Bump the npm-minor group with 6 updates

[dependabot]

Bumps the npm-minor group with 6 updates:

Package	From	To
@biomejs/biome	2.3.14	2.4.2
@tanstack/react-router	1.159.6	1.160.2
@tanstack/router-devtools	1.159.6	1.160.2
@tanstack/router-cli	1.159.6	1.160.1
@tanstack/router-vite-plugin	1.159.6	1.160.2
orval	8.3.0	8.4.0

Updates @biomejs/biome from 2.3.14 to 2.4.2

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.2

2.4.2

Patch Changes

• #9103 fc9850c Thanks @​dyc3! - Fixed #9098: useImportType no longer incorrectly flags imports used in Svelte control flow blocks ({#if}, {#each}, {#await}, {#key}) as type-only imports.

• #9106 f4b7296 Thanks @​dyc3! - Updated rule source metadata for rules from html-eslint.

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noConditionalExpect. This rule disallows conditional expect() calls inside tests, which can lead to tests that silently pass when assertions never run.

  // Invalid - conditional expect may not run
  test("conditional", async ({ page }) => {
    if (someCondition) {
      await expect(page).toHaveTitle("Title");
    }
  });
  // Valid - unconditional expect
  test("unconditional", async ({ page }) => {
  await expect(page).toHaveTitle("Title");
  });

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightElementHandle. Prefers locators to element handles.

  const el = await page.$(".btn");

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightEval. Disallows page.$eval() and page.$$eval() methods.

  await page.$eval(".btn", (el) => el.textContent);

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightForceOption. Disallows the force option on user interactions.

  await locator.click({ force: true });

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightMissingAwait. Enforces awaiting async Playwright APIs.

  const el = page.locator(".btn");
  el.click(); // Missing await

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.2

Patch Changes

• #9103 fc9850c Thanks @​dyc3! - Fixed #9098: useImportType no longer incorrectly flags imports used in Svelte control flow blocks ({#if}, {#each}, {#await}, {#key}) as type-only imports.

• #9106 f4b7296 Thanks @​dyc3! - Updated rule source metadata for rules from html-eslint.

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noConditionalExpect. This rule disallows conditional expect() calls inside tests, which can lead to tests that silently pass when assertions never run.

  // Invalid - conditional expect may not run
  test("conditional", async ({ page }) => {
    if (someCondition) {
      await expect(page).toHaveTitle("Title");
    }
  });
  // Valid - unconditional expect
  test("unconditional", async ({ page }) => {
  await expect(page).toHaveTitle("Title");
  });

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightElementHandle. Prefers locators to element handles.

  const el = await page.$(".btn");

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightEval. Disallows page.$eval() and page.$$eval() methods.

  await page.$eval(".btn", (el) => el.textContent);

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightForceOption. Disallows the force option on user interactions.

  await locator.click({ force: true });

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightMissingAwait. Enforces awaiting async Playwright APIs.

  const el = page.locator(".btn");
  el.click(); // Missing await

• #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noPlaywrightNetworkidle. Disallows deprecated networkidle wait option.

... (truncated)

Commits

• b99e7db ci: release (#9104)
• 4a5ff40 feat(lint): add Playwright ESLint rules (#8960)
• 5153f2f ci: release (#9094)
• 4cc531c chore: docs that break website (#9077)
• bf6e5f9 ci: release (#9045)
• e014336 feat: promote rules for v2.4 (#9011)
• 7e33fd5 Merge remote-tracking branch 'origin/main' into next
• df21006 ci: release (#8973)
• 6ebf6c6 feat(lint): add nursery rule noUselessReturn (#9029)
• 043b67c feat(lint/js): add noNestedPromises (#9019)
• Additional commits viewable in compare view

Updates @tanstack/react-router from 1.159.6 to 1.160.2

Release notes

Sourced from @​tanstack/react-router's releases.

v1.160.2

Version 1.160.2 - 2/16/26, 7:27 PM

Changes

Fix

• script hydration (#6681) (27a563e) by Manuel Schiller

Other

• (5d667aa) by Manuel Schiller

Packages

• @​tanstack/react-router@​1.160.2
• @​tanstack/react-router-ssr-query@​1.160.2
• @​tanstack/zod-adapter@​1.160.2
• @​tanstack/valibot-adapter@​1.160.2
• @​tanstack/arktype-adapter@​1.160.2
• @​tanstack/router-devtools@​1.160.2
• @​tanstack/react-router-devtools@​1.160.2
• @​tanstack/router-plugin@​1.160.2
• @​tanstack/router-vite-plugin@​1.160.2
• @​tanstack/react-start@​1.160.2
• @​tanstack/react-start-client@​1.160.2
• @​tanstack/react-start-server@​1.160.2
• @​tanstack/start-plugin-core@​1.160.2
• @​tanstack/start-static-server-functions@​1.160.2
• @​tanstack/solid-start@​1.160.2
• @​tanstack/vue-start@​1.160.2

v1.160.1

Version 1.160.1 - 2/16/26, 6:12 PM

Changes

Fix

• prevent var name clash in generated route for escaped strings (#6680) (227dfaf) by Manuel Schiller

Chore

• agents: encourage using nx and pnpm instead of direct execution, add instruction for sandboxed execution (#6671) (bab64df) by @​Sheraff

Docs

• Fixed filenames (#6675) (cf5a269) by Stefan Ollinger
• eslint: update installation to use unified tabbed markup (027dc05) by SeanCassiere
• router: restructure docs to use the unified markdown syntax (#6665) (e8c5dd0) by Sean Cassiere

... (truncated)

Commits

• 08a2d09 release: v1.160.2
• 27a563e fix: script hydration (#6681)
• 02d88bf release: v1.160.0
• 6ddb586 feat(router-core, react-router, solid-router, vue-router): isDangerousProtoco...
• c5d328a release: v1.159.14
• 067951f fix(react-router): remove async/defer attributes during hydration to prevent ...
• f3e3bd4 release: v1.159.10
• fb139e8 fix: preserve data script content during client hydration (#6653)
• 1dde024 release: v1.159.9
• 2148b1b fix: resolve pending state when throwing notFound in beforeLoad (#6654)
• See full diff in compare view

Updates @tanstack/router-devtools from 1.159.6 to 1.160.2

Release notes

Sourced from @​tanstack/router-devtools's releases.

v1.160.2

Version 1.160.2 - 2/16/26, 7:27 PM

Changes

Fix

• script hydration (#6681) (27a563e) by Manuel Schiller

Other

• (5d667aa) by Manuel Schiller

Packages

• @​tanstack/react-router@​1.160.2
• @​tanstack/react-router-ssr-query@​1.160.2
• @​tanstack/zod-adapter@​1.160.2
• @​tanstack/valibot-adapter@​1.160.2
• @​tanstack/arktype-adapter@​1.160.2
• @​tanstack/router-devtools@​1.160.2
• @​tanstack/react-router-devtools@​1.160.2
• @​tanstack/router-plugin@​1.160.2
• @​tanstack/router-vite-plugin@​1.160.2
• @​tanstack/react-start@​1.160.2
• @​tanstack/react-start-client@​1.160.2
• @​tanstack/react-start-server@​1.160.2
• @​tanstack/start-plugin-core@​1.160.2
• @​tanstack/start-static-server-functions@​1.160.2
• @​tanstack/solid-start@​1.160.2
• @​tanstack/vue-start@​1.160.2

v1.160.1

Version 1.160.1 - 2/16/26, 6:12 PM

Changes

Fix

• prevent var name clash in generated route for escaped strings (#6680) (227dfaf) by Manuel Schiller

Chore

• agents: encourage using nx and pnpm instead of direct execution, add instruction for sandboxed execution (#6671) (bab64df) by @​Sheraff

Docs

• Fixed filenames (#6675) (cf5a269) by Stefan Ollinger
• eslint: update installation to use unified tabbed markup (027dc05) by SeanCassiere
• router: restructure docs to use the unified markdown syntax (#6665) (e8c5dd0) by Sean Cassiere

... (truncated)

Commits

• 08a2d09 release: v1.160.2
• 02d88bf release: v1.160.0
• c5d328a release: v1.159.14
• f3e3bd4 release: v1.159.10
• 1dde024 release: v1.159.9
• See full diff in compare view

Updates @tanstack/router-cli from 1.159.6 to 1.160.1

Release notes

Sourced from @​tanstack/router-cli's releases.

v1.160.1

Version 1.160.1 - 2/16/26, 6:12 PM

Changes

Fix

• prevent var name clash in generated route for escaped strings (#6680) (227dfaf) by Manuel Schiller

Chore

• agents: encourage using nx and pnpm instead of direct execution, add instruction for sandboxed execution (#6671) (bab64df) by @​Sheraff

Docs

• Fixed filenames (#6675) (cf5a269) by Stefan Ollinger
• eslint: update installation to use unified tabbed markup (027dc05) by SeanCassiere
• router: restructure docs to use the unified markdown syntax (#6665) (e8c5dd0) by Sean Cassiere

Packages

• @​tanstack/router-generator@​1.160.1
• @​tanstack/router-cli@​1.160.1
• @​tanstack/router-plugin@​1.160.1
• @​tanstack/router-vite-plugin@​1.160.1
• @​tanstack/start-plugin-core@​1.160.1
• @​tanstack/solid-start@​1.160.1
• @​tanstack/vue-start@​1.160.1
• @​tanstack/react-start@​1.160.1
• @​tanstack/start-static-server-functions@​1.160.1

v1.160.0

Version 1.160.0 - 2/15/26, 7:06 AM

Changes

Feat

• router-core, react-router, solid-router, vue-router: isDangerousProtocol uses customizable allowlist (#6542) (6ddb586) by @​Sheraff

Packages

• @​tanstack/router-core@​1.160.0
• @​tanstack/solid-router@​1.160.0
• @​tanstack/react-router@​1.160.0
• @​tanstack/vue-router@​1.160.0
• @​tanstack/solid-router-ssr-query@​1.160.0
• @​tanstack/react-router-ssr-query@​1.160.0
• @​tanstack/vue-router-ssr-query@​1.160.0
• @​tanstack/router-ssr-query-core@​1.160.0

... (truncated)

Commits

• c7bf332 release: v1.160.1
• 02d88bf release: v1.160.0
• 1dde024 release: v1.159.9
• See full diff in compare view

Updates @tanstack/router-vite-plugin from 1.159.6 to 1.160.2

Release notes

Sourced from @​tanstack/router-vite-plugin's releases.

v1.160.2

Version 1.160.2 - 2/16/26, 7:27 PM

Changes

Fix

• script hydration (#6681) (27a563e) by Manuel Schiller

Other

• (5d667aa) by Manuel Schiller

Packages

• @​tanstack/react-router@​1.160.2
• @​tanstack/react-router-ssr-query@​1.160.2
• @​tanstack/zod-adapter@​1.160.2
• @​tanstack/valibot-adapter@​1.160.2
• @​tanstack/arktype-adapter@​1.160.2
• @​tanstack/router-devtools@​1.160.2
• @​tanstack/react-router-devtools@​1.160.2
• @​tanstack/router-plugin@​1.160.2
• @​tanstack/router-vite-plugin@​1.160.2
• @​tanstack/react-start@​1.160.2
• @​tanstack/react-start-client@​1.160.2
• @​tanstack/react-start-server@​1.160.2
• @​tanstack/start-plugin-core@​1.160.2
• @​tanstack/start-static-server-functions@​1.160.2
• @​tanstack/solid-start@​1.160.2
• @​tanstack/vue-start@​1.160.2

v1.160.1

Version 1.160.1 - 2/16/26, 6:12 PM

Changes

Fix

• prevent var name clash in generated route for escaped strings (#6680) (227dfaf) by Manuel Schiller

Chore

• agents: encourage using nx and pnpm instead of direct execution, add instruction for sandboxed execution (#6671) (bab64df) by @​Sheraff

Docs

• Fixed filenames (#6675) (cf5a269) by Stefan Ollinger
• eslint: update installation to use unified tabbed markup (027dc05) by SeanCassiere
• router: restructure docs to use the unified markdown syntax (#6665) (e8c5dd0) by Sean Cassiere

... (truncated)

Commits

• 08a2d09 release: v1.160.2
• c7bf332 release: v1.160.1
• 02d88bf release: v1.160.0
• c5d328a release: v1.159.14
• ffec9c9 release: v1.159.12
• 1afa90e release: v1.159.11
• f3e3bd4 release: v1.159.10
• 1dde024 release: v1.159.9
• See full diff in compare view

Updates orval from 8.3.0 to 8.4.0

Release notes

Sourced from orval's releases.

Release v8.4.0

What's Changed

• fix(angular): do not use/expose deepnonnullable by @​the-ult in orval-labs/orval#2941
• fix(msw): mock generation bugs by @​the-ult in orval-labs/orval#2939
• fix(react-query): correctly type pre 5.14 and post 5.89 onSuccess by @​AllieJonsson in orval-labs/orval#2946
• feat(core,query,zod,mock): resolve actual installed package versions for feature gating by @​ScriptType in orval-labs/orval#2948
• fix(angular): angular-codegen typing issues for Zod imports, params handling, and response schemas by @​the-ult in orval-labs/orval#2938
• feat(angular): add Angular 21 support in workspace catalogs by @​the-ult in orval-labs/orval#2953
• feat(query): add support for invalidating queries in other files by @​AllieJonsson in orval-labs/orval#2954
• chore(deps): Axios and ModelContext SDK updates by @​melloware in orval-labs/orval#2957
• chore(deps): bump jsonpath from 1.1.1 to 1.2.1 by @​dependabot[bot] in orval-labs/orval#2956
• chore(deps): bump markdown-it from 14.1.0 to 14.1.1 by @​dependabot[bot] in orval-labs/orval#2958
• chore(deps): bump qs from 6.14.1 to 6.14.2 by @​dependabot[bot] in orval-labs/orval#2959
• fix(mock): msw mixed json-xml responses by @​the-ult in orval-labs/orval#2960
• feat(zod): add support for stringFormat by @​AllieJonsson in orval-labs/orval#2965
• fix(core): handle $ref responses without content property by @​tropnikov in orval-labs/orval#2967
• fix(zod): fix split-mode schema generation output by @​the-ult in orval-labs/orval#2964
• docs: add x-enum-descriptions documentation to enums guide by @​ashphy in orval-labs/orval#2968
• Release v8.4.0 by @​github-actions[bot] in orval-labs/orval#2969

New Contributors

• @​the-ult made their first contribution in orval-labs/orval#2941
• @​tropnikov made their first contribution in orval-labs/orval#2967
• @​ashphy made their first contribution in orval-labs/orval#2968

Full Changelog: orval-labs/orval@v8.3.0...v8.4.0

Commits

• 5e80698 chore(release): bump version to v8.4.0 (#2969)
• 3c66608 docs: add x-enum-descriptions documentation to enums guide (#2968)
• 6a67a50 fix(zod): fix split-mode schema generation output (#2964)
• 7934b87 fix(core): handle $ref responses without content property (#2967)
• c2b50ed feat(zod): add support for stringFormat (#2965)
• 00804bc fix(mock): msw mixed json-xml responses (#2960)
• 9219bfc chore(deps): bump qs from 6.14.1 to 6.14.2 (#2959)
• e99eb58 chore(deps): bump markdown-it from 14.1.0 to 14.1.1 (#2958)
• 647d2cb chore(deps): bump jsonpath from 1.1.1 to 1.2.1 (#2956)
• c49763f chore(deps): Axios and ModelContext SDK updates (#2957)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions