Skip to content

chore(deps-dev): bump the npm group across 1 directory with 3 updates#10

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-8d1dbe5be6
Open

chore(deps-dev): bump the npm group across 1 directory with 3 updates#10
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-8d1dbe5be6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the npm group with 3 updates in the / directory: @biomejs/biome, @secretlint/secretlint-rule-preset-recommend and secretlint.

Updates @biomejs/biome from 2.4.14 to 2.5.0

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.0

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.

  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
<div onclick="handleClick()">Click me</div>
<!-- Valid: has keyboard handler -->
<div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
<!-- Valid: inherently keyboard-accessible -->
<button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
<html>
  <head>
    <style>
      .button {
        color: blue;
      }
    </style>
  </head>
  <body>
    <div class="button typo"></div>
  </body>
</html>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.0

Minor Changes

  • #9539 f0615fd Thanks @​ematipico! - Added a new reporter called concise. When --reporter=concise is passed the commands format, lint, check and ci, the diagnostics are printed in a compact manner:

    ! index.ts:2:10: lint/correctness/noUnusedImports: Several of these imports are unused.
! main.ts:9:7: lint/correctness/noUnusedVariables: This variable f is unused.
× index.ts:8:5: lint/suspicious/noImplicitAnyLet: This variable implicitly has the any type.
× main.ts:2:10: lint/suspicious/noRedeclare: Shouldn't redeclare 'z'. Consider to delete it or rename it.

  • #9495 2056b23 Thanks @​aviraldua93! - Added the useKeyWithClickEvents a11y lint rule for HTML files (.html, .vue, .svelte, .astro). This is a port of the existing JSX rule. The rule enforces that elements with an onclick handler also have at least one keyboard event handler (onkeydown, onkeyup, or onkeypress) to ensure keyboard accessibility.

    Inherently keyboard-accessible elements (<a>, <button>, <input>, <select>, <textarea>, <option>) are excluded, as are elements hidden from assistive technologies (aria-hidden) or with role="presentation" / role="none".

    <!-- Invalid: no keyboard handler -->
<div onclick="handleClick()">Click me</div>
<!-- Valid: has keyboard handler -->
<div onclick="handleClick()" onkeydown="handleKeyDown()">Click me</div>
<!-- Valid: inherently keyboard-accessible -->
<button onclick="handleClick()">Submit</button>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUndeclaredClasses for HTML, JSX, and SFC files (Vue, Astro, Svelte). The rule detects CSS class names used in class="..." (or className) attributes that are not defined in any <style> block or linked stylesheet reachable from the file.

    <!-- .typo is used but never defined -->
<html>
  <head>
    <style>
      .button {
        color: blue;
      }
    </style>
  </head>
  <body>
    <div class="button typo"></div>
  </body>
</html>

  • #9152 9ec8500 Thanks @​ematipico! - Added new nursery lint rule noUnusedClasses for CSS. The rule detects CSS class selectors that are never referenced in any HTML or JSX file that imports the stylesheet. This is a project-domain rule that requires the module graph.

    /* styles.css — .ghost is never used in any importing file */

... (truncated)

Commits

Updates @secretlint/secretlint-rule-preset-recommend from 12.3.1 to 13.0.2

Release notes

Sourced from @​secretlint/secretlint-rule-preset-recommend's releases.

v13.0.2

What's Changed

📝 v13.0.1 published as v13.0.2

Bug Fixes

CI

Dependency Updates

Other Changes

Full Changelog: secretlint/secretlint@v13.0.0...v13.0.2

v13.0.0

Highlights

v13 changes how files are discovered on disk and adds three credential detection rules.

.gitignore is respected by default

Nested .gitignore files now apply to file discovery with ripgrep semantics: rules from each directory cascade into its subtree, and a negation rule in a deeper file can flip an earlier verdict.

Files excluded by any .gitignore on the path are no longer scanned. Repositories that previously relied on Secretlint scanning ignored files (such as dist/ or generated artefacts) will see fewer files in the output. .secretlintignore is unchanged and continues to apply alongside .gitignore.

To restore the v12 behaviour:

secretlint --no-gitignore "**/*"

... (truncated)

Commits

Updates secretlint from 12.3.1 to 13.0.2

Release notes

Sourced from secretlint's releases.

v13.0.2

What's Changed

📝 v13.0.1 published as v13.0.2

Bug Fixes

CI

Dependency Updates

Other Changes

Full Changelog: secretlint/secretlint@v13.0.0...v13.0.2

v13.0.0

Highlights

v13 changes how files are discovered on disk and adds three credential detection rules.

.gitignore is respected by default

Nested .gitignore files now apply to file discovery with ripgrep semantics: rules from each directory cascade into its subtree, and a negation rule in a deeper file can flip an earlier verdict.

Files excluded by any .gitignore on the path are no longer scanned. Repositories that previously relied on Secretlint scanning ignored files (such as dist/ or generated artefacts) will see fewer files in the output. .secretlintignore is unchanged and continues to apply alongside .gitignore.

To restore the v12 behaviour:

secretlint --no-gitignore "**/*"

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 5, 2026
@dependabot dependabot Bot changed the title chore(deps-dev): bump the npm group with 3 updates chore(deps-dev): bump the npm group across 1 directory with 3 updates Jun 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-8d1dbe5be6 branch 2 times, most recently from 6bc1d26 to 7818aa2 Compare June 12, 2026 01:34
@dependabot
chore(deps-dev): bump the npm group across 1 directory with 3 updates
e137b34 
Bumps the npm group with 3 updates in the / directory: [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome), [@secretlint/secretlint-rule-preset-recommend](https://github.com/secretlint/secretlint) and [secretlint](https://github.com/secretlint/secretlint).


Updates `@biomejs/biome` from 2.4.14 to 2.5.0
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.0/packages/@biomejs/biome)

Updates `@secretlint/secretlint-rule-preset-recommend` from 12.3.1 to 13.0.2
- [Release notes](https://github.com/secretlint/secretlint/releases)
- [Commits](secretlint/secretlint@v12.3.1...v13.0.2)

Updates `secretlint` from 12.3.1 to 13.0.2
- [Release notes](https://github.com/secretlint/secretlint/releases)
- [Commits](secretlint/secretlint@v12.3.1...v13.0.2)

---
updated-dependencies:
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@secretlint/secretlint-rule-preset-recommend"
  dependency-version: 13.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: secretlint
  dependency-version: 13.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-8d1dbe5be6 branch from 7818aa2 to e137b34 Compare June 16, 2026 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants