build(deps-dev): bump @biomejs/biome from 2.2.5 to 2.2.6 in /github-action

[dependabot]

Bumps @biomejs/biome from 2.2.5 to 2.2.6.

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.2.6

2.2.6

Patch Changes

• #7071 a8e7301 Thanks @​ptkagori! - Added the useQwikMethodUsage lint rule for the Qwik domain.

  This rule validates Qwik hook usage. Identifiers matching useXxx must be called only within serialisable reactive contexts (for example, inside component$, route loaders/actions, or within other Qwik hooks), preventing common Qwik antipatterns.

  Invalid:

  // Top-level hook call is invalid.
  const state = useStore({ count: 0 });
  function helper() {
  // Calling a hook in a non-reactive function is invalid.
  const loc = useLocation();
  }

  Valid:

  component$(() => {
    const state = useStore({ count: 0 }); // OK inside component$.
    return <div>{state.count}</div>;
  });
  const handler = $(() => {
  const loc = useLocation(); // OK inside a $-wrapped closure.
  console.log(loc.params);
  });

• #7685 52071f5 Thanks @​denbezrukov! - Fixed #6981: The NoUnknownPseudoClass rule no longer reports local pseudo-classes when CSS Modules are used.

• #7640 899f7b2 Thanks @​arendjr! - Fixed #7638: useImportExtensions no longer emits diagnostics on valid import paths that end with a query or hash.

  Example

  // This no longer warns if `index.css` exists:
  import style from "../theme/index.css?inline";

• #7071 a8e7301 Thanks @​ptkagori! - Added the useQwikValidLexicalScope rule to the Qwik domain.

  This rule helps you avoid common bugs in Qwik components by checking that your variables and functions are declared in the correct place.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.2.6

Patch Changes

• #7071 a8e7301 Thanks @​ptkagori! - Added the useQwikMethodUsage lint rule for the Qwik domain.

  This rule validates Qwik hook usage. Identifiers matching useXxx must be called only within serialisable reactive contexts (for example, inside component$, route loaders/actions, or within other Qwik hooks), preventing common Qwik antipatterns.

  Invalid:

  // Top-level hook call is invalid.
  const state = useStore({ count: 0 });
  function helper() {
  // Calling a hook in a non-reactive function is invalid.
  const loc = useLocation();
  }

  Valid:

  component$(() => {
    const state = useStore({ count: 0 }); // OK inside component$.
    return <div>{state.count}</div>;
  });
  const handler = $(() => {
  const loc = useLocation(); // OK inside a $-wrapped closure.
  console.log(loc.params);
  });

• #7685 52071f5 Thanks @​denbezrukov! - Fixed #6981: The NoUnknownPseudoClass rule no longer reports local pseudo-classes when CSS Modules are used.

• #7640 899f7b2 Thanks @​arendjr! - Fixed #7638: useImportExtensions no longer emits diagnostics on valid import paths that end with a query or hash.

  Example

  // This no longer warns if `index.css` exists:
  import style from "../theme/index.css?inline";

• #7071 a8e7301 Thanks @​ptkagori! - Added the useQwikValidLexicalScope rule to the Qwik domain.

  This rule helps you avoid common bugs in Qwik components by checking that your variables and functions are declared in the correct place.

  Invalid:

... (truncated)

Commits

• e5b8058 ci: release (#7637)
• 5beb1ee feat(biome_graphql_analyze): implement useDeprecatedDate (#7620)
• a8e7301 feat(qwik): add useQwikMethodUsage & useQwikValidLexicalScope (#7071)
• d025e53 docs: add Polish translation of Biome README (#7630)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @hougesen.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​biomejs/​biome@​2.3.0

View full report

[dependabot]

A newer version of @​biomejs/biome exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[hougesen]

@dependabot squash and merge

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot squash and merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

[dependabot]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

[dependabot]

Superseded by #1365.