fix(deps): update npm non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@biomejs/biome (source)	2.2.4 -> 2.2.5
@figma/plugin-typings	^1.117.0 -> ^1.117.1
@rollup/plugin-node-resolve (source)	^16.0.1 -> ^16.0.2
@storybook/addon-a11y (source)	^9.1.8 -> ^9.1.10
@storybook/addon-docs (source)	^9.1.8 -> ^9.1.10
@storybook/addon-links (source)	^9.1.8 -> ^9.1.10
@storybook/addon-themes (source)	^9.1.8 -> ^9.1.10
@storybook/addon-vitest (source)	^9.1.8 -> ^9.1.10
@storybook/react-vite (source)	^9.1.8 -> ^9.1.10
@testing-library/jest-dom	^6.8.0 -> ^6.9.1
@types/node (source)	^22.18.6 -> ^22.18.8
@types/react (source)	^19.1.15 -> ^19.2.0
@types/react (source)	^18.3.24 -> ^18.3.25
@types/react-dom (source)	^19.1.9 -> ^19.2.0
chromatic (source)	^13.2.1 -> ^13.3.0
i18next (source)	^25.5.2 -> ^25.5.3
pnpm (source)	10.17.1+sha512.17c560fca4867ae9473a3899ad84a88334914f379be46d455cbf92e5cf4b39d34985d452d2583baf19967fa76cb5c17bc9e245529d0b98745721aa7200ecaf7a -> 10.18.0
react (source)	^19.1.1 -> ^19.2.0
react-dom (source)	^19.1.1 -> ^19.2.0
rollup (source)	^4.52.3 -> ^4.52.4
storybook (source)	^9.1.8 -> ^9.1.10
storybook-addon-pseudo-states (source)	^9.1.8 -> ^9.1.10
style-dictionary	^5.0.4 -> ^5.1.0
typescript (source)	^5.9.2 -> ^5.9.3
vite (source)	^7.1.7 -> ^7.1.9

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

biomejs/biome (@​biomejs/biome)

v2.2.5

Compare Source

Patch Changes

• #​7597 5c3d542 Thanks @​arendjr! - Fixed #​6432: useImportExtensions now works correctly with aliased paths.

• #​7269 f18dac1 Thanks @​CDGardner! - Fixed #​6648, where Biome's noUselessFragments contained inconsistencies with ESLint for fragments only containing text.

  Previously, Biome would report that fragments with only text were unnecessary under the noUselessFragments rule. Further analysis of ESLint's behavior towards these cases revealed that text-only fragments (<>A</a>, <React.Fragment>B</React.Fragment>, <RenamedFragment>B</RenamedFragment>) would not have noUselessFragments emitted for them.

  On the Biome side, instances such as these would emit noUselessFragments, and applying the suggested fix would turn the text content into a proper JS string.

  // Ended up as: - const t = "Text"
  const t = <>Text</>
  
  // Ended up as: - const e = t ? "Option A" : "Option B"
  const e = t ? <>Option A</> : <>Option B</>
  
  /* Ended up as:
    function someFunc() {
      return "Content desired to be a multi-line block of text."
    }
  */
  function someFunc() {
    return <>
      Content desired to be a multi-line
      block of text.
    <>
  }

  The proposed update was to align Biome's reaction to this rule with ESLint's; the aforementioned examples will now be supported from Biome's perspective, thus valid use of fragments.

  // These instances are now valid and won't be called out by noUselessFragments.
  
  const t = <>Text</>
  const e = t ? <>Option A</> : <>Option B</>
  
  function someFunc() {
    return <>
      Content desired to be a multi-line
      block of text.
    <>
  }

• #​7498 002cded Thanks @​siketyan! - Fixed #​6893: The useExhaustiveDependencies rule now correctly adds a dependency that is captured in a shorthand object member. For example:

  useEffect(() => {
    console.log({ firstId, secondId });
  }, []);

  is now correctly fixed to:

  useEffect(() => {
    console.log({ firstId, secondId });
  }, [firstId, secondId]);

• #​7509 1b61631 Thanks @​siketyan! - Added a new lint rule noReactForwardRef, which detects usages of forwardRef that is no longer needed and deprecated in React 19.

  For example:

  export const Component = forwardRef(function Component(props, ref) {
    return <div ref={ref} />;
  });

  will be fixed to:

  export const Component = function Component({ ref, ...props }) {
    return <div ref={ref} />;
  };

  Note that the rule provides an unsafe fix, which may break the code. Don't forget to review the code after applying the fix.

• #​7520 3f06e19 Thanks @​arendjr! - Added new nursery rule noDeprecatedImports to flag imports of deprecated symbols.

Invalid example

// foo.js
import { oldUtility } from "./utils.js";

// utils.js
/**
 * @​deprecated
 */
export function oldUtility() {}

Valid examples

// foo.js
import { newUtility, oldUtility } from "./utils.js";

// utils.js
export function newUtility() {}

// @​deprecated (this is not a JSDoc comment)
export function oldUtility() {}

• #​7457 9637f93 Thanks @​kedevked! - Added style and requireForObjectLiteral options to the lint rule useConsistentArrowReturn.

  This rule enforces a consistent return style for arrow functions. It can be configured with the following options:

  • style: (default: asNeeded)
    • always: enforces that arrow functions always have a block body.
    • never: enforces that arrow functions never have a block body, when possible.
    • asNeeded: enforces that arrow functions have a block body only when necessary (e.g. for object literals).

style: "always"

Invalid:

const f = () => 1;

Valid:

const f = () => {
  return 1;
};

style: "never"

Invalid:

const f = () => {
  return 1;
};

Valid:

const f = () => 1;

style: "asNeeded"

Invalid:

const f = () => {
  return 1;
};

Valid:

const f = () => 1;

style: "asNeeded" and requireForObjectLiteral: true

Valid:

const f = () => {
  return { a: 1 };
};

• #​7510 527cec2 Thanks @​rriski! - Implements #​7339. GritQL patterns can now use native Biome AST nodes using their PascalCase names, in addition to the existing TreeSitter-compatible snake_case names.

  engine biome(1.0)
  language js(typescript,jsx)
  
  or {
    // TreeSitter-compatible pattern
    if_statement(),
  
    // Native Biome AST node pattern
    JsIfStatement()
  } as $stmt where {
    register_diagnostic(
      span=$stmt,
      message="Found an if statement"
    )
  }
  

• #​7574 47907e7 Thanks @​kedevked! - Fixed 7574. The diagnostic message for the rule useSolidForComponent now correctly emphasizes <For /> and provides a working hyperlink to the Solid documentation.

• #​7497 bd70f40 Thanks @​siketyan! - Fixed #​7320: The useConsistentCurlyBraces rule now correctly detects a string literal including " inside a JSX attribute value.

• #​7522 1af9931 Thanks @​Netail! - Added extra references to external rules to improve migration for the following rules: noUselessFragments & noNestedComponentDefinitions

• #​7597 5c3d542 Thanks @​arendjr! - Fixed an issue where package.json manifests would not be correctly discovered
  when evaluating files in the same directory.

• #​7565 38d2098 Thanks @​siketyan! - The resolver can now correctly resolve .ts, .tsx, .d.ts, .js files by .js extension if exists, based on the file extension substitution in TypeScript.

  For example, the linter can now detect the floating promise in the following situation, if you have enabled the noFloatingPromises rule.

  foo.ts

  export async function doSomething(): Promise<void> {}

  bar.ts

  import { doSomething } from "./foo.js"; // doesn't exist actually, but it is resolved to `foo.ts`
  
  doSomething(); // floating promise!

• #​7542 cadad2c Thanks @​mdevils! - Added the rule noVueDuplicateKeys, which prevents duplicate keys in Vue component definitions.

  This rule prevents the use of duplicate keys across different Vue component options such as props, data, computed, methods, and setup. Even if keys don't conflict in the script tag, they may cause issues in the template since Vue allows direct access to these keys.

  Invalid examples

  <script>
  export default {
    props: ["foo"],
    data() {
      return {
        foo: "bar",
      };
    },
  };
  </script>

  <script>
  export default {
    data() {
      return {
        message: "hello",
      };
    },
    methods: {
      message() {
        console.log("duplicate key");
      },
    },
  };
  </script>

  <script>
  export default {
    computed: {
      count() {
        return this.value * 2;
      },
    },
    methods: {
      count() {
        this.value++;
      },
    },
  };
  </script>

  Valid examples

  <script>
  export default {
    props: ["foo"],
    data() {
      return {
        bar: "baz",
      };
    },
    methods: {
      handleClick() {
        console.log("unique key");
      },
    },
  };
  </script>

  <script>
  export default {
    computed: {
      displayMessage() {
        return this.message.toUpperCase();
      },
    },
    methods: {
      clearMessage() {
        this.message = "";
      },
    },
  };
  </script>

• #​7546 a683acc Thanks @​siketyan! - Internal data for Unicode strings have been updated to Unicode 17.0.

• #​7497 bd70f40 Thanks @​siketyan! - Fixed #​7256: The useConsistentCurlyBraces rule now correctly ignores a string literal with braces that contains only whitespaces. Previously, literals that contains single whitespace were only allowed.

• #​7565 38d2098 Thanks @​siketyan! - The useImportExtensions rule now correctly detects imports with an invalid extension. For example, importing .ts file with .js extension is flagged by default. If you are using TypeScript with neither the allowImportingTsExtensions option nor the rewriteRelativeImportExtensions option, it's recommended to turn on the forceJsExtensions option of the rule.

• #​7581 8653921 Thanks @​lucasweng! - Fixed #​7470: solved a false positive for noDuplicateProperties. Previously, declarations in @container and @starting-style at-rules were incorrectly flagged as duplicates of identical declarations at the root selector.

  For example, the linter no longer flags the display declaration in @container or the opacity declaration in @starting-style.

  a {
    display: block;
    @​container (min-width: 600px) {
      display: none;
    }
  }
  
  [popover]:popover-open {
    opacity: 1;
    @​starting-style {
      opacity: 0;
    }
  }

• #​7529 fea905f Thanks @​qraqras! - Fixed #​7517: the useOptionalChain rule no longer suggests changes for typeof checks on global objects.

  // ok
  typeof window !== "undefined" && window.location;

• #​7476 c015765 Thanks @​ematipico! - Fixed a bug where the suppression action for noPositiveTabindex didn't place the suppression comment in the correct position.

• #​7511 a0039fd Thanks @​arendjr! - Added nursery rule noUnusedExpressions to flag expressions used as a statement that is neither an assignment nor a function call.

Invalid examples

f; // intended to call `f()` instead

function foo() {
  0; // intended to `return 0` instead
}

Valid examples

f();

function foo() {
  return 0;
}

• #​7564 40e515f Thanks @​turbocrime! - Fixed #​6617: improved useIterableCallbackReturn to correctly handle arrow functions with a single-expression void body.

  Now the following code doesn't trigger the rule anymore:

  [].forEach(() => void null);

figma/plugin-typings (@​figma/plugin-typings)

v1.117.1

Compare Source

rollup/plugins (@​rollup/plugin-node-resolve)

v16.0.2

2025-10-04

Bugfixes

• fix: error thrown with empty entry (#​1893)

storybookjs/storybook (@​storybook/addon-a11y)

v9.1.10

Compare Source

• Automigrations: Add automigration for viewport and backgrounds - #​31614, thanks @​valentinpalkovic!
• Telemetry: Log userAgent in onboarding - #​32566, thanks @​shilman!

v9.1.9

Compare Source

• Angular: Enable experimental zoneless detection on Angular v21 - #​32580, thanks @​yannbf!
• Svelte: Ignore inherited HTMLAttributes docgen when using utility types - #​32173, thanks @​steciuk!

testing-library/jest-dom (@​testing-library/jest-dom)

v6.9.1

Compare Source

v6.9.0

Compare Source

i18next/i18next (i18next)

v25.5.3

Compare Source

• export esm type declaration for keyFromSelector 2356

pnpm/pnpm (pnpm)

v10.18.0

Compare Source

Minor Changes

• Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

  Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps.
  Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

  Related PR: #​10025.

Patch Changes

• Retry filesystem operations on EAGAIN errors #​9959.
• Outdated command respects minimumReleaseAge configuration #​10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #​8748.
• pnpm dlx should not fail when minimumReleaseAge is set #​10037.

facebook/react (react)

v19.2.0

Compare Source

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

• <Activity>: A new API to hide and restore the UI and internal state of its children.
• useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
• cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
• React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

• Added resume APIs for partial pre-rendering with Web Streams:
  • resume: to resume a prerender to a stream.
  • resumeAndPrerender: to resume a prerender to HTML.
• Added resume APIs for partial pre-rendering with Node Streams:
  • resumeToPipeableStream: to resume a prerender to a stream.
  • resumeAndPrerenderToNodeStream: to resume a prerender to HTML.
• Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

• React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
• Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
• Use underscore instead of : IDs generated by useId

All Changes

React

• <Activity /> was developed over many years, starting before ClassComponent.setState (@​acdlite @​sebmarkbage and many others)
• Stringify context as "SomeContext" instead of "SomeContext.Provider" (@​kassens #​33507)
• Include stack of cause of React instrumentation errors with %o placeholder (@​eps1lon #​34198)
• Fix infinite useDeferredValue loop in popstate event (@​acdlite #​32821)
• Fix a bug when an initial value was passed to useDeferredValue (@​acdlite #​34376)
• Fix a crash when submitting forms with Client Actions (@​sebmarkbage #​33055)
• Hide/unhide the content of dehydrated suspense boundaries if they resuspend (@​sebmarkbage #​32900)
• Avoid stack overflow on wide trees during Hot Reload (@​sophiebits #​34145)
• Improve Owner and Component stacks in various places (@​sebmarkbage, @​eps1lon: #​33629, #​33724, #​32735, #​33723)
• Add cacheSignal (@​sebmarkbage #​33557)

React DOM

• Block on Suspensey Fonts during reveal of server-side-rendered content (@​sebmarkbage #​33342)
• Use underscore instead of : for IDs generated by useId (@​sebmarkbage, @​eps1lon: #​32001, #​33342#​33099, #​33422)
• Stop warning when ARIA 1.3 attributes are used (@​Abdul-Omira #​34264)
• Allow nonce to be used on hoistable styles (@​Andarist #​32461)
• Warn for using a React owned node as a Container if it also has text content (@​sebmarkbage #​32774)
• s/HTML/text for for error messages if text hydration mismatches (@​rickhanlonii #​32763)
• Fix a bug with React.use inside React.lazy-ed Component (@​hi-ogawa #​33941)
• Enable the progressiveChunkSize option for server-side-rendering APIs (@​sebmarkbage #​33027)
• Fix a bug with deeply nested Suspense inside Suspense fallback when server-side-rendering (@​gnoff #​33467)
• Avoid hanging when suspending after aborting while rendering (@​gnoff #​34192)
• Add Node Web Streams to server-side-rendering APIs for Node.js (@​sebmarkbage #​33475)

React Server Components

• Preload <img> and <link> using hints before they're rendered (@​sebmarkbage #​34604)
• Log error if production elements are rendered during development (@​eps1lon #​34189)
• Fix a bug when returning a Temporary reference (e.g. a Client Reference) from Server Functions (@​sebmarkbage #​34084, @​denk0403 #​33761)
• Pass line/column to filterStackFrame (@​eps1lon #​33707)
• Support Async Modules in Turbopack Server References (@​lubieowoce #​34531)
• Add support for .mjs file extension in Webpack (@​jennyscript #​33028)
• Fix a wrong missing key warning (@​unstubbable #​34350)
• Make console log resolve in predictable order (@​sebmarkbage #​33665)

React Reconciler

• createContainer and createHydrationContainer had their parameter order adjusted after on* handlers to account for upcoming experimental APIs

rollup/rollup (rollup)

v4.52.4

Compare Source

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#​6133)

Pull Requests

• #​6128: Enable npm OIDC publishing (@​lukastaegert)
• #​6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #​6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

amzn/style-dictionary (style-dictionary)

v5.1.0

Compare Source

Minor Changes

• 97a209a: Add new size/compose/{sp,dp} transforms

Patch Changes

• dbcdae3: Fix fontName parsing to handle double quotes
• c47600d: Export expand DTCGTypesMap for extension use cases.

microsoft/TypeScript (typescript)

v5.9.3

Compare Source

vitejs/vite (vite)

v7.1.9

Compare Source

Reverts

• server: drain stdin when not interactive (#​20885) (12d72b0)

v7.1.8

Compare Source

Bug Fixes

• css: improve url escape characters handling (#​20847) (24a61a3)
• deps: update all non-major dependencies (#​20855) (788a183)
• deps: update artichokie to 0.4.2 (#​20864) (e670799)
• dev: skip JS responses for document requests (#​20866) (6bc6c4d)
• glob: fix HMR for array patterns with exclusions (#​20872) (63e040f)
• keep ids for virtual modules as-is (#​20808) (d4eca98)
• server: drain stdin when not interactive (#​20837) (bb950e9)
• server: improve malformed URL handling in middlewares (#​20830) (d65a983)

Documentation

• create-vite: provide deno example (#​20747) (fdb758a)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20810) (ea68a88)
• deps: update rolldown-related dependencies (#​20854) (4dd06fd)
• update url of create-react-app license (#​20865) (166a178)

---

Configuration

📅 Schedule: Branch creation - "before 07:00 on Thursday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

🦋 Changeset detected

Latest commit: 4ed9e19

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages

Name	Type
@digdir/designsystemet-react	Patch
@digdir/designsystemet	Patch
@digdir/designsystemet-theme	Patch
@digdir/designsystemet-css	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

Preview deployments for this pull request:

storybook - 9. Oct 2025 - 12:16

themebuilder - 9. Oct 2025 - 12:15

www - 9. Oct 2025 - 12:16

[Barsnes]

Looks and work fine