build(deps): bump the patch-updates group across 1 directory with 5 updates

[dependabot]

Bumps the patch-updates group with 5 updates in the / directory:

Package	From	To
@iconify-json/material-symbols	1.2.69	1.2.72
katex	0.16.45	0.16.46
sanitize-html	2.17.3	2.17.4
@astrojs/ts-plugin	1.10.7	1.10.8
@biomejs/biome	2.4.14	2.4.15

Updates @iconify-json/material-symbols from 1.2.69 to 1.2.72

Commits

• See full diff in compare view

Updates katex from 0.16.45 to 0.16.46

Release notes

Sourced from katex's releases.

v0.16.46

0.16.46 (2026-05-13)

Bug Fixes

• preserve math font in some styling commands (#4214) (e9ee046), closes #4213

Changelog

Sourced from katex's changelog.

0.16.46 (2026-05-13)

Bug Fixes

• preserve math font in some styling commands (#4214) (e9ee046), closes #4213

Commits

• 2c25b47 chore(release): 0.16.46 [ci skip]
• e9ee046 fix: preserve math font in some styling commands (#4214)
• 88256c0 ci(screenshotter): require safe to test label for PRs (#4211)
• a3fce45 ci(screenshotter): disable cache (#4209)
• 9de4b3d chore: update linters (#4205)
• c224153 refactor: improve typing for fonts (#4200)
• 89a3d67 chore(deps): update dependency postcss to v8.5.10 [security] (#4202)
• 441e6ca chore: update stylelint and adjust styles for updated set of rules (#4201)
• bdec9b0 docs: support for persian/arabic numerals (#4190)
• efedddd refactor(types): resolve most as any casts and TODO(ts) comments (#4171)
• Additional commits viewable in compare view

Updates sanitize-html from 2.17.3 to 2.17.4

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

Commits

• See full diff in compare view

Updates @astrojs/ts-plugin from 1.10.7 to 1.10.8

Release notes

Sourced from @​astrojs/ts-plugin's releases.

@​astrojs/ts-plugin@​1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Changelog

Sourced from @​astrojs/ts-plugin's changelog.

1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Commits

• See full diff in compare view

Updates @biomejs/biome from 2.4.14 to 2.4.15

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.15

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.15

Patch Changes

• #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

• #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

  For example, the following snippet triggers the rule:

  import { nextTick } from "vue";
  nextTick(() => {
  updateDom();
  });

• #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

  For example, the following snippet triggers the rule:

  <input @keyup.13="submit" />

• #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

• #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

• #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

• #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

• #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

  The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

  {
    "assist": {
      "actions": {
        "source": {
          "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
        }
      }
    }
  }

... (truncated)

Commits

• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• e0a54cc feat(lint/js/vue): add useVueNextTickPromise (#10254)
• 1110256 feat(lint/vue): add noVueImportCompilerMacros (#10238)
• 7f7419c fix: grammar in extends docstring (#10263)
• 0ae5840 feat(lint/js): add useThisForClassMethods (#9807)
• 83f7385 feat(lint/js): add noBaseToString (#9838)
• 64aee45 feat(lint/html/vue): add noVueVOnNumberValues (#10219)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions