Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @biomejs/biome from 1.5.3 to 1.9.0 #11

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @biomejs/biome from 1.5.3 to 1.9.0 #11

wants to merge 1 commit into from

Conversation

Ramyromel
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade @biomejs/biome from 1.5.3 to 1.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 23 versions ahead of your current version.

  • The recommended version was released on 23 days ago.

Release notes
Package name: @biomejs/biome
  • 1.9.0 - 2024-09-12

    Analyzer

    CLI

    New features

    • Add --graphql-linter-enabled option, to control whether the linter should be enabled or not for GraphQL files. Contributed by @ ematipico

    • New EXPERIMENTAL search command. The search command allows you to search a Biome project using GritQL syntax.

      GritQL is a powerful language that lets you do structural searches on your codebase. This means that trivia such as whitespace or even the type of strings quotes used will be ignored in your search query. It also has many features for querying the structure of your code, making it much more elegant for searching code than regular expressions.

      While we believe this command may already be useful to users in some situations (especially when integrated in the IDE extensions!), we also had an ulterior motive for adding this command: We intend to utilize GritQL for our plugin efforts, and by allowing our users to try it out in a first iteration, we hope to gain insight in the type of queries you want to do, as well as the bugs we need to focus on.

      For now, the search command is explicitly marked as EXPERIMENTAL, since many bugs remain. Keep this in mind when you try it out, and please let us know your issues!

      Note: GritQL escapes code snippets using backticks, but most shells interpret backticks as command invocations. To avoid this, it's best to put single quotes around your Grit queries.

      biome search '`console.log($message)`' # find all `console.log` invocations

      Contributed by @ arendjr and @ BackupMiles

    • The option --max-diagnostics now accept a none value, which lifts the limit of diagnostics shown. Contributed by @ ematipico

      • Add a new reporter --reporter=gitlab, that emits diagnostics for using the GitLab Code Quality report.

        [
  {
    "description": "Use === instead of ==. == is only allowed when comparing against `null`",
    "check_name": "lint/suspicious/noDoubleEquals",
    "fingerprint": "6143155163249580709",
    "severity": "critical",
    "location": {
      "path": "main.ts",
      "lines": {
        "begin": 4
      }
    }
  }
]

        Contributed by @ NiclasvanEyk

    • Add new options to the lsp-proxy and start commands:

      • --log-path: a directory where to store the daemon logs. The commands also accepts the environment variable BIOME_LOG_PATH.
      • --log-prefix-name: a prefix that's added to the file name of the logs. It defaults to server.log. The commands also accepts the environment variable BIOME_LOG_PREFIX_NAME.

      @ contributed by @ ematipico

    Enhancements

    • When a --reporter is provided, and it's different from the default one, the value provided by via --max-diagnostics is ignored and the limit is lifted. Contributed by @ ematipico

    • biome init now generates a new config file with more options set.
      This change intends to improve discoverability of the options and to set the more commonly used options to their default values.
      Contributed by @ Conaclos

    • The --verbose flag now reports the list of files that were evaluated, and the list of files that were fixed.
      The evaluated files are the those files that can be handled by Biome, files that are ignored, don't have an extension or have an extension that Biome can't evaluate are excluded by this list.
      The fixed files are those files that were handled by Biome and changed. Files that stays the same after the process are excluded from this list.

      @ ematipico

    • Allow passing nursery to the --only and --skip filters.

      The --only option allows you to run a given rule or rule group.
      The --skip option allows you to skip the execution of a given group or a given rule.

      Previously, it was not possible to pass nursery.
      This restriction is now removed, as it may make sense to skip the nursery rules that a project has enabled.

      Contributed by @ Conaclos

    • The CLI now returns an error code when calling a command in stdin mode, and the contents of the files aren't fixed. For example, the following example will result in an error code of 1 because the lint command triggers some lint rules:

      echo "let x = 1" | biome lint --stdin-file-path=stdin.js

      Contributed by @ ematipico

    Bug fixes

    • biome lint --write now takes --only and --skip into account (#3470). Contributed by @ Conaclos

    • Fix #3368, now the reporter github tracks the diagnostics that belong to formatting and organize imports. Contributed by @ ematipico

    • Fix #3545, display a warning, 'Avoid using unnecessary Fragment,' when a Fragment contains only one child element that is placed on a new line. Contributed by @ satojin219

    • Migrating from Prettier or ESLint no longer overwrite the overrides field from the configuration (#3544). Contributed by @ Conaclos

    • Fix JSX expressions for noAriaHiddenOnFocusable (#3708). Contributed by @ anthonyshew

    • Fix edge case for <canvas> elements that use role="img" (#3728). Contributed by @ anthonyshew

    • Fix #3633, where diagnostics where incorrectly printed if the code has errors. Contributed by @ ematipico

    • Allow aria-label on heading to prevent useHeadingContent diagnostic (#3767). Contributed by @ anthonyshew

    • Fix edge case #3791 for rule noFocusedTests being used with non-string-like expressions (#3793). Contributed by @ h-a-n-a

    • Fix optional ARIA properties for role="separator" in useAriaPropsForRole (#3856). Contributed by @ anthonyshew

    Configuration

    • Add support for loading configuration from .editorconfig files (#1724).

      Configuration supplied in .editorconfig will be overridden by the configuration in biome.json. Support is disabled by default and can be enabled by adding the following to your formatter configuration in biome.json:

      {
  "formatter": {
    "useEditorconfig": true
  }
}

      Contributed by @ dyc3

    • overrides from an extended configuration is now merged with the overrides of the extension.

      Given the following shared configuration biome.shared.json:

      {
  "overrides": [
    {
      "include": ["**/*.json"],
      // ...
    }
  ]
}

      and the following configuration:

      {
  "extends": ["./biome.shared.json"],
  "overrides": [
    {
      "include": ["**/*.ts"],
      // ...
    }
  ]
}

      Previously, the overrides from biome.shared.json was overwritten.
      It is now merged and results in the following configuration:

      {
  "extends": ["./biome.shared.json"],
  "overrides": [
    {
      "include": ["**/*.json"],
      // ...
    },
    {
      "include": ["**/*.ts"],
      // ...
    }
  ]
}

      Contributed by @ Conaclos

    Editors

    • Fix #3577, where the update of the configuration file was resulting in the creation of a new internal project. Contributed by @ ematipico

    • Fix #3696, where biome.jsonc was incorrectly parsed with incorrect options. Contributed by @ ematipico

    Formatter

    • The CSS formatter is enabled by default. Which means that you don't need to opt-in anymore using the configuration file biome.json:

      {
-  "css": {
-    "formatter": {
-      "enabled": true
-    }
-  }
}

      Contributed by @ ematipico

    • Add parentheses for nullcoalescing in ternaries.

      This change aligns on Prettier 3.3.3.
      This adds clarity to operator precedence.

      - foo ? bar ?? foo : baz;
+ foo ? (bar ?? foo) : baz;

      Contributed by @ Conaclos

    • Keep the parentheses around infer ... extends declarations in type unions and type intersections (#3419). Contributed by @ Conaclos

    • Keep parentheses around a yield expression inside a type assertion.

      Previously, Biome removed parentheses around some expressions that require them inside a type assertion.
      For example, in the following code, Biome now preserves the parentheses.

      function* f() {
  return <T>(yield 0);
}

      Contributed by @ Conaclos

    • Remove parentheses around expressions that don't need them inside a decorator.

      Biome now matches Prettier in the following cases:

        class {
-   @(decorator)
+   @ decorator
    method() {}
  },
  class {
-   @(decorator())
+   @ decorator()
    method() {}
  },
  class {
    @(decorator?.())
    method() {}
  },

      Contributed by @ Conaclos

    • Keep parentheses around objects preceded with a @ satisfies comment.

      In the following example, parentheses are no longer removed.

      export const PROPS = /** @ satisfies {Record<string, string>} */ ({
  prop: 0,
});

      Contributed by @ Conaclos

    Linter

    Promoted rules

    New rules are incubated in the nursery group.
    Once stable, we promote them to a stable group.

    The following CSS rules are promoted:

    The following JavaScript rules are promoted:

    Deprecated rules

    New features

    Enhancements

    • Rename nursery/noUnknownSelectorPseudoElement to nursery/noUnknownPseudoElement. Contributed by @ togami2864

    • The CSS linter is now enabled by default. Which means that you don't need to opt-in anymore using the configuration file biome.json:

      {
-  "css": {
-    "linter": {
-      "enabled": true
-    }
-  }
}

      Contributed by @ ematipico

    • The JavaScript linter recognizes TypeScript 5.5 and 5.6 globals. Contributed by @ Conaclos

    • noBlankTarget now supports an array of allowed domains.

      The following configuration allows example.com and example.org as blank targets.

      "linter": {
  "rules": {
    "a11y": {
      "noBlankTarget": {
      "level": "error",
        "options": {
           "allowDomains": ["example.com", "example.org"]
          }
        }
      }
    }
  }

      Contributed by @ Jayllyz

    • noConsole now accepts an option that specifies some allowed calls on console. Contributed by @ Conaclos

    • Add an ignoreNull option for noDoubleEquals.

      By default the rule allows loose comparisons against null.
      The option ignoreNull can be set to false for reporting loose comparison against null.

      Contributed by @ peaBerberian.

    • noDuplicateObjectKeys now works for JSON and JSONC files. Contributed by @ ematipico

    • noInvalidUseBeforeDeclaration now reports direct use of an enum member before its declaration.

      In the following code, A is reported as use before its declaration.

      enum E {
  B = A << 1,
  A = 1,
}

      Contributed by @ Conaclos

    • noNodejsModules now ignores imports of a package which has the same name as a Node.js module. Contributed by @ Conaclos

    • noNodejsModules now ignores type-only imports (#1674).

      The rule no longer reports type-only imports such as:

      import type assert from "assert";
import type * as assert2 from "assert";

      Contributed by @ Conaclos

    • noRedundantUseStrict no longer reports "use strict" directives when the package.json marks explicitly the file as a script using the field "type": "commonjs". Contributed by @ ematipico

    • noStaticOnlyClass no longer reports a class that extends another class (#3612). Contributed by @ errmayank

    • noUndeclaredVariables no longer reports a direct reference to an enum member (#2974).

      In the following code, the A reference is no longer reported as an undeclared variable.

      enum E {
  A = 1,
  B = A << 1,
}

      Contributed by @ Conaclos

    • noUndeclaredVariables recognized Svelte 5 runes in Svelte components and svelte files.

      Svelte 5 introduced runes.
      The rule now recognizes Svelte 5 runes in files ending with the .svelte, .svelte.js or .svelte.ts extensions.

      Contributed by @ Conaclos

    • noUnusedVariables now checks TypeScript declaration files.

      This allows to report a type that is unused because it isn't exported.
      Global declarations files (declarations files without exports and imports) are still ignored.

      Contributed by @ Conaclos

    • useFilenamingConvention now supports unicase letters.

      unicase letters have a single case: they are neither uppercase nor lowercase.
      Biome now accepts filenames in unicase.
      For example, the filename 안녕하세요 is now accepted.

      We still reject a name that mixes unicase characters with lowercase or uppercase characters.
      For example, the filename A안녕하세요 is rejected.

      This change also fixes #3353.
      Filenames consisting only of numbers are now accepted.

      Contributed by @ Conaclos

    • useFilenamingConvention now supports Next.js/Nuxt/Astro dynamic routes (#3465).

      Next.js, SolidStart, Nuxt, and Astro support dynamic routes such as [...slug].js and [[...slug]].js.

      Biome now recognizes this syntax. slug must contain only alphanumeric characters.

      Contributed by @ Conaclos

    • useExportType no longer reports empty export (#3535).

      An empty export {} allows you to force TypeScript to consider a file with no imports and exports as an EcmaScript module.
      While export type {} is valid, it is more common to use export {}.
      Users may find it confusing that the linter asks them to convert it to export type {}.
      Also, a bundler should be able to remove export {} as well as export type {}.
      So it is not so useful to report export {}.

      Contributed by @ Conaclos

    Bug fixes

    • noControlCharactersInRegex now corretcly handle \u escapes in unicode-aware regexes.

      Previously, the rule didn't consider regex with the v flags as unicode-aware regexes.
      Moreover, \uhhhh was not handled in unicode-aware regexes.

      Contributed by @ Conaclos

    • noControlCharactersInRegex now reports control characters and escape sequence of control characters in string regexes. Contributed by @ Conaclos

    • noExcessiveNestedTestSuites: fix an edge case where the rule would alert on heavily nested zod schemas. Contributed by @ dyc3

    • noExtraNonNullAssertion no longer reports a single non-null assertion enclosed in parentheses (#3352). Contributed by @ Conaclos

    • noMultipleSpacesInRegularExpressionLiterals now correctly provides a code fix when Unicode characters are used. Contributed by @ Conaclos

    • noRedeclare no longer report redeclartions for lexically scoped function declarations #3664.

      In JavaScript strict mode, function declarations are lexically scoped:
      they cannot be accessed outside the block where they are declared.

      In non-strict mode, function declarations are hoisted to the top of the enclosing function or global scope.

      Previously Biome always hoisted function declarations.
      It now takes into account whether the code is in strict or non strict mode.

      Contributed by @ Conaclos

    • noUndeclaredDependencies now ignores self package imports.

      Given teh following package.json:

      {
  "name": "my-package",
  "main": "index.js"
}

      The following import is no longer reported by the rule:

      import * as mod from "my-package";

      Contributed by @ Conaclos

    • Fix [#3149] crashes that occurred when applying the noUselessFragments unsafe fixes in certain scenarios. Contributed by @ unvalley

    • noRedeclare no longer reports a variable named as the function expression where it is declared. Contributed by @ Conaclos

    • useAdjacentOverloadSignatures no longer reports a #private class member and a public class member that share the same name (#3309).

      The following code is no longer reported:

      class C {
  #f() {}
  g() {}
  f() {}
}

      Contributed by @ Conaclos

    • useAltText n olonger requests alt text for elements hidden from assistive technologies (#3316). Contributed by @ robintown

    • useNamingConvention now accepts applying custom convention on abstract classes. Contributed by @ Conaclos

    • useNamingConvention no longer suggests an empty fix when a name doesn't match strict Pascal case (#3561).

      Previously the following code led useNamingConvention to suggest an empty fix.
      The rule no longer provides a fix for this case.

      type AAb =

@snyk-bot
fix: upgrade @biomejs/biome from 1.5.3 to 1.9.0
1aa950e 
Snyk has created this PR to upgrade @biomejs/biome from 1.5.3 to 1.9.0.

See this package in npm:
@biomejs/biome

See this project in Snyk:
https://app.snyk.io/org/ramyromel/project/ad6f6f75-d99c-4c4c-a0db-59f98f4a302b?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Ramyromel @snyk-bot