fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	^2.4.0 → ^2.5.0			devDependencies	minor
@changesets/changelog-github (source)	^0.5.2 → ^0.7.0			devDependencies	minor
@changesets/cli (source)	^2.29.8 → ^2.31.0			devDependencies	minor
@effect/cli (source)	^0.73.2 → ^0.75.2			dependencies	minor
@effect/cluster (source)	^0.56.4 → ^0.59.0			dependencies	minor
@effect/experimental (source)	^0.58.0 → ^0.60.0			dependencies	minor
@effect/platform (source)	^0.94.5 → ^0.96.1			dependencies	minor
@effect/platform-node (source)	^0.104.1 → ^0.107.0			dependencies	minor
@effect/printer (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/printer-ansi (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/rpc (source)	^0.73.1 → ^0.75.1			dependencies	minor
@effect/sql (source)	^0.49.0 → ^0.51.1			dependencies	minor
@effect/typeclass (source)	^0.38.0 → ^0.40.0			dependencies	minor
@effect/vitest (source)	^0.27.0 → ^0.29.0			devDependencies	minor
@effect/workflow (source)	^0.16.0 → ^0.18.2			dependencies	minor
@eslint-community/eslint-plugin-eslint-comments	^4.6.0 → ^4.7.2			devDependencies	minor
@eslint/compat (source)	2.0.2 → 2.1.0			devDependencies	minor
@eslint/eslintrc	3.3.3 → 3.3.5			devDependencies	patch
@​prover-coder-ai/eslint-plugin-suggest-members	^0.0.25 → ^0.0.26			devDependencies	patch
@types/node (source)	^24.10.13 → ^24.13.2			devDependencies	minor
@typescript-eslint/eslint-plugin (source)	^8.55.0 → ^8.61.1			devDependencies	minor
@typescript-eslint/parser (source)	^8.55.0 → ^8.61.1			devDependencies	minor
@vitest/coverage-v8 (source)	^4.0.18 → ^4.1.9			devDependencies	minor
@vitest/eslint-plugin	^1.6.9 → ^1.6.20			devDependencies	patch
actions/upload-artifact	v6 → v7			action	major
effect (source)	^3.19.17 → ^3.21.3			dependencies	minor
eslint (source)	^10.0.0 → ^10.5.0			devDependencies	minor
eslint-import-resolver-typescript	^4.4.4 → ^4.4.5			devDependencies	patch
eslint-plugin-simple-import-sort	^12.1.1 → ^13.0.0			devDependencies	major
eslint-plugin-sonarjs (source)	^3.0.7 → ^4.0.3			devDependencies	major
eslint-plugin-sort-destructure-keys	^2.0.0 → ^3.0.0			devDependencies	major
eslint-plugin-unicorn	^63.0.0 → ^67.0.0			devDependencies	major
globals	^17.3.0 → ^17.6.0			devDependencies	minor
jscpd (source)	^4.0.8 → ^5.0.9			devDependencies	major
pnpm (source)	10.29.3 → 11.7.0			packageManager	major
pnpm/action-setup	v3 → v6			action	major
softprops/action-gh-release	v2 → v3			action	major
ts-morph	^27.0.2 → ^28.0.0			dependencies	major
typescript (source)	^5.9.3 → ^6.0.3			dependencies	major
typescript-eslint (source)	^8.55.0 → ^8.61.1			devDependencies	minor
vite (source)	^7.3.1 → ^8.0.16			devDependencies	major
vitest (source)	^4.0.18 → ^4.1.9			devDependencies	minor

cc @skulidropek

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.5.0

Compare Source

Minor Changes

• #​9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

  ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
  ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
  × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
  × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
  

• #​9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

  Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

  <!-- Invalid: no keyboard handler -->
  <div onclick="handleClick()">Click me</div>
  
  <!-- Valid: has keyboard handler -->
  <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
  
  <!-- Valid: inherently keyboard-accessible -->
  <button onclick="handleClick()">Submit</button>

• #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

  <!-- .typo is used but never defined -->
  <html>
    <head>
      <style>
        .button {
          color: blue;
        }
      </style>
    </head>
    <body>
      <div class="button typo"></div>
    </body>
  </html>

• #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

  /* styles.css — .ghost is never used in any importing file */
  .button {
    color: blue;
  }
  .ghost {
    color: red;
  }

  /* App.jsx */
  import "./styles.css";
  export default () => <div className="button" />;

• #​9546 6567efa Thanks @​nhedger! - Added a biome upgrade command for standalone installations. It upgrades Homebrew installs with brew upgrade biome, updates manually installed binaries from the latest GitHub release, and tells npm users to upgrade with their package manager instead.

• #​9716 701767a Thanks @​faizkhairi! - Added the HTML version of the useHeadingContent rule. The rule now enforces that heading elements (h1-h6) have content accessible to screen readers in HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: empty heading -->
  <h1></h1>
  
  <!-- Invalid: heading hidden from screen readers -->
  <h1 aria-hidden="true">invisible content</h1>
  
  <!-- Valid: heading with text content -->
  <h1>heading</h1>
  
  <!-- Valid: heading with accessible name -->
  <h1 aria-label="Screen reader content"></h1>

• #​9582 f437ef8 Thanks @​rahuld109! - Added the HTML version of the useKeyWithMouseEvents rule. The rule now enforces that onmouseover is accompanied by onfocus and onmouseout is accompanied by onblur in HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: onmouseover without onfocus -->
  <div onmouseover="handleMouseOver()"></div>
  
  <!-- Valid: onmouseover paired with onfocus -->
  <div onmouseover="handleMouseOver()" onfocus="handleFocus()"></div>

• #​9275 1fdbcee Thanks @​ff1451! - Added the new assist action useSortedTypeFields, which sorts the fields of GraphQL object types, interface types and input object types alphabetically, e.g. name, age, id becomes age, id, name.

• #​10561 78075b7 Thanks @​Conaclos! - Added a new style option to useExportType,
  which enforces a style for exporting types.
  This is the same option as the one provided by useImportType.

• #​8987 d16e32b Thanks @​DerTimonius! - Ported the useValidAnchor rule to HTML. This rule enforces that all anchors are valid and that they are navigable elements.

• #​9533 4d251d4 Thanks @​ematipico! - The init command now prints the Biome logo.

• #​10069 0eb9310 Thanks @​Netail! - Added the HTML lint rule noStaticElementInteractions, which enforces that static, visible elements (such as <div>) that have click handlers use the valid role attribute.

  Invalid:

  <div onclick="myFunction()"></div>

• #​9134 2a43488 Thanks @​ematipico! - Added the assist action useSortedPackageJson.

  This action organizes package.json fields according to the same conventions as the popular sort-package-json tool.

• #​9309 7daa18b Thanks @​Bertie690! - The allowDoubleNegation option has been added to noImplicitCoercions to allow ignoring double negations inside code.

  With the option enabled, the following example is considered valid and is ignored by the rule:

  const truthy = !!value;

• #​9700 894f3fb Thanks @​ematipico! - The Biome Language server now supports the "go-to definition" feature.

  When the cursor of the mouse is hovering an entity (variable, CSS class, type, etc.), and the command CTRL + click is triggered, the editor jumps to where this entity is defined, if the language server can find it.

  Here's what Biome is able to resolve:

  • Variables and types used in JavaScript modules, defined in the same file or imported from another module.
  • JSX Components used in JavaScript modules, defined in the same file or imported from another module.
  • CSS classes used in JSX and HTML-ish files (Vue, Svelte and Astro), and defined in CSS files.
  • Components used in HTML-ish files and defined in other HTML-ish.
  • Variables used in HTML-ish files and defined in the same file or imported from another module (JavaScript or HTML-ish).

• #​10070 bae0710 Thanks @​Conaclos! - Added the :STYLE: group matcher for organizeImports that matches style imports.

  For example, the following configuration...

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": {
              "groups": ["**", "!:STYLE:"],
              "sortBareImports": true
            }
          }
        }
      }
    }
  }

  ...places style imports last:

  - import "./style.css"
    import A from "./a.js"
  + import "./style.css"

• #​9170 e3107de Thanks @​mdrobny! - Added bundleDependencies option to NoUndeclaredDependencies rule.

  This rule now supports imports of packages that are defined only in bundleDependencies and bundledDependencies arrays.

• #​9547 01f8473 Thanks @​mujpao! - Added new assist rule useSortedAttributes for HTML, porting the existing JSX rule. This rule enforces sorted HTML attributes.

  Invalid

  <input type="text" id="name" name="name" />

• #​9366 2ca1117 Thanks @​dyc3! - Added the html.parser.vue configuration option. When enabled, it adds support for the parsing of Vue in .html files. Most Vue users don't need to enable this option since Vue files typically use the .vue extension, but it can be useful for projects that embed Vue syntax in regular HTML files.

• #​9073 74b20ee Thanks @​chocky335! - Added support for applying GritQL plugin rewrites as code actions. GritQL plugins that use the rewrite operator (=>) now produce fixable diagnostics for JavaScript, CSS, and JSON files. By default, plugin rewrites are treated as unsafe fixes and require --write --unsafe to apply. Plugin authors can pass fix_kind = "safe" to register_diagnostic() to mark a fix as safe, allowing it to be applied with just --write.

  Example plugin (useConsoleInfo.grit):

  language js
  
  `console.log($msg)` as $call where {
      register_diagnostic(span = $call, message = "Use console.info instead of console.log.", severity = "warn", fix_kind = "safe"),
      $call => `console.info($msg)`
  }
  

  Running biome check --write applies safe rewrites. Unsafe rewrites (the default, or fix_kind = "unsafe") still require --write --unsafe.

• #​9384 f4c9edc Thanks @​Conaclos! - Added the sortBareImports option to organizeImports,
  which allows bare imports to be sorted within other imports when set to false.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": { "sortBareImports": true }
          }
        }
      }
    }
  }

  - import "b";
    import "a";
  + import "b";
    import { A } from "a";
  + import "./file";
    import { Local } from "./file";
  - import "./file";

• #​8731 e7872bf Thanks @​siketyan! - Added the watch mode (--watch) to the CLI for check/format/lint commands. By enabling this option, Biome will re-run the check automatically when any file in the workspace has changed after the first run.

• #​10106 9b35f78 Thanks @​ematipico! - Biome can now format and lint .svg files.

• #​9967 e9b6c17 Thanks @​dyc3! - Added HTML support for noExcessiveLinesPerFile. Biome now reports HTML files that exceed the configured line limit, including when skipBlankLines is enabled.

• #​9491 b3eb63c Thanks @​IxxyDev! - Added the HTML lint rule noAriaUnsupportedElements. This rule enforces that elements that do not support ARIA roles, states, and properties (meta, html, script, style) do not have role or aria-* attributes.

  <!-- Invalid: meta does not support aria attributes -->
  <meta charset="UTF-8" role="meta" />

• #​9306 afd57a6 Thanks @​viraxslot! - Added the noNoninteractiveTabindex lint rule for HTML. This rule enforces that tabindex is not used on non-interactive elements, as it can cause usability issues for keyboard users.

  <div tabindex="0">Invalid: non-interactive element</div>
  `

• #​9276 6d041d9 Thanks @​IxxyDev! - Added the HTML lint rule noRedundantRoles. This rule enforces that explicit role attributes are not the same as the implicit/default role of an HTML element. It supports HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: role="button" is redundant on <button> -->
  <button role="button"></button>

• #​9813 69aadc2 Thanks @​ematipico! - Added a new linter configuration called preset. With the new option, users can enable different kinds of rules at once.

  The following presets are available:

  • "recommended": it enables all Biome-recommended rules, or recommended rules of a group;
  • "all": it enables all Biome rules, or enables all rules of a group;
  • "none": it disables all Biome rules, or disable all rules of a group.

  You can enable recommended rules:

  {
    "linter": {
      "rules": {
        "preset": "recommended"
      }
    }
  }

  You can enable all rules at once:

  {
    linter: {
      rules: {
        preset: "all", // enables all rules
      },
    },
  }

  Or enable all rules for a group:

  {
    linter: {
      rules: {
        style: {
          preset: "all", // enables all rules in the style group
        },
      },
    },
  }

  This new option, however, doesn't affect how nursery rules work. Nursery rules must be enabled singularly, due to their nature.

  This new option is meant to replace recommended, so make sure to run the migrate command.

• #​10022 3422d71 Thanks @​Netail! - Added the HTML lint rule noNoninteractiveElementToInteractiveRole, which enforces that interactive ARIA roles are not assigned to non-interactive HTML elements.

  Invalid:

  <h1 role="checkbox"></h1>

• #​8396 13785fc Thanks @​apple-yagi! - Biome now supports pnpm catalogs (default and named) when resolving dependencies for linting. This behavior is opt-in and requires setting javascript.resolver.experimentalPnpmCatalogs to true.

• #​10028 1009414 Thanks @​Netail! - Added the HTML lint rule noInteractiveElementToNoninteractiveRole, which enforces that non-interactive ARIA roles are not assigned to interactive HTML elements.

  Invalid:

  <input role="img" />

• #​9853 816302f Thanks @​Netail! - Added the new assist action useSortedSelectionSet, which sorts GraphQL selection sets alphabetically, e.g. name, age, id becomes age, id, name.

  Invalid:

  query {
    name
    age
    id
  }

• #​10074 9c7c6eb Thanks @​georgephillips! - Added a kind field to the ImportMatcher used by the organizeImports assist action. The new field selects imports by their syntactic kind and currently supports bare (matching side-effect imports such as import "polyfill") with optional ! negation (!bare). The matcher composes with the existing type and source fields, so users can express patterns such as "only bare imports that import a CSS file" ({ "kind": "bare", "source": "**/*.css" }).

  For example, with the following configuration:

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": {
              "sortBareImports": true,
              "groups": [
                { "kind": "!bare" },
                ":BLANK_LINE:",
                { "kind": "bare" }
              ]
            }
          }
        }
      }
    }
  }

  ...the following code:

  import "./register-my-component";
  import { render } from "react-dom";
  import "./polyfill";
  import { Button } from "@​/components/Button";

  ...is organized as:

  import { render } from "react-dom";
  import { Button } from "@​/components/Button";
  
  import "./polyfill";
  import "./register-my-component";

• #​9171 ce65710 Thanks @​chocky335! - Added includes option for plugin file scoping. Plugins can now be configured with glob patterns to restrict which files they run on. Use negated globs for exclusions.

  {
    "plugins": [
      "global-plugin.grit",
      {
        "path": "scoped-plugin.grit",
        "includes": ["src/**/*.ts", "!**/*.test.ts"]
      }
    ]
  }

• #​9617 dcb99ef Thanks @​faizkhairi! - Ported useAriaActivedescendantWithTabindex a11y rule to HTML.

• #​9496 1dfb829 Thanks @​aviraldua93! - Added HTML support for the noAriaHiddenOnFocusable accessibility lint rule, which enforces that aria-hidden="true" is not set on focusable elements. Focusable elements include native interactive elements (<button>, <input>, <select>, <textarea>), elements with href (<a>, <area>), elements with tabindex >= 0, and editing hosts (contenteditable). Includes an unsafe fix to remove the aria-hidden attribute.

  <!-- Invalid: aria-hidden on a focusable element -->
  <button aria-hidden="true">Submit</button>
  
  <!-- Valid: aria-hidden on a non-focusable element -->
  <div aria-hidden="true">decorative content</div>

• #​9792 f516854 Thanks @​Maximiliano-Zeballos! - Added the useSemanticElements lint rule for HTML. The rule now detects the use of role attributes in HTML elements and suggests using semantic elements instead.

  For example, the following code is now flagged:

  <div role="navigation"></div>

  The rule suggests using <nav> instead.

• #​9761 cbbb7d5 Thanks @​Maximiliano-Zeballos! - Ported the useValidAriaProps lint rule to HTML. This rule checks that all aria-* attributes used in HTML elements are valid ARIA attributes as defined by the WAI-ARIA specification.

• #​9928 aa82576 Thanks @​aviraldua93! - Ported useValidAriaValues to HTML. Biome now validates static aria-* attribute values in HTML elements against WAI-ARIA types, catching invalid values such as aria-hidden="yes".

• #​10562 6642895 Thanks @​ematipico! - Promoted 73 nursery rules to stable groups.

  Four rules were renamed as part of the promotion:

  • noFloatingClasses is now noUnusedInstantiation, because the rule checks any discarded new expression, not only classes.
  • noMultiStr is now noMultilineString.
  • useFind is now useArrayFind.
  • useSpread is now useSpreadOverApply, because the rule enforces spread call arguments over Function.apply(), not array or object spread.

Correctness

Promoted the following rules to the correctness group:

• noBeforeInteractiveScriptOutsideDocument
• noUnusedInstantiation
• useInlineScriptId (recommended, Next.js domain)
• noVueVIfWithVFor (recommended, Vue domain)
• useVueValidVBind (recommended, Vue domain)
• useVueValidVElse (recommended, Vue domain)
• useVueValidVElseIf (recommended, Vue domain)
• useVueValidVHtml (recommended, Vue domain)
• useVueValidVIf (recommended, Vue domain)
• useVueValidVOn (recommended, Vue domain)
• useVueValidVText (recommended, Vue domain)
• useVueValidTemplateRoot (recommended, Vue domain)
• useVueValidVCloak (recommended, Vue domain)
• useVueValidVOnce (recommended, Vue domain)
• useVueValidVPre (recommended, Vue domain)
• useVueVForKey (recommended, Vue domain)
• noDuplicateAttributes (recommended)
• noDuplicateArgumentNames (recommended)
• noDuplicateInputFieldNames (recommended)
• noDuplicateVariableNames (recommended)
• noDuplicateEnumValueNames (recommended)
• useLoneAnonymousOperation (recommended)

Suspicious

Promoted the following rules to the suspicious group:

• noShadow
• noUnnecessaryConditions
• noParametersOnlyUsedInRecursion
• noUnknownAttribute
• useArraySortCompare
• noForIn
• noDuplicatedSpreadProps
• noEqualsToNull
• noProto (recommended)
• noUndeclaredEnvVars (recommended, Turborepo domain)
• noReturnAssign (default severity: error)
• noDuplicateEnumValues (recommended)
• noVueArrowFuncInWatch (recommended, Vue domain)
• noNestedPromises
• noLeakedRender
• noDeprecatedMediaType (recommended)
• noDuplicateGraphqlOperationName
• useRequiredScripts

Style

Promoted the following rules to the style group:

• useVueMultiWordComponentNames (recommended, Vue domain)
• useVueDefineMacrosOrder
• noIncrementDecrement
• noContinue
• useSpreadOverApply
• noTernary
• noMultilineString
• noMultiAssign
• noExcessiveClassesPerFile
• noExcessiveLinesPerFile
• noVueOptionsApi
• useErrorCause
• useConsistentEnumValueType
• useConsistentMethodSignatures
• useGlobalThis (default severity: warn)
• useDestructuring
• useVueHyphenatedAttributes (recommended, Vue domain)
• useVueConsistentVBindStyle (recommended, Vue domain)
• useVueConsistentVOnStyle (recommended, Vue domain)
• noHexColors
• useConsistentGraphqlDescriptions
• noRootType
• useLoneExecutableDefinition
• useInputName

Complexity

Promoted the following rules to the complexity group:

• useArrayFind
• noRedundantDefaultExport (default severity: warn)
• noUselessReturn
• noDivRegex

Performance

Promoted the following rules to the performance group:

• noSyncScripts
• noJsxPropsBind
• useVueVapor

Security

Promoted the following rules to the security group:

• noScriptUrl (recommended)

A11y

Promoted the following rules to the a11y group:

• noAmbiguousAnchorText (recommended)

• #​10121 450f8e1 Thanks @​jongwan56! - Biome now applies Git's local exclude file when VCS ignore files are enabled. Files listed in .git/info/exclude are skipped the same way as files listed in .gitignore, including in linked worktrees.

• #​9397 d5913c9 Thanks @​mvarendorff! - Added ignore option to the noUnusedVariables rule. The option allows excluding identifiers by providing a list of ignored names. It also allows excluding kinds of identifiers from this rule entirely, which may be useful when loading classes dynamically.

  For example, unused classes as well as all unused variables, functions, etc. called "unused" may be ignored entirely with the following configuration:

  {
    "ignore": {
      "*": ["unused"],
      "class": ["*"]
    }
  }

• #​10089 71a21f0 Thanks @​Netail! - Added the lint rule noLabelWithoutControl to HTML, which enforces that a label element or component has a text label and an associated input.

  <label></label>

• #​10015 1828261 Thanks @​Netail! - Added the HTML lint rule useAriaPropsSupportedByRole, which enforces that ARIA properties are valid for the roles that are supported by the element.

  <a href="#" aria-checked></a>

• #​10234 1a51569 Thanks @​ematipico! - Added the delimiterSpacing formatter option. This option inserts spaces inside delimiters (after the opening delimiter and before the closing delimiter) when the content fits on a single line. Empty delimiters are not affected, and no space is added before the opening delimiter. The specific delimiters affected depend on the language. It can be configured globally via formatter.delimiterSpacing or per-language via javascript.formatter.delimiterSpacing, json.formatter.delimiterSpacing, and css.formatter.delimiterSpacing. Defaults to false.

  - callFn(foo)
  + callFn( foo )

  - const arr = [1, 2, 3];
  + const arr = [ 1, 2, 3 ];

  JavaScript

  When enabled, Biome inserts space

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR updates CI action pins (pnpm setup, softprops release, artifact upload) and bumps pnpm plus multiple dependency/devDependency versions in the root and packages/app package.json files.

Changes

Dependency and Tool Version Upgrades

Layer / File(s)	Summary
GitHub Actions version updates .github/actions/setup/action.yml, .github/workflows/release.yml, .github/workflows/snapshot.yml	pnpm/action-setup upgraded from @v3 → @v6; softprops/action-gh-release @v2 → @v3; actions/upload-artifact @v6 → @v7.
Root package.json: pnpm and Changesets updates package.json	packageManager set to pnpm@11.1.2. Changesets dev dependencies bumped: @changesets/changelog-github, @changesets/cli.
App package.json: dependencies and devDependencies updates packages/app/package.json	packageManager set to pnpm@11.1.2. Multiple dependencies (@effect/*, effect, ts-morph, typescript) and devDependencies (Biome, @effect/vitest, ESLint ecosystem, globals, jscpd, vite, vitest) had version bumps.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• Dependency Dashboard effect-eslint-template#6: Renovate-style updates that include the same pnpm/action-setup and package bumps.
• Dependency Dashboard openapi-effect#1: Overlapping dependency and GitHub Actions version upgrades matching these changes.
• Dependency Dashboard context-doc#5: Updates the same workflow pins and manifest versions (pnpm, Changesets).
• Dependency Dashboard #2: Related Renovate-style action and package.json version changes.
• Dependency Dashboard eslint-plugin-suggest-members#2: Similar action pins and package manifest version bumps.
• Dependency Dashboard effect-template#10: Matches the same set of action and dependency upgrades present here.

Poem

🐰 A tiny hop, a tidy patch,
Pins refreshed and versions matched.
pnpm steps up, the actions sing,
Manifests hum a brighter ring.
The rabbit cheers: new builds take wing.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(deps): update all dependencies' accurately describes the main change in the PR, which is updating all project dependencies across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description clearly details the dependency updates being made, with a comprehensive table listing all updated packages, versions, and change types.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/all

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Line 159: The workflow now uses softprops/action-gh-release@v3 which requires
the Actions Node 24 runtime; verify our GitHub-hosted or self‑hosted runners
support Node 24 before merging, and if they do not, change the reference in the
release job from softprops/action-gh-release@v3 to the last Node‑20 compatible
tag softprops/action-gh-release@v2.6.2 (or update/self‑provision runners to Node
24), ensuring the uses entry is updated accordingly in the
.github/workflows/release.yml release job.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 5eafae47-4c8c-433f-ac59-694a68b130b3

📥 Commits

Reviewing files that changed from the base of the PR and between b434f0e and ba8d10c.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/actions/setup/action.yml
• .github/workflows/release.yml
• .github/workflows/snapshot.yml
• package.json
• packages/app/package.json

✅ Files skipped from review due to trivial changes (1)

• .github/actions/setup/action.yml

🚧 Files skipped from review as they are similar to previous changes (3)

• package.json
• .github/workflows/snapshot.yml
• packages/app/package.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify softprops/action-gh-release@v3 exists and check for breaking changes

# Check if v3 tag/release exists
echo "=== Checking if v3 exists ==="
gh api repos/softprops/action-gh-release/git/refs/tags/v3 --jq '.ref' 2>/dev/null || echo "v3 tag not found"

# Get latest releases to compare
echo -e "\n=== Latest releases ==="
gh api repos/softprops/action-gh-release/releases --jq '.[:5] | .[] | "Tag: \(.tag_name), Published: \(.published_at)"'

# Check for v3 release notes
echo -e "\n=== v3 Release notes ==="
gh api repos/softprops/action-gh-release/releases --jq '.[] | select(.tag_name | startswith("v3")) | {tag_name, body} | .tag_name + "\n" + .body' | head -100

Repository: ProverCoderAI/dist-deps-prune

Length of output: 932

---

Verify GitHub-hosted runner supports Node 24 before merging.

The upgrade from softprops/action-gh-release@v2 to v3 is confirmed to exist, but introduces a breaking change: the action runtime migrates from Node 20 to Node 24. Ensure that all runner environments (GitHub-hosted or self-hosted) support the Node 24 Actions runtime. If Node 24 support is not available, the action will fail. The last Node 20-compatible version is v2.6.2.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release.yml at line 159, The workflow now uses
softprops/action-gh-release@v3 which requires the Actions Node 24 runtime;
verify our GitHub-hosted or self‑hosted runners support Node 24 before merging,
and if they do not, change the reference in the release job from
softprops/action-gh-release@v3 to the last Node‑20 compatible tag
softprops/action-gh-release@v2.6.2 (or update/self‑provision runners to Node
24), ensuring the uses entry is updated accordingly in the
.github/workflows/release.yml release job.