Skip to content

chore(deps): update @biomejs/biome to v2.3.6#2393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
setchy merged 2 commits into from
Nov 17, 2025
Merged

chore(deps): update @biomejs/biome to v2.3.6 #2393

setchy merged 2 commits into from
Nov 17, 2025

Conversation

@renovate
Copy link
Contributor

@renovaterenovatebot commented Nov 17, 2025

This PR contains the following updates:

PackageChangeAgeConfidence
@biomejs/biome (source)2.3.5 -> 2.3.6ageconfidence
@biomejs/biome (source)2.3.5 -> 2.3.6ageconfidence

Release Notes

biomejs/biome (@​biomejs/biome)

v2.3.6

Compare Source

Patch Changes

  • #​810082b9a8e Thanks @​Netail! - Added the nursery rule useFind. Enforce the use of Array.prototype.find() over Array.prototype.filter() followed by [0] when looking for a single result.

    Invalid:

    [1,2,3].filter((x)=>x>1)[0];[1,2,3].filter((x)=>x>1).at(0);

  • #​8118dbc7021 Thanks @​hirokiokada77! - Fixed #​8117: useValidLang now accepts valid BCP 47 language tags with script subtags.

    Valid:

    <htmllang="zh-Hans-CN"></html>

  • #​7672f1d5725 Thanks @​Netail! - Added the nursery rule useConsistentGraphqlDescriptions, requiring all descriptions to follow the same style (either block or inline) inside GraphQL files.

    Invalid:

    enumEnumValue{"this is a description" DEFAULT }

    Valid:

    enumEnumValue{""" this is a description """ DEFAULT }

  • #​8026f102661 Thanks @​matanshavit! - Fixed #​8004: noParametersOnlyUsedInRecursion now correctly detects recursion by comparing function bindings instead of just names.

    Previously, the rule incorrectly flagged parameters when a method had the same name as an outer function but called the outer function (not itself):

    functionnotRecursive(arg){returnarg;}constobj={notRecursive(arg){returnnotRecursive(arg);// This calls the outer function, not the method itself},};

    Biome now properly distinguishes between these cases and will not report false positives.

  • #​80975fc5416 Thanks @​dyc3! - Added the nursery rule noVueVIfWithVFor. This rule disallows v-for and v-if on the same element.

    <!-- Invalid --> <divv-for="iteminitems"v-if="item.isActive">{{item.name }} </div>

  • #​80857983940 Thanks @​Netail! - Added the nursery rule noForIn. Disallow iterating using a for-in loop.

    Invalid:

    for(constiinarray){console.log(i,array[i]);}

  • #​80862b41e82 Thanks @​matanshavit! - Fixed #​8045: The noNestedTernary rule now correctly detects nested ternary expressions even when they are wrapped in parentheses (e.g. foo ? (bar ? 1 : 2) : 3).

    Previously, the rule would not flag nested ternaries like foo ? (bar ? 1 : 2) : 3 because the parentheses prevented detection. The rule now looks through parentheses to identify nested conditionals.

    Previously not detected (now flagged):

    constresult=foo ? (bar ? 1 : 2) : 3;

    Still valid (non-nested with parentheses):

    constresult=foo ? bar : baz;

  • #​8075e403868 Thanks @​YTomm! - Fixed #​7948: The useReadonlyClassProperties code fix when checkAllProperties is enabled will no longer insert a newline after readonly and the class property.

  • #​810247d940e Thanks @​lucasweng! - Fixed #​8027. useReactFunctionComponents no longer reports class components that implement componentDidCatch using class expressions.

    The rule now correctly recognizes error boundaries defined as class expressions:

    constErrorBoundary=classextendsComponent{componentDidCatch(error,info){}render(){returnthis.props.children;}};

  • #​80975fc5416 Thanks @​dyc3! - Added the nursery rule useVueHyphenatedAttributes, which encourages using kebab case for attribute names, per the Vue style guide's recommendations.

    <!-- Invalid --> <MyComponent myProp="value" /> <!-- Valid --> <MyComponent my-prop="value" />

  • #​81080f0a658 Thanks @​Netail! - Added the nursery rule noSyncScripts. Prevent the usage of synchronous scripts.

    Invalid:

    <scriptsrc="https://third-party-script.js"/>

    Valid:

    <scriptsrc="https://third-party-script.js"async/><scriptsrc="https://third-party-script.js"defer/>

  • #​80981fdcaf0 Thanks @​Jayllyz! - Added documentation URLs to rule descriptions in the JSON schema.

  • #​80975fc5416 Thanks @​dyc3! - Fixed an issue with the HTML parser where it would treat Vue directives with dynamic arguments as static arguments instead.

  • #​7684f4433b3 Thanks @​vladimir-ivanov! - Changed noUnusedPrivateClassMembers to align more fully with meaningful reads.

    This rule now distinguishes more carefully between writes and reads of private class members.

    • A meaningful read is any access that affects program behavior.
    • For example, this.#x += 1 both reads and writes #x, so it counts as usage.
    • Pure writes without a read (e.g. this.#x = 1 with no getter) are no longer treated as usage.

    This change ensures that private members are only considered “used” when they are actually read in a way that influences execution.

    Invalid examples (previously valid)

    classUsedMember{set #x(value){doSomething(value);}foo(){// This assignment does not actually read #x, because there is no getter.// Previously, this was considered a usage, but now it’s correctly flagged.this.#x =1;}}

    Valid example (Previously invalid)

    classFoo{ #usedOnlyInWriteStatement =5;method(){// This counts as a meaningful read because we both read and write the value.this.#usedOnlyInWriteStatement +=42;}}

  • #​7684f4433b3 Thanks @​vladimir-ivanov! - Improved detection of used private class members

    The analysis for private class members has been improved: now the tool only considers a private member “used” if it is actually referenced in the code.

    • Previously, some private members might have been reported as used even if they weren’t actually accessed.
    • With this change, only members that are truly read or called in the code are counted as used.
    • Members that are never accessed will now be correctly reported as unused.

    This makes reports about unused private members more accurate and helps you clean up truly unused code.

    Example (previously valid)

    typeYesNo="yes"|"no";exportclassSampleYesNo{privateyes: ()=>void;privateno: ()=>void;privatedontKnow: ()=>void;// <- will now report as unusedon(action: YesNo): void{this[action]();}}

  • #​7681b406db6 Thanks @​kedevked! - Added the new lint rule, useSpread, ported from the ESLint rule prefer-spread.

    This rule enforces the use of the spread syntax (...) over Function.prototype.apply() when calling variadic functions, as spread syntax is generally more concise and idiomatic in modern JavaScript (ES2015+).

    The rule provides a safe fix.

Invalid
Math.max.apply(Math,args);foo.apply(undefined,args);obj.method.apply(obj,args);
Valid
Math.max(...args);foo(...args);obj.method(...args);// Allowed: cases where the `this` binding is intentionally changedfoo.apply(otherObj,args);

  • #​7287aa55c8d Thanks @​ToBinio! - Fixed #​7205: The noDuplicateTestHooks rule now treats chained describe variants (e.g., describe.each/for/todo) as proper describe scopes, eliminating false positives.

    The following code will no longer be a false positive:

    describe("foo",()=>{describe.for([])("baz",()=>{beforeEach(()=>{});});describe.todo("qux",()=>{beforeEach(()=>{});});describe.todo.each([])("baz",()=>{beforeEach(()=>{});});});

  • #​80130c0edd4 Thanks @​Jayllyz! - Added the GraphQL nursery rule useUniqueGraphqlOperationName. This rule ensures that all GraphQL operations within a document have unique names.

    Invalid:

    queryuser{user{id } } queryuser{user{idemail } }

    Valid:

    queryuser{user{id } } queryuserWithEmail{user{idemail } }

  • #​8084c2983f9 Thanks @​dyc3! - Fixed #​8080: The HTML parser, when parsing Vue, can now properly handle Vue directives with no argument, modifiers, or initializer (e.g. v-else). It will no longer treat subsequent valid attributes as bogus.

    <pv-else class="flex">World</p> <!-- Fixed: class now gets parsed as it's own attribute -->

  • #​8104041196b Thanks @​Conaclos! - Fixed noInvalidUseBeforeDeclaration.
    The rule no longer reports a use of an ambient variable before its declarations.
    The rule also completely ignores TypeScript declaration files.
    The following code is no longer reported as invalid:

    CONSTANT;declareconstCONSTANT: number;

  • #​8060ba7b076 Thanks @​dyc3! - Added the nursery rule useVueValidVBind, which enforces the validity of v-bind directives in Vue files.

    Invalid v-bind usages include:

    <Foov-bind /> <!-- Missing argument --> <Foov-bind:foo /> <!-- Missing value --> <Foov-bind:foo.bar="baz" /> <!-- Invalid modifier -->

  • #​8113fb8e3e7 Thanks @​Conaclos! - Fixed noInvalidUseBeforeDeclaration.
    The rule now reports invalid use of classes, enums, and TypeScript's import-equals before their declarations.

    The following code is now reported as invalid:

    newC();classC{}

  • #​80770170dcb Thanks @​dyc3! - Added the rule useVueValidVElseIf to enforce valid v-else-if directives in Vue templates. This rule reports invalid v-else-if directives with missing conditional expressions or when not preceded by a v-if or v-else-if directive.

  • #​80770170dcb Thanks @​dyc3! - Added the rule useVueValidVElse to enforce valid v-else directives in Vue templates. This rule reports v-else directives that are not preceded by a v-if or v-else-if directive.

  • #​80770170dcb Thanks @​dyc3! - Added the rule useVueValidVHtml to enforce valid usage of the v-html directive in Vue templates. This rule reports v-html directives with missing expressions, unexpected arguments, or unexpected modifiers.

  • #​80770170dcb Thanks @​dyc3! - Added the rule useVueValidVIf to enforce valid v-if directives in Vue templates. It disallows arguments and modifiers, and ensures a value is provided.

  • #​80770170dcb Thanks @​dyc3! - Added the rule useVueValidVOn to enforce valid v-on directives in Vue templates. This rule reports invalid v-on / shorthand @ directives with missing event names, invalid modifiers, or missing handler expressions.

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovaterenovatebot added the dependency Dependency updates label Nov 17, 2025
@setchy
fix lint issue
03d0aa0
Signed-off-by: Adam Setch <[email protected]>
@setchysetchy merged commit 05c390b into mainNov 17, 2025
6 checks passed
@setchysetchy deleted the renovate/biomejs-biome-2.x branch November 17, 2025 11:45
@github-actionsgithub-actionsbot added this to the Release 6.14.0 milestone Nov 17, 2025
@sonarqubecloud
Copy link

sonarqubecloudbot commented Nov 17, 2025

Quality Gate PassedQuality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@afonsojramosafonsojramosAwaiting requested review from afonsojramosafonsojramos is a code owner

@bmulhollandbmulhollandAwaiting requested review from bmulhollandbmulholland is a code owner

@setchysetchyAwaiting requested review from setchysetchy is a code owner

Assignees

No one assigned

Labels

dependencyDependency updates

Milestone

Release 6.14.0

Development

Successfully merging this pull request may close these issues.

2 participants

@setchy