build(deps): bump the dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the dependencies group with 8 updates in the / directory:

Package	From	To
@tanstack/react-query	5.90.16	5.90.20
nuqs	2.8.6	2.8.7
react	19.2.3	19.2.4
@types/react	19.2.8	19.2.10
react-dom	19.2.3	19.2.4
viem	2.44.1	2.45.1
zod	4.3.5	4.3.6
@biomejs/biome	2.3.11	2.3.13

Updates @tanstack/react-query from 5.90.16 to 5.90.20

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-persist-client@​5.90.20

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.17
  • @​tanstack/react-query@​5.90.18

@​tanstack/react-query@​5.90.20

Patch Changes

• Updated dependencies [e7258c5]:
  • @​tanstack/query-core@​5.90.20

@​tanstack/react-query-persist-client@​5.90.19

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.91.16
  • @​tanstack/react-query@​5.90.17

@​tanstack/react-query@​5.90.19

Patch Changes

• Updated dependencies [53fc74e]:
  • @​tanstack/query-core@​5.90.19

@​tanstack/react-query-persist-client@​5.90.18

Patch Changes

• Updated dependencies [4be3ad7]:
  • @​tanstack/react-query@​5.90.16
  • @​tanstack/query-persist-client-core@​5.91.15

@​tanstack/react-query@​5.90.18

Patch Changes

• Updated dependencies [dea1614]:
  • @​tanstack/query-core@​5.90.18

@​tanstack/react-query@​5.90.17

Patch Changes

• Updated dependencies [269351b]:
  • @​tanstack/query-core@​5.90.17

Changelog

Sourced from @​tanstack/react-query's changelog.

5.90.20

Patch Changes

• Updated dependencies [e7258c5]:
  • @​tanstack/query-core@​5.90.20

5.90.19

Patch Changes

• Updated dependencies [53fc74e]:
  • @​tanstack/query-core@​5.90.19

5.90.18

Patch Changes

• Updated dependencies [dea1614]:
  • @​tanstack/query-core@​5.90.18

5.90.17

Patch Changes

• Updated dependencies [269351b]:
  • @​tanstack/query-core@​5.90.17

Commits

• 7ac4e20 ci: Version Packages (#10067)
• 9ff3de7 Upgrade to Vitest v4 (#9862)
• 0525ad1 ci: Version Packages (#10047)
• 53fc74e fix(query-core): fix combine not updating when queries change with stable ref...
• 64d5d62 ci: Version Packages (#10045)
• dea1614 fix(query-core): avoid throwing promise errors when data exists (#10025)
• bf7f47e ci: Version Packages (#10033)
• 44c3cb9 test(react-query/ssr): add 'useQueries' test for SSR (#9996)
• See full diff in compare view

Updates nuqs from 2.8.6 to 2.8.7

Release notes

Sourced from nuqs's releases.

v2.8.7

Bug fixes

• #1316 - wait for navigation in RR adapters before syncing, by @​franky47 (closes #947)

Documentation

• #1266 - fix broken images, by @​franky47
• #1268 - add full number to NPM stats title, by @​franky47
• #1279 - add shadcnstudio as featured sponsor 💖, by @​franky47
• #1280 - add quotes & fix shadcn/studio logo, by @​franky47
• #1283 - add Rhys Sullivan as sponsor 💖, by @​franky47
• #1284 - OSS Pledge details, by @​franky47
• #1286 - users leaderboard, by @​franky47
• #1287 - update twitch handle, by @​franky47
• #1290 - 2025, by @​franky47
• #1291 - switch favicon in development, by @​franky47
• #1292 - add release calendar, by @​franky47
• #1297 - add Brandon McConnell as sponsor 💖, by @​franky47
• #1298 - add Ru Chern Dong as sponsor 💖, by @​franky47
• #1299 - add David Haz as sponsor 💖, by @​franky47
• #1300 - add basedanarki as sponsor 💖, by @​franky47
• #1301 - change dominik koch founder url to notra, by @​mezotv
• #1302 - add Hayden Bleasel as a sponsor 💖, by @​franky47
• #1305 - fix ISO week year calculation at year boundaries, by @​copilot-swe-agent (closes #1304)
• #1310 - fix partial line, by @​franky47

Other changes

• #1264 - update dependencies (2025-12-11 React CVEs), by @​franky47
• #1269 - Replace Cypress with Playwright for e2e tests, by @​franky47
• #1282 - check PR titles against core changes, by @​franky47
• #1288 - fix release note formatting issues, add tests, by @​franky47 (closes #1276)
• #1306 - bump @​react-router/node from 7.8.1 to 7.9.4, by @​dependabot
• #1307 - bump @​remix-run/react from 2.17.0 to 2.17.3, by @​dependabot
• #1309 - bump react-router from 7.8.1 to 7.12.0, by @​dependabot
• #1311 - use distributed turbo.json package configurations, by @​anthonyshew
• #1314 - update React & Next.js deps (CVE-2026-23864), by @​franky47
• #1317 - add repro 1293 for Next.js, by @​franky47

Thanks

Huge thanks to @​anthonyshew, @​copilot-swe-agent, @​mezotv, and @​overshom for helping!

Commits

• ef19402 fix: wait for navigation in RR adapters before syncing (#1316)
• 24d39f6 chore(build): use distributed turbo.json package configurations (#1311)
• bc42e77 chore(deps): bump @​remix-run/react from 2.17.0 to 2.17.3 (#1307)
• See full diff in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.8 to 19.2.10

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates viem from 2.44.1 to 2.45.1

Release notes

Sourced from viem's releases.

viem@2.45.1

Patch Changes

• #4273 bf3f117aa4d6a4693af29894b1c27e130623cbc7 Thanks @​nicodlz! - Added Subtensor EVM chain.

• #4272 a3a4ff9a25c8f31d3caef533d3d100cf22c1ea5e Thanks @​matzapata! - Added Alpen Testnet

• #4228 26ffdfbef41e08a4d6837051eda615fb659c2c31 Thanks @​sakulstra! - Improved performance in parseEventLogs by memoizing.

• #4275 ea8398b80c6fa90747e979d959c32e276bdd43e1 Thanks @​GiovaniGuizzo! - Added KiiChain mainnet chain definition

• #4259 1ae28c2a9acb55b8fc599643549a52ec71a02e72 Thanks @​cruzdanilo! - Fixed error decoding in simulateBlocks when RPC returns revert data in returnData instead of error.data.

• #4260 1f2a1839c201a2f5b97bddf26d605fb0394cdbd7 Thanks @​akitothemoon! - Added Horizen Testnet.

• 4fe411bd4231ec0a89159723ec68fcfe13c10071 Thanks @​jxom! - Added nonce and faucet.fundSync actions to decorator.

viem@2.45.0

Minor Changes

• #4249 0e1d62dae5091e43bd4f12102e270a17a1456ffe Thanks @​dgca! - Added dataSuffix param to createWalletClient. When added, this will automatically add a dataSuffix to transaction actions submitted by this client.

• #4264 dc4c100fec297efab4f38d92995832d9bb86d3c1 Thanks @​dgca! - Added dataSuffix param to createBundlerClient and related prepareUserOperation/sendUserOperation actions to attach additional calldata to transactions.

Patch Changes

• #4256 08e1bb654a6f8d7075cc5f634d5b83c4d9a0379f Thanks @​paperCPU! - Added stable mainnet and updated stable testnet definitions

• #4267 fc9c6e373c94b6a278493c8f499730232de46b2b Thanks @​marthendalnunes! - Exported SignTransactionRequest type

• #4257 685c3f867f38d24df547643540b0bb53ec52af5a Thanks @​gndelia! - Exported missing OP Stack actions

• #4247 d2b3c835806d9397146830551466fc6afd346fa1 Thanks @​kiyoakii! - Added MegaETH Mainnet chain and fixed MegaETH Testnet chain ID (6342 → 6343).

• #4254 93c70b4b4a25cbdd25ee3007b4fc87a79dd14126 Thanks @​awesamarth! - Added RISE Mainnet

viem@2.44.4

Patch Changes

• #4245 fcd86e90785b101d5f903ffc15478baa4442fe01 Thanks @​jxom! - Added assertChainId parameter to sendTransaction and sendTransactionSync to optionally skip chain ID assertion.

viem@2.44.2

Patch Changes

• #4229 ffdc0f11cf3d87c91288d5d6242687e20ae15b42 Thanks @​frangio! - Fixed hexToNumber silent error when the value exceeds the safe range.

• #4227 d235b894009c327145267a48c1739cd865ccf55b Thanks @​tomiir! - Added support for ADI_Chain.

• 51b6bf6d452fbabf7516614e2f0ca976edd3f19a Thanks @​jxom! - Added tempo chain mainnet placeholder.

... (truncated)

Commits

• 2ec2006 chore: lockfile
• 9ad3224 chore: audit
• 2c9e270 Version Packages (#4285)
• d2faf08 test: add nonce to Decorator snapshot
• 47b7c99 chore: add resolveJsonModule, remove docs deploy on push
• 9647f61 chore: exclude site/snippets from type checks
• 5419362 chore: up snaps
• 9fbd836 chore: audit
• 4fe411b feat(tempo): add nonce and faucet.fundSync actions to decorator
• 4a23afc ci(tmp): disable deployed tempo
• Additional commits viewable in compare view

Updates zod from 4.3.5 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• See full diff in compare view

Updates @biomejs/biome from 2.3.11 to 2.3.13

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.13

2.3.13

Patch Changes

• #8815 f924f23 Thanks @​dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

  Now treated valid:

  <div @keydown.arrow-down="handler"></div>
  <div @keydown.a="handler"></div>
  <div @keydown.b="handler"></div>
  <div @keydown.27="foo"></div>

• #8856 85f81f9 Thanks @​dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

• #8850 2a190e0 Thanks @​dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

• #8863 79386e0 Thanks @​dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

• #8771 6f56b6e Thanks @​lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

• #8714 ac3a71f Thanks @​Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

What's Changed

• fix(dx/codegen): don't insert module into biome_rule_options/src/lib.rs if it already exists by @​dyc3 in biomejs/biome#8847
• feat(js_analyze): implement useConsistentEnumValueType by @​Netail in biomejs/biome#8714
• fix(parse/html/vue): parse dynamic slot directives that contain quotes by @​dyc3 in biomejs/biome#8856
• fix(parse/css): improve parsing of @utility names by @​dyc3 in biomejs/biome#8850
• fix(cli): improve RuleName ordering and update summary snapshots close #8730 by @​lghuahua in biomejs/biome#8771
• fix(useVueValidVOn): align more with source rule, also use phf hash sets for perf by @​dyc3 in biomejs/biome#8815
• fix(migrate): fix migrate command not picking up rules for css, graphql, html by @​dyc3 in biomejs/biome#8863
• chore(deps): update dependency tombi to v0.7.23 by @​renovate[bot] in biomejs/biome#8865
• chore(deps): update pnpm to v10.28.1 by @​renovate[bot] in biomejs/biome#8866
• chore(deps): update rust crate proc-macro2 to 1.0.106 by @​renovate[bot] in biomejs/biome#8867
• chore(deps): update rust crate quote to 1.0.44 by @​renovate[bot] in biomejs/biome#8868
• fix(deps): update @​biomejs packages by @​renovate[bot] in biomejs/biome#8869
• chore(deps): update rust crate schemars to 1.2.0 by @​renovate[bot] in biomejs/biome#8875
• chore(deps): update @​biomejs packages by @​renovate[bot] in biomejs/biome#8872
• chore(deps): update github-actions by @​renovate[bot] in biomejs/biome#8873
• chore(deps): update typescript-eslint monorepo to v8.53.1 by @​renovate[bot] in biomejs/biome#8877
• fix(deps): update dependency prettier to v3.8.1 by @​renovate[bot] in biomejs/biome#8878
• chore(deps): update rust crate tokio to 1.49.0 by @​renovate[bot] in biomejs/biome#8876
• ci: release by @​github-actions[bot] in biomejs/biome#8853

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.13

Patch Changes

• #8815 f924f23 Thanks @​dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

  Now treated valid:

  <div @keydown.arrow-down="handler"></div>
  <div @keydown.a="handler"></div>
  <div @keydown.b="handler"></div>
  <div @keydown.27="foo"></div>

• #8856 85f81f9 Thanks @​dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

• #8850 2a190e0 Thanks @​dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

• #8863 79386e0 Thanks @​dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

• #8771 6f56b6e Thanks @​lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

• #8714 ac3a71f Thanks @​Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

2.3.12

Patch Changes

• #8653 047576d Thanks @​dyc3! - Added new nursery rule noDuplicateAttributes to forbid duplicate attributes in HTML elements.

• #8648 96d09f4 Thanks @​BaeSeokJae! - Added a new nursery rule noVueOptionsApi.

  Biome now reports Vue Options API usage, which is incompatible with Vue 3.6's Vapor Mode. This rule detects Options API patterns in <script> blocks, defineComponent(), and createApp() calls, helping prepare codebases for Vapor Mode adoption.

  For example, the following now triggers this rule:

  <script>
  export default {
    data() {
      return { count: 0 };
    },
  };
  </script>

• #8832 b08270b Thanks @​Exudev! - Fixed #8809, #7985, and #8136: the noSecrets rule no longer reports false positives on common CamelCase identifiers like paddingBottom, backgroundColor, unhandledRejection, uncaughtException, and IngestGatewayLogGroup.

... (truncated)

Commits

• 2c5e505 ci: release (#8853)
• ac3a71f feat(js_analyze): implement useConsistentEnumValueType (#8714)
• fd33f86 ci: release (#8671)
• a53fc75 chore: update sponsors (#8844)
• 4ee3bda feat(graphql_analyze): implement useLoneAnonymousOperation (#8616)
• 71b5c6e feat(js_analyze): implement noExcessiveClassesPerFile (#8753)
• d6b2bda feat(js_analyze): implement noFloatingClasses (#8754)
• 17ed9d3 feat(js_analyze): implement noDivRegex (#8757)
• 291c9f2 feat(biome_js_analyze): port useInlineScriptId from Next.js (#8624)
• 96d09f4 feat(lint): add noVueOptionsApi rule (#8648)
• Additional commits viewable in compare view

Updates @types/react from 19.2.8 to 19.2.10

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
filecoin-cloud	Ready	Preview, Comment	Feb 2, 2026 0:35am

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.