Bump the pnpm group across 1 directory with 15 updates

[dependabot]

Bumps the pnpm group with 15 updates in the / directory:

Package	From	To
@dotenvx/dotenvx	1.46.0	1.51.1
@hono/node-server	1.15.0	1.19.6
@scalar/hono-api-reference	0.9.9	0.9.25
@scalar/openapi-to-markdown	0.2.19	0.3.4
argon2	0.43.0	0.44.0
hono	4.8.4	4.10.7
jose	6.0.11	6.1.2
radashi	12.6.0	12.7.1
ts-pattern	5.7.1	5.9.0
@biomejs/biome	2.1.1	2.3.8
@types/node	24.0.10	24.10.1
chalk	5.4.1	5.6.2
rimraf	6.0.1	6.1.2
tsx	4.20.3	4.21.0
typescript	5.8.3	5.9.3

Updates @dotenvx/dotenvx from 1.46.0 to 1.51.1

Release notes

Sourced from @​dotenvx/dotenvx's releases.

v1.51.1

see CHANGELOG

v1.51.0

see CHANGELOG

v1.50.1

see CHANGELOG

v1.50.0

see CHANGELOG

v1.49.1

see CHANGELOG

v1.49.0

see CHANGELOG

v1.48.4

see CHANGELOG

v1.48.3

see CHANGELOG

v1.48.2

see CHANGELOG

v1.48.1

see CHANGELOG

v1.48.0

see CHANGELOG

v1.47.7

see CHANGELOG

v1.47.6

see CHANGELOG

v1.47.5

see CHANGELOG

v1.47.4

see CHANGELOG

v1.47.3

see CHANGELOG

v1.47.2

see CHANGELOG

... (truncated)

Changelog

Sourced from @​dotenvx/dotenvx's changelog.

1.51.1 (2025-11-03)

Added

• Add opsOff type information

1.51.0 (2025-09-23)

Added

• Add config({opsOff: true}) options and --ops-off flag for turning off Dotenvx Ops features. (#680)

1.50.1 (2025-09-18)

Removed

• Remove listed command to radar (now ops) (#678)

1.50.0 (2025-09-18)

Added

• Add optional dotenvx ops command (#677)
• Ops is a coming rename of Radar. Radar will become a feature inside ops.
• With dotenvx ops use dotenvx across your team, infrastructure, agents, and more.

 _______________________________________________________________________
|                                                                       |
|  Dotenvx Ops: Commercial Tooling for Dotenvx                          |
|                                                                       |
|  ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓███████▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓██████▓▒░                               |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
|  ░▒▓██████▓▒░░▒▓█▓▒░      ░▒▓███████▓▒░                               |
|                                                                       |
|  Use dotenvx across your team, infrastructure, agents, and more.      |
|                                                                       |
|  Learn more at https://dotenvx.com/ops                                |
|_______________________________________________________________________|

1.49.1 (2025-09-15)

Changed

• 🐞 patch bug with variable expansion of single quoted values (#675)

... (truncated)

Commits

• 882ea84 1.51.1
• 4c77450 changelog 🪵
• 95b65ef adjust note
• 2e8f4d4 Merge pull request #696 from dotenvx/copilot/update-dotenvconfigoptions-type-...
• 6eb5a81 Final verification complete - opsOff type definition added
• 7f90afd Add opsOff property to DotenvConfigOptions type definition
• fbecce1 Initial plan
• 88e462a Merge pull request #691 from cunneen/tar-fs-npm-audit-fix
• 44e6257 build: ⬆️ npm audit fix tar-fs 2.0.0 -> 2.1.3
• 92dcf86 Merge pull request #690 from dotenvx/password-expand
• Additional commits viewable in compare view

Updates @hono/node-server from 1.15.0 to 1.19.6

Release notes

Sourced from @​hono/node-server's releases.

v1.19.6

What's Changed

• fix(serve-static): fix onFound timing by @​usualoma in honojs/node-server#286

Full Changelog: honojs/node-server@v1.19.5...v1.19.6

v1.19.5

What's Changed

• fix: cancel a readable stream if a writable stream is closed before a readable stream is closed. by @​usualoma in honojs/node-server#280

Full Changelog: honojs/node-server@v1.19.4...v1.19.5

v1.19.4

What's Changed

• fix(serve-static): Add error handling in createStreamBody by @​thongdoan in honojs/node-server#278

New Contributors

• @​thongdoan made their first contribution in honojs/node-server#278

Full Changelog: honojs/node-server@v1.19.3...v1.19.4

v1.19.3

What's Changed

• fix: Refactor promise check for response handling by @​kay-is in honojs/node-server#277

New Contributors

• @​kay-is made their first contribution in honojs/node-server#277

Full Changelog: honojs/node-server@v1.19.2...v1.19.3

v1.19.2

What's Changed

• fix: better handle range parse to avoid NaN error by @​zwpaper in honojs/node-server#276

New Contributors

• @​zwpaper made their first contribution in honojs/node-server#276

Full Changelog: honojs/node-server@v1.19.1...v1.19.2

v1.19.1

What's Changed

• fix: Keep lightweight request even if accessing method, url or headers by @​usualoma in honojs/node-server#274
• chore: add packageManager field in package.json by @​yusukebe in honojs/node-server#275

Full Changelog: honojs/node-server@v1.19.0...v1.19.1

v1.19.0

... (truncated)

Commits

• 3cdef3f 1.19.6
• 3435875 fix(serve-static): fix onFound timing (#286)
• 840c22b 1.19.5
• 4b5a8d1 fix: cancel a readable stream if a writable stream is closed before a readabl...
• a5e7d50 1.19.4
• 0ee7ce1 fix(serve-static): Add error handling in createStreamBody (#278)
• f3156d9 1.19.3
• 4f50527 fix: Refactor promise check for response handling (#277)
• cf75f9d 1.19.2
• fc9f9ab fix: better handle range parse to avoid NaN error (#276)
• Additional commits viewable in compare view

Updates @scalar/hono-api-reference from 0.9.9 to 0.9.25

Changelog

Sourced from @​scalar/hono-api-reference's changelog.

0.9.25

Patch Changes

• Updated dependencies []:
  • @​scalar/core@​0.3.23

0.9.24

Patch Changes

• #7241 2377b76 Thanks @​hanspagel! - chore: use "current" not "latest" scalar registry url

• Updated dependencies [2377b76]:

  • @​scalar/core@​0.3.22

0.9.23

Patch Changes

• #7170 5d2a740 Thanks @​renovate! - Bump dependency to patch GHSA-q7jf-gf43-6x6p

• Updated dependencies []:

  • @​scalar/core@​0.3.21

0.9.22

Patch Changes

• @​scalar/core@​0.3.20

0.9.21

Patch Changes

• Updated dependencies [1e01464]
  • @​scalar/core@​0.3.19

0.9.20

Patch Changes

• @​scalar/core@​0.3.18

0.9.19

Patch Changes

• Updated dependencies [fd2c4ba]
  • @​scalar/core@​0.3.17

... (truncated)

Commits

• See full diff in compare view

Updates @scalar/openapi-to-markdown from 0.2.19 to 0.3.4

Changelog

Sourced from @​scalar/openapi-to-markdown's changelog.

0.3.4

Patch Changes

• #7337 0b881ee Thanks @​marcalexiei! - fix(openapi-to-markdown): remove unused dependencies

  • @scalar/snippetz
  • rehype-stringify

• #7385 8f26496 Thanks @​inyourtime! - feat(openapi-to-markdown): add language classes to code blocks

• #7337 0b881ee Thanks @​marcalexiei! - fix(openapi-to-markdown): remove css exports pointing to non-existing files

• Updated dependencies [d86f1d6, 44aeef0, 0519a33, cbedfab, 5a108fc, cded2d6, cbedfab]:

  • @​scalar/helpers@​0.1.2
  • @​scalar/types@​0.5.0
  • @​scalar/oas-utils@​0.6.4
  • @​scalar/components@​0.16.4
  • @​scalar/openapi-parser@​0.23.3
  • @​scalar/openapi-upgrader@​0.1.4
  • @​scalar/openapi-types@​0.5.1

0.3.3

Patch Changes

• Updated dependencies [9c9dbba, 4bec1ba]:
  • @​scalar/helpers@​0.1.1
  • @​scalar/components@​0.16.3
  • @​scalar/oas-utils@​0.6.3
  • @​scalar/openapi-parser@​0.23.2

0.3.2

Patch Changes

• Updated dependencies [fddf294, c1ecd0c, c1ecd0c, 2377b76]:
  • @​scalar/helpers@​0.1.0
  • @​scalar/openapi-parser@​0.23.1
  • @​scalar/oas-utils@​0.6.2
  • @​scalar/components@​0.16.2

0.3.1

Patch Changes

• Updated dependencies []:
  • @​scalar/oas-utils@​0.6.1
  • @​scalar/components@​0.16.1

0.3.0

... (truncated)

Commits

• See full diff in compare view

Updates argon2 from 0.43.0 to 0.44.0

Release notes

Sourced from argon2's releases.

v0.44.0

What's Changed

• Bump node-addon-api from 8.4.0 to 8.5.0 by @​dependabot[bot] in ranisalt/node-argon2#466
• Bump node-gyp from 11.2.0 to 11.3.0 by @​dependabot[bot] in ranisalt/node-argon2#467
• Build system tweaks for reproducible builds by @​threema-danilo in ranisalt/node-argon2#447

Full Changelog: ranisalt/node-argon2@v0.43.1...v0.44.0

v0.43.1

Fixes #456 caused by Typescript 5.7 changing how Buffer types work (see microsoft/TypeScript#59417). FreeBSD ARM64 prebuilds are now available.

What's Changed

• Avoid overriding _FORTIFY_SOURCE if already set by @​threema-danilo in ranisalt/node-argon2#455
• Support FreeBSD ARM64 builds by @​ranisalt in ranisalt/node-argon2#459
• Bump node-addon-api from 8.3.1 to 8.4.0 by @​dependabot[bot] in ranisalt/node-argon2#460
• Bump tar-fs from 2.1.2 to 2.1.3 by @​dependabot[bot] in ranisalt/node-argon2#458

New Contributors

• @​threema-danilo made their first contribution in ranisalt/node-argon2#455

Full Changelog: ranisalt/node-argon2@v0.43.0...v0.43.1

Commits

• cd4eae5 v0.44.0
• 0d88d0d Build system tweaks for reproducible builds
• a6ca2fd Bump @​biomejs/biome from 1.9.4 to 2.1.4
• c33250d Bump node-gyp from 11.2.0 to 11.3.0 (#467)
• e4ff08c Bump node-addon-api from 8.4.0 to 8.5.0 (#466)
• b3de3a2 Potential fix for code scanning alert no. 35: Workflow does not contain permi...
• bcf7232 v0.43.1
• 93fa469 Fix linter formatting
• 6727b44 Upgrade dependencies, revert Typescript to v5.6.3
• e96cf5a Bump tar-fs from 2.1.2 to 2.1.3 (#458)
• Additional commits viewable in compare view

Updates hono from 4.8.4 to 4.10.7

Release notes

Sourced from hono's releases.

v4.10.7

What's Changed

• fix(validator): fix incomplete types and wrong tests by @​EdamAme-x in honojs/hono#4521
• refactor(types): delete type NotSpecified and StrictVerifyOptions by @​ysknsid25 in honojs/hono#4525
• fix: add JSX type for hono/jsx/dom by @​ssssota in honojs/hono#4534
• fix(adapter/bun): fix TypeError: null is not an object (#4429) by @​brenc in honojs/hono#4538
• chore: add config version to bun.lock by @​yusukebe in honojs/hono#4548

New Contributors

• @​ysknsid25 made their first contribution in honojs/hono#4525
• @​brenc made their first contribution in honojs/hono#4538

Full Changelog: honojs/hono@v4.10.6...v4.10.7

v4.10.6

Deperecated

bearer-auth options

The following options are deprecated and will be removed in a future version:

• noAuthenticationHeaderMessage => use noAuthenticationHeader.message
• invalidAuthenticationHeaderMessage => use invalidAuthenticationHeader.message
• invalidTokenMessage => use invalidToken.message

What's Changed

• feat(aws-lambda): handle AWS Lattice events by @​anho in honojs/hono#4451
• feat(secure-headers): support CSP TrustedTypePolicy by @​RosApr in honojs/hono#4500
• feat: Improve auth middlewares by @​MathurAditya724 in honojs/hono#4485

New Contributors

• @​anho made their first contribution in honojs/hono#4451

Full Changelog: honojs/hono@v4.10.5...v4.10.6

v4.10.5

What's Changed

• docs(CONTRIBUTING): use bun instead of yarn in local development setup by @​taichi-1 in honojs/hono#4503
• docs: grammar issue by @​WuMingDao in honojs/hono#4508
• fix(utils/url): make _getQueryParam search behind question mark by @​tuzi3040 in honojs/hono#4507
• fix(jsx): self-close wrapped empty tags by @​jakelee8 in honojs/hono#4511
• chore: improve private field removal by @​BlankParticle in honojs/hono#4513
• fix(middleware/cache): skip caching when Vary: * is present by @​pHo9UBenaA in honojs/hono#4504

New Contributors

• @​taichi-1 made their first contribution in honojs/hono#4503
• @​WuMingDao made their first contribution in honojs/hono#4508
• @​tuzi3040 made their first contribution in honojs/hono#4507
• @​jakelee8 made their first contribution in honojs/hono#4511
• @​pHo9UBenaA made their first contribution in honojs/hono#4504

... (truncated)

Commits

• b06005a 4.10.7
• 775bcc5 chore: add config version to bun.lock (#4548)
• 7d6d04e fix(adapter/bun): fix TypeError: null is not an object (#4429) (#4538)
• 342ff3b fix: add JSX type for hono/jsx/dom (#4534)
• 8fe7fee refactor(types): delete type NotSpecified and StrictVerifyOptions (#4525)
• a5f3958 fix(validator): fix incomplete types and wrong tests (#4521)
• 4960c06 4.10.6
• 96d2a89 feat: Improve auth middlewares (#4485)
• 279184b feat(secure-headers): support CSP TrustedTypePolicy (#4500)
• cea3fb0 feat(aws-lambda): handle AWS Lattice events (#4451)
• Additional commits viewable in compare view

Updates jose from 6.0.11 to 6.1.2

Release notes

Sourced from jose's releases.

v6.1.2

Refactor

• fallback to checking instanceof for CryptoKey (901cd90), closes #765 #803 #821 #827 #828

v6.1.1

Documentation

• add link to RFC9864 (767edde)
• link to ML-DSA for JOSE (ed4252c)
• remove mention of Edge Runtime from the readme (94fdde7)
• update README.md (25098ef)

Refactor

• eliminate named exports in the source code (f6ae30d)
• expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
• faster path for symmetric key checks (a44c2ec)
• improve en/decoding overheads (daee426)

v6.1.0

Features

• support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
• support for the ML-DSA PQC Algorithm Identifiers (25ddce4)

v6.0.13

Refactor

• more readability in ecdhes.ts (84da9de)
• update asn1.ts helpers (b4f8fb3)

v6.0.12

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

• createPublicKey is not a constructor (61ded78)
• update asn1.ts helper functions (b2b611c)

Changelog

Sourced from jose's changelog.

6.1.2 (2025-11-15)

Refactor

• fallback to checking instanceof for CryptoKey (901cd90), closes #765 #803 #821 #827 #828

6.1.1 (2025-11-09)

Documentation

• add link to RFC9864 (767edde)
• link to ML-DSA for JOSE (ed4252c)
• remove mention of Edge Runtime from the readme (94fdde7)
• update README.md (25098ef)

Refactor

• eliminate named exports in the source code (f6ae30d)
• expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
• faster path for symmetric key checks (a44c2ec)
• improve en/decoding overheads (daee426)

6.1.0 (2025-08-27)

Features

• support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
• support for the ML-DSA PQC Algorithm Identifiers (25ddce4)

6.0.13 (2025-08-21)

Refactor

• more readability in ecdhes.ts (84da9de)
• update asn1.ts helpers (b4f8fb3)

6.0.12 (2025-07-15)

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

... (truncated)

Commits

• f71f270 chore(release): 6.1.2
• 901cd90 refactor: fallback to checking instanceof for CryptoKey
• 876b853 chore: cleanup after release
• 37f40af chore(release): 6.1.1
• 16e6b23 refactor: expose setKeyManagementParameters also on a GeneralEncrypt Recipient
• daee426 refactor: improve en/decoding overheads
• 767edde docs: add link to RFC9864
• d7fe1d9 chore: bump packages
• ed4252c docs: link to ML-DSA for JOSE
• 25098ef docs: update README.md
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jose since your current version.

Updates radashi from 12.6.0 to 12.7.1

Release notes

Sourced from radashi's releases.

v12.7.1

Fixed

• Ensure DurationParser static properties can be tree-shaked in b9d7529

v12.7.0

New Functions

Add getOrInsert and getOrInsertComputed functions [→ PR #444](radashi-org/radashi#444)

Access or initialize map entries without boilerplate branching. getOrInsert writes the provided value once, while getOrInsertComputed lazily creates an entry only when it is missing.

• Works with both Map and WeakMap instances
• Returns the stored entry so you can chain additional logic
• Avoids unnecessary factory calls when a key already exists

import * as _ from 'radashi'
const counts = new Map<string, number>()
_.getOrInsert(counts, 'clicks', 1) // => 1
_.getOrInsert(counts, 'clicks', 5) // => 1
_.getOrInsertComputed(counts, 'views', () => 10) // => 10
_.getOrInsertComputed(counts, 'views', () => 0) // => 10

Inspired by TC39's upsert proposal.

🔗 Docs: getOrInsert · getOrInsertComputed / Source: getOrInsert.ts · getOrInsertComputed.ts / Tests: getOrInsert.test.ts · getOrInsertComputed.test.ts

Add isArrayEqual function [→ PR #417](radashi-org/radashi#417)

Compare arrays with Object.is precision. isArrayEqual checks length and element identity, correctly handling tricky cases like NaN, sparse arrays, and the +0/-0 distinction.

• Uses Object.is so NaN matches itself while +0 and -0 stay distinct
• Short-circuits when lengths differ for a fast inequality check
• Leaves the original arrays untouched

import * as _ from 'radashi'
_.isArrayEqual([1, 2, 3], [1, 2, 3]) // => true
_.isArrayEqual([0], [-0]) // => false
_.isArrayEqual([Number.NaN], [Number.NaN]) // => true

🔗 Docs / Source / Tests

... (truncated)

Changelog

Sourced from radashi's changelog.

[radashi@12.7.1] - 2025-11-19

Details

Fixed

• Ensure DurationParser static properties can be tree-shaked in b9d7529

[radashi@12.7.0] - 2025-10-17

Details

Added

• Add identity function in 38e2f37
• Add isArrayEqual function in 095f2b0
• Add isMapEqual and isSetEqual functions in 0fa566a
• Add getOrInsert and getOrInsertComputed in 4675076
• (objectify) Add index parameter to getKey and getValue functions in 1506472
• Add absoluteJitter and proportionalJitter in ebea7d7

Changed

• Preserve tuple type in min/max even with a getter in c72a1c4
• Use identity as default getter for sort in df55a6e

[radashi@12.6.2] - 2025-08-20

Details

Fixed

• (range) Ensure end parameter works when 0 in 9c8ffa0

[radashi@12.6.1] - 2025-08-09

Details

Fixed

• (group) Use Object.create(null) for the returned object in 5db8c37

Commits

• 478e0cd chore(release): 12.7.1
• 763e630 chore: update .cliffignore
• b9d7529 fix: ensure DurationParser static properties can be tree-shaked (#447)
• 0154943 chore(scripts): use dist build for tree-shake-check
• 6207890 chore: add tree-shake-check script
• 6c8276a Revert "feat!: transpile to Node18 syntax (#448)"
• b109d1e feat!: transpile to Node18 syntax (#448)
• f0c9c33 chore(docs): remove unnecessary await in example
• 900f2e8 chore(release): 12.7.0
• 11d932d chore: prepare release notes
• Additional commits viewable in compare view

Updates ts-pattern from 5.7.1 to 5.9.0

Release notes

Sourced from ts-pattern's releases.

v5.9.0

New features

P.record patterns

To match a Record<Key, Value> (an object with consistent key and value types), you can use P.record(keyPattern, valuePattern). It takes a sub-pattern to match against the key, a sub-pattern to match against the value, and will match if all entries in the object match these two sub-patterns.

import { match, P } from 'ts-pattern';
type Input = Record<string, number>;
const input: Input = {
alice: 100,
bob: 85,
charlie: 92,
};
const output = match(input)
.with(P.record(P.string, P.number), (scores) => All user scores)
.with(P.record(P.string, P.string), (names) => All user names)
.otherwise(() => '');
console.log(output);
// => "All user scores"

You can also use P.record with a single argument P.record(valuePattern), which assumes string keys:

const userProfiles = {
  alice: { name: 'Alice', age: 25 },
  bob: { name: 'Bob', age: 30 },
};
const output = match(userProfiles)
.with(
P.record({ name: P.string, age: P.number }),
(profiles) => User profiles with name and age
)
.otherwise(() => 'Different format');
console.log(output);
// => "User profiles with name and age"

When using P.select in record patterns, you can extract all keys or all values as arrays:

... (truncated)

Commits

• 0e15315 fix: remove unused import
• 07fb919 Merge pull request #332 from gvergnaud/gvergnaud/feat-p-record-implementation
• 2b18391 add chainable tests
• b16276a ç5.9.0
• e073980 feat(P.record): Add docs
• 07508ba feat(P.record): add exhaustive checking tests
• fbefc6b deps: update TS and jest
• 4070733 feat(P.record): implementation
• 29fbd3a Merge pull request #317 from timvandam/patch-1
• 2721652 Update README.md
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.1.1 to 2.3.8

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.8

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks @​cormacrelf! - Fixed a bug where logs were discarded (the kind from --log-level=info etc.). This is a regression introduced after an internal refactor that wasn't adequately tested.

• #8226 3f19b52 Thanks @​dyc3! - Fixed #8222: The HTML parser, with Vue directives enabled, can now parse v-slot shorthand syntax, e.g. \<template #foo>.

• #8007 182ecdc Thanks @​brandonmcconnell! - Added support for dollar-sign-prefixed filenames in the useFilenamingConvention rule.

  Biome now allows filenames starting with the dollar-sign (e.g. $postId.tsx) by default to support naming conventions used by frameworks such as TanStack Start for file-based-routing.

• #8218 91484d1 Thanks @​hirokiokada77! - Added the noMultiStr rule, which disallows creating multiline strings by escaping newlines.

  Invalid:

  const foo =
    "Line 1\n\
  Line 2";

  Valid:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.8

Patch Changes

• #8188 4ca088c Thanks @​ematipico! - Fixed #7390, where Biome couldn't apply the correct configuration passed via --config-path.

  If you have multiple root configuration files, running any command with --config-path will now apply the chosen configuration file.

• #8171 79adaea Thanks @​dibashthapa! - Added the new rule noLeakedRender. This rule helps prevent potential leaks when rendering components that use binary expressions or ternaries.

  For example, the following code triggers the rule because the component would render 0:

  const Component = () => {
    const count = 0;
    return <div>{count && <span>Count: {count}</span>}</div>;
  };

• #8116 b537918 Thanks @​Netail! - Added the nursery rule noDuplicatedSpreadProps. Disallow JSX prop spreading the same identifier multiple times.

  Invalid:

  <div {...props} something="else" {...props} />

• #8256 f1e4696 Thanks

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}