Closed renovate[bot] closed 2 months ago
New and removed dependencies detected. Learn more about Socket for GitHub โ๏ธ
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/cspell@8.8.4 | environment, network Transitive: filesystem, unsafe | +61 |
5.35 MB | jason-dent |
npm/cssnano@7.0.2 | Transitive: environment, filesystem, network, shell, unsafe | +63 |
10.3 MB | ludovicofischer |
npm/dprint@0.46.2 | environment, filesystem, shell | 0 |
8.03 kB | dsherret |
npm/editorconfig-checker@5.1.8 | None | 0 |
719 kB | theoludwig |
npm/prettier@3.3.2 | environment, filesystem, unsafe | 0 |
8.25 MB | prettier-bot |
๐ฎ Removed packages: npm/cspell@8.8.3, npm/cssnano@7.0.1, npm/dprint@0.46.1, npm/editorconfig-checker@5.1.5, npm/prettier@3.3.0
๐ Dependency issues cleared. Learn more about Socket for GitHub โ๏ธ
This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.
Ignoring: npm/@biomejs/biome@1.8.1
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of ecosystem/package-name@version
specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/@biomejs/biome@1.8.1 npm/@biomejs/biome@1.7.3 npm/dprint@0.46.1
This PR contains the following updates:
1.7.3
->1.8.1
0.62.0
->0.64.0
v4.1.6
->v4.1.7
8.8.3
->8.8.4
7.0.1
->7.0.2
0.46.1
->0.46.2
5.1.5
->5.1.8
v3.25.7
->v3.25.10
9.1.4
->9.3.0
9.1.4
->9.3.0
3.3.0
->3.3.2
cffeb57
->550dfda
3.3.2
->3.3.3
v1.178.0
->v1.180.0
Release Notes
biomejs/biome (@biomejs/biome)
### [`v1.8.1`](https://togithub.com/biomejs/biome/blob/HEAD/CHANGELOG.md#v181-2024-06-10) [Compare Source](https://togithub.com/biomejs/biome/compare/378c05edd47608a1b8cba725564c807b2e772bd6...39db99b1cd087d6aa46ecfecba6adbfa0d45a303) ##### Analyzer ##### CLI ##### Bug fixes - Fix [#3069](https://togithub.com/biomejs/biome/issues/3069), prevent overwriting paths when using `--staged` or `--changed` options. Contributed by [@unvalley](https://togithub.com/unvalley) - Fix a case where the file link inside a diagnostic wasn't correctly displayed inside a terminal run by VSCode. Contributed by [@uncenter](https://togithub.com/uncenter) ##### Configuration ##### Bug fixes - Fix [#3067](https://togithub.com/biomejs/biome/issues/3067), by assigning the correct default value to `indentWidth`. Contributed by [@ematipico](https://togithub.com/ematipico) ##### Editors ##### Formatter ##### Bug fixes - Fix the bug where whitespace after the & character in CSS nesting was incorrectly trimmed, ensuring proper targeting of child classes [#3061](https://togithub.com/biomejs/biome/issues/3061). Contributed by [@denbezrukov](https://togithub.com/denbezrukov) - Fix [#3068](https://togithub.com/biomejs/biome/issues/3068) where the CSS formatter was inadvertently converting variable declarations and function calls to lowercase. Contributed by [@denbezrukov](https://togithub.com/denbezrukov) - Fix the formatting of CSS grid layout properties. Contributed by [@denbezrukov](https://togithub.com/denbezrukov) ##### JavaScript APIs ##### Linter ##### Bug fixes - The `noEmptyBlock` css lint rule now treats empty blocks containing comments as valid ones. Contributed by [@Sec-ant](https://togithub.com/Sec-ant) - [useLiteralKeys](https://biomejs.dev/linter/rules/use-literal-keys/) no longer reports quoted member names ([#3085](https://togithub.com/biomejs/biome/issues/3085)). Previously [useLiteralKeys](https://biomejs.dev/linter/rules/use-literal-keys/) reported quoted member names that can be unquoted. For example, the rule suggested the following fix: ```diff - const x = { "prop": 0 }; + const x = { prop: 0 }; ``` This conflicted with the option [quoteProperties](https://biomejs.dev/reference/configuration/#javascriptformatterquoteproperties) of our formatter. The rule now ignores quoted member names. Contributed by [@Conaclos](https://togithub.com/Conaclos) - [noEmptyInterface](https://biomejs.dev/linter/rules/no-empty-interface/) now ignores empty interfaces in ambient modules ([#3110](https://togithub.com/biomejs/biome/issues/3110)). Contributed by [@Conaclos](https://togithub.com/Conaclos) - [noUnusedVariables](https://biomejs.dev/linter/rules/no-unused-variables/) and [noUnusedFunctionParameters](https://biomejs.dev/linter/rules/no-unused-function-parameters/) no longer report the parameters of a constructor type ([#3135](https://togithub.com/biomejs/biome/issues/3135)). Previously, `arg` was reported as unused in a constructor type like: ```ts export type Classlike = new (arg: unknown) => string; ``` Contributed by [@Conaclos](https://togithub.com/Conaclos) - [noStringCaseMismatch](https://biomejs.dev/linter/rules/no-string-case-mismatch/) now ignores escape sequences ([#3134](https://togithub.com/biomejs/biome/issues/3134)). The following code is no longer reported by the rule: ```js s.toUpperCase() === "\u001b"; ``` Contributed by [@Conaclos](https://togithub.com/Conaclos) ##### Parser ##### New features - Implemented CSS Unknown At-Rule parsing, allowing the parser to gracefully handle unsupported or unrecognized CSS at-rules. Contributed by [@denbezrukov](https://togithub.com/denbezrukov) ##### Bug fixes - Fix [#3055](https://togithub.com/biomejs/biome/issues/3055) CSS: Layout using named grid lines is now correctly parsed. Contributed by [@denbezrukov](https://togithub.com/denbezrukov) - Fix [#3091](https://togithub.com/biomejs/biome/issues/3091). Allows the parser to handle nested style rules and at-rules properly, enhancing the parser's compatibility with the CSS Nesting Module. Contributed by [@denbezrukov](https://togithub.com/denbezrukov) ### [`v1.8.0`](https://togithub.com/biomejs/biome/blob/HEAD/CHANGELOG.md#180-2024-06-04) [Compare Source](https://togithub.com/biomejs/biome/compare/b9f90b7ee63506a1995bc29f4e389efec25a1525...378c05edd47608a1b8cba725564c807b2e772bd6) ##### Analyzer ##### New features - Allow suppression comments to suppress individual instances of rules. This is used for the lint rule `useExhaustiveDependencies`, which is now able to suppress specific dependencies. Fixes [#2509](https://togithub.com/biomejs/biome/issues/2509). Contributed by [@arendjr](https://togithub.com/arendjr) ##### Enhancements - Assume `Astro` object is always a global when processing `.astro` files. Contributed by [@minht11](https://togithub.com/minht11) - Assume Vue compiler macros are globals when processing `.vue` files. ([#2771](https://togithub.com/biomejs/biome/pull/2771)) Contributed by [@dyc3](https://togithub.com/dyc3) ##### CLI ##### New features - New `clean` command. Use this new command to clean after the `biome-logs` directory, and remove all the log files. ```shell biome clean ``` - Add two new options `--only` and `--skip` to the command `biome lint` ([#58](https://togithub.com/biomejs/biome/issues/58)). The `--only` option allows you to run a given rule or rule group, For example, the following command runs only the `style/useNamingConvention` and `style/noInferrableTypes` rules. If the rule is disabled in the configuration, then its severity level is set to `error` for a recommended rule or `warn` otherwise. ```shell biome lint --only=style/useNamingConvention --only=style/noInferrableTypes ``` Passing a group does not change the severity level of the rules in the group. All the disabled rules in the group will remain disabled. To ensure that the group is run, the `recommended` field of the group is enabled. The `nursery` group cannot be passed, as no rules are enabled by default in the nursery group. The `--skip` option allows you to skip the execution of a given group or a given rule. For example, the following command skips the `style` group and the `suspicious/noExplicitAny` rule. ```shell biome lint --skip=style --skip=suspicious/noExplicitAny ``` You can also use `--only` and `--skip` together. `--skip` oevrrides `--only`. The following command executes only the rules from the `style` group, but the `style/useNamingConvention` rule. ```shell biome lint --only=style --skip=style/useNamingConvention ``` These options are compatible with other options such as `--write` (previously `--apply`), and `--reporter`. Contributed by [@Conaclos](https://togithub.com/Conaclos) - Add new command `biome clean`. Use this command to purge all the logs emitted by the Biome daemon. This command is really useful, because the Biome daemon tends log many files and contents during its lifecycle. This means that if your editor is open for hours (or even days), the `biome-logs` folder could become quite heavy. Contributed by [@ematipico](https://togithub.com/ematipico) - Add support for formatting and linting CSS files from the CLI. These operations are **opt-in** for the time being. If you don't have a configuration file, you can enable these features with `--css-formatter-enabled` and `--css-linter-enabled`: ```shell biome check --css-formatter-enabled=true --css-linter-enabled=true ./ ``` Contributed by [@ematipico](https://togithub.com/ematipico) - Add new CLI options to control the CSS formatting. Check the [CLI reference page](https://biomejs.dev/reference/cli/) for more details. Contributed by [@ematipico](https://togithub.com/ematipico) - Add new options `--write`, `--fix` (alias of `--write`) and `--unsafe` to the command `biome lint` and `biome check`. Add a new option `--fix` (alias of `--write`) to the command `biome format` and `biome migrate`. ```shell biomedevcontainers/cli (@devcontainers/cli)
### [`v0.64.0`](https://togithub.com/devcontainers/cli/blob/HEAD/CHANGELOG.md#0640) [Compare Source](https://togithub.com/devcontainers/cli/compare/v0.63.0...v0.64.0) - Fix project name with env variable. ([https://github.com/devcontainers/cli/issues/839](https://togithub.com/devcontainers/cli/issues/839)) ### [`v0.63.0`](https://togithub.com/devcontainers/cli/blob/HEAD/CHANGELOG.md#0630) [Compare Source](https://togithub.com/devcontainers/cli/compare/v0.62.0...v0.63.0) - Surface additional information in `devcontainer up`. ([https://github.com/devcontainers/cli/pull/836](https://togithub.com/devcontainers/cli/pull/836)) - Changes the config layer of the Feature manifest to a empty descriptor ([https://github.com/devcontainers/cli/pull/815](https://togithub.com/devcontainers/cli/pull/815))actions/checkout (actions/checkout)
### [`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://togithub.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://togithub.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@orhantoy](https://togithub.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://togithub.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@jww3](https://togithub.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://togithub.com/actions/checkout/pull/1776)streetsidesoftware/cspell (cspell)
### [`v8.8.4`](https://togithub.com/streetsidesoftware/cspell/blob/HEAD/packages/cspell/CHANGELOG.md#small884-2024-06-03-small) [Compare Source](https://togithub.com/streetsidesoftware/cspell/compare/v8.8.3...v8.8.4) - ci: Fix Lint -- Workflow Bot ([#5699](https://togithub.com/streetsidesoftware/cspell/issues/5699)) ([211113a](https://togithub.com/streetsidesoftware/cspell/commit/211113a)), closes [#5699](https://togithub.com/streetsidesoftware/cspell/issues/5699)cssnano/cssnano (cssnano)
### [`v7.0.2`](https://togithub.com/cssnano/cssnano/releases/tag/cssnano%407.0.2): v7.0.2 [Compare Source](https://togithub.com/cssnano/cssnano/compare/cssnano@7.0.1...cssnano@7.0.2) ##### Bug Fixes - fix invalid output in some cases where selectors contain commentsdprint/dprint (dprint)
### [`v0.46.2`](https://togithub.com/dprint/dprint/releases/tag/0.46.2) [Compare Source](https://togithub.com/dprint/dprint/compare/0.46.1...0.46.2) #### Changes - fix: analyze Wasm plugin version without instantiating plugin ([#857](https://togithub.com/dprint/dprint/issues/857)) #### Install Run `dprint upgrade` or see https://dprint.dev/install/ #### Checksums |Artifact|SHA-256 Checksum| |:--|:--| |dprint-x86\_64-apple-darwin.zip|88abd8a6f416b624fdfae338ae6fca440f4a36b35199f0d03438caeb7715d820| |dprint-aarch64-apple-darwin.zip|a331d1c9ad2abb96d46c33d25f1166bd5497dde0c48eb8a8f3d98143cd4bca5b| |dprint-x86\_64-pc-windows-msvc.zip|53ab1991d23be9de8bf3b920f8605aee55629321fcacccfc5df38d49b2eb5160| |dprint-x86\_64-pc-windows-msvc-installer.exe|e4c015ddbc247fe889f03a011ec4832bc339175977f7db4f674ae0313e2fe726| |dprint-x86\_64-unknown-linux-gnu.zip|e2819a2f1092750227cbd0a92b1172e889a30ddbb5773e85db133c1c8859edf6| |dprint-x86\_64-unknown-linux-musl.zip|bbe9fe8eae9abdcfccdeca97fd8c524efd6137de702ee96e82b0ecb4ad432ebf| |dprint-aarch64-unknown-linux-gnu.zip|3f01bc1d7d47fec7c00af52ee5e270f4759743da1f6e1b31a593bfdaa1dc1906| |dprint-aarch64-unknown-linux-musl.zip|d7b6f88c320bffcbb1dfeb6030d5a1ef23d18d81721e39abdbf4b8bdab389ba4|editorconfig-checker/editorconfig-checker.javascript (editorconfig-checker)
### [`v5.1.8`](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/releases/tag/v5.1.8) [Compare Source](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/compare/v5.1.7...v5.1.8) ##### Reverts - Revert "chore(deps-dev): bump undici from 6.6.2 to 6.11.1 ([#411](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/issues/411))" ([51a754a](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/commit/51a754ae8f5b77022dc315060aaa0512a0866e77)), closes [#411](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/issues/411) v5.1.6 release didn't work because of an issue with the `@vercel/ncc` compiler: [https://github.com/vercel/ncc/issues/1193](https://togithub.com/vercel/ncc/issues/1193), for now we revert the changes, so basically v5.1.8 is the same as v5.1.5. Sorry for the troubles, we also improved our CI, so we should be able to detect this kind of issues in the future. ### [`v5.1.7`](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/releases/tag/v5.1.7) [Compare Source](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/compare/v5.1.6...v5.1.7) ##### Reverts - Revert "fix: update dependencies to latest ([#412](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/issues/412))" ([f04e860](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/commit/f04e860f2416ac52602560bff310a1d7e115aaa3)), closes [#412](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/issues/412) [#413](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/issues/413) - Revert "fix: semantic-release v23" ([d1b7b93](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/commit/d1b7b93d417c518693cb082618869e01f73855c8)) ### [`v5.1.6`](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/releases/tag/v5.1.6) [Compare Source](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/compare/v5.1.5...v5.1.6) ##### Bug Fixes - semantic-release v23 ([52f4b29](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/commit/52f4b29bbcb60efd137552d7c2f5cfc284c9780f)) - update dependencies to latest ([#412](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/issues/412)) ([5b68e04](https://togithub.com/editorconfig-checker/editorconfig-checker.javascript/commit/5b68e047541e0205c41fa613ef82152b5ab1a700))github/codeql-action (github/codeql-action)
### [`v3.25.10`](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10) ### [`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9) ### [`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)pnpm/pnpm (pnpm)
### [`v9.3.0`](https://togithub.com/pnpm/pnpm/releases/tag/v9.3.0) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v9.2.0...v9.3.0) #### Minor Changes - **Semi-breaking.** Dependency key names in the lockfile are shortened if they are longer than 1000 characters. We don't expect this change to affect many users. Affected users most probably can't run install successfully at the moment. This change is required to fix some edge cases in which installation fails with an out-of-memory error or "Invalid string length (RangeError: Invalid string length)" error. The max allowed length of the dependency key can be controlled with the `peers-suffix-max-length` setting [#8177](https://togithub.com/pnpm/pnpm/pull/8177). #### Patch Changes - Set `reporter-hide-prefix` to `true` by default for `pnpm exec`. In order to show prefix, the user now has to explicitly set `reporter-hide-prefix=false` [#8174](https://togithub.com/pnpm/pnpm/issues/8174). #### Platinum SponsorsConfiguration
๐ Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
๐ฆ Automerge: Enabled.
โป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
๐ป Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.