fix(deps): update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@biomejs/biome (source)	^2.4.2 → ^2.5.0			devDependencies	minor
@changesets/changelog-github (source)	^0.5.2 → ^0.7.0			devDependencies	minor
@changesets/cli (source)	^2.29.8 → ^2.31.0			devDependencies	minor
@effect/cli (source)	^0.73.2 → ^0.75.2			dependencies	minor
@effect/cluster (source)	^0.56.4 → ^0.59.0			dependencies	minor
@effect/experimental (source)	^0.58.0 → ^0.60.0			dependencies	minor
@effect/platform (source)	^0.94.5 → ^0.96.1			dependencies	minor
@effect/platform-node (source)	^0.104.1 → ^0.107.0			dependencies	minor
@effect/printer (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/printer-ansi (source)	^0.47.0 → ^0.49.0			dependencies	minor
@effect/rpc (source)	^0.73.2 → ^0.75.1			dependencies	minor
@effect/sql (source)	^0.49.0 → ^0.51.1			dependencies	minor
@effect/typeclass (source)	^0.38.0 → ^0.40.0			dependencies	minor
@effect/vitest (source)	^0.27.0 → ^0.29.0			devDependencies	minor
@effect/workflow (source)	^0.16.0 → ^0.18.2			dependencies	minor
@eslint-community/eslint-plugin-eslint-comments	^4.6.0 → ^4.7.2			devDependencies	minor
@eslint/compat (source)	2.0.2 → 2.1.0			devDependencies	minor
@eslint/eslintrc	3.3.3 → 3.3.5			devDependencies	patch
@​prover-coder-ai/eslint-plugin-suggest-members	^0.0.25 → ^0.0.26			devDependencies	patch
@types/node (source)	^25.3.0 → ^25.9.3			devDependencies	minor
@typescript-eslint/eslint-plugin (source)	^8.56.0 → ^8.61.1			devDependencies	minor
@typescript-eslint/parser (source)	^8.56.0 → ^8.61.1			devDependencies	minor
@typescript-eslint/rule-tester (source)	8.56.0 → 8.61.1			devDependencies	minor
@typescript-eslint/utils (source)	8.56.0 → 8.61.1			dependencies	minor
@vitest/coverage-v8 (source)	^4.0.18 → ^4.1.9			devDependencies	minor
@vitest/eslint-plugin	^1.6.9 → ^1.6.20			devDependencies	patch
effect (source)	^3.19.18 → ^3.21.3			dependencies	minor
eslint (source)	^10.0.0 → ^10.5.0			peerDependencies	minor
eslint (source)	^10.0.0 → ^10.5.0			devDependencies	minor
eslint-doc-generator	^3.1.0 → ^3.6.0			devDependencies	minor
eslint-import-resolver-typescript	^4.4.4 → ^4.4.5			devDependencies	patch
eslint-plugin-eslint-plugin	^7.3.1 → ^7.4.0			devDependencies	minor
eslint-plugin-simple-import-sort	^12.1.1 → ^13.0.0			devDependencies	major
eslint-plugin-sonarjs (source)	^4.0.0 → ^4.0.3			devDependencies	patch
eslint-plugin-unicorn	^63.0.0 → ^67.0.0			devDependencies	major
globals	^17.3.0 → ^17.6.0			devDependencies	minor
jscpd (source)	^4.0.8 → ^5.0.9			devDependencies	major
node	24.13.1 → 24.16.0			uses-with	minor
pnpm (source)	10.30.0 → 11.7.0			packageManager	major
pnpm/action-setup	v4 → v6			action	major
pnpm/action-setup	v3 → v6			action	major
ts-morph	^27.0.2 → ^28.0.0			dependencies	major
typescript (source)	^5.9.3 → ^6.0.3			peerDependencies	major
typescript (source)	^5.9.3 → ^6.0.3			devDependencies	major
typescript-eslint (source)	^8.56.0 → ^8.61.1			devDependencies	minor
vite (source)	^7.3.1 → ^8.0.16			devDependencies	major
vitest (source)	^4.0.18 → ^4.1.9			devDependencies	minor

cc @skulidropek

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.5.0

Compare Source

Minor Changes

• #​9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

  ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
  ! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
  × index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
  × main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.
  

• #​9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

  Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

  <!-- Invalid: no keyboard handler -->
  <div onclick="handleClick()">Click me</div>
  
  <!-- Valid: has keyboard handler -->
  <div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
  
  <!-- Valid: inherently keyboard-accessible -->
  <button onclick="handleClick()">Submit</button>

• #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

  <!-- .typo is used but never defined -->
  <html>
    <head>
      <style>
        .button {
          color: blue;
        }
      </style>
    </head>
    <body>
      <div class="button typo"></div>
    </body>
  </html>

• #​9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

  /* styles.css — .ghost is never used in any importing file */
  .button {
    color: blue;
  }
  .ghost {
    color: red;
  }

  /* App.jsx */
  import "./styles.css";
  export default () => <div className="button" />;

• #​9546 6567efa Thanks @​nhedger! - Added a biome upgrade command for standalone installations. It upgrades Homebrew installs with brew upgrade biome, updates manually installed binaries from the latest GitHub release, and tells npm users to upgrade with their package manager instead.

• #​9716 701767a Thanks @​faizkhairi! - Added the HTML version of the useHeadingContent rule. The rule now enforces that heading elements (h1-h6) have content accessible to screen readers in HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: empty heading -->
  <h1></h1>
  
  <!-- Invalid: heading hidden from screen readers -->
  <h1 aria-hidden="true">invisible content</h1>
  
  <!-- Valid: heading with text content -->
  <h1>heading</h1>
  
  <!-- Valid: heading with accessible name -->
  <h1 aria-label="Screen reader content"></h1>

• #​9582 f437ef8 Thanks @​rahuld109! - Added the HTML version of the useKeyWithMouseEvents rule. The rule now enforces that onmouseover is accompanied by onfocus and onmouseout is accompanied by onblur in HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: onmouseover without onfocus -->
  <div onmouseover="handleMouseOver()"></div>
  
  <!-- Valid: onmouseover paired with onfocus -->
  <div onmouseover="handleMouseOver()" onfocus="handleFocus()"></div>

• #​9275 1fdbcee Thanks @​ff1451! - Added the new assist action useSortedTypeFields, which sorts the fields of GraphQL object types, interface types and input object types alphabetically, e.g. name, age, id becomes age, id, name.

• #​10561 78075b7 Thanks @​Conaclos! - Added a new style option to useExportType,
  which enforces a style for exporting types.
  This is the same option as the one provided by useImportType.

• #​8987 d16e32b Thanks @​DerTimonius! - Ported the useValidAnchor rule to HTML. This rule enforces that all anchors are valid and that they are navigable elements.

• #​9533 4d251d4 Thanks @​ematipico! - The init command now prints the Biome logo.

• #​10069 0eb9310 Thanks @​Netail! - Added the HTML lint rule noStaticElementInteractions, which enforces that static, visible elements (such as <div>) that have click handlers use the valid role attribute.

  Invalid:

  <div onclick="myFunction()"></div>

• #​9134 2a43488 Thanks @​ematipico! - Added the assist action useSortedPackageJson.

  This action organizes package.json fields according to the same conventions as the popular sort-package-json tool.

• #​9309 7daa18b Thanks @​Bertie690! - The allowDoubleNegation option has been added to noImplicitCoercions to allow ignoring double negations inside code.

  With the option enabled, the following example is considered valid and is ignored by the rule:

  const truthy = !!value;

• #​9700 894f3fb Thanks @​ematipico! - The Biome Language server now supports the "go-to definition" feature.

  When the cursor of the mouse is hovering an entity (variable, CSS class, type, etc.), and the command CTRL + click is triggered, the editor jumps to where this entity is defined, if the language server can find it.

  Here's what Biome is able to resolve:

  • Variables and types used in JavaScript modules, defined in the same file or imported from another module.
  • JSX Components used in JavaScript modules, defined in the same file or imported from another module.
  • CSS classes used in JSX and HTML-ish files (Vue, Svelte and Astro), and defined in CSS files.
  • Components used in HTML-ish files and defined in other HTML-ish.
  • Variables used in HTML-ish files and defined in the same file or imported from another module (JavaScript or HTML-ish).

• #​10070 bae0710 Thanks @​Conaclos! - Added the :STYLE: group matcher for organizeImports that matches style imports.

  For example, the following configuration...

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": {
              "groups": ["**", "!:STYLE:"],
              "sortBareImports": true
            }
          }
        }
      }
    }
  }

  ...places style imports last:

  - import "./style.css"
    import A from "./a.js"
  + import "./style.css"

• #​9170 e3107de Thanks @​mdrobny! - Added bundleDependencies option to NoUndeclaredDependencies rule.

  This rule now supports imports of packages that are defined only in bundleDependencies and bundledDependencies arrays.

• #​9547 01f8473 Thanks @​mujpao! - Added new assist rule useSortedAttributes for HTML, porting the existing JSX rule. This rule enforces sorted HTML attributes.

  Invalid

  <input type="text" id="name" name="name" />

• #​9366 2ca1117 Thanks @​dyc3! - Added the html.parser.vue configuration option. When enabled, it adds support for the parsing of Vue in .html files. Most Vue users don't need to enable this option since Vue files typically use the .vue extension, but it can be useful for projects that embed Vue syntax in regular HTML files.

• #​9073 74b20ee Thanks @​chocky335! - Added support for applying GritQL plugin rewrites as code actions. GritQL plugins that use the rewrite operator (=>) now produce fixable diagnostics for JavaScript, CSS, and JSON files. By default, plugin rewrites are treated as unsafe fixes and require --write --unsafe to apply. Plugin authors can pass fix_kind = "safe" to register_diagnostic() to mark a fix as safe, allowing it to be applied with just --write.

  Example plugin (useConsoleInfo.grit):

  language js
  
  `console.log($msg)` as $call where {
      register_diagnostic(span = $call, message = "Use console.info instead of console.log.", severity = "warn", fix_kind = "safe"),
      $call => `console.info($msg)`
  }
  

  Running biome check --write applies safe rewrites. Unsafe rewrites (the default, or fix_kind = "unsafe") still require --write --unsafe.

• #​9384 f4c9edc Thanks @​Conaclos! - Added the sortBareImports option to organizeImports,
  which allows bare imports to be sorted within other imports when set to false.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": { "sortBareImports": true }
          }
        }
      }
    }
  }

  - import "b";
    import "a";
  + import "b";
    import { A } from "a";
  + import "./file";
    import { Local } from "./file";
  - import "./file";

• #​8731 e7872bf Thanks @​siketyan! - Added the watch mode (--watch) to the CLI for check/format/lint commands. By enabling this option, Biome will re-run the check automatically when any file in the workspace has changed after the first run.

• #​10106 9b35f78 Thanks @​ematipico! - Biome can now format and lint .svg files.

• #​9967 e9b6c17 Thanks @​dyc3! - Added HTML support for noExcessiveLinesPerFile. Biome now reports HTML files that exceed the configured line limit, including when skipBlankLines is enabled.

• #​9491 b3eb63c Thanks @​IxxyDev! - Added the HTML lint rule noAriaUnsupportedElements. This rule enforces that elements that do not support ARIA roles, states, and properties (meta, html, script, style) do not have role or aria-* attributes.

  <!-- Invalid: meta does not support aria attributes -->
  <meta charset="UTF-8" role="meta" />

• #​9306 afd57a6 Thanks @​viraxslot! - Added the noNoninteractiveTabindex lint rule for HTML. This rule enforces that tabindex is not used on non-interactive elements, as it can cause usability issues for keyboard users.

  <div tabindex="0">Invalid: non-interactive element</div>
  `

• #​9276 6d041d9 Thanks @​IxxyDev! - Added the HTML lint rule noRedundantRoles. This rule enforces that explicit role attributes are not the same as the implicit/default role of an HTML element. It supports HTML, Vue, Svelte, and Astro files.

  <!-- Invalid: role="button" is redundant on <button> -->
  <button role="button"></button>

• #​9813 69aadc2 Thanks @​ematipico! - Added a new linter configuration called preset. With the new option, users can enable different kinds of rules at once.

  The following presets are available:

  • "recommended": it enables all Biome-recommended rules, or recommended rules of a group;
  • "all": it enables all Biome rules, or enables all rules of a group;
  • "none": it disables all Biome rules, or disable all rules of a group.

  You can enable recommended rules:

  {
    "linter": {
      "rules": {
        "preset": "recommended"
      }
    }
  }

  You can enable all rules at once:

  {
    linter: {
      rules: {
        preset: "all", // enables all rules
      },
    },
  }

  Or enable all rules for a group:

  {
    linter: {
      rules: {
        style: {
          preset: "all", // enables all rules in the style group
        },
      },
    },
  }

  This new option, however, doesn't affect how nursery rules work. Nursery rules must be enabled singularly, due to their nature.

  This new option is meant to replace recommended, so make sure to run the migrate command.

• #​10022 3422d71 Thanks @​Netail! - Added the HTML lint rule noNoninteractiveElementToInteractiveRole, which enforces that interactive ARIA roles are not assigned to non-interactive HTML elements.

  Invalid:

  <h1 role="checkbox"></h1>

• #​8396 13785fc Thanks @​apple-yagi! - Biome now supports pnpm catalogs (default and named) when resolving dependencies for linting. This behavior is opt-in and requires setting javascript.resolver.experimentalPnpmCatalogs to true.

• #​10028 1009414 Thanks @​Netail! - Added the HTML lint rule noInteractiveElementToNoninteractiveRole, which enforces that non-interactive ARIA roles are not assigned to interactive HTML elements.

  Invalid:

  <input role="img" />

• #​9853 816302f Thanks @​Netail! - Added the new assist action useSortedSelectionSet, which sorts GraphQL selection sets alphabetically, e.g. name, age, id becomes age, id, name.

  Invalid:

  query {
    name
    age
    id
  }

• #​10074 9c7c6eb Thanks @​georgephillips! - Added a kind field to the ImportMatcher used by the organizeImports assist action. The new field selects imports by their syntactic kind and currently supports bare (matching side-effect imports such as import "polyfill") with optional ! negation (!bare). The matcher composes with the existing type and source fields, so users can express patterns such as "only bare imports that import a CSS file" ({ "kind": "bare", "source": "**/*.css" }).

  For example, with the following configuration:

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": {
            "level": "on",
            "options": {
              "sortBareImports": true,
              "groups": [
                { "kind": "!bare" },
                ":BLANK_LINE:",
                { "kind": "bare" }
              ]
            }
          }
        }
      }
    }
  }

  ...the following code:

  import "./register-my-component";
  import { render } from "react-dom";
  import "./polyfill";
  import { Button } from "@​/components/Button";

  ...is organized as:

  import { render } from "react-dom";
  import { Button } from "@​/components/Button";
  
  import "./polyfill";
  import "./register-my-component";

• #​9171 ce65710 Thanks @​chocky335! - Added includes option for plugin file scoping. Plugins can now be configured with glob patterns to restrict which files they run on. Use negated globs for exclusions.

  {
    "plugins": [
      "global-plugin.grit",
      {
        "path": "scoped-plugin.grit",
        "includes": ["src/**/*.ts", "!**/*.test.ts"]
      }
    ]
  }

• #​9617 dcb99ef Thanks @​faizkhairi! - Ported useAriaActivedescendantWithTabindex a11y rule to HTML.

• #​9496 1dfb829 Thanks @​aviraldua93! - Added HTML support for the noAriaHiddenOnFocusable accessibility lint rule, which enforces that aria-hidden="true" is not set on focusable elements. Focusable elements include native interactive elements (<button>, <input>, <select>, <textarea>), elements with href (<a>, <area>), elements with tabindex >= 0, and editing hosts (contenteditable). Includes an unsafe fix to remove the aria-hidden attribute.

  <!-- Invalid: aria-hidden on a focusable element -->
  <button aria-hidden="true">Submit</button>
  
  <!-- Valid: aria-hidden on a non-focusable element -->
  <div aria-hidden="true">decorative content</div>

• #​9792 f516854 Thanks @​Maximiliano-Zeballos! - Added the useSemanticElements lint rule for HTML. The rule now detects the use of role attributes in HTML elements and suggests using semantic elements instead.

  For example, the following code is now flagged:

  <div role="navigation"></div>

  The rule suggests using <nav> instead.

• #​9761 cbbb7d5 Thanks @​Maximiliano-Zeballos! - Ported the useValidAriaProps lint rule to HTML. This rule checks that all aria-* attributes used in HTML elements are valid ARIA attributes as defined by the WAI-ARIA specification.

• #​9928 aa82576 Thanks @​aviraldua93! - Ported useValidAriaValues to HTML. Biome now validates static aria-* attribute values in HTML elements against WAI-ARIA types, catching invalid values such as aria-hidden="yes".

• #​10562 6642895 Thanks @​ematipico! - Promoted 73 nursery rules to stable groups.

  Four rules were renamed as part of the promotion:

  • noFloatingClasses is now noUnusedInstantiation, because the rule checks any discarded new expression, not only classes.
  • noMultiStr is now noMultilineString.
  • useFind is now useArrayFind.
  • useSpread is now useSpreadOverApply, because the rule enforces spread call arguments over Function.apply(), not array or object spread.

Correctness

Promoted the following rules to the correctness group:

• noBeforeInteractiveScriptOutsideDocument
• noUnusedInstantiation
• useInlineScriptId (recommended, Next.js domain)
• noVueVIfWithVFor (recommended, Vue domain)
• useVueValidVBind (recommended, Vue domain)
• useVueValidVElse (recommended, Vue domain)
• useVueValidVElseIf (recommended, Vue domain)
• useVueValidVHtml (recommended, Vue domain)
• useVueValidVIf (recommended, Vue domain)
• useVueValidVOn (recommended, Vue domain)
• useVueValidVText (recommended, Vue domain)
• useVueValidTemplateRoot (recommended, Vue domain)
• useVueValidVCloak (recommended, Vue domain)
• useVueValidVOnce (recommended, Vue domain)
• useVueValidVPre (recommended, Vue domain)
• useVueVForKey (recommended, Vue domain)
• noDuplicateAttributes (recommended)
• noDuplicateArgumentNames (recommended)
• noDuplicateInputFieldNames (recommended)
• noDuplicateVariableNames (recommended)
• noDuplicateEnumValueNames (recommended)
• useLoneAnonymousOperation (recommended)

Suspicious

Promoted the following rules to the suspicious group:

• noShadow
• noUnnecessaryConditions
• noParametersOnlyUsedInRecursion
• noUnknownAttribute
• useArraySortCompare
• noForIn
• noDuplicatedSpreadProps
• noEqualsToNull
• noProto (recommended)
• noUndeclaredEnvVars (recommended, Turborepo domain)
• noReturnAssign (default severity: error)
• noDuplicateEnumValues (recommended)
• noVueArrowFuncInWatch (recommended, Vue domain)
• noNestedPromises
• noLeakedRender
• noDeprecatedMediaType (recommended)
• noDuplicateGraphqlOperationName
• useRequiredScripts

Style

Promoted the following rules to the style group:

• useVueMultiWordComponentNames (recommended, Vue domain)
• useVueDefineMacrosOrder
• noIncrementDecrement
• noContinue
• useSpreadOverApply
• noTernary
• noMultilineString
• noMultiAssign
• noExcessiveClassesPerFile
• noExcessiveLinesPerFile
• noVueOptionsApi
• useErrorCause
• useConsistentEnumValueType
• useConsistentMethodSignatures
• useGlobalThis (default severity: warn)
• useDestructuring
• useVueHyphenatedAttributes (recommended, Vue domain)
• useVueConsistentVBindStyle (recommended, Vue domain)
• useVueConsistentVOnStyle (recommended, Vue domain)
• noHexColors
• useConsistentGraphqlDescriptions
• noRootType
• useLoneExecutableDefinition
• useInputName

Complexity

Promoted the following rules to the complexity group:

• useArrayFind
• noRedundantDefaultExport (default severity: warn)
• noUselessReturn
• noDivRegex

Performance

Promoted the following rules to the performance group:

• noSyncScripts
• noJsxPropsBind
• useVueVapor

Security

Promoted the following rules to the security group:

• noScriptUrl (recommended)

A11y

Promoted the following rules to the a11y group:

• noAmbiguousAnchorText (recommended)

• #​10121 450f8e1 Thanks @​jongwan56! - Biome now applies Git's local exclude file when VCS ignore files are enabled. Files listed in .git/info/exclude are skipped the same way as files listed in .gitignore, including in linked worktrees.

• #​9397 d5913c9 Thanks @​mvarendorff! - Added ignore option to the noUnusedVariables rule. The option allows excluding identifiers by providing a list of ignored names. It also allows excluding kinds of identifiers from this rule entirely, which may be useful when loading clas

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR upgrades pnpm/action-setup to v6 in GitHub Actions, bumps workspace and package pnpm to pnpm@11.1.2, updates Node.js in a workflow to 24.15.0, and refreshes Changesets, Effect ecosystem, and dev/tooling dependency ranges across package manifests.

Changes

Dependency Version Upgrades

Layer / File(s)	Summary
GitHub Actions toolchain setup .github/actions/setup/action.yml, .github/workflows/checking-dependencies.yml	pnpm/action-setup upgraded to v6 in the composite action and dependency-check workflow; actions/setup-node node-version bumped to 24.15.0.
Workspace pnpm and Changesets package.json	Root packageManager set to pnpm@11.1.2; @changesets/changelog-github and @changesets/cli devDependencies updated.
App package ecosystem and tooling packages/app/package.json	packageManager set to pnpm@11.1.2; runtime @effect/*, effect, and ts-morph bumped; many devDependencies for Biome, TypeScript, ESLint, Vite/Vitest, and coverage tooling updated.
ESLint template dependencies and peer constraints packages/eslint-template/package.json	Dependencies and devDependencies updated across @effect and ESLint/TypeScript ecosystems; peerDependencies raised for eslint and typescript.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Dependency Dashboard context-doc#5: Matches pnpm/action-setup and pnpm/package.json upgrades across workflows and manifests.
• Dependency Dashboard dist-deps-prune#2: Overlaps on pnpm and action setup version updates in CI and manifests.
• Dependency Dashboard eslint-plugin-suggest-members#2: Contains similar dependency/version bump changes for pnpm and tooling.
• Dependency Dashboard openapi-effect#1: Related Renovate-style updates to workflows and package manifests for pnpm and dev tooling.
• Dependency Dashboard effect-template#10: Previously tracked pnpm/action-setup and workspace pnpm version upgrades similar to this PR.
• Dependency Dashboard #6: Prior issue that recorded similar dependency and workflow action bumps.

Poem

🐰 I hop through package trees with cheer,
Bumping pnpm and toolkits near,
Node nudged forward, versions sing,
Workflows hum and actions spring,
A tiny rabbit crowns the cheer.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(deps): update all dependencies' accurately describes the primary change—a comprehensive dependency update across the entire project.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description clearly relates to the changeset, which updates multiple dependencies, package manager versions, CI actions, and tooling across the project.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/all

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/eslint-template/package.json`:
- Around line 55-56: Update the peer dependency range for TypeScript in
package.json so it aligns with the official `@typescript-eslint/parser` support
matrix: change the "typescript" peer dependency value (in
packages/eslint-template/package.json) to ">=4.8.4, <6.1.0" so TypeScript 5.x is
allowed and 6.1.0+ is excluded.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 7c81982e-6e8b-4579-99d6-c29e8ff2024f

📥 Commits

Reviewing files that changed from the base of the PR and between 659d5f6 and 2511306.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/actions/setup/action.yml
• .github/workflows/checking-dependencies.yml
• package.json
• packages/app/package.json
• packages/eslint-template/package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

What TypeScript versions are officially supported by @typescript-eslint/parser 8.59.3 (and the typescript-eslint 8.59.3 toolchain)?

💡 Result:

@typescript-eslint/parser 8.59.3 (and the typescript-eslint 8.59.3 toolchain) officially supports TypeScript in the version range >=4.8.4 and <6.1.0 (i.e., TypeScript 4.8.x through 6.0.x, but not 6.1+). [1][2][3] Notes: - typescript-eslint publishes the same version number across packages to coordinate releases, so the 8.59.3 toolchain refers to the 8.59.3 versions of related packages like the parser and typescript-estree. [4] - If you use a non-supported TypeScript version, the parser logs a warning (configurable via parserOptions). [3]

Citations:

• 1: https://npmx.dev/package/@typescript-eslint/parser/v/%5E8.59.0
• 2: https://typescript-eslint.io/users/dependency-versions/
• 3: https://github.com/typescript-eslint/typescript-eslint/blob/57f032c2e6a822c049177713778d0077ee138d9a/README.md
• 4: https://dev.to/jtorchia/typescript-70-beta-i-ran-it-against-my-real-codebase-heres-what-changed-and-what-didnt-1mba

---

Peer dependency range is incompatible with official TypeScript-ESLint support matrix.

Line 56 restricts peers to TypeScript 6.0.x, but @typescript-eslint/parser 8.59.3 officially supports TypeScript >=4.8.4 and <6.1.0. The current range excludes TypeScript 5.x (which is supported) and inadvertently allows 6.1.0+ (which is not supported). Use "typescript": ">=4.8.4, <6.1.0" to align with the official support matrix.

Suggested fix

-    "typescript": "^6.0.3"
+    "typescript": ">=4.8.4, <6.1.0"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"eslint": "^10.3.0",
	"typescript": "^6.0.3"
	"eslint": "^10.3.0",
	"typescript": ">=4.8.4, <6.1.0"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/eslint-template/package.json` around lines 55 - 56, Update the peer
dependency range for TypeScript in package.json so it aligns with the official
`@typescript-eslint/parser` support matrix: change the "typescript" peer
dependency value (in packages/eslint-template/package.json) to ">=4.8.4, <6.1.0"
so TypeScript 5.x is allowed and 6.1.0+ is excluded.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

packages/eslint-template/package.json (1)

55-56: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Peer dependency range is incompatible with official TypeScript-ESLint support matrix.

The typescript peer dependency "^6.0.3" excludes TypeScript 5.x (which is still officially supported by @typescript-eslint/parser 8.59.3) and allows TypeScript 6.1.0+ (which is not supported). This will prevent users on TypeScript 5.x from installing this package even though the underlying tooling supports it.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/eslint-template/package.json` around lines 55 - 56, The peer
dependency for TypeScript in package.json is too restrictive (currently
"typescript": "^6.0.3"); update the peerDependencies entry for "typescript" to
allow supported TS 5.x but exclude unsupported 6.1.0+ (for example change it to
a range like ">=5 <6.1.0") so users on TypeScript 5.x can install while
preventing incompatible 6.1+ versions; update the "typescript" peer dependency
value accordingly in package.json.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/eslint-template/package.json`:
- Line 17: The package bump to ts-morph@28.0.0 and vite@8.0.13 can surface
TypeScript 6.0-related defaults that break ESLint rule behavior and SSR builds;
run full test builds and SSR (dev/prod) for packages/eslint-template and any
projects using vite.config.ts, verify ESLint rule outputs (rules that use
ts-morph/TypeScript APIs), and confirm the repo's TypeScript version
(tsconfig.json / devDependencies) is pinned or adjusted; if problems appear,
either pin ts-morph/vite or explicitly set TypeScript compiler options in
tsconfig.json (e.g., strict, module, target, moduleResolution, types) to
previous values, and update vite.config.ts to address any
rollupOptions/esbuildOptions compatibility issues per the Vite 8 migration
guide.

---

Duplicate comments:
In `@packages/eslint-template/package.json`:
- Around line 55-56: The peer dependency for TypeScript in package.json is too
restrictive (currently "typescript": "^6.0.3"); update the peerDependencies
entry for "typescript" to allow supported TS 5.x but exclude unsupported 6.1.0+
(for example change it to a range like ">=5 <6.1.0") so users on TypeScript 5.x
can install while preventing incompatible 6.1+ versions; update the "typescript"
peer dependency value accordingly in package.json.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 5479e2ca-56cc-425c-93e8-fc91f82246f2

📥 Commits

Reviewing files that changed from the base of the PR and between 2511306 and 1380ae9.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/actions/setup/action.yml
• .github/workflows/checking-dependencies.yml
• package.json
• packages/app/package.json
• packages/eslint-template/package.json

✅ Files skipped from review due to trivial changes (3)

• .github/actions/setup/action.yml
• .github/workflows/checking-dependencies.yml
• package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/app/package.json