build(deps-dev): bump @biomejs/biome from 2.3.8 to 2.3.10

[dependabot]

Bumps @biomejs/biome from 2.3.8 to 2.3.10.

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.10

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

What's Changed

• feat: new Turborepo domain and noUndeclaredEnvVars rule by @​anthonyshew in biomejs/biome#8426
• fix(noExtraNonNullAssertion): fix regression by @​dyc3 in biomejs/biome#8477
• fix(analyze/js): index ts constructor methods in semantic model (regression) by @​dyc3 in biomejs/biome#8479
• fix(lint): lint/suspicous/noRedeclare should not report redeclarations for infer type in conditional types by @​taga3s in biomejs/biome#8417
• fix(noLeakedRender): eslint rule name fix by @​vsn4ik in biomejs/biome#8420
• chore: add kraken as bronze sponsor by @​dyc3 in biomejs/biome#8486
• fix(linter): improve Vue defineProps handling in noVueReservedKeys by @​mdevils in biomejs/biome#8448
• fix(cli): colors with multi-codepoints characters by @​ematipico in biomejs/biome#8410
• feat(lint): implement noAmbiguousAnchorText by @​Netail in biomejs/biome#8372
• ci: release by @​github-actions[bot] in biomejs/biome#8474
• docs: fix typos for assist/actions/organize-imports by @​sergioness in biomejs/biome#8490

New Contributors

• @​taga3s made their first contribution in biomejs/biome#8417
• @​vsn4ik made their first contribution in biomejs/biome#8420
• @​sergioness made their first contribution in biomejs/biome#8490

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.10

Patch Changes

• #8417 c3a2557 Thanks @​taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

• #8477 90e8684 Thanks @​dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

• #8479 250b519 Thanks @​dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

• #8448 2af85c1 Thanks @​mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

• #8420 42033b0 Thanks @​vsn4ik! - Fixed the nursery rule noLeakedRender.

  The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

• #8426 285d932 Thanks @​anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

• #8410 a21db74 Thanks @​ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.

• #8372 b352ee4 Thanks @​Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

  Invalid

  <a>learn more</a>

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

... (truncated)

Commits

• fd279f3 ci: release (#8474)
• b352ee4 feat(lint): implement noAmbiguousAnchorText (#8372)
• 67546bc chore: add kraken as bronze sponsor (#8486)
• 285d932 feat: new Turborepo domain and noUndeclaredEnvVars rule (#8426)
• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: auto-bump, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[netlify]

✅ Deploy Preview for dowedeploy ready!

Name	Link
🔨 Latest commit	bb0e429
🔍 Latest deploy log	https://app.netlify.com/projects/dowedeploy/deploys/69562ec3ab0bb9000828bfb8
😎 Deploy Preview	https://deploy-preview-34--dowedeploy.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.