build(deps-dev): bump all

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@biomejs/biome (source)	1.9.3 -> 1.9.4					devDependencies	patch
@types/node (source)	20.16.11 -> 20.17.1					devDependencies	minor
actions/checkout	v4.2.1 -> v4.2.2					action	patch
actions/setup-node	v4.0.4 -> v4.1.0					action	minor
dprint	0.47.2 -> 0.47.5					devDependencies	patch
github/codeql-action	v3.26.12 -> v3.27.0					action	minor
pnpm (source)	9.12.1 -> 9.12.2					packageManager	patch
pnpm (source)	9.12.1 -> 9.12.2					engines	patch
returntocorp/semgrep	7b62571 -> 9db30dc					container	digest
tsx (source)	4.19.1 -> 4.19.2					devDependencies	patch

---

Release Notes

biomejs/biome (@​biomejs/biome)

v1.9.4

Compare Source

Analyzer

Bug fixes

• Implement GraphQL suppression action. Contributed by @​vohoanglong0107

• Improved the message for unused suppression comments. Contributed by @​dyc3

• Fix #​4228, where the rule a11y/noInteractiveElementToNoninteractiveRole incorrectly reports a role for non-interactive elements. Contributed by @​eryue0220

• noSuspiciousSemicolonInJsx now catches suspicious semicolons in React fragments. Contributed by @​vasucp1207

CLI

Enhancements

• The --summary reporter now reports parsing diagnostics too. Contributed by @​ematipico

• Improved performance of GritQL queries by roughly 25-30%. Contributed by @​arendjr

Configuration

Bug fixes

• Fix an issue where the JSON schema marked lint rules options as mandatory. Contributed by @​ematipico

Editors

Formatter

Bug fixes

• Fix #​4121. Respect line width when printing multiline strings. Contributed by @​ah-yu

JavaScript APIs

Linter

New features

• Add useGuardForIn. Contributed by @​fireairforce
• Add noDocumentCookie. Contributed by @​tunamaguro
• Add noDocumentImportInPage. Contributed by @​kaioduarte
• Add noDuplicateProperties. Contributed by @​togami2864
• Add noHeadElement. Contributed by @​kaioduarte
• Add noHeadImportInDocument. Contributed by @​kaioduarte
• Add noImgElement. Contributed by @​kaioduarte
• Add noUnknownTypeSelector. Contributed by @​Kazuhiro-Mimaki
• Add useAtIndex. Contributed by @​GunseiKPaseri
• Add noUselessStringRaw. Contributed by @​fireairforce
• Add nursery/useCollapsedIf. Contributed by @​siketyan
• Add useGoogleFontDisplay. Contributed by @​kaioduarte

Bug Fixes

• Biome no longer crashes when it encounters a string that contain a multibyte character (#​4181).

  This fixes a regression introduced in Biome 1.9.3
  The regression affected the following linter rules:

  • nursery/useSortedClasses
  • nursery/useTrimStartEnd
  • style/useTemplate
  • suspicious/noMisleadingCharacterClass

  Contributed by @​Conaclos

• Fix #​4190, where the rule noMissingVarFunction wrongly reported a variable as missing when used inside a var() function that was a newline. Contributed by @​ematipico

• Fix #​4041. Now the rule useSortedClasses won't be triggered if className is composed only by inlined variables. Contributed by @​ematipico

• useImportType and useExportType now report useless inline type qualifiers (#​4178).

  The following fix is now proposed:

  - import type { type A, B } from "";
  + import type { A, B } from "";
  
  - export type { type C, D };
  + export type { C, D };

  Contributed by @​Conaclos

• useExportType now reports ungrouped export from.

  The following fix is now proposed:

  - export { type A, type B } from "";
  + export type { A, B } from "";

  Contributed by @​Conaclos

• noVoidTypeReturn now accepts void expressions in return position (#​4173).

  The following code is now accepted:

  function f(): void {
    return void 0;
  }

  Contributed by @​Conaclos

• noUselessFragments now correctly handles fragments containing HTML escapes (e.g.  ) inside expression escapes { ... } (#​4059).

  The following code is no longer reported:

  function Component() {
    return (
      <div key={index}>{line || <>&nbsp;</>}</div>
    )
  }

  Contributed by @​fireairforce

• noUnusedFunctionParameters and noUnusedVariables no longer reports a parameter as unused when another parameter has a constructor type with the same parameter name (#​4227).

  In the following code, the name parameter is no longer reported as unused.

  export class Foo {
    bar(name: string, _class: new (name: string) => any) {
      return name
    }
  }

  Contributed by @​Conaclos

• noUndeclaredDependencies now accepts dependency names with dots. Contributed by @​Conaclos

• useFilenamingConvention now correctly handles renamed exports (#​4254).

  The rule allows the filename to be named as one of the exports of the module.
  For instance, the file containing the following export can be named Button.

  class Button {}
  export { Button }

  The rule now correctly handles the renaming of an export.
  For example, the file containing the following export can only be named Button.
  Previously the rule expected the file to be named A.

  class A {}
  export { A as Button }

  Contributed by @​Conaclos

• useConsistentMemberAccessibility now ignore private class members such as #property (#​4276). Contributed by @​Conaclos

• noUnknownFunction correctly handles calc-size function (#​4212).

  The following code calc-size is no longer reported as unknown:

  .a { height: calc-size(0px); }

  Contributed by @​fireairforce

• useNamingConvention now allows configuring conventions for readonly index signatures.

Contributed by @​sepruko

• noDuplicateCustomProperties now correctly handles custom properties and ignores non-custom properties.
  Previously, the rule incorrectly reported duplicates for all properties, including non-custom ones. Contributed by @​togami2864

Parser

Bug Fixes

• The CSS parser now accepts more emoji in identifiers (#​3627).

  Browsers accept more emoji than the standard allows.
  Biome now accepts these additional emojis.

  The following code is now correctly parsed:

  p {
    --✨-color: red;
    color: var(--✨-color);
  }

  Contributed by @​Conaclos

• Add support for parsing typescript's resolution-mode in Import Types(#​2115)

  export type Fs = typeof import('fs', { with: { 'resolution-mode': 'import' } });
  export type TypeFromRequire =
    import("pkg", { with: { "resolution-mode": "require" } }).TypeFromRequire;
  export type TypeFromImport =
    import("pkg", { with: { "resolution-mode": "import" } }).TypeFromImport;

  Contributed by @​fireairforce

actions/checkout (actions/checkout)

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in https://github.com/actions/checkout/pull/1941
• Expand unit test coverage for isGhes by @​jww3 in https://github.com/actions/checkout/pull/1946

actions/setup-node (actions/setup-node)

v4.1.0

Compare Source

dprint/dprint (dprint)

v0.47.5

Compare Source

Changes

• fix: regression - do not panic modifying dprint.json with crlf newlines (https://github.com/dprint/dprint/pull/931)

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact	SHA-256 Checksum
dprint-x86_64-apple-darwin.zip	f1284d78a556d530241e382915263484f590418f12dd7608ecc7dd0c8f78615c
dprint-aarch64-apple-darwin.zip	5e333931f3cfe43bb8924a1c2c5b3021cbb983294fa020f67858b93689fd805d
dprint-x86_64-pc-windows-msvc.zip	561e95d6ffccae1ab99f55c308fa74df3d960d3cb7ebec601fd3ddd503ee42a5
dprint-x86_64-pc-windows-msvc-installer.exe	d9b64d5de3d04d8da64fe5152d185475be68f43fbe2a19c4cb3bd4583f49695a
dprint-x86_64-unknown-linux-gnu.zip	123c20d147485e4cac60823e63c13f2cf9157615e5ffea61b431243f61227343
dprint-x86_64-unknown-linux-musl.zip	94fb93bb59236efd5302959662d9f3a0b16bb17e26e967052b5c598995e6b516
dprint-aarch64-unknown-linux-gnu.zip	dfb1e4046d6a48ccaa7fbdcc0c64a23ad8da12463b67a1b08737d5a94e144e48
dprint-aarch64-unknown-linux-musl.zip	97c2a0f4f240e5b95faff1502b8284db7598efe5aee7f785db03e41345f0a335

v0.47.4

Compare Source

Changes

• fix: improve automated config file editing and respect trailing commas (#​926)

The automated editing of the config file that dprint does like dprint config add ... should be a lot more intelligent.

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact	SHA-256 Checksum
dprint-x86_64-apple-darwin.zip	16f360c526c14c070ab618cf6c36ff9c8bf5b32c7e07a0c0c9b58d91697b4a40
dprint-aarch64-apple-darwin.zip	522783119d1ab52164ff2aaea2072c1578a7b8988156a0add06d370eb58d439e
dprint-x86_64-pc-windows-msvc.zip	d91d0a6e607f06ee06fe2b01a6f602e2ace14d44e1d6f11ec6b3f1e0887a6fd6
dprint-x86_64-pc-windows-msvc-installer.exe	871e668d67acfed5db215328d3589a57196881dcebbda286640188f6fcb9519b
dprint-x86_64-unknown-linux-gnu.zip	6017a25b83dc76e2c3676657b538d1b4862101cd4d13b26d2a3755811234ead6
dprint-x86_64-unknown-linux-musl.zip	f43c768656e8024812222a238391601ad8db8e095fa87068e0d5c9c6176cb96a
dprint-aarch64-unknown-linux-gnu.zip	68f7a0072612ab5b4bee3d7609d47c896050ed54844f8794d871965cb480aa70
dprint-aarch64-unknown-linux-musl.zip	3b009c51c85336058672b4be54d4bdb044b7f9bbd570d51802449c1eac18ef6c

github/codeql-action (github/codeql-action)

v3.27.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024

• Bump the minimum CodeQL bundle version to 2.14.6. #​2549
• Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #​2557
• Update default CodeQL bundle version to 2.19.2. #​2552

See the full CHANGELOG.md for more information.

v3.26.13

Compare Source

pnpm/pnpm (pnpm)

v9.12.2: pnpm 9.12.2

Compare Source

Patch Changes

• When checking whether a file in the store has executable permissions, the new approach checks if at least one of the executable bits (owner, group, and others) is set to 1. Previously, a file was incorrectly considered executable only when all the executable bits were set to 1. This fix ensures that files with any executable permission, regardless of the user class, are now correctly identified as executable #​8546.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

privatenumber/tsx (tsx)

v4.19.2

Compare Source

Bug Fixes

• generate sourcesContent when Node.js debugger is enabled (#​670) (7c47074)

---

This release is also available on:

• npm package (@​latest dist-tag)

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@biomejs/[email protected]	None	0	210 kB	conaclos, dominionl, ematipico, ...1 more
npm/@types/[email protected]	None	0	2.21 MB	types
npm/[email protected]	environment, filesystem, shell	0	8.07 kB	dsherret

🚮 Removed packages: npm/@biomejs/[email protected], npm/@types/[email protected], npm/[email protected]

View full report↗︎

[netlify]

✅ Deploy Preview for gh-pages-openinf ready!

Name	Link
🔨 Latest commit	7a136fd
🔍 Latest deploy log	https://app.netlify.com/sites/gh-pages-openinf/deploys/671df34df22dd0000858492c
😎 Deploy Preview	https://deploy-preview-1473--gh-pages-openinf.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.