build(deps-dev): bump all

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@biomejs/biome (source)	1.7.1 -> 1.7.3					devDependencies	patch
@devcontainers/cli	0.59.1 -> 0.62.0					devDependencies	minor
@shopify/prettier-plugin-liquid (source)	1.4.4 -> 1.5.0					devDependencies	minor
actions/checkout	v4.1.4 -> v4.1.6					action	patch
cspell (source)	8.7.0 -> 8.8.3					devDependencies	minor
dprint	0.45.1 -> 0.46.1					devDependencies	minor
github/codeql-action	v3.25.3 -> v3.25.7					action	patch
node (source)	20.12.2 -> 20.14.0					engines	minor
pnpm (source)	9.0.6 -> 9.1.4					packageManager	minor
pnpm (source)	9.0.6 -> 9.1.4					engines	minor
prettier (source)	3.2.5 -> 3.3.0					devDependencies	minor
retext-equality	7.0.0 -> 7.1.0					devDependencies	minor
returntocorp/semgrep	496c1bc -> cffeb57					container	digest
ruby (source)	3.3.1 -> 3.3.2						patch
ruby/setup-ruby	v1.175.1 -> v1.178.0					action	minor
stylelint (source)	16.4.0 -> 16.6.1					devDependencies	minor

---

Release Notes

biomejs/biome (@​biomejs/biome)

v1.7.3

Compare Source

CLI

Bug fixes

• The stdin-file-path option now works correctly for Astro/Svelte/Vue files (#​2686)

  Fix #​2225 where lint output become empty for Vue files.

  Contributed by @​tasshi-me

• biome migrate eslint now correctly resolve @scope/eslint-config (#​2705). Contributed by @​Conaclos

Formatter

Linter

New features

• Add nursery/useExplicitLengthCheck.

Bug fixes

• noBlankTarget no longer hangs when applying a code fix (#​2675).

  Previously, the following code made Biome hangs when applying a code fix.

  <a href="https://example.com" rel="" target="_blank"></a>

  Contributed by @​Conaclos

• noRedeclare no longer panics on conditional type (#​2659).

  This is a regression introduced by #​2394.
  This regression makes noRedeclare panics on every conditional types with infer bindings.

  Contributed by @​Conaclos

• noUnusedLabels and noConfusingLabels now ignore svelte reactive statements (#​2571).

  The rules now ignore reactive Svelte blocks in Svelte components.

  <script>
  $: { /* reactive block */ }
  </script>

  Contributed by @​Conaclos

• useExportType no longer removes leading comments (#​2685).

  Previously, useExportType removed leading comments when it factorized the type qualifier.
  It now provides a code fix that preserves the leading comments:

  - export {
  + export type {
      /**leading comment*/
  -   type T
  +   T
    }

  Contributed by @​Conaclos

• useJsxKeyInIterable no longer reports false positive when iterating on non-jsx items (#​2590).

  The following snipet of code no longer triggers the rule:

  <>{data.reduce((total, next) => total + next, 0)}</>

  Contributed by @​dyc3

• Fix typo by renaming useConsistentBuiltinInstatiation to useConsistentBuiltinInstantiation
  Contributed by @​minht11

v1.7.2

Compare Source

Analyzer

Bug fixes

• Import sorting now ignores side effect imports (#​817).

  A side effect import consists now in its own group.
  This ensures that side effect imports are not reordered.

  Here is an example of how imports are now sorted:

    import "z"
  - import { D } from "d";
    import { C } from "c";
  + import { D } from "d";
    import "y"
    import "x"
  - import { B } from "b";
    import { A } from "a";
  + import { B } from "b";
    import "w"

  Contributed by @​Conaclos

• Import sorting now adds spaces where needed (#​1665)
  Contributed by @​Conaclos

CLI

Bug fixes

• biome migrate eslint now handles cyclic references.

  Some plugins and configurations export objects with cyclic references.
  This causes biome migrate eslint to fail or ignore them.
  These edge cases are now handled correctly.

  Contributed by @​Conaclos

Formatter

Bug fixes

• Correctly handle placement of comments inside named import clauses. #​2566. Contributed by @​ah-yu

Linter

New features

• Add nursery/noReactSpecificProps.
  Contributed by @​marvin-j97

• Add noUselessUndefinedInitialization.
  Contributed by @​lutaok

• Add nursery/useArrayLiterals.
  Contributed by @​Kazuhiro-Mimaki

• Add nursery/useConsistentBuiltinInstatiation.
  Contributed by @​minht11

• Add nursery/useDefaultSwitchClause.
  Contributed by @​michellocana

Bug fixes

• noDuplicateJsonKeys no longer crashes when a JSON file contains an unterminated string (#​2357).
  Contributed by @​Conaclos

• noRedeclare now reports redeclarations of parameters in a functions body (#​2394).

  The rule was unable to detect redeclarations of a parameter or a type parameter in the function body.
  The following two redeclarations are now reported:

  function f<T>(a) {
    type T = number; // redeclaration
    const a = 0; // redeclaration
  }

  Contributed by @​Conaclos

• noRedeclare no longer reports overloads in object types (#​2608).

  The rule no longer report redeclarations in the following code:

  type Overloads = {
    ({ a }: { a: number }): number,
    ({ a }: { a: string }): string,
  };

  Contributed by @​Conaclos

• noRedeclare now merge default function export declarations and types (#​2372).

  The following code is no longer reported as a redeclaration:

  interface Foo {}
  export default function Foo() {}

  Contributed by @​Conaclos

• noUndeclaredVariables no longer reports variable-only and type-only exports (#​2637).
  Contributed by @​Conaclos

• noUnusedVariables no longer crash Biome when encountering a malformed conditional type (#​1695).
  Contributed by @​Conaclos

• useConst now ignores a variable that is read before its assignment.

  Previously, the rule reported the following example:

  let x;
  x; // read
  x = 0; // write

  It is now correctly ignored.

  Contributed by @​Conaclos

• useShorthandFunctionType now suggests correct code fixes when parentheses are required (#​2595).

  Previously, the rule didn't add parentheses when they were needed.
  It now adds parentheses when the function signature is inside an array, a union, or an intersection.

  - type Union = { (): number } | string;
  + type Union = (() => number) | string;

  Contributed by @​Conaclos

• useTemplate now correctly escapes strings (#​2580).

  Previously, the rule didn't correctly escape characters preceded by an escaped character.

  Contributed by @​Conaclos

• noMisplacedAssertion now allow these matchers

  • expect.any()
  • expect.anything()
  • expect.closeTo
  • expect.arrayContaining
  • expect.objectContaining
  • expect.stringContaining
  • expect.stringMatching
  • expect.extend
  • expect.addEqualityTesters
  • expect.addSnapshotSerializer

  Contributed by @​fujiyamaorange

Parser

Bug fixes

• The language parsers no longer panic on unterminated strings followed by a newline and a space (#​2606, #​2410).

  The following example is now parsed without making Biome panics:

  "
   "
  

  Contributed by @​Conaclos

devcontainers/cli (@​devcontainers/cli)

v0.62.0

Compare Source

• Fix support for project name attribute. (https://github.com/devcontainers/cli/issues/831)

v0.61.0

Compare Source

• Use --depth 1 to make dotfiles install process faster (https://github.com/devcontainers/cli/pull/830)
• Enable --cache-to and --cache-from in devcontainer up (https://github.com/devcontainers/cli/pull/813)
• Omit generated image name when --image-name is given (https://github.com/devcontainers/cli/pull/812)

v0.60.0

Compare Source

• Support project name attribute. (https://github.com/microsoft/vscode-remote-release/issues/512)

shopify/theme-tools (@​shopify/prettier-plugin-liquid)

v1.5.0

Compare Source

actions/checkout (actions/checkout)

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in https://github.com/actions/checkout/pull/1732

v4.1.5

Compare Source

What's Changed

• Update NPM dependencies by @​cory-miller in https://github.com/actions/checkout/pull/1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in https://github.com/actions/checkout/pull/1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in https://github.com/actions/checkout/pull/1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in https://github.com/actions/checkout/pull/1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

streetsidesoftware/cspell (cspell)

v8.8.3

Compare Source

• chore: Update Integration Test Performance Data (#​5663) (b605dd3), closes #​5663

v8.8.2

Compare Source

• ci: Workflow Bot -- Update ALL Dependencies (main) (#​5659) (5d93673), closes #​5659

v8.8.1

Compare Source

• chore: Do not stop update if it fails to lint. (64ba085)

v8.8.0

Compare Source

Note: Version bump only for package cspell

dprint/dprint (dprint)

v0.46.1

Compare Source

Changes

• fix: dprint 0.46 release for cargo install without --locked flag (#​852)
• fix: upgrade to rustls 0.23.8 (#​853)

Please run dprint config update after upgrading as some BOM handling happens in the plugins now and some may fail to parse files with a BOM now. See #​854 and sorry for any headaches (I'm unsure of the impact of this change, so let me know if this is a huge hassle for you).

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact	SHA-256 Checksum
dprint-x86_64-apple-darwin.zip	cdea84bce1d84c26e8eced2265d246b79a849ec2e7d1377d98dd7bdb21c7ce83
dprint-aarch64-apple-darwin.zip	f3ff4faef83d14c3b4ae262e79a40d4e0fc3fa1903d0b6e9b82f0b25b00e9499
dprint-x86_64-pc-windows-msvc.zip	74e5ab38c744d5903862c2b5174d0fef9759b5506da775e1fb93b6a68c63101d
dprint-x86_64-pc-windows-msvc-installer.exe	107786c41be76b49463a50d7d9d788397bba723e107e723347f8e8dde65339dc
dprint-x86_64-unknown-linux-gnu.zip	cb72fa6b474e2847a3cf5705b43ee2cbfdafddd7c69ff162309fd1f4f43c872a
dprint-x86_64-unknown-linux-musl.zip	4a7d6fa6b920ab150f580965556086cdd7992e07078e627ab9a9d1c3bd30ba85
dprint-aarch64-unknown-linux-gnu.zip	c4e892d5d237a57ede7900255e5ce669b56160e61c89798c118fbd4c36d48ff2
dprint-aarch64-unknown-linux-musl.zip	e2b6d87167d21f1f01571790e79526ef9caff3b8b75f5cac348c4f06f60a8c16

v0.46.0

Compare Source

Changes

• feat: gitignore support (#​832)
• feat: DPRINT_TLS_CA_STORE and DPRINT_CERT (#​850)
• fix: remove BOM handling from the CLI (#​844)

Please run dprint config update after upgrading as some BOM handling happens in the plugins now and some may fail to parse files with a BOM now. See #​854 and sorry for any headaches (I'm unsure of the impact of this change, so let me know if this is a huge hassle for you).

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact	SHA-256 Checksum
dprint-x86_64-apple-darwin.zip	e339f1f891c60087676d72f70ba5f80dcaedde4bdc58730b9cb68a5483b3abfd
dprint-aarch64-apple-darwin.zip	4b608b3676f10e04328c3d8be396bded96328ebca9b95b70bf5baf67bed7b135
dprint-x86_64-pc-windows-msvc.zip	786201545938f6f7c6d407e6404b31ae9bbf9e5a4abc4c88dc9bd73da369a906
dprint-x86_64-pc-windows-msvc-installer.exe	e445b37af124e5d8ef691685632509d2bfc701962c58db89eebc8a8de7352ab4
dprint-x86_64-unknown-linux-gnu.zip	8274ea44d2ab4d10b8bdfcc824d946a6d051594aede49c9db8c5e810887abd67
dprint-x86_64-unknown-linux-musl.zip	7a2c12edc868259be890174c4ec3bd51c81ec8773aa294e12fac0634f36d15f5
dprint-aarch64-unknown-linux-gnu.zip	6617465acba53c9b939e73f20538a8027e45593342c34f7ac4826c9f4e6cf53b
dprint-aarch64-unknown-linux-musl.zip	e52c0a3398e34e88ffe560e719bf8361ba3f35b4e0927ab9ba0761796884ce24

github/codeql-action (github/codeql-action)

v3.25.7

Compare Source

v3.25.6

Compare Source

v3.25.5

Compare Source

v3.25.4

Compare Source

nodejs/node (node)

v20.14.0

Compare Source

v20.13.1: 2024-05-09, Version 20.13.1 'Iron' (LTS), @​marco-ippolito

Compare Source

2024-05-09, Version 20.13.1 'Iron' (LTS), @​marco-ippolito

Revert "tools: install npm PowerShell scripts on Windows"

Due to a regression in the npm installation on Windows, this commit reverts the change that installed npm PowerShell scripts on Windows.

Commits

• [b7d80802cc] - Revert "tools: install npm PowerShell scripts on Windows" (marco-ippolito) #​52897

v20.13.0

Compare Source

pnpm/pnpm (pnpm)

v9.1.4

Compare Source

v9.1.3

Compare Source

v9.1.2

Compare Source

Patch Changes

• Reduced memory usage during peer dependencies resolution #​8084.
• Details in the pnpm licenses output are not misplaced anymore #​8071.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v9.1.1

Compare Source

v9.1.0

Compare Source

prettier/prettier (prettier)

v3.3.0

Compare Source

diff

🔗 Release Notes

retextjs/retext-equality (retext-equality)

v7.1.0

Compare Source

Data

• 4a4a1b8 Add checks for man the fort, pull the trigger

Types

• 6e0babf Add declaration maps

Full Changelog: retextjs/retext-equality@7.0.0...7.1.0

ruby/setup-ruby (ruby/setup-ruby)

v1.178.0: Add ruby-3.1.6,ruby-3.3.2 and improve error messages

Compare Source

What's Changed

• Add ruby-3.1.6,ruby-3.3.2 by @​ruby-builder-bot in https://github.com/ruby/setup-ruby/pull/603

Full Changelog: ruby/setup-ruby@v1.177.1...v1.178.0

v1.177.1: Use downloadAndExtract() for truffleruby+graalvm too

Compare Source

v1.177.0: Add support for ubuntu-24.04

Compare Source

v1.176.2: Add ruby-3.4.0-preview1

Compare Source

v1.176.0: Add jruby-9.4.7.0

Compare Source

stylelint/stylelint (stylelint)

v16.6.1

Compare Source

• Fixed: no-descending-specificity false positives for nested selectors (#​7724) (@​romainmenke).
• Fixed: selector-type-no-unknown false positive for model (#​7718) (@​Mouvedia).

v16.6.0

Compare Source

• Fixed: function-calc-no-unspaced-operator false negatives (#​7655 & #​7670 & #​7676) (@​ybiquitous & @​romainmenke).
• Fixed: selector-not-notation autofix of the "simple" option (#​7703) (@​Mouvedia).
• Fixed: selector-max-specificity end positions (#​7685) (@​romainmenke).
• Fixed: no-descending-specificity end positions (#​7701) (@​romainmenke).
• Fixed: missing GitHub Sponsor for npm fund (#​7707) (@​ybiquitous).

v16.5.0

Compare Source

• Added: regex support to ignoreValues for value-no-vendor-prefix (#​7650) (@​Mouvedia).
• Fixed: shorthand-property-no-redundant-values false negatives for functions (#​7657) (@​ybiquitous).
• Fixed: value-no-vendor-prefix false negatives/positives (#​7654 & #​7658) (@​Mouvedia).
• Fixed: CosmiconfigResult type error (#​7661) (@​ybiquitous).

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.