Skip to content

chore(deps-dev): bump the npm group across 1 directory with 3 updates#5

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-903984a77c
Open

chore(deps-dev): bump the npm group across 1 directory with 3 updates#5
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-903984a77c

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps the npm group with 3 updates in the / directory: @biomejs/biome, @secretlint/secretlint-rule-preset-recommend and secretlint.

Updates @biomejs/biome from 2.4.14 to 2.4.15

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.15

2.4.15

Patch Changes

  • #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

  • #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

    For example, the following snippet triggers the rule:

    import { nextTick } from "vue";
nextTick(() => {
updateDom();
});

  • #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

    For example, the following snippet triggers the rule:

    <input @keyup.13="submit" />

  • #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

  • #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

  • #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

  • #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

  • #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

    The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

    {
  "assist": {
    "actions": {
      "source": {
        "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
      }
    }
  }
}

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.15

Patch Changes

  • #9394 ba3480e Thanks @​dyc3! - Added the nursery rule useTestHooksInOrder in the test domain. The rule enforces that Jest/Vitest lifecycle hooks (beforeAll, beforeEach, afterEach, afterAll) are declared in the order they execute, making test setup and teardown easier to reason about.

  • #10254 e0a54cc Thanks @​dyc3! - Added a new nursery rule useVueNextTickPromise, which enforces Promise syntax when using Vue nextTick.

    For example, the following snippet triggers the rule:

    import { nextTick } from "vue";
nextTick(() => {
updateDom();
});

  • #10219 64aee45 Thanks @​dyc3! - Added a new nursery rule noVueVOnNumberValues, that disallows deprecated number modifiers on Vue v-on directives.

    For example, the following snippet triggers the rule:

    <input @keyup.13="submit" />

  • #10195 7b8d4e1 Thanks @​dyc3! - Added the new nursery rule useVueValidVFor, which validates Vue v-for directives and reports invalid aliases, missing component keys, and keys that do not use iteration variables.

  • #10238 1110256 Thanks @​dyc3! - Added the recommended nursery rule noVueImportCompilerMacros, which disallows importing Vue compiler macros such as defineProps from vue because they are automatically available.

  • #10201 1a08f89 Thanks @​realknove! - Fixed #10193: style/useReadonlyClassProperties no longer reports class properties as readonly-able when they are assigned inside arrow callbacks nested in class property initializers.

  • #9574 3bd2b6a Thanks @​Conaclos! - Fixed #9530. The diagnostics of organizeImports are now more detailed and more precise. They are also better at localizing where the issue is.

  • #10205 a704a6c Thanks @​Conaclos! - Fixed #10185. `organizeImports now errors when it encounters an unknown predefined group.

    The following configuration is now reported as invalid because :INEXISTENT: is an unknown predefined group.

    {
  "assist": {
    "actions": {
      "source": {
        "organizeImports": { "options": { "groups": [":INEXISTENT:"] } }
      }
    }
  }
}

... (truncated)

Commits

Updates @secretlint/secretlint-rule-preset-recommend from 12.3.1 to 13.0.0

Release notes

Sourced from @​secretlint/secretlint-rule-preset-recommend's releases.

v13.0.0

Highlights

v13 changes how files are discovered on disk and adds three credential detection rules.

.gitignore is respected by default

Nested .gitignore files now apply to file discovery with ripgrep semantics: rules from each directory cascade into its subtree, and a negation rule in a deeper file can flip an earlier verdict.

Files excluded by any .gitignore on the path are no longer scanned. Repositories that previously relied on Secretlint scanning ignored files (such as dist/ or generated artefacts) will see fewer files in the output. .secretlintignore is unchanged and continues to apply alongside .gitignore.

To restore the v12 behaviour:

secretlint --no-gitignore "**/*"

If a file is matched by a .gitignore rule but still appears in Secretlint's output, please open an issue at https://github.com/secretlint/secretlint/issues.

Glob-shaped paths that exist on disk are treated literally

--no-glob and "globs by default" both existed in v12. What changed in v13 is the fallback for inputs that contain glob metacharacters but resolve to a real file or directory.

In v12, an input like src/(group)/page.tsx was always parsed as a glob, so SvelteKit / Next.js routes whose names contain (), [], {}, or ? required --no-glob. v13 runs a single stat per glob-shaped input: if it exists, the input is treated literally; otherwise it stays a glob.

Pattern On disk v12 default v13 default
src/(group)/page.tsx exists parsed as glob, no match matched literally
src/(missing)/page.tsx absent parsed as glob parsed as glob
src/[a-z]ormal.tsx normal.tsx exists matched via glob matched via glob

Pass --no-glob to skip the probe and force literal interpretation.

New and promoted rules

Added to preset-recommend:

Rule Detects
@secretlint/secretlint-rule-tailscale Tailscale API keys (new package)
@secretlint/secretlint-rule-stripe Stripe API keys (new package)
@secretlint/secretlint-rule-cloudflare Cloudflare API tokens (promoted from preset-canary)

What's Changed

Breaking Changes

Features

... (truncated)

Commits

Updates secretlint from 12.3.1 to 13.0.0

Release notes

Sourced from secretlint's releases.

v13.0.0

Highlights

v13 changes how files are discovered on disk and adds three credential detection rules.

.gitignore is respected by default

Nested .gitignore files now apply to file discovery with ripgrep semantics: rules from each directory cascade into its subtree, and a negation rule in a deeper file can flip an earlier verdict.

Files excluded by any .gitignore on the path are no longer scanned. Repositories that previously relied on Secretlint scanning ignored files (such as dist/ or generated artefacts) will see fewer files in the output. .secretlintignore is unchanged and continues to apply alongside .gitignore.

To restore the v12 behaviour:

secretlint --no-gitignore "**/*"

If a file is matched by a .gitignore rule but still appears in Secretlint's output, please open an issue at https://github.com/secretlint/secretlint/issues.

Glob-shaped paths that exist on disk are treated literally

--no-glob and "globs by default" both existed in v12. What changed in v13 is the fallback for inputs that contain glob metacharacters but resolve to a real file or directory.

In v12, an input like src/(group)/page.tsx was always parsed as a glob, so SvelteKit / Next.js routes whose names contain (), [], {}, or ? required --no-glob. v13 runs a single stat per glob-shaped input: if it exists, the input is treated literally; otherwise it stays a glob.

Pattern On disk v12 default v13 default
src/(group)/page.tsx exists parsed as glob, no match matched literally
src/(missing)/page.tsx absent parsed as glob parsed as glob
src/[a-z]ormal.tsx normal.tsx exists matched via glob matched via glob

Pass --no-glob to skip the probe and force literal interpretation.

New and promoted rules

Added to preset-recommend:

Rule Detects
@secretlint/secretlint-rule-tailscale Tailscale API keys (new package)
@secretlint/secretlint-rule-stripe Stripe API keys (new package)
@secretlint/secretlint-rule-cloudflare Cloudflare API tokens (promoted from preset-canary)

What's Changed

Breaking Changes

Features

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the npm group across 1 directory with 3 updates
6b5fed1 
Bumps the npm group with 3 updates in the / directory: [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome), [@secretlint/secretlint-rule-preset-recommend](https://github.com/secretlint/secretlint) and [secretlint](https://github.com/secretlint/secretlint).


Updates `@biomejs/biome` from 2.4.14 to 2.4.15
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.15/packages/@biomejs/biome)

Updates `@secretlint/secretlint-rule-preset-recommend` from 12.3.1 to 13.0.0
- [Release notes](https://github.com/secretlint/secretlint/releases)
- [Commits](secretlint/secretlint@v12.3.1...v13.0.0)

Updates `secretlint` from 12.3.1 to 13.0.0
- [Release notes](https://github.com/secretlint/secretlint/releases)
- [Commits](secretlint/secretlint@v12.3.1...v13.0.0)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@secretlint/secretlint-rule-preset-recommend"
  dependency-version: 13.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: secretlint
  dependency-version: 13.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants