chore(deps): bump the npm-deps group with 13 updates

[dependabot]

Bumps the npm-deps group with 13 updates:

Package	From	To
@base-ui/react	1.4.0	1.4.1
mppx	0.5.13	0.6.0
stripe	22.0.1	22.0.2
tailwindcss	4.2.2	4.2.4
viem	2.47.17	2.48.2
wagmi	3.6.1	3.6.3
waku	1.0.0-alpha.7	1.0.0-alpha.8
@biomejs/biome	2.4.11	2.4.12
@iconify/json	2.2.462	2.2.464
shiki	3.22.0	4.0.2
typescript	6.0.2	6.0.3
vite	8.0.8	8.0.9
vitest	4.1.4	4.1.5

Updates @base-ui/react from 1.4.0 to 1.4.1

Release notes

Sourced from @​base-ui/react's releases.

v1.4.1

General Changes

• Clear highlight on pointer leave when item is clipped by scroll container (#4604) by @​atomiks
• Fix display: contents tabbability (#4642) by @​atomiks
• Fix multi-argument event handler forwarding in mergeProps (#4598) by @​atomiks
• Mark date-fns peer dependencies as optional (#4639) by @​LukasTy

Navigation Menu

• Fix stale popup size on rapid trigger hover (#4646) by @​atomiks

All contributors of this release in alphabetical order : @​atomiks, @​LukasTy

Changelog

Sourced from @​base-ui/react's changelog.

v1.4.1

Apr 20, 2026

General Changes

• Clear highlight on pointer leave when item is clipped by scroll container (#4604) by @​atomiks
• Fix display: contents tabbability (#4642) by @​atomiks
• Fix multi-argument event handler forwarding in mergeProps (#4598) by @​atomiks
• Mark date-fns peer dependencies as optional (#4639) by @​LukasTy

Navigation Menu

• Fix stale popup size on rapid trigger hover (#4646) by @​atomiks

All contributors of this release in alphabetical order : @​atomiks, @​LukasTy

Commits

• be88b61 [release] v1.4.1 (#4650)
• fc7f4f9 [navigation menu] Fix stale popup size on rapid trigger hover (#4646)
• 783e530 [mergeProps] Fix multi-argument event handler forwarding (#4598)
• 2622ddf [all components] Fix display: contents tabbability (#4642)
• c0b4937 [core] Mark date-fns peer dependencies as optional (#4639)
• c8fd3a0 [dialog][popover][tooltip][menu][preview] Remove dead create*EventDetails w...
• 099541a [select] Remove unused itemToStringLabel and itemToStringValue from context (...
• 7158d7b [otp] Refactor OTPFieldRoot and OTPFieldHiddenInput (#4609)
• af33404 [temporal adapter date-fns] Fix date-only string parsing and setTimezone duck...
• 41da0c1 [docs] Fix Field validity API descriptions (#4592)
• Additional commits viewable in compare view

Updates mppx from 0.5.13 to 0.6.0

Release notes

Sourced from mppx's releases.

mppx@0.6.0

Minor Changes

• e606fa9: Breaking: Removed default Accept-Payment headers on every outgoing request for polyfilled fetch in browsers. Now defaults to same-origin requests in browser environments. Non-browser environments are unaffected. Use acceptPaymentPolicy to control supported payment origins.

Patch Changes

• e606fa9: Added acceptPaymentPolicy option to control when the Accept-Payment header is injected on outgoing requests, mitigating CORS preflight failures on non-payment-aware servers.

  • In browsers, Fetch.polyfill and Mppx.create (with polyfill: true) default to 'same-origin', preventing cross-origin CORS issues.
  • Non-browser environments and Mppx.create with polyfill: false default to 'always'.
  • Supported values: 'always', 'same-origin', 'never', { origins: string[] } (with *. wildcard support).
  • Exported Fetch namespace from mppx/client.

• 1a831eb: Fixed Tempo session content gating and SSE plain-response billing to share request-body detection so HTTP/2 POST requests without Content-Length were classified consistently.

mppx@0.5.17

Patch Changes

• 3259157: Added mppx account export command for exporting the private key of local keychain-backed accounts.

mppx@0.5.16

Patch Changes

• 5b6a938: Thread context through pinned requests so MCP tool calls and HEAD requests cannot bypass the shared management-vs-content gate.
• 22be301: Preserve keyAuthorization in fee-sponsored Tempo charge transactions and reject unsupported transaction fields instead of silently dropping them.
• 3e7320d: Charge tempo/session SSE streams with unitType: "request" once per streamed response instead of once per emitted SSE data event.

mppx@0.5.14

Patch Changes

• 1ba7af2: Hardened sponsored Tempo session open and topUp flows by enforcing fee-payer policy limits, blocking call smuggling, and adding feePayerPolicy support.
• 1ba7af2: Fixed fee-sponsored Tempo charge flows by simulating sponsored transactions before broadcast and binding swap approvals to the DEX input token.
• 1ba7af2: Normalized Tempo session channel IDs across storage and verification paths, preventing case-variant aliases from creating duplicate channel state.

Changelog

Sourced from mppx's changelog.

0.6.0

Minor Changes

• e606fa9: Breaking: Removed default Accept-Payment headers on every outgoing request for polyfilled fetch in browsers. Now defaults to same-origin requests in browser environments. Non-browser environments are unaffected. Use acceptPaymentPolicy to control supported payment origins.

Patch Changes

• e606fa9: Added acceptPaymentPolicy option to control when the Accept-Payment header is injected on outgoing requests, mitigating CORS preflight failures on non-payment-aware servers.

  • In browsers, Fetch.polyfill and Mppx.create (with polyfill: true) default to 'same-origin', preventing cross-origin CORS issues.
  • Non-browser environments and Mppx.create with polyfill: false default to 'always'.
  • Supported values: 'always', 'same-origin', 'never', { origins: string[] } (with *. wildcard support).
  • Exported Fetch namespace from mppx/client.

• 1a831eb: Fixed Tempo session content gating and SSE plain-response billing to share request-body detection so HTTP/2 POST requests without Content-Length were classified consistently.

0.5.17

Patch Changes

• 3259157: Added mppx account export command for exporting the private key of local keychain-backed accounts.

0.5.16

Patch Changes

• 5b6a938: Thread context through pinned requests so MCP tool calls and HEAD requests cannot bypass the shared management-vs-content gate.
• 22be301: Preserve keyAuthorization in fee-sponsored Tempo charge transactions and reject unsupported transaction fields instead of silently dropping them.
• 3e7320d: Charge tempo/session SSE streams with unitType: "request" once per streamed response instead of once per emitted SSE data event.

0.5.15

Patch Changes

• 7aff8ab: Prevented default HTTP tempo.session() content requests from replaying the same accepted voucher without advancing request/response accounting.
• 7aff8ab: Pinned credential verification and compose dispatch to challenge opaque metadata so same-economics sibling routes could not replay each other's credentials.

0.5.14

Patch Changes

• 1ba7af2: Hardened sponsored Tempo session open and topUp flows by enforcing fee-payer policy limits, blocking call smuggling, and adding feePayerPolicy support.
• 1ba7af2: Fixed fee-sponsored Tempo charge flows by simulating sponsored transactions before broadcast and binding swap approvals to the DEX input token.
• 1ba7af2: Normalized Tempo session channel IDs across storage and verification paths, preventing case-variant aliases from creating duplicate channel state.

Commits

• c8ea9c1 chore: version packages (#380)
• e606fa9 feat: add acceptPaymentPolicy to control Accept-Payment header injection (#...
• 1a831eb fix: share session request body detection (#378)
• 743466d test(cli): isolate XDG data home in CLI tests (#379)
• ea3081a proposal: mppx.challenge and mppx.verifyCredential interface refactor (#337)
• 79420f7 fix: allow zero close for untouched channels (#343)
• f35976c chore: version packages (#376)
• d00c88a chore(deps-dev): bump @​hono/node-server (#375)
• 3259157 feat(cli): add account private-key command (#370)
• 28ab514 chore(deps): bump actions/cache in the github-actions group (#372)
• Additional commits viewable in compare view

Updates stripe from 22.0.1 to 22.0.2

Release notes

Sourced from stripe's releases.

v22.0.2

• #2685 Adds parseEventNotificationAsync to match existing sync function
• #2681 Add emitEventBodies config to include bodies in request/response events
  • Added emitEventBodies config option to include request and response bodies in request/response events.
  • Changed httpClient config type from HttpClient class to HttpClientInterface interface.
• #2670 tolerance, receivedAt, timestamp are now optional in Webhook.ts
• #2677 Fixed named export for Bun

  // ✅ Fixed
  import { Stripe } from 'stripe';

See the changelog for more details.

Changelog

Sourced from stripe's changelog.

22.0.2 - 2026-04-16

• #2685 Adds parseEventNotificationAsync to match existing sync function
• #2681 Add emitEventBodies config to include bodies in request/response events
  • Added emitEventBodies config option to include request and response bodies in request/response events.
  • Changed httpClient config type from HttpClient class to HttpClientInterface interface.
• #2670 tolerance, receivedAt, timestamp are now optional in Webhook.ts
• #2677 Fixed named export for Bun

  // ✅ Fixed
  import { Stripe } from 'stripe';

Commits

• bf563e1 Bump version to 22.0.2
• e01b892 Add emitEventBodies config to include bodies in request/response events (#2681)
• 7ae0d66 Adds parseEventNotificationAsync to match existing sync function (#2685)
• 549d89f tolerance, receivedAt, timestamp are now optional in Webhook.ts (#2670)
• f0cd24c Fixed named export for Bun (#2677)
• See full diff in compare view

Updates tailwindcss from 4.2.2 to 4.2.4

Release notes

Sourced from tailwindcss's releases.

v4.2.4

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

• Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
• Upgrade: never migrate files that are ignored by git (#19846)
• Add .env and .env.* to default ignored content files (#19846)
• Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
• Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)
• Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)
• Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)
• Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)
• Improve performance when scanning JSONL / NDJSON files (#19862)
• Support NODE_PATH environment variable in standalone CLI (#19617)

Changelog

Sourced from tailwindcss's changelog.

[4.2.4] - 2026-04-21

Fixed

• Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

• Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tighter → tracking-wider) (#19827)
• Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
• Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
• Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem] → p-[1.2rem]) (#19837)
• Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
• Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
• Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
• Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
• Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
• Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
• Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
• Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
• Upgrade: never migrate files that are ignored by git (#19846)
• Add .env and .env.* to default ignored content files (#19846)
• Canonicalization: migrate overflow-ellipsis into text-ellipsis (#19849)
• Canonicalization: migrate start-full → inset-s-full, start-auto → inset-s-auto, start-px → inset-s-px, and start-<number> → inset-s-<number> as well as negative versions (#19849)
• Canonicalization: migrate end-full → inset-e-full, end-auto → inset-e-auto, end-px → inset-e-px, and end-<number> → inset-e-<number> as well as negative versions (#19849)
• Canonicalization: move the - sign inside the arbitrary value -left-[9rem] → left-[-9rem] (#19858)
• Canonicalization: move the - sign outside the arbitrary value ml-[calc(-1*var(--width))] → -ml-(--width) (#19858)
• Improve performance when scanning JSONL / NDJSON files (#19862)
• Support NODE_PATH environment variable in standalone CLI (#19617)

Commits

• 69ad7cc 4.2.4 (#19948)
• 2e3fa49 4.2.3 (#19944)
• df6209a Canonicalize negative arbitrary values (#19858)
• 52fd421 Small refactor of canonicalization tests (#19851)
• c385fd3 use test.each instead of manual loop
• 0d6e038 fix index in test name
• 88a2d22 Add more canonicalization rules for deprecated utilities (#19849)
• 2c1ef9e Use --placeholder-color instead of --background-color for placeholder-*...
• 28d5268 Collapse more utilities by expanding their declarations (#19842)
• b55d960 fix(canonicalize): collapse arbitrary values into shorthand utilities (#19837)
• Additional commits viewable in compare view

Updates viem from 2.47.17 to 2.48.2

Release notes

Sourced from viem's releases.

viem@2.48.2

Patch Changes

• #4526 28fcb0d487ecc525d687201b4eb47136ace7f7b9 Thanks @​mk0walsk! - Added OP Stack chain config to Zircuit.

• #4520 3e88a77f8eb92fa1ce4410ad14bdbab8f04cce4b Thanks @​pxrl! - Added Tron block time

• 67d979c678c4835ace58c00e43eaf2291cd5764b Thanks @​jxom! - Fixed prepareTransactionRequest to preserve nonce: 0 instead of dropping it.

• #4455 c0c09a6adf8cafc75f3ace8b892e57f41538baa7 Thanks @​nikicat! - Fixed LogTopic type to accept readonly arrays.

• 59b69da17293f626650f211f0129b7ccfdaf957d Thanks @​jxom! - Added resolveAccessKey to support alternative access key formats ({ address, type }, { publicKey, type }) in addition to { accessKeyAddress, keyType } for signKeyAuthorization and access key actions.

• #4428 30ac0cf8517a013d9869cf2a9c2a652c80abaf46 Thanks @​hashcashier! - Replaced manual extraData decoding with l2SequenceNumber() contract call in getGames.

viem@2.48.1

Patch Changes

• 099684399e5d4807de02e97f4902e3c0e56ee65c Thanks @​jxom! - Fixed feePayerSignature being dropped in Tempo's formatTransactionRequest.

• #4525 64556ad0973ea7b9926ed46f23ed9f1689b7047f Thanks @​jxom! - Fixed Tempo formatter to forward feePayer: false in transaction requests.

• #4516 336b748469483a622153c10bf7bf9110a3fb9b72 Thanks @​0xtomm! - Added missing testnet: false for testnet / devnets.

• #4517 25cc59c6eb235770b1a843b99bef606d2f1d7206 Thanks @​0xtomm! - Fixed native currencies on chains.

• #4518 eb655cc7e04e08c7008b0a19f69b8b7e4d3c95d3 Thanks @​RekCuy63! - Preserved explicit nonce in fillTransaction.

viem@2.48.0

Minor Changes

• #4510 23fbf03f915acd046087d25f859a90c51a44d030 Thanks @​Zygimantass! - Added Tempo zones support

viem@2.47.19

Patch Changes

• #4513 dd2452464f114361473423a6ce4da045a5a435a4 Thanks @​decofe! - Updated Tempo RPC URLs.

viem@2.47.18

Patch Changes

• #4499 24a1544c8a26fbf93f8029078ca310dba4df5b45 Thanks @​deodad! - Added withRelay to viem/tempo as the primary relay transport, and deprecated withFeePayer in favor of it.

• 2c4239dc07737ffc6631677324828bde6a17b9f7 Thanks @​jxom! - viem/tempo: Added combined abis export to Abis in viem/tempo that concatenates all Tempo precompile ABIs into a single array.

• 2c4239dc07737ffc6631677324828bde6a17b9f7 Thanks @​jxom! - viem/tempo: Added error capability to FillTransactionCapabilities in viem/tempo for structured execution error reporting from the relay.

• #4492 7b95669c23f86885bdd059f17d41f93c846b8dd6 Thanks @​Dhruv-2003! - Fixed getTimeToNextGame crash when dispute game factory has zero or one games.

• #4497 0a465ce232e1f1a239d7a45bac946ae9405f3eee Thanks @​deodad! - Updated withFeePayer transports to forward eth_fillTransaction requests to the fee payer transport only when feePayer: true is requested.

Commits

• cc8e67b test: update getFeeHistory snapshot
• 47f845d ci: temporarily disable wagmi type checks
• ea09309 chore: version package (#4531)
• 2d5380d chore: fix biome formatting in contract.test-d.ts
• 30ac0cf fix: replace extraData decoding with l2SequenceNumber() call in getGames (#4428)
• c0c09a6 fix: accept readonly arrays in LogTopic type (#4455)
• 870f9ce chore: move hashString to bottom of file
• c543ac9 perf: use hash to avoid arbitrary key length in buildRequest's dedupe (#4470)
• 3e88a77 chore: Add Tron blockTime + multicall deployment (#4520)
• 67d979c fix: preserve nonce 0 in prepareTransactionRequest
• Additional commits viewable in compare view

Updates wagmi from 3.6.1 to 3.6.3

Release notes

Sourced from wagmi's releases.

wagmi@3.6.3

Patch Changes

• Added Tempo Zones support. (#5062)

• Updated dependencies [10b37ee, 10b37ee]:

  • @​wagmi/core@​3.4.4
  • @​wagmi/connectors@​8.0.3

wagmi@3.6.2

Patch Changes

• Added tempoWallet connector (#5058)

• Updated dependencies [c29bdfd, c29bdfd]:

  • @​wagmi/connectors@​8.0.2
  • @​wagmi/core@​3.4.3

Changelog

Sourced from wagmi's changelog.

3.6.3

Patch Changes

• Added Tempo Zones support. (#5062)

• Updated dependencies [10b37ee, 10b37ee]:

  • @​wagmi/core@​3.4.4
  • @​wagmi/connectors@​8.0.3

3.6.2

Patch Changes

• Added tempoWallet connector (#5058)

• Updated dependencies [c29bdfd, c29bdfd]:

  • @​wagmi/connectors@​8.0.2
  • @​wagmi/core@​3.4.3

Commits

• 0d8c943 chore: version packages (#5065)
• 8b51bb0 chore: tsgo
• aea1010 test: up
• 10b37ee feat(tempo): add zones (#5062)
• 7323188 chore: version packages (#5063)
• c29bdfd feat(tempo): tempoWallet connector (#5058)
• See full diff in compare view

Updates waku from 1.0.0-alpha.7 to 1.0.0-alpha.8

Release notes

Sourced from waku's releases.

v1.0.0-alpha.8

We are making progress on framework stability and getting close to beta. Stay tuned, and please report issues meanwhile!

What's Changed

• refactor(client): unstable fetchRscStore by @​dai-shi in wakujs/waku#2017
• fix(ssr): don't output unnecessary console.error with handled exceptions like NotFound and Redirect by @​t6adev in wakujs/waku#2015
• chore(deps): update hono by @​dai-shi in wakujs/waku#2021
• feat(router): support building routes selectively by @​dai-shi in wakujs/waku#2023
• refactor(lib): rename to loadDotEnv by @​dai-shi in wakujs/waku#2024
• fix(router): incorrect warnings for wildcard API routes by @​fuma-nama in wakujs/waku#2022
• fix: canary ci with defaultRootOptions by @​dai-shi in wakujs/waku#2027

New Contributors

• @​fuma-nama made their first contribution in wakujs/waku#2022

Full Changelog: wakujs/waku@v1.0.0-alpha.7...v1.0.0-alpha.8

Commits

• ffbc578 v1.0.0-alpha.8
• 7022e1f chore(deps): update some deps (#2029)
• 3dba7c3 fix: canary ci with defaultRootOptions (#2027)
• 892f2c5 fix: incorrect warnings for wildcard API routes (#2022)
• cf8374e refactor(internals): rename to loadDotEnv (#2024)
• 8296309 feat(router): support building routes selectively (#2023)
• 832ecbf chore(deps): update hono (#2021)
• 37eb663 fix(ssr): don't output unnecessary console.error with handled exceptions like...
• 7674187 refactor: unstable fetchRscStore (#2017)
• See full diff in compare view

Updates @biomejs/biome from 2.4.11 to 2.4.12

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.12

2.4.12

Patch Changes

• #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

  describe("foo", () => {});
  describe("foo", () => {
    // invalid: same title as previous describe block
    test("baz", () => {});
    test("baz", () => {}); // invalid: same title as previous test case
  });

• #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

• #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

  For example, the following snippets trigger the rule:

  function createComponent(label) {
    function MyComponent() {
      return <div>{label}</div>;
    }
    return MyComponent;
  }

  function Parent() {
    function Child() {
      return <div />;
    }
    return <Child />;
  }

• #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

• #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

• #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.12

Patch Changes

• #9376 9701a33 Thanks @​dyc3! - Added the nursery/noIdenticalTestTitle lint rule. This rule disallows using the same title for two describe blocks or two test cases at the same nesting level.

  describe("foo", () => {});
  describe("foo", () => {
    // invalid: same title as previous describe block
    test("baz", () => {});
    test("baz", () => {}); // invalid: same title as previous test case
  });

• #9889 7ae83f2 Thanks @​dyc3! - Improved the diagnostics for useForOf to better explain the problem, why it matters, and how to fix it.

• #9916 27dd7b1 Thanks @​Jayllyz! - Added a new nursery rule noComponentHookFactories, that disallows defining React components or custom hooks inside other functions.

  For example, the following snippets trigger the rule:

  function createComponent(label) {
    function MyComponent() {
      return <div>{label}</div>;
    }
    return MyComponent;
  }

  function Parent() {
    function Child() {
      return <div />;
    }
    return <Child />;
  }

• #9980 098f1ff Thanks @​ematipico! - Fixed #9941: Biome now emits a warning diagnostic when a file exceed the files.maxSize limit.

• #9942 9956f1d Thanks @​dyc3! - Fixed #9918: useConsistentTestIt no longer panics when applying fixes to chained calls such as test.for([])("x", () => {});.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noGlobalObjectCalls diagnostic to better explain why calling global objects like Math or JSON is invalid and how to fix it.

• #9902 3f4d103 Thanks @​ematipico! - Fixed #9901: the command lint --write is now idempotent when it's run against HTML-ish files that contains scripts and styles.

• #9891 4d9ac51 Thanks @​dyc3! - Improved the noMultiStr diagnostic to explain why escaped multiline strings are discouraged and what to use instead.

• #9966 322675e Thanks @​siketyan! - Fixed #9113: Biome now parses and formats @media and other conditional blocks correctly inside embedded CSS snippets.

... (truncated)

Commits

• baaacfc ci: release (#9890)
• e0ba71d feat: implement useIframeSandbox (#9949)
• 2cff700 feat(lint/js): add useVarsOnTop (#9861)
• 27dd7b1 feat(react/js): add noComponentHookFactories (#9916)
• 0d0e611 feat(js_analyze): implement useReactAsyncServerFunction (#9909)
• f1c1363 feat(lint/js): add useStringStartsEndsWith (#9796)
• d417803 feat(js_analyze): implement noJsxNamespace (#9913)
• 9701a33 feat(lint/js): add noIdenticalTestTitle (#9376)
• c499f46 feat(lint): implement useReduceTypeParameter nursery rule (#9577)
• 40bd180 feat(lint/js): add noExcessiveSelectorClasses (#9866)
• See full diff in compare view

Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mpp	Error		Apr 28, 2026 4:19pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	shiki@​4.0.2
	vitest@​4.1.4 ⏵ 4.1.5	+1		+1
	wagmi@​3.6.1 ⏵ 3.6.3	+1		+1
	stripe@​22.0.1 ⏵ 22.0.2				+1
	mppx@​0.5.13 ⏵ 0.6.0	+1		+1	+1
	vite@​8.0.8 ⏵ 8.0.9	+1		+1	+1
	tailwindcss@​4.2.2 ⏵ 4.2.4	+1		+1
	waku@​1.0.0-alpha.7 ⏵ 1.0.0-alpha.8	+1		+1	+1
	@​base-ui/​react@​1.4.0 ⏵ 1.4.1				+2
	typescript@​6.0.2 ⏵ 6.0.3
	@​iconify/​json@​2.2.462 ⏵ 2.2.464
	viem@​2.47.17 ⏵ 2.48.2	+1		+1	+1
	@​biomejs/​biome@​2.4.11 ⏵ 2.4.12	+1			-1

View full report