cloudflared-windows-386.exe: 627fe6e42c5e92e42de962afec19bcbf14a60d43c352dbe4b605f1e3246462ed
cloudflared-windows-386.msi: f4d70de72396af28952c431e86c84b616d311ac9d4b6995a492757d58490ce4f
cloudflared-windows-amd64.exe: ccb0756de288d3c2c076d19764ca53e0849a10f2dd9c23f8656ac42bdeb45001
cloudflared-windows-amd64.msi: 6128260f9634e2ca85c1046edce95ed658a0b1bcf67d6b32c7cfa39ad838cbe4

v2026.7.0

Compare Source

SHA256 Checksums:
cloudflared-amd64.pkg: 3dac380c742f92954e437fdcfb860ad39d8ebe6a132e0d096df8c318a97e58e5
cloudflared-arm64.pkg: aaead35f81fa9c57ace91c65fda8683236168fd17754b231d9909d2c808e8bc6
cloudflared-darwin-amd64.tgz: c0c65579c6f11b1381cf5ffd1614f5094bf140e18938eae4ad16931da9f69499
cloudflared-darwin-arm64.tgz: cd33944f6ce65e240942d986932bc96bde8641ecefcd52c1ae5dc21f0bcffb04
cloudflared-fips-linux-amd64: ee9810096eb0c43366f06eadafed5f70a391f3a05ccfabd097bb7692b8bfbba6
cloudflared-fips-linux-amd64.deb: 9d72fc8a5e5ac75a4e2b1b2e94c7ddbd943ba5d2a671f902da826f695a607751
cloudflared-fips-linux-x86_64.rpm: 9c5a809ff4fed31f9290550009e6b629ab7003c4122639ee60fd39609f929d46
cloudflared-linux-386: cc962762e4a4d48228696d1631ecdef878837ce014caa6822bf8c789540d8740
cloudflared-linux-386.deb: fb4a3d2924fa40a94e7610585f7fc9110bdbc40fe7f3edc9a3f30faf51e5483d
cloudflared-linux-386.rpm: 0797d1b6dedbb94711cc3eddf646d1077274e308fdd2654188ff65f63bca10b9
cloudflared-linux-aarch64.rpm: be908e7db79f1f98e5160712e65b9aa4410bf7e28197c53fa7fbe710125994b1
cloudflared-linux-amd64: 434a04eb237e07d3d4146fc44acdbb411260a94fcb01764f454abe38a09503f3
cloudflared-linux-amd64.deb: b8b633050626db4eabf2ae1b62f2aaf9504575d938a5599d127e643d6be5cf48
cloudflared-linux-arm: 349b7fa3fa1ae1274ae3d9e6dd02895ea9d0c5ee3a5001846089a5cdbe2b1cc0
cloudflared-linux-arm.deb: 2b9f8ffc443d8b9426ec44be656f508b23ccf7245b37196b80c4bcb4ca736011
cloudflared-linux-arm.rpm: 23dd62374398592059f077d3bdc12782c1ce477dc5c28c4e0dc384e8f797919b
cloudflared-linux-arm64: a4c14d1dfb4ea1092da4b64ede05fab7092ba8a424c7df1e7747f5232a4127ff
cloudflared-linux-arm64.deb: 59faf984abfb7a0cadb0024fe47367bd969583b7142b247b9e6a5df8944192c0
cloudflared-linux-armhf: ab0126ee1258ca62ee1ffcef94e80bae69e69f7d7d32e4cc6af71d771083406c
cloudflared-linux-armhf.deb: 8c7590d5cd5c99567a1c11b190fe8f4b5edc8a9014ce38c47ec1f671776e9d32
cloudflared-linux-armhf.rpm: 8893cbf753518ffe01b39bbd08e39461ed11b7cf35db5ce9caf7365b4b949230
cloudflared-linux-x86_64.rpm: 7e68aa6a20069b7a7873bd92681abcc5c4c84a909d7cbe50391eb9033050f2c0
cloudflared-windows-386.exe: 68537222793cad797350a924a7e954f8f1748a645b3ff9032c8742e4559d0e80
cloudflared-windows-386.msi: 71b0c22a7b3b323d9c5b41d23b67c79bdb53de6f9d13db2bbdd30a3ec7839b7d
cloudflared-windows-amd64.exe: b11ee950a12b15604e6b0a0f30a226516adc7aec75de2e3c642b28e50ddef9ea
cloudflared-windows-amd64.msi: 32f5d96277960a8ba95f5c708911c9874e3bbae3002bc71e85f934006ccd62be
grafana/docker-otel-lgtm (grafana/otel-lgtm)

v0.29.1

Compare Source

What's Changed

OpenTelemetry & LGTM
Other Changes

New Contributors

Full Changelog: grafana/docker-otel-lgtm@v0.29.0...v0.29.1

v0.29.0

Compare Source

What's Changed

OpenTelemetry & LGTM
Other Changes

New Contributors

Full Changelog: grafana/docker-otel-lgtm@v0.28.0...v0.29.0

prettier/prettier (prettier)

v3.9.5

Compare Source

diff

Markdown: Cap ordered list mark at 999,999,999 (#​19351 by @​tats-u)

CommonMark parsers only support ordered list item numbers up to 999,999,999.

With this change, Prettier now caps the ordered list item number at 999,999,999 to ensure that the output is correctly parsed as an ordered list by CommonMark parsers. Numbers larger than 999,999,999 are not parsed as list item numbers and are left unchanged in the output:

<!-- Input -->
999999998. text
999999998. text
999999998. text
999999998. text

1234567890123456789012) text

<!-- Prettier 3.9.4 -->
999999998. text
999999999. text
1000000000. text
1000000001. text

1234567890123456789012) text

<!-- Prettier 3.9.5 -->
999999998. text
999999999. text
999999999. text
999999999. text

1234567890123456789012) text
Markdown: Avoid corrupting empty link with title (#​19487 by @​andersk)

Do not remove <> from an inline link or image with an empty URL and a title, as this removal would change its interpretation.

<!-- Input -->
[link](<> "title")

<!-- Prettier 3.9.4 -->
[link]( "title")

<!-- Prettier 3.9.5 -->
[link](<> "title")
Less: Remove extra spaces after [ in map lookups (#​19503 by @​kovsu)
// Input
.foo {
  color: #theme[ primary];
  color: #theme[@&#8203;name];
  color: #theme[@&#8203;@&#8203;name];
}

// Prettier 3.9.4
.foo {
  color: #theme[ primary];
  color: #theme[ @&#8203;name];
  color: #theme[ @&#8203;@&#8203;name];
}

// Prettier 3.9.5
.foo {
  color: #theme[primary];
  color: #theme[@&#8203;name];
  color: #theme[@&#8203;@&#8203;name];
}
CSS: Prevent addition space in type() with + (#​19516 by @​bigandy)

This fixes the addition space before + in CSS type() declaration. For example type(<number>+) was being converted into type(<number> +) which is invalid CSS and does not work.

/* Input */
div {
  border-radius: attr(br type(<length>+));
}

/* Prettier 3.9.4 */
div {
  border-radius: attr(br type(<length> +));
}

/* Prettier 3.9.5 */
div {
  border-radius: attr(br type(<length>+));
}
Less: Remove spaces between merge markers and colons (#​19517 by @​kovsu)
// Input
a {
  box-shadow  +  : 0 0 1px #&#8203;000;
}

// Prettier 3.9.4
a {
  box-shadow+  : 0 0 1px #&#8203;000;
}

// Prettier 3.9.5
a {
  box-shadow+: 0 0 1px #&#8203;000;
}
Markdown: Preserve wiki links with aliases (#​19527 by @​kovsu)
<!-- Input -->
[[Foo:Bar]]

<!-- Prettier 3.9.4 -->
[[Foo]]

<!-- Prettier 3.9.5 -->
[[Foo:Bar]]
TypeScript: Fix comments being dropped on shorthand type import/export specifiers (#​19565 by @​kirkwaiblinger)
// Input
export { type /* comment */ T } from "foo";
import { type /* comment */ T } from "foo";

// Prettier 3.9.4
Error: Comment "comment" was not printed. Please report this error!

// Prettier 3.9.5
export { type /* comment */ T } from "foo";
import { type /* comment */ T } from "foo";
Miscellaneous: Preserving comments' placement property (#​19567 by @​Janther)

Prettier@​3.9.0 deleted an undocumented property on comments, which was already used by plugins, comment.placement is now available again after comment attach.

Flow: Stop enforcing empty module declaration to break (#​19568 by @​fisker)
// Input
declare module "foo" {}

// Prettier 3.9.4
declare module "foo" {
}

// Prettier 3.9.5
declare module "foo" {}
Angular: Support expression for exhaustive typechecking (#​19571 by @​fisker)
<!-- Input -->
@&#8203;switch (state.mode) {
  @&#8203;default never(state);
}

<!-- Prettier 3.9.4 -->
@&#8203;switch (state.mode) {
  @&#8203;default never;
}

<!-- Prettier 3.9.5 -->
@&#8203;switch (state.mode) {
  @&#8203;default never(state);
}
TypeScript: Ignore comments inside mapped type when checking type parameter comments (#​19572 by @​fisker)
// Input
foo<{
  // comment
  [key in keyof Foo]: number
}>();

// Prettier 3.9.4
foo<
  {
    // comment
    [key in keyof Foo]: number;
  }
>();

// Prettier 3.9.5
foo<{
  // comment
  [key in keyof Foo]: number;
}>();
Less: Fix adjacent block comments being corrupted (#​19574 by @​kovsu)
// Input
/* a *//* b */
/* a */* {
  color: red;
}

// Prettier 3.9.4
/* a */
/* b */
/* a * {
  color: red;
}

// Prettier 3.9.5
/* a */ /* b */
/* a */
* {
  color: red;
}
JavaScript: Handle dangling comments in SwitchStatement (#​19581 by @​fisker)
// Input
switch (foo) {
 // comment
}

// Prettier 3.9.4
switch (
  foo
  // comment
) {
}

// Prettier 3.9.5
switch (foo) {
  // comment
}
TypeScript: Remove space in comment-only object type (#​19583 by @​fisker)
// Input
var foo = {
  /* comment */
};
type Foo = {
  /* comment */
};

// Prettier 3.9.4
var foo = {/* comment */};
type Foo = { /* comment */ };

// Prettier 3.9.5
var foo = {/* comment */};
type Foo = {/* comment */};
haydenbleasel/ultracite (ultracite)

v7.9.4

Compare Source

Patch Changes
  • f480c12: Upgrade Biome to 2.5.3 to fix the LSP scanner deadlock (#​10845) where editors get stuck on "Biome is scanning the project".
  • 1d70c40: Fail fast with an actionable message when Biome can't resolve ultracite/biome/core. Biome resolves that config out of the project's node_modules, so it errors with an opaque "module not found" whenever Ultracite isn't installed there — a state npx ultracite check / bunx ultracite check hide, because they run the CLI from a temp cache regardless. check and fix now detect it before invoking Biome and say what's actually wrong, and doctor verifies that Ultracite resolves rather than just appearing in package.json (#​750).
  • 38d10bc: Move Biome's noUnknownAttribute rule out of the core preset and into the react preset. The rule only recognises React's JSX attribute names, so projects using Solid, Svelte, Vue, or Qwik were incorrectly flagged for framework-standard attributes such as class.
  • cf723bd: Add interactive and non-interactive selection for optional Oxlint JS plugins during init.

v7.9.3

Compare Source

Patch Changes
  • dc6d760: Disable the n/no-unpublished-import rule in the ESLint core config. This rule flags imports of packages that aren't listed as published dependencies, but it produces a lot of false positives in practice, so it's now turned off.
  • 15ecfba: Fix ultracite init --linter eslint installing an unusable toolchain. The generated ESLint config imports eslint-plugin-storybook unconditionally (which requires the storybook peer) and the generated Stylelint config extends stylelint-config-standard / stylelint-config-idiomatic-order / stylelint-prettier, but none of those packages were installed — so a fresh ESLint setup failed to load with "Cannot find package 'storybook'" or "Could not find stylelint-config-standard". These four packages are now installed with the ESLint linter.
  • 2f73a41: Upgrade to oxlint 1.73.0 and oxfmt 0.58.0, and enable the new lint rules they introduce: no-unreachable-loop, unicorn/explicit-timer-delay, and unicorn/no-confusing-array-with.
  • 83b2783: Add an [astro] formatter mapping (astro-build.astro-vscode) to the oxlint VS Code editor settings generated by ultracite init, since oxfmt doesn't format .astro files.
  • d186c53: Move every JS-plugin-based rule set out of the Oxlint core and framework presets and into a single opt-in ultracite/oxlint/js-plugins preset. This covers eslint-plugin-github and eslint-plugin-sonarjs (previously in core) as well as oxlint-plugin-react-doctor (previously bundled into the react, next, and tanstack presets). The core, react, next, and tanstack presets now run entirely on Oxlint's native Rust rules, so new setups no longer install those dependencies and no longer pay the slower JS-plugin lint pass. To keep the extra ESLint-parity and React Doctor rules, install eslint-plugin-github, eslint-plugin-sonarjs, and oxlint-plugin-react-doctor and extend ultracite/oxlint/js-plugins alongside core (and your framework preset).
  • 057753e: Add performance benchmarks for ultracite check / ultracite fix across all three providers (oxlint, biome, eslint). A new CI job builds the PR and its base branch on the same runner, benchmarks them interleaved, and fails on a statistically significant regression (median ratio > 1.25x with Mann-Whitney U p < 0.05) so config changes can't silently slow the linters down again.

v7.9.2

Compare Source

Patch Changes
  • c335a1f: Add **/node_modules and **/.git to the shared ignore patterns. oxlint only skips node_modules when a .gitignore lists it, so in projects without one, ultracite fix would lint and autofix files inside node_modules — corrupting installed packages (e.g. rewriting var enum wrappers in typescript/lib/typescript.js to self-referencing const, causing "Cannot access 'Comparison' before initialization" when oxlint loads eslint-plugin-sonarjs). Fixes #​737.

v7.9.1

Compare Source

Patch Changes
  • ecd10cc: Disable sonarjs/no-implicit-dependencies and github/no-implicit-buggy-globals in the oxlint and ESLint presets. Both produce false positives through oxlint's JS plugin bridge: no-implicit-dependencies has no dependency-manifest resolution so it flags builtin (bun:test) and workspace imports as missing dependencies, and no-implicit-buggy-globals misreads module-scoped declarations such as Astro frontmatter as implicit globals.

  • c76f59d: Disable sonarjs/file-name-differ-from-class in the oxlint and ESLint presets. It fires on any file whose name differs from an exported class, which is noise for the many config and module files that export objects rather than classes.

  • 29e30ce: Fold the github and sonarjs rules into the oxlint core preset. The standalone ultracite/oxlint/github and ultracite/oxlint/sonarjs presets are removed — ultracite ships framework presets, not individual plugins. Their rules now live in ultracite/oxlint/core, so every oxlint setup gets eslint-plugin-github and eslint-plugin-sonarjs through oxlint's JS plugin bridge, matching how the ESLint preset already bundles them into core.

    This is a breaking change to generated configs: ultracite/oxlint/github and ultracite/oxlint/sonarjs no longer exist. Re-run ultracite init to regenerate oxlint.config.ts.

    Also fixed: nine sonarjs rules (async-test-assertions, hooks-before-test-cases, no-duplicate-test-title, no-empty-test-title, no-floating-point-equality, no-forced-browser-interaction, no-trivial-assertions, prefer-specific-assertions, super-linear-regex) that exist in eslint-plugin-sonarjs but that oxlint's JS plugin bridge does not register. Naming them made oxlint hard-fail config parsing, which broke ultracite fix/check for oxlint projects using the sonarjs preset. They are omitted from oxlint core (still enabled in the ESLint preset), and a test now runs oxlint against core to catch this class of regression.

    The React Doctor, github, and sonarjs plugins are installed into your project's devDependencies at init (as the ESLint plugins already were), rather than bundled as dependencies of ultracite — oxlint resolves JS plugin specifiers from the project root, so they must be installed there directly.

  • 8a4291f: Upgrade to Oxlint 1.72.0 and Oxfmt 0.57.0. Oxfmt 0.57 adds native CSS and GraphQL formatters. The five new non-nursery Oxlint rules from the 1.71/1.72 releases are already covered by the presets (node/no-sync, node/no-mixed-requires, unicorn/prefer-number-coercion, unicorn/max-nested-calls, vue/no-async-in-computed-properties). The markdown ::: container-directive fence patch (which keeps proseWrap: "never" from folding fences into prose) was regenerated against the 0.57 bundle.

v7.9.0

Compare Source

Minor Changes
  • aea7fc0: Update Biome to 2.5.2 and enable the newly-stabilized rules. This adds coverage for the rules promoted out of nursery in Biome 2.5.0, including noShadow, noUnnecessaryConditions, noUnusedInstantiation (formerly noFloatingClasses), useArrayFind, useDestructuring, useGlobalThis, useErrorCause, noNestedPromises, GraphQL validation rules, and the recommended Vue/Next.js domain rules.
  • 2687cf9: Align the ESLint and Biome presets with the oxlint preset, which is now the benchmark for rule decisions across linters. ESLint: rules that oxlint deliberately disables are now off (no-console, no-continue, id-length, new-cap, max-depth, no-implicit-coercion, no-underscore-dangle, init-declarations, n/no-sync, promise/always-return, promise/catch-or-return, import-x/no-commonjs, import-x/no-dynamic-require, import-x/no-nodejs-modules, import-x/unambiguous, import-x/no-anonymous-default-export, @typescript-eslint/explicit-member-accessibility, @typescript-eslint/explicit-module-boundary-types, @typescript-eslint/no-require-imports, and the unicorn rules explicit-length-check, max-nested-calls, no-process-exit, prefer-global-this, prefer-string-raw, prefer-top-level-await); consistent-type-definitions now enforces interface instead of type, matching oxlint and Biome; no-void allows statement position to coexist with no-floating-promises; import-x/no-named-as-default is enabled; and curly and no-unexpected-multiline are re-enabled past eslint-config-prettier. Biome: noAwaitInLoops and noIncrementDecrement are now errors and the useSortedKeys assist is on (matching no-await-in-loop, no-plusplus, and sort-keys in the other presets), while useGlobalThis is off (matching unicorn/prefer-global-this).
  • 73c1993: Require ESLint 10 for ESLint setups. The plugin suite upgrade (notably eslint-plugin-unicorn 70 and eslint-plugin-astro 2) requires ESLint 10, but ultracite init still installed eslint@^9.0.0, which crashed at config load time. Init now installs eslint@^10.0.0 and @eslint/js@^10.0.0, and the presets are fixed for ESLint 10 compatibility: settings.react.version is pinned to 19.0.0 instead of "detect" (detection uses an API removed in ESLint 10), react/jsx-filename-extension and react/forward-ref-uses-ref are disabled (their implementations use removed APIs; the former is already off in the oxlint preset and the latter is covered by react-doctor/no-react19-deprecated-apis), the react config re-applies eslint-config-prettier so JSX formatting rules stay off (several crash under ESLint 10), and import-x/no-unused-modules is disabled (it is a warning-emitting no-op under ESLint 10). Note that some plugins (eslint-plugin-github, eslint-plugin-react, eslint-plugin-jsx-a11y, eslint-plugin-solid, @tanstack/eslint-plugin-start) have not yet updated their declared peer ranges to include ESLint 10 even though they work at runtime, so strict package managers may report peer dependency warnings.
  • 4cfdf3d: Add eslint-plugin-jsdoc to the ESLint preset. The oxlint preset already enforces a set of jsdoc rules, but the ESLint preset had no jsdoc coverage at all. The plugin is now installed by ultracite init for ESLint setups and enables the same rule selection the oxlint preset enforces (check-access, check-property-names, check-tag-names, empty-tags, implements-on-classes, no-defaults, and the require-* description/name/type rules), keeping the two presets in lockstep.
  • 0b8fc12: Upgrade the ESLint plugin suite and enable the new rules that ship with it. Notable bumps: eslint-plugin-unicorn 64 → 70 (adds a large batch of new correctness and quality rules), eslint-plugin-astro 1 → 2 (adds no-omitted-end-tags, now requires ESLint 10), eslint-plugin-sonarjs 4.0 → 4.1 (adds test-assertion and ReDoS rules like super-linear-regex), eslint-plugin-svelte 3.19 → 3.20 (adds no-at-const-tags), plus @typescript-eslint, eslint-plugin-import-x, eslint-plugin-n, @vitest/eslint-plugin, and others. Two Unicorn rules that were renamed are re-mapped in the config (prefer-dom-node-datasetdom-node-dataset, prevent-abbreviationsname-replacements). Two new Unicorn rules are disabled: prefer-temporal (since Temporal still lacks broad runtime support) and no-asterisk-prefix-in-documentation-comments (it fights the conventional JSDoc comment style).
  • 4440393: Bring the oxlint preset closer to ESLint parity with two new presets that run ESLint plugins through oxlint's JS plugin support: ultracite/oxlint/github (eslint-plugin-github) and ultracite/oxlint/sonarjs (eslint-plugin-sonarjs, 187 rules — type-aware rules are excluded since the JS plugin bridge provides no type information, and no-reference-error is off because the bridge provides no globals). ultracite init now adds both presets to generated oxlint configs and installs the two plugins; existing configs are untouched until the next init, and either preset can be dropped from extends to opt out (the plugins add roughly 1–3s to a lint run for the JS runtime bridge). Rule decisions mirror the oxlint benchmark in both directions: the ESLint preset now disables sonarjs/file-header (it errored on every file), sonarjs/arrow-function-convention (fights the formatter), sonarjs/cyclomatic-complexity, sonarjs/max-lines, sonarjs/max-lines-per-function, sonarjs/nested-control-flow (duplicates of core rules the preset disables), sonarjs/shorthand-property-grouping (conflicts with sort-keys), and github/no-dataset (conflicts with unicorn/prefer-dom-node-dataset), and sets sonarjs/cognitive-complexity to 20 to match Biome's noExcessiveCognitiveComplexity. Switching linters with init no longer removes dependencies that the newly selected linter still needs.
  • f7025b1: Extend cross-linter parity to the framework presets and add an automated parity check. The oxlint react preset now explicitly lists all 102 non-nursery react/react-perf/jsx-a11y rules (previously only ~20 were configured, so most a11y and correctness rules silently never ran) and the next preset lists all 21 nextjs rules, with decisions matching the ESLint presets. The revived exhaustiveness test (the oxlint --rules markdown output it parsed is empty as of oxlint 1.72, so it was passing vacuously) also caught five newly stabilized rules which are now enabled: getter-return, no-unreachable, oxc/branches-sharing-code, unicorn/prefer-export-from, and unicorn/prefer-single-call. ESLint preset fixes that fell out of the audit: no-loss-of-precision and no-duplicate-imports are re-enabled for TypeScript files (their @typescript-eslint twins were removed in v8, leaving TS uncovered), no-duplicate-imports gets allowSeparateTypeImports to match oxlint, the react/vue configs now only re-apply the react/-vue/-prefixed entries of eslint-config-prettier so they can't clobber unrelated rules, the svelte preset keeps the formatting rules disabled that eslint-plugin-svelte's own prettier preset lists, and astro/semi is off (Prettier owns formatting). A new compare-rule-parity script runs as part of validate:configs: it resolves the effective ESLint rule sets with ESLint's own config resolution, normalizes names to oxlint's, and fails on any divergence not recorded in an explicit allowlist — currently just two entries (sonarjs/no-reference-error, unicorn/number-literal-case), both with documented reasons.
  • 223233f: Add React Doctor rules to the ESLint and Oxlint React, Next.js, and TanStack presets. This enables React Doctor's own rules — the "You Might Not Need an Effect" family (no-fetch-in-effect, no-derived-state, no-mirror-prop-effect, etc.) plus its render-performance, hydration, server-component, security, and framework-specific rules — via eslint-plugin-react-doctor and the oxlint-plugin-react-doctor JS plugin. Rules that React Doctor ports from eslint-plugin-react, eslint-plugin-react-hooks, and eslint-plugin-jsx-a11y are intentionally left off to avoid duplicate diagnostics with the plugins Ultracite already ships.
Patch Changes
  • d247ff2: Migrate stale linter and formatter configuration when switching toolchains during init. Running ultracite init now removes config files and dependencies for unselected Biome, ESLint/Prettier/Stylelint, or Oxlint/Oxfmt setups before writing the selected toolchain config.
  • e24068b: Sort package.json keys when using Biome

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
renovate Bot requested a review from a team as a code owner July 13, 2026 05:05
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 13, 2026
@renovate
renovate Bot force-pushed the renovate/all-non-major branch 10 times, most recently from 1be2f3a to f073f17 Compare July 17, 2026 10:01
@renovate
renovate Bot force-pushed the renovate/all-non-major branch from f073f17 to 22ac069 Compare July 18, 2026 06:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants