[Snyk] Upgrade @biomejs/biome from 1.6.4 to 1.8.1

[abdulrahman305]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @biomejs/biome from 1.6.4 to 1.8.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.

• The recommended version was released on 22 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	482	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	482	No Known Exploit

Release notes

Package name: @biomejs/biome

• 1.8.1 - 2024-06-10
  

  CLI

  Bug fixes

  • Fix #3069, prevent overwriting paths when using --staged or --changed options. Contributed by @ unvalley
  • Fix a case where the file link inside a diagnostic wasn't correctly displayed inside a terminal run by VSCode. Contributed by @ uncenter

  Configuration

  Bug fixes

  • Fix #3067, by assigning the correct default value to indentWidth. Contributed by @ ematipico

  Formatter

  Bug fixes

  • Fix the bug where whitespace after the & character in CSS nesting was incorrectly trimmed, ensuring proper targeting of child classes #3061. Contributed by @ denbezrukov
  • Fix #3068 where the CSS formatter was inadvertently converting variable declarations and function calls to lowercase. Contributed by @ denbezrukov
  • Fix the formatting of CSS grid layout properties. Contributed by @ denbezrukov

  Linter

  Bug fixes

  • The noEmptyBlock css lint rule now treats empty blocks containing comments as valid ones. Contributed by @ Sec-ant

  • useLiteralKeys no longer reports quoted member names (#3085).

    Previously useLiteralKeys reported quoted member names that can be unquoted.
    For example, the rule suggested the following fix:

    - const x = { "prop": 0 };
    + const x = { prop: 0 };

    This conflicted with the option quoteProperties of our formatter.

    The rule now ignores quoted member names.

    Contributed by @ Conaclos

  • noEmptyInterface now ignores empty interfaces in ambient modules (#3110). Contributed by @ Conaclos

  • noUnusedVariables and noUnusedFunctionParameters no longer report the parameters of a constructor type (#3135).

    Previously, arg was reported as unused in a constructor type like:

    export type Classlike = new (arg: unknown) => string;

    Contributed by @ Conaclos

  • noStringCaseMismatch now ignores escape sequences (#3134).

    The following code is no longer reported by the rule:

    s.toUpperCase() === "\u001b";

    Contributed by @ Conaclos

  Parser

  New features

  • Implemented CSS Unknown At-Rule parsing, allowing the parser to gracefully handle unsupported or unrecognized CSS at-rules. Contributed by @ denbezrukov

  Bug fixes

  • Fix #3055 CSS: Layout using named grid lines is now correctly parsed. Contributed by @ denbezrukov
  • Fix #3091. Allows the parser to handle nested style rules and at-rules properly, enhancing the parser's compatibility with the CSS Nesting Module. Contributed by @ denbezrukov

  Other changes

  • fix(docs): incorrect snippets by @ ematipico in #3059
  • feat(grit): parse Grit literal snippets by @ arendjr in #3051
  • chore: delete stale snapshots by @ siosio34 in #3062
  • fix(noUnusedFunctionParameters): fix typo in documentation code example by @ printfn in #3065
  • feat(graphql_parser): parse enum extension by @ vohoanglong0107 in #3044
  • docs(useNamingConvention): fix conventions example by @ Conaclos in #3070
  • docs(readme): fix replace apply by write option by @ Jayllyz in #3071
  • refactor: use --write instead of --apply in CLI advices by @ Conaclos in #3083
  • fix: use-adjacent-overload-signature diagnostic by @ chansuke in #3095
  • chore: fix JSON schema for biome config file by @ Conaclos in #3109
  • chore(deps): update dependency dprint to v0.46.1 by @ renovate in #3042
  • fix(deps): update rust crates by @ renovate in #3041
  • refactor(lint): add SonarJs and UnusedImports rule sources by @ Conaclos in #3128
  • fix(graphql_parser): allow backlash in block string by @ vohoanglong0107 in #3113
  • feat(graphql_parser): parse input object type extension by @ vohoanglong0107 in #3112
  • feat(biome_css_analyzer): implement selector-pseudo-class-no-unknown by @ tunamaguro in #3034
  • fix(deps): update rust crate roaring to 0.10.5 by @ renovate in #3144
  • chore(deps): update rust crate regex to 1.10.5 by @ renovate in #3141
  • chore(deps): update rust crate enumflags2 to 0.7.10 by @ renovate in #3139
  • chore(deps): update dependency dprint to v0.46.2 by @ renovate in #3138
  • chore(deps): update rust docker tag to v1.78.0 by @ renovate in #3147
  • ci: add check for rules docs by @ ematipico in #3150
  • ci: add check for rules docs by @ ematipico in #3152
  • chore: format package.json like npm does by @ ematipico in #3155
  • feat(biome_css_analyzer): noShorthandPropertyOverrides by @ neokidev in #2958
  • feat(biome_css_analyzer): useConsistentGridAreas by @ chansuke in #2940

  New Contributors

  • @ siosio34 made their first contribution in #3062
  • @ Jayllyz made their first contribution in #3071

  Full Changelog: cli/v1.8.0...cli/v1.8.1

• 1.8.0 - 2024-06-04
  

  Analyzer

  New features

  • Allow suppression comments to suppress individual instances of rules. This is
    used for the lint rule useExhaustiveDependencies, which is now able to
    suppress specific dependencies. Fixes change: rename locals to debugger (#2503) continuedev/continue#2509. Contributed by @ arendjr

  Enhancements

  • Assume Astro object is always a global when processing .astro files. Contributed by @ minht11
  • Assume Vue compiler macros are globals when processing .vue files. (#2771) Contributed by @ dyc3

  CLI

  New features

  • New clean command. Use this new command to clean after the biome-logs directory, and remove all the log files.

    biome clean

  • Add two new options --only and --skip to the command biome lint (#58).

    The --only option allows you to run a given rule or rule group,
    For example, the following command runs only the style/useNamingConvention and style/noInferrableTypes rules.
    If the rule is disabled in the configuration, then its severity level is set to error for a recommended rule or warn otherwise.

    biome lint --only=style/useNamingConvention --only=style/noInferrableTypes

    Passing a group does not change the severity level of the rules in the group.
    All the disabled rules in the group will remain disabled.
    To ensure that the group is run, the recommended field of the group is enabled.
    The nursery group cannot be passed, as no rules are enabled by default in the nursery group.

    The --skip option allows you to skip the execution of a given group or a given rule.
    For example, the following command skips the style group and the suspicious/noExplicitAny rule.

    biome lint --skip=style --skip=suspicious/noExplicitAny

    You can also use --only and --skip together. --skip oevrrides --only.
    The following command executes only the rules from the style group, but the style/useNamingConvention rule.

    biome lint --only=style --skip=style/useNamingConvention

    These options are compatible with other options such as --write (previously --apply), and --reporter.

    Contributed by @ Conaclos

  • Add new command biome clean. Use this command to purge all the logs emitted by the Biome daemon. This command is really useful, because the Biome daemon tends
    log many files and contents during its lifecycle. This means that if your editor is open for hours (or even days), the biome-logs folder could become quite heavy. Contributed by @ ematipico

  • Add support for formatting and linting CSS files from the CLI. These operations are opt-in for the time being.

    If you don't have a configuration file, you can enable these features with --css-formatter-enabled and --css-linter-enabled:

    biome check --css-formatter-enabled=true --css-linter-enabled=true ./

    Contributed by @ ematipico

  • Add new CLI options to control the CSS formatting. Check the CLI reference page for more details. Contributed by @ ematipico

  • Add new options --write, --fix (alias of --write) and --unsafe to the command biome lint and biome check.
    Add a new option --fix (alias of --write) to the command biome format and biome migrate.

    biome <lint|check> --<write|fix> [--unsafe]
    biome format --<write|fix>
    biome migrate --<write|fix>

    The biome <lint|check> --<write|fix> has the same behavior as biome <lint|check> --apply.
    The biome <lint|check> --<write|fix> --unsafe has the same behavior as biome <lint|check> --apply-unsafe.
    The biome format --fix has the same behavior as biome format --write.
    The biome migrate --fix has the same behavior as biome migrate --write.

    This change allows these commands to write modifications in the same options.
    With this change, the --apply and --apply-unsafe options are deprecated.

    Contributed by @ unvalley

  Enhancements

  • Biome now executes commands (lint, format, check and ci) on the working directory by default. #2266 Contributed by @ unvalley

    - biome check .
    + biome check    # You can run the command without the path

  • biome migrate eslint now tries to convert ESLint ignore patterns into Biome ignore patterns.

    ESLint uses gitignore patterns.
    Biome now tries to convert these patterns into Biome ignore patterns.

    For example, the gitignore pattern /src is a relative path to the file in which it appears.
    Biome now recognizes this and translates this pattern to ./src.

    Contributed by @ Conaclos

  • biome migrate eslint now supports the eslintIgnore field in package.json.

    ESLint allows the use of package.json as an ESLint configuration file.
    ESLint supports two fields: eslintConfig and eslintIgnore.
    Biome only supported the former. It now supports both.

    Contributed by @ Conaclos

  • biome migrate eslint now propagates NodeJS errors to the user.

    This will help users to identify why Biome is unable to load some ESLint configurations.

    Contributed by @ Conaclos

  • Add a new --reporter called summary. This reporter will print diagnostics in a different way, based on the tools (formatter, linter, etc.) that are executed.
    Import sorting and formatter shows the name of the files that require formatting. Instead, the linter will group the number of rules triggered and the number of errors/warnings:

    Formatter ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
    The following files needs to be formatted:
    main.ts
    index.ts

    Organize Imports ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
    The following files needs to have their imports sorted:
    main.ts
    index.ts

    Analyzer ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
    Some analyzer rules were triggered

    Rule Name Diagnostics
lint/suspicious/noImplicitAnyLet 12 (12 error(s), 0 warning(s), 0 info(s))
lint/suspicious/noDoubleEquals 8 (8 error(s), 0 warning(s), 0 info(s))
lint/suspicious/noRedeclare 12 (12 error(s), 0 warning(s), 0 info(s))
lint/suspicious/noDebugger 20 (20 error(s), 0 warning(s), 0 info(s))


    Contributed by @ ematipico

  • biome ci now enforces printing the output using colours. If you were previously using --colors=force, you can remove it because it's automatically set. Contributed by @ ematipico

  • Add a new --reporter called github. This reporter will print diagnostics using GitHub workflow commands:

    ::error title=lint/suspicious/noDoubleEquals,file=main.ts,line=4,endLine=4,col=3,endColumn=5::Use === instead of ==
    ::error title=lint/suspicious/noDebugger,file=main.ts,line=6,endLine=6,col=1,endColumn=9::This is an unexpected use of the debugger statement.
    ::error title=lint/nursery/noEvolvingAny,file=main.ts,line=8,endLine=8,col=5,endColumn=6::This variable's type is not allowed to evolve implicitly, leading to potential any types.
    

    Contributed by @ ematipico

  • Add a new --reporter called junit. This reporter will print diagnostics using GitHub workflow commands:

    <?xml version="1.0" encoding="UTF-8"?>
    <testsuites name="Biome" tests="16" failures="16" errors="20" time="<TIME>">
      <testsuite name="main.ts" tests="1" disabled="0" errors="0" failures="1" package="org.biome">
          <testcase name="org.biome.lint.suspicious.noDoubleEquals" line="4" column="3">
              <failure message="Use === instead of ==. == is only allowed when comparing against `null`">line 3, col 2, Use === instead of ==. == is only allowed when comparing against `null`</failure>
          </testcase>
      </testsuite>
      <testsuite name="main.ts" tests="1" disabled="0" errors="0" failures="1" package="org.biome">
          <testcase name="org.biome.lint.suspicious.noDebugger" line="6" column="1">
              <failure message="This is an unexpected use of the debugger statement.">line 5, col 0, This is an unexpected use of the debugger statement.</failure>
          </testcase>
      </testsuite>
      <testsuite name="main.ts" tests="1" disabled="0" errors="0" failures="1" package="org.biome">
          <testcase name="org.biome.lint.nursery.noEvolvingAny" line="8" column="5">
              <failure message="This variable&apos;s type is not allowed to evolve implicitly, leading to potential any types.">line 7, col 4, This variable&apos;s type is not allowed to evolve implicitly, leading to potential any types.</failure>
          </testcase>
      </testsuite>
    </testsuites>

    Contributed by @ ematipico

  Bug fixes

  • Fix #3024, where running biome init would create biome.json even if biome.jsonc already exists. Contributed by @ minht11

  Configuration

  New features

  • Add an rule option fix to override the code fix kind of a rule (#2882).

    A rule can provide a safe or an unsafe code action.
    You can now tune the kind of code actions thanks to the fix option.
    This rule option takes a value among:

    • none: the rule no longer emits code actions.
    • safe: the rule emits safe code action.
    • unsafe: the rule emits unsafe code action.

    The following configuration disables the code actions of noUnusedVariables, makes the emitted code actions of style/useConst and style/useTemplate unsafe and safe respectively.

    {
      "linter": {
        "rules": {
          "correctness": {
            "noUnusedVariables": {
              "level": "error",
              "fix": "none"
            },
            "style": {
              "useConst": {
                "level": "warn",
                "fix": "unsafe"
              },
              "useTemplate": {
                "level": "warn",
                "fix": "safe"
              }
            }
          }
        }
      }
    }

    Contributed by @ Conaclos

  • Add option javascript.linter.enabled to control the linter for JavaScript (and its super languages) files. Contributed by @ ematipico

  • Add option json.linter.enabled to control the linter for JSON (and its super languages) files. Contributed by @ ematipico

  • Add option css.linter.enabled to control the linter for CSS (and its super languages) files. Contributed by @ ematipico

  • Add option css.formatter, to control the formatter options for CSS (and its super languages) files. Contributed by @ ematipico

  • You can now change the severity of lint rules down to "info". The "info" severity doesn't emit error codes, and it isn't affected by other options like --error-on-warnings:

    {
      "linter": {
        "rules": {
          "suspicious": {
            "noDebugger": "info"
          }
        }
      }
    }

    Contributed by @ ematipico

  Enhancements

  • The javascript.formatter.trailingComma option is deprecated and renamed to javascript.formatter.trailingCommas. The corresponding CLI option --trailing-comma is also deprecated and renamed to --trailing-commas. Details can be checked in #2492. Contributed by @ Sec-ant

  Bug fixes

  • Fix a bug where if the formatter was disabled at the language level, it could be erroneously enabled by an
    override that did not specify the formatter section #2924. Contributed by @ dyc3
  • Fix #2990, now Biome doesn't add a trailing comma when formatting biome.json. Contributed by @ dyc3

  Editors

  New features

  • Add support for LSP Workspaces

  Enhancements

  • The LSP doesn't crash anymore when the configuration file contains errors. If the configuration contains errors, Biome now shows a pop-up to the user, and it will only parse files using the default configuration.
    Formatting and linting is disabled until the configuration file is fixed. Contributed by @ ematipico

  Bug fixes

  • Fixes #2781, by correctly computing the configuration to apply to a specific file. Contributed by @ ematipico

  Formatter

  Bug fixes

  • Fix #2470 by avoid introducing linebreaks in single line string interpolations. Contributed by @ ah-yu
  • Resolve deadlocks by narrowing the scope of locks. Contributed by @ mechairoi
  • Fix #2782 by computing the enabled rules by taking the override settings into consideration. Contributed by @ ematipico
  • Fix [https://github.com//issues/2877] by correctly handling line terminators in JSX string. Contributed by @ ah-yu

  JavaScript APIs

  Linter

  Promoted rules

  New rules are incubated in the nursery group. Once stable, we promote them to a stable group. The following rules are promoted:

  • useImportRestrictions
  • noNodejsModules

[korbit-ai]

👋 I'm here to help you review your pull request. When you're ready for me to perform a review, you can comment anywhere on this pull request with this command: /korbit-review.

As a reminder, here are some helpful tips on how we can collaborate together:

• To have me re-scan your pull request, simply re-invoke the /korbit-review command in a new comment.
• You can interact with me by tagging @korbit-ai in any conversation in your pull requests.
• On any comment I make on your code, please leave a 👍 if it is helpful and a 👎 if it is unhelpful. This will help me learn and improve as we work together
• Lastly, to learn more, check out our Docs.

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codeautopilot]

PR summary

This Pull Request upgrades the @biomejs/biome package from version 1.6.4 to 1.8.1. The upgrade addresses several high-severity vulnerabilities, including uncontrolled resource consumption and inefficient regular expression complexity. Additionally, the new version includes numerous bug fixes, enhancements, and new features across various components such as the CLI, configuration, formatter, linter, parser, and editor support.

Suggestion

Ensure that the upgrade does not introduce any breaking changes by thoroughly testing the application with the new version. Additionally, review the new features and enhancements to see if any can be leveraged to improve the project's code quality and maintainability.

Disclaimer: This comment was entirely generated using AI. Be aware that the information provided may be incorrect.

Current plan usage: 14.58%

Have feedback or need help?
Discord
Documentation
[email protected]