chore(deps-dev): bump @biomejs/biome from 2.4.7 to 2.4.9

[dependabot]

Bumps @biomejs/biome from 2.4.7 to 2.4.9.

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.9

2.4.9

Patch Changes

• #9315 085d324 Thanks @​ematipico! - Added a new nursery CSS rule noDuplicateSelectors, that disallows duplicate selector lists within the same at-rule context.

  For example, the following snippet triggers the rule because the second selector and the first selector are the same:

  /* First selector */
  .x .y .z {
  }
  /* Second selector */
  .x {
  .y {
  .z {
  }
  }
  }

• #9567 b7ab931 Thanks @​ematipico! - Fixed #7211: useOptionalChain now detects negated logical OR chains. The following code is now considered invalid:

  !foo || !foo.bar;

• #8670 607ebf9 Thanks @​tt-a1i! - Fixed #8345: useAdjacentOverloadSignatures no longer reports false positives for static and instance methods with the same name. Static methods and instance methods are now treated as separate overload groups.

  class Kek {
    static kek(): number {
      return 0;
    }
    another(): string {
      return "";
    }
    kek(): number {
      return 1;
    } // no longer reported as non-adjacent
  }

• #9476 97b80a8 Thanks @​masterkain! - Fixed [#9475](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9475): Fixed a panic when Biome analyzed ambient TypeScript modules containing class constructor, getter, or setter signatures that reference local type aliases. Biome now handles these declarations without crashing during semantic analysis.

• #9553 0cd5298 Thanks @​dyc3! - Fixed a bug where enabling the rules of a whole group, would enable rules that belonged to a domain under the same group.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.9

Patch Changes

• #9315 085d324 Thanks @​ematipico! - Added a new nursery CSS rule noDuplicateSelectors, that disallows duplicate selector lists within the same at-rule context.

  For example, the following snippet triggers the rule because the second selector and the first selector are the same:

  /* First selector */
  .x .y .z {
  }
  /* Second selector */
  .x {
  .y {
  .z {
  }
  }
  }

• #9567 b7ab931 Thanks @​ematipico! - Fixed #7211: useOptionalChain now detects negated logical OR chains. The following code is now considered invalid:

  !foo || !foo.bar;

• #8670 607ebf9 Thanks @​tt-a1i! - Fixed #8345: useAdjacentOverloadSignatures no longer reports false positives for static and instance methods with the same name. Static methods and instance methods are now treated as separate overload groups.

  class Kek {
    static kek(): number {
      return 0;
    }
    another(): string {
      return "";
    }
    kek(): number {
      return 1;
    } // no longer reported as non-adjacent
  }

• #9476 97b80a8 Thanks @​masterkain! - Fixed [#9475](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome/issues/9475): Fixed a panic when Biome analyzed ambient TypeScript modules containing class constructor, getter, or setter signatures that reference local type aliases. Biome now handles these declarations without crashing during semantic analysis.

• #9553 0cd5298 Thanks @​dyc3! - Fixed a bug where enabling the rules of a whole group, would enable rules that belonged to a domain under the same group.

  For example, linter.rules.correctness = "error" no longer enables React- or Qwik-specific correctness rules unless linter.domains.react, linter.domains.qwik, or an explicit rule config also enables them, or their relative dependencies are installed.

... (truncated)

Commits

• ad37526 ci: release (#9620)
• eb57e3a chore: use npmx.dev badge (#9614)
• e168494 feat(linter): add rule noUntrustedLicenses (#9474)
• 085d324 feat(css): add noDuplicateSelectors (#9315)
• 4d050df feat(analyze): implement noInlineStyles (#9534)
• 723798b feat: apply fix to use consistent method signatures (#9544)
• f4bf341 ci: release (#9517)
• e7b3b10 feat(lint): add noDrizzleDeleteWithoutWhere and noDrizzleUpdateWithoutWhere r...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[urugus]

@biomejs/biome 2.4.7 → 2.4.9 調査レポート

変更内容

v2.4.8

• LSPクラッシュ修正（format-on-save時のファイル内容破損）
• noRedeclare パニック修正（コンストラクタオーバーロード時）
• noUnusedVariables 修正（typeof 型の誤検知）
• CSS サポート強化、Astro/Svelte/Vue パーサー修正

v2.4.9

• LSPサーバー安定性向上（git branch切り替え時のパニック防止）
• useOptionalChain 改善、useAdjacentOverloadSignatures 修正
• ルールグループ有効化バグ修正（ドメイン固有ルールの意図しない有効化防止）
• Biome自身の依存関係の脆弱性対応 (#9576)

セキュリティ

• 既知の脆弱性: なし
• サプライチェーン攻撃の懸念: なし（Rust製ネイティブバイナリ配布のみ）
• devDependenciesのみの更新で本番コードへの影響なし

破壊的変更

• なし（パッチリリース、新規ルールはすべてnurseryでデフォルト無効）

CI状況

• test, validate, build: SUCCESS
• claude-review のみ FAILURE（自動レビューbot、実質的な問題ではない）

結論

安全にマージ可能。有益なバグ修正が多数含まれており、アップグレード推奨。