chore(deps): bump the npm-minor-patch group with 6 updates

[dependabot]

Bumps the npm-minor-patch group with 6 updates:

Package	From	To
@internationalized/date	3.12.1	3.12.2
@biomejs/biome	2.4.15	2.4.16
@commitlint/cli	21.0.1	21.0.2
@commitlint/config-conventional	21.0.1	21.0.2
lefthook	2.1.8	2.1.9
lucide-react	1.16.0	1.17.0

Updates @internationalized/date from 3.12.1 to 3.12.2

Release notes

Sourced from @​internationalized/date's releases.

React Spectrum S2 v1.4.0

This release brings long awaited drag and drop support to ListView, TableView, and TreeView! TableView now also supports highlight selection and a new TableFooter component. Form components such as ComboBox and TextField now allow custom prefixes, and the new LabeledValue can be used to display non-editable values. In addition, description and error messages can be configured for Checkbox, Radio, and Switch. Last but not least, Calendar now supports multiple date selection.

Full Release Notes

React Spectrum S2 v1.3.0

In this release we are excited to announce support for expandable rows in TableView, highlight selection in TreeView, and window scrolling in collection components! Window scrolling enables virtualized collections to automatically scroll with the rest of the page – no height needed. In addition, we've updated the set of available workflow icons, and reduced the number of dependencies installed when using S2 by over 90% – see the full release notes for details.

To help assist with migrations from S1 to S2, we've added a new end to end migration Agent skill that you can use with your agent of choice. Our existing S2 Agent skill has also been updated to greatly improve its ability to select the proper S2 component to use from context, so be sure to update.

Full release notes

React Spectrum S2 v1.2.0

In this release, we are excited to announce that ListView and unavailable menu items are now available! In addition, we have added ActionBar support for TreeView and custom renderer support for the Picker's display value. We also shipped multiple TableView fixes and a set of documentation improvements including a Typography search view now available in the main search menu.

Thanks to all of our contributors for the updates in this release.

Full release notes

React Spectrum S2 v1.1.0

It’s our first release of the new year and we’ve got plenty of exciting treats we’re bringing to the table. We’ve added a variety of new features to our documentation site including a new dark/light mode switch in the site header. Our search menu also now features a Colors section where you can browse the Spectrum-defined colors and search by name or hex value to find close or exact matches. We also now offer our docs in the form of Agent Skills that can be installed locally and used by your favorite AI coding tools.

This release also includes several bugs fixes, such as properly rendering menus when rendered from within a popover and updates to TreeView disabledBehavior styling to match the latest designs.

Full Release Notes

Commits

• 791377f Publish
• 7840603 chore: update test util page badges (#10123)
• 2cea5b5 chore: update circleci resource classes (#10119)
• 83e5b53 chore: Omit calendar features from v3 (#10122)
• 2c18eb6 fix: Custom 454 Calendar month (#10115)
• ed9170f fix: ensure Tableview and ListView render their dividers and borders with the...
• 6206fc3 chore: Only export DragPreview from useDragAndDrop subpath (#10114)
• 8e4498f docs: add api section with slots to DragPreview (#10113)
• 719ebb2 fix: optimize locales not tree-shaking react-stately intl messages (#10111)
• 3547c08 fix: stabilise our flaky CI jobs (#10106)
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.15 to 2.4.16

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.16

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Commits

• 5f4ea56 ci: release (#10326)
• de2a33c fix(core): regression in emitted types (#10478)
• d835303 docs: remove redundant default phrase in useConsistentObjectDefinitions rul...
• 4f1aaf2 fix: incorrect build when using build or test (#10426)
• dc73b6b refactor: make plugins opt-in via feature gate (#10418)
• e71f584 feat(useDestructuring): add options for assignment/declaration and improve di...
• 9b1577f fix(config): support trailingCommas in overrides (#10318)
• See full diff in compare view

Updates @commitlint/cli from 21.0.1 to 21.0.2

Release notes

Sourced from @​commitlint/cli's releases.

v21.0.2

21.0.2 (2026-05-29)

Bug Fixes

• fix: emit actionable error when --edit cannot find COMMIT_EDITMSG (#589) by @​escapedcat in conventional-changelog/commitlint#4755
• fix: apply oxfmt formatting to get-edit-commit.ts by @​escapedcat in conventional-changelog/commitlint#4768
• fix(read): fail when --from and --to share no merge-base #4555 by @​CervEdin in conventional-changelog/commitlint#4754
• fix: disallow same commit hash for --from and --to by @​knocte in conventional-changelog/commitlint#4773

Chore/CI

• ci: have renovate rebase stale PRs before merging by @​escapedcat in conventional-changelog/commitlint#4782
• chore: have renovate hold PRs for 3 days after release by @​escapedcat in conventional-changelog/commitlint#4788
• chore: anchor vite 8 by @​escapedcat in conventional-changelog/commitlint#4790
• ci: run commitlint once per same-repo PR by @​escapedcat in conventional-changelog/commitlint#4795

New Contributors

• @​CervEdin made their first contribution in conventional-changelog/commitlint#4754

Full Changelog: conventional-changelog/commitlint@v21.0.1...v21.0.2

Changelog

Sourced from @​commitlint/cli's changelog.

21.0.2 (2026-05-29)

Bug Fixes

• disallow same commit hash for --from and --to (#4773) (121005e)

Commits

• 8069048 v21.0.2
• 121005e fix: disallow same commit hash for --from and --to (#4773)
• See full diff in compare view

Updates @commitlint/config-conventional from 21.0.1 to 21.0.2

Release notes

Sourced from @​commitlint/config-conventional's releases.

v21.0.2

21.0.2 (2026-05-29)

Bug Fixes

• fix: emit actionable error when --edit cannot find COMMIT_EDITMSG (#589) by @​escapedcat in conventional-changelog/commitlint#4755
• fix: apply oxfmt formatting to get-edit-commit.ts by @​escapedcat in conventional-changelog/commitlint#4768
• fix(read): fail when --from and --to share no merge-base #4555 by @​CervEdin in conventional-changelog/commitlint#4754
• fix: disallow same commit hash for --from and --to by @​knocte in conventional-changelog/commitlint#4773

Chore/CI

• ci: have renovate rebase stale PRs before merging by @​escapedcat in conventional-changelog/commitlint#4782
• chore: have renovate hold PRs for 3 days after release by @​escapedcat in conventional-changelog/commitlint#4788
• chore: anchor vite 8 by @​escapedcat in conventional-changelog/commitlint#4790
• ci: run commitlint once per same-repo PR by @​escapedcat in conventional-changelog/commitlint#4795

New Contributors

• @​CervEdin made their first contribution in conventional-changelog/commitlint#4754

Full Changelog: conventional-changelog/commitlint@v21.0.1...v21.0.2

Changelog

Sourced from @​commitlint/config-conventional's changelog.

21.0.2 (2026-05-29)

Note: Version bump only for package @​commitlint/config-conventional

Commits

• 8069048 v21.0.2
• See full diff in compare view

Updates lefthook from 2.1.8 to 2.1.9

Release notes

Sourced from lefthook's releases.

v2.1.9

Changelog

• 1d35cbabe1ebaf2a5ed4d2186caa0402de6448e2 chore: add pretty gradient (#1432)
• 22be6c50e1412c748f3c6b60e9c61cd056dc693b deps: May 2026 (#1415)
• 1bae568f03dfb88af9185031fa44e9fee285e917 fix: update hooks path after resetting (#1431)

Changelog

Sourced from lefthook's changelog.

2.1.9 (2026-05-29)

• fix: update hooks path after resetting (#1431) by @​mrexox
• deps: May 2026 (#1415) by @​mrexox

Commits

• 75f99ff 2.1.9: fix install with --reset-hooks-path
• 1d35cba chore: add pretty gradient (#1432)
• 1bae568 fix: update hooks path after resetting (#1431)
• 22be6c5 deps: May 2026 (#1415)
• See full diff in compare view

Updates lucide-react from 1.16.0 to 1.17.0

Release notes

Sourced from lucide-react's releases.

Version 1.17.0

What's Changed

• chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove deprecated packages by @​ericfennis in lucide-icons/lucide#4376
• chore(repo): Update issue templates and documentation for package ren… by @​ericfennis in lucide-icons/lucide#4379
• feat(site): Adds survey overlay to website by @​ericfennis in lucide-icons/lucide#4380
• feat(site): Certificate dev links by @​ericfennis in lucide-icons/lucide#4390
• fix(icons): changed martini icon by @​jamiemlaw in lucide-icons/lucide#4335
• chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by @​dependabot[bot] in lucide-icons/lucide#4386
• chore(deps): bump @​tootallnate/once from 2.0.0 to 2.0.1 by @​dependabot[bot] in lucide-icons/lucide#4404
• chore(deps): bump devalue from 5.8.0 to 5.8.1 by @​dependabot[bot] in lucide-icons/lucide#4391
• chore(deps): bump ws from 8.18.0 to 8.20.1 by @​dependabot[bot] in lucide-icons/lucide#4392
• fix(gh-icon): limit icon size to a maximum of 256 pixels by @​jguddas in lucide-icons/lucide#4398
• chore(dependencies): Update dependencies by @​ericfennis in lucide-icons/lucide#4377
• feat(copilot): Adding copilot instructions by @​ericfennis in lucide-icons/lucide#4407
• feat(icons): add globe-check by @​Barakudum in lucide-icons/lucide#4342
• feat(metadata): Require use-cases in meta json by @​ericfennis in lucide-icons/lucide#4321
• feat(icons): added parasol icon by @​karsa-mistmere in lucide-icons/lucide#4347

Full Changelog: lucide-icons/lucide@1.16.0...1.17.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[egdev6]

Gracias por el update. El scope del PR está limpio y las validaciones principales pasan, pero no lo podemos mergear todavía.

El bloqueo es Security / Dependency audit: pnpm audit --audit-level high falla por una vulnerabilidad crítica en vitest (GHSA-5xrq-8626-4rwp). El audit marca vulnerable <4.1.0, y este PR deja vitest en 3.2.4, así que el check va a seguir fallando aunque reintentemos CI.

Pedido de cambio: resolver primero el upgrade de vitest a >=4.1.0, probablemente en un PR separado por ser major, y después regenerar o rebasear este grupo de updates con el audit limpio.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml