chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	^2.4.14 → ^2.4.15
biome (source)	^2.4.14 → ^2.4.15
jscpd	^4.0.9 → ^4.1.0

cc @skulidropek

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.4.15

Compare Source

Patch Changes

• #​9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #​10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  
  nextTick(() => {
    updateDom();
  });

• #​10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @&#8203;keyup.13="submit" />

• #​10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #​10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #​10201 1a08f89 Thanks @​realknove! - Fixed #​10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #​9574 3bd2b6a Thanks @​Conaclos! - Fixed #​9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #​10205 a704a6c Thanks @​Conaclos! - Fixed #​10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

• #​10052 b565bed Thanks @​minseong0324! - Improved noMisleadingReturnType: it now flags union annotations whose extra variants are never returned, and suggests the narrower type (e.g. string | null → string).

  These functions are now reported because null and number are included in the return annotations but never returned:

  function getUser(): string | null {
    return "hello";
  } // null is never returned
  function getCode(): string | number {
    return "hello";
  } // number is never returned

• #​10213 ac30057 Thanks @​dyc3! - Fixed #​9450: HTML and Vue element formatting now preserves child line breaks when an element contains another element child on its own line, instead of collapsing the child element onto the same line.

• #​10275 9ee6c03 Thanks @​solithcy! - Fixed #​10274: Svelte templates with missing expressions no longer parsed as HtmlBogusElement

• #​10143 56798a7 Thanks @​minseong0324! - noMisleadingReturnType now detects misleading return type annotations when object literal properties are initialized with as const.

  This function is now reported because the return annotation widens a property initialized with as const:

  function f(): { value: string } {
    return { value: "text" as const };
  }

• #​10143 56798a7 Thanks @​minseong0324! - noUselessTypeConversion now detects redundant conversions on object literal properties initialized with as const.

  This conversion is now reported because message.value is inferred as a string literal:

  const message = { value: "text" as const };
  String(message.value);

• #​9807 0ae5840 Thanks @​dyc3! - Added the new nursery rule useThisInClassMethods, based on ESLint's class-methods-use-this.

  The rule now reports instance methods, getters, setters, and function-valued instance fields that do not use this, and biome migrate eslint preserves the supported ignoreMethods, ignoreOverrideMethods, and ignoreClassesWithImplements options.

  Invalid:

  class Foo {
    bar() {
      // does not use `this`, invalid
      console.log("Hello Biome");
    }
  }

• #​10258 e7b18f7 Thanks @​ematipico! - Improved linter performance by narrowing the query nodes for several lint rules, reducing how often they are evaluated.

• #​10273 04e22a1 Thanks @​dyc3! - Fixed #​10271: The HTML parser now correctly parses of as text content when in text contexts.

• #​9838 83f7385 Thanks @​dyc3! - Added the nursery rule noBaseToString, which reports stringification sites that fall back to Object's default "[object Object]" formatting. The rule also supports the ignoredTypeNames option.

• #​10143 56798a7 Thanks @​minseong0324! - useExhaustiveSwitchCases now checks switch statements over object literal properties initialized with as const.

  This switch is now reported because status.kind is inferred as the string literal "ready" but no case handles it:

  const status = { kind: "ready" as const };
  switch (status.kind) {
  }

• #​10143 56798a7 Thanks @​minseong0324! - useStringStartsEndsWith now detects string index comparisons on object literal properties initialized with as const.

  This comparison is now reported because message.value is inferred as a string literal:

  const message = { value: "hello" as const };
  message.value[0] === "h";

kucherenko/jscpd (jscpd)

v4.1.0

Compare Source

New Features

• AI Reporter — new ai reporter that produces compact, token-efficient clone output specifically designed for feeding results into language models and AI tooling. Use --reporters ai to activate it.
• MCP Server enhancements — the Model Context Protocol server now exposes a jscpd://statistics resource and supports a recheck endpoint so AI agents can trigger a rescan without restarting the process.
• Apex & CFML language support — jscpd can now detect duplicate code in Salesforce Apex and ColdFusion Markup Language (CFML) files (closes #​83, #​619).
• GDScript support — detect copy-paste duplication in Godot Engine GDScript files.
• HTML reporter footer — the HTML report now displays a branded footer with the jscpd version and a sponsor link.
• --noTips flag — suppress the usage-tip messages that appear after a detection run.
• CI: Node.js 22.x / 24.x — continuous integration updated to test against the latest Node.js LTS and current releases.

Performance

• Tokenizer — grammars are now loaded lazily, hot paths are O(n), and the spark-md5 dependency has been removed in favour of a lighter built-in implementation. Startup time and memory usage are noticeably reduced on large codebases.
• Replaced the vendored reprism syntax library with the official prismjs npm package, shrinking the installed footprint.

Bug Fixes

• Restored the correct start.line expectation for weak-mode clone detection.

---

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.