chore(deps-dev): bump @biomejs/biome from 2.3.13 to 2.3.14

[dependabot]

Bumps @biomejs/biome from 2.3.13 to 2.3.14.

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.14

2.3.14

Patch Changes

• #8921 29e2435 Thanks @​siketyan! - Fixed #8759: The useConsistentTypeDefinitions rule no longer converts empty object type declarations into interfaces, as it will conflict with the noEmptyInterface rule and can cause an infinite loop when both rules are enabled.

• #8928 ccaeac4 Thanks @​taga3s! - Added the nursery rule useGlobalThis. This rule enforces using globalThis over window, self and global.

• #8602 9a18daa Thanks @​dyc3! - Added the new nursery rule noVueArrowFuncInWatch. This rule forbids using arrow functions in watchers in Vue components, because arrow functions do not give access to the component instance (via this), while regular functions do.

• #8905 9b1eea8 Thanks @​ryan-m-walker! - Fixed #8428: Improved parsing recovery when encountering qualified rules inside CSS @page at-rule blocks.

• #8900 f788cff Thanks @​mdevils! - Fixed #8802: useExhaustiveDependencies now correctly suggests dependencies without including callback-scoped variables or method names.

  When accessing object properties with a callback-scoped variable, only the object path is suggested:

  // Now correctly suggests `props.value` instead of `props.value[day]`
  useMemo(() => {
    return WeekdayValues.filter((day) => props.value[day]);
  }, [props.value]);

  When calling methods on objects, only the object is suggested as a dependency:

  // Now correctly suggests `props.data` instead of `props.data.forEach`
  useMemo(() => {
    props.data.forEach((item) => console.log(item));
  }, [props.data]);

• #8913 e1e20ea Thanks @​dyc3! - Fixed #8363: HTML parser no longer crashes when encountering a < character followed by a digit in text content (e.g., <12 months). The parser now correctly emits an "Unescaped < bracket character" error instead of treating <12 as a tag name and crashing.

• #8910 2fb63a4 Thanks @​dyc3! - Fixed #8774: Type aliases with generic parameters that have extends constraints now properly indent comments after the equals sign.

  Previously, comments after the = in type aliases with extends constraints were not indented:

  -type A<B, C extends D> = // Some comment
  -undefined;
  +type A<B, C extends D> =
  +    // Some comment
  +    undefined;

• #8916 ea4bd04 Thanks @​ryan-m-walker! - Fixed #4013, where comments in member chains caused unnecessary line breaks.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.14

Patch Changes

• #8921 29e2435 Thanks @​siketyan! - Fixed #8759: The useConsistentTypeDefinitions rule no longer converts empty object type declarations into interfaces, as it will conflict with the noEmptyInterface rule and can cause an infinite loop when both rules are enabled.

• #8928 ccaeac4 Thanks @​taga3s! - Added the nursery rule useGlobalThis. This rule enforces using globalThis over window, self and global.

• #8602 9a18daa Thanks @​dyc3! - Added the new nursery rule noVueArrowFuncInWatch. This rule forbids using arrow functions in watchers in Vue components, because arrow functions do not give access to the component instance (via this), while regular functions do.

• #8905 9b1eea8 Thanks @​ryan-m-walker! - Fixed #8428: Improved parsing recovery when encountering qualified rules inside CSS @page at-rule blocks.

• #8900 f788cff Thanks @​mdevils! - Fixed #8802: useExhaustiveDependencies now correctly suggests dependencies without including callback-scoped variables or method names.

  When accessing object properties with a callback-scoped variable, only the object path is suggested:

  // Now correctly suggests `props.value` instead of `props.value[day]`
  useMemo(() => {
    return WeekdayValues.filter((day) => props.value[day]);
  }, [props.value]);

  When calling methods on objects, only the object is suggested as a dependency:

  // Now correctly suggests `props.data` instead of `props.data.forEach`
  useMemo(() => {
    props.data.forEach((item) => console.log(item));
  }, [props.data]);

• #8913 e1e20ea Thanks @​dyc3! - Fixed #8363: HTML parser no longer crashes when encountering a < character followed by a digit in text content (e.g., <12 months). The parser now correctly emits an "Unescaped < bracket character" error instead of treating <12 as a tag name and crashing.

• #8910 2fb63a4 Thanks @​dyc3! - Fixed #8774: Type aliases with generic parameters that have extends constraints now properly indent comments after the equals sign.

  Previously, comments after the = in type aliases with extends constraints were not indented:

  -type A<B, C extends D> = // Some comment
  -undefined;
  +type A<B, C extends D> =
  +    // Some comment
  +    undefined;

• #8916 ea4bd04 Thanks @​ryan-m-walker! - Fixed #4013, where comments in member chains caused unnecessary line breaks.

  // Before

... (truncated)

Commits

• 3a38d5c ci: release (#8888)
• 4561751 feat(linter): add rule noRedundantDefaultExport (#8931)
• ccaeac4 feat(biome_js_analyze): implement useGlobalThis (#8928)
• d876a38 feat(lint): implement useConsistentMethodSignatures from `typescript-eslint...
• 9a18daa feat(analyze/js/vue): add noVueArrowFuncInWatch (#8602)
• 3531687 feat(lint/css): add noDeprecatedMediaType (#8861)
• 95f1eea feat(lint/css): add noHexColors (#8860)
• d78e01d feat(graphql_analyze): implement useInputName (#8619)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

📏 PR Size: 🟢 XS

Changes:

• 📁 Files changed: 1
• ➕ Additions: 1
• ➖ Deletions: 1

💡 Tips for managing PR size

• XS/Small: Easy to review ✅
• Medium: Consider breaking down if possible
• Large/XL: Please split into smaller PRs for easier review

Smaller PRs are easier to review, test, and merge!

---

This comment updates automatically when the PR changes.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@biomejs/biome	2.3.14	Unknown	Unknown

Scanned Files

• package.json

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​biomejs/​biome@​2.3.13 ⏵ 2.3.14

View full report

[github-actions]

📊 Test Coverage Report

PR: #189
Commit: 8735da7

Coverage Summary

Coverage data will be displayed here after test execution.

---

This comment is automatically updated by the PR Comment workflow.