Skip to content

Commit 2dbdd6d

Browse files
tryghost-renovate[bot]tryghost-renovate[bot]
authored
Update secretlint monorepo to v13 (TryGhost#28305)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@secretlint/secretlint-rule-pattern](https://redirect.github.com/secretlint/secretlint/tree/master/packages/@secretlint/secretlint-rule-pattern/) ([source](https://redirect.github.com/secretlint/secretlint)) | [`12.3.1` → `13.0.2`](https://renovatebot.com/diffs/npm/@secretlint%2fsecretlint-rule-pattern/12.3.1/13.0.2) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@secretlint%2fsecretlint-rule-pattern/13.0.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@secretlint%2fsecretlint-rule-pattern/12.3.1/13.0.2?slim=true) | | [@secretlint/secretlint-rule-preset-recommend](https://redirect.github.com/secretlint/secretlint/tree/master/packages/@secretlint/secretlint-rule-preset-recommend/) ([source](https://redirect.github.com/secretlint/secretlint)) | [`12.3.1` → `13.0.2`](https://renovatebot.com/diffs/npm/@secretlint%2fsecretlint-rule-preset-recommend/12.3.1/13.0.2) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@secretlint%2fsecretlint-rule-preset-recommend/13.0.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@secretlint%2fsecretlint-rule-preset-recommend/12.3.1/13.0.2?slim=true) | | [secretlint](https://redirect.github.com/secretlint/secretlint/tree/master/packages/secretlint/) ([source](https://redirect.github.com/secretlint/secretlint)) | [`12.3.1` → `13.0.2`](https://renovatebot.com/diffs/npm/secretlint/12.3.1/13.0.2) | ![age](https://developer.mend.io/api/mc/badges/age/npm/secretlint/13.0.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/secretlint/12.3.1/13.0.2?slim=true) | --- ### Release Notes <details> <summary>secretlint/secretlint (@&TryGhost#8203;secretlint/secretlint-rule-pattern)</summary> ### [`v13.0.2`](https://redirect.github.com/secretlint/secretlint/releases/tag/v13.0.2) [Compare Source](https://redirect.github.com/secretlint/secretlint/compare/v13.0.0...v13.0.2) <!-- Release notes generated using configuration in .github/release.yml at master --> ##### What's Changed 📝 v13.0.1 published as v13.0.2 ##### Bug Fixes - Fix secp256k1 private key detection to avoid false positives by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1564](https://redirect.github.com/secretlint/secretlint/pull/1564) ##### CI - ci: replace merge-gatekeeper with automerge-gate by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1543](https://redirect.github.com/secretlint/secretlint/pull/1543) - Update github/codeql-action action to v3.35.3 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1546](https://redirect.github.com/secretlint/secretlint/pull/1546) - ci(release): prevent cache poisoning by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1555](https://redirect.github.com/secretlint/secretlint/pull/1555) - chore(CI): update to pkgdeps/automerge-gate\@&TryGhost#8203;4.1 by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1557](https://redirect.github.com/secretlint/secretlint/pull/1557) - Update rhysd/github-action-benchmark action to v1.22.1 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1558](https://redirect.github.com/secretlint/secretlint/pull/1558) - Update github/codeql-action action to v3.35.4 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1563](https://redirect.github.com/secretlint/secretlint/pull/1563) ##### Dependency Updates - Update dependency turbo to ^2.9.8 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1542](https://redirect.github.com/secretlint/secretlint/pull/1542) - Update dependency turbo to ^2.9.9 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1544](https://redirect.github.com/secretlint/secretlint/pull/1544) - Update Patch updates (patch) by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1545](https://redirect.github.com/secretlint/secretlint/pull/1545) - Update pnpm to v10.33.4 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1551](https://redirect.github.com/secretlint/secretlint/pull/1551) - Update dependency [@&TryGhost#8203;types/node](https://redirect.github.com/types/node) to ^25.6.1 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1552](https://redirect.github.com/secretlint/secretlint/pull/1552) - Update dependency turbo to ^2.9.10 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1553](https://redirect.github.com/secretlint/secretlint/pull/1553) - Update dependency [@&TryGhost#8203;types/node](https://redirect.github.com/types/node) to ^25.6.2 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1554](https://redirect.github.com/secretlint/secretlint/pull/1554) - Update dependency turbo to ^2.9.12 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1556](https://redirect.github.com/secretlint/secretlint/pull/1556) - Update textlint to ^15.6.1 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1559](https://redirect.github.com/secretlint/secretlint/pull/1559) - Update dependency vitest to ^4.1.6 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1561](https://redirect.github.com/secretlint/secretlint/pull/1561) - Update dependency [@&TryGhost#8203;types/node](https://redirect.github.com/types/node) to ^25.7.0 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1562](https://redirect.github.com/secretlint/secretlint/pull/1562) ##### Other Changes - Reorganize CLI options and update glob syntax documentation by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1540](https://redirect.github.com/secretlint/secretlint/pull/1540) **Full Changelog**: <secretlint/secretlint@v13.0.0...v13.0.2> ### [`v13.0.0`](https://redirect.github.com/secretlint/secretlint/releases/tag/v13.0.0) [Compare Source](https://redirect.github.com/secretlint/secretlint/compare/v12.3.1...v13.0.0) ##### Highlights v13 changes how files are discovered on disk and adds three credential detection rules. ##### `.gitignore` is respected by default Nested `.gitignore` files now apply to file discovery with ripgrep semantics: rules from each directory cascade into its subtree, and a negation rule in a deeper file can flip an earlier verdict. Files excluded by any `.gitignore` on the path are no longer scanned. Repositories that previously relied on Secretlint scanning ignored files (such as `dist/` or generated artefacts) will see fewer files in the output. `.secretlintignore` is unchanged and continues to apply alongside `.gitignore`. To restore the v12 behaviour: ```bash secretlint --no-gitignore "**/*" ``` If a file is matched by a `.gitignore` rule but still appears in Secretlint's output, please open an issue at <https://github.com/secretlint/secretlint/issues>. ##### Glob-shaped paths that exist on disk are treated literally `--no-glob` and "globs by default" both existed in v12. What changed in v13 is the fallback for inputs that contain glob metacharacters but resolve to a real file or directory. In v12, an input like `src/(group)/page.tsx` was always parsed as a glob, so SvelteKit / Next.js routes whose names contain `()`, `[]`, `{}`, or `?` required `--no-glob`. v13 runs a single `stat` per glob-shaped input: if it exists, the input is treated literally; otherwise it stays a glob. | Pattern | On disk | v12 default | v13 default | | ------------------------ | ------------------- | ------------------------ | ----------------- | | `src/(group)/page.tsx` | exists | parsed as glob, no match | matched literally | | `src/(missing)/page.tsx` | absent | parsed as glob | parsed as glob | | `src/[a-z]ormal.tsx` | `normal.tsx` exists | matched via glob | matched via glob | Pass `--no-glob` to skip the probe and force literal interpretation. ##### New and promoted rules Added to `preset-recommend`: | Rule | Detects | | ---------------------------------------- | ----------------------------------------------------- | | `@secretlint/secretlint-rule-tailscale` | Tailscale API keys (new package) | | `@secretlint/secretlint-rule-stripe` | Stripe API keys (new package) | | `@secretlint/secretlint-rule-cloudflare` | Cloudflare API tokens (promoted from `preset-canary`) | ##### What's Changed ##### Breaking Changes - feat!: respect .gitignore by default via [@&TryGhost#8203;secretlint/walker](https://redirect.github.com/secretlint/walker) by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1530](https://redirect.github.com/secretlint/secretlint/pull/1530) - feat(secretlint-rule-preset-recommend): promote cloudflare, stripe, tailscale from canary by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1538](https://redirect.github.com/secretlint/secretlint/pull/1538) ##### Features - Add Tailscale API key detection rule by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1536](https://redirect.github.com/secretlint/secretlint/pull/1536) - feat(secretlint-rule-stripe): add Stripe API key detection rule by [@&TryGhost#8203;azu](https://redirect.github.com/azu) in [#&TryGhost#8203;1537](https://redirect.github.com/secretlint/secretlint/pull/1537) ##### CI - Update actions/setup-node action to v6.4.0 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1527](https://redirect.github.com/secretlint/secretlint/pull/1527) ##### Dependency Updates - Update pnpm to v10.33.2 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1525](https://redirect.github.com/secretlint/secretlint/pull/1525) - Update dependency ajv to ^8.20.0 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1528](https://redirect.github.com/secretlint/secretlint/pull/1528) - Update textlint to ^15.6.0 (minor) by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1529](https://redirect.github.com/secretlint/secretlint/pull/1529) - Update dependency picomatch to ^4.0.4 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1534](https://redirect.github.com/secretlint/secretlint/pull/1534) - Update dependency turbo to ^2.9.7 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1535](https://redirect.github.com/secretlint/secretlint/pull/1535) ##### Other Changes - Update Node.js to v24.15.0 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1514](https://redirect.github.com/secretlint/secretlint/pull/1514) - Update dependency Bun to v1.3.13 by [@&TryGhost#8203;renovate](https://redirect.github.com/renovate)\[bot] in [#&TryGhost#8203;1526](https://redirect.github.com/secretlint/secretlint/pull/1526) **Full Changelog**: <secretlint/secretlint@v12.3.1...v13.0.0> </details> --- ### Configuration 📅 **Schedule**: (in timezone Etc/UTC) - Branch creation - Only on Sunday and Saturday (`* * * * 0,6`) - Between 11:00 PM and 11:59 PM, Monday through Friday (`* 23 * * 1-5`) - Between 12:00 AM and 04:59 AM, Monday through Saturday (`* 0-4 * * 1-6`) - Automerge - Only on Sunday and Saturday (`* * * * 0,6`) - Between 11:00 PM and 11:59 PM, Monday through Friday (`* 23 * * 1-5`) - Between 12:00 AM and 04:59 AM, Monday through Saturday (`* 0-4 * * 1-6`) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDcuNCIsInVwZGF0ZWRJblZlciI6IjQzLjIwNy40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: tryghost-renovate[bot] <269725441+tryghost-renovate[bot]@users.noreply.github.com>
1 parent f95b171 commit 2dbdd6d

2 files changed

Lines changed: 87 additions & 97 deletions

File tree

package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -69,8 +69,8 @@
6969
},
7070
"devDependencies": {
7171
"@playwright/test": "catalog:",
72-
"@secretlint/secretlint-rule-pattern": "12.3.1",
73-
"@secretlint/secretlint-rule-preset-recommend": "12.3.1",
72+
"@secretlint/secretlint-rule-pattern": "13.0.2",
73+
"@secretlint/secretlint-rule-preset-recommend": "13.0.2",
7474
"eslint": "catalog:",
7575
"eslint-plugin-ghost": "3.5.0",
7676
"eslint-plugin-react": "7.37.5",
@@ -80,7 +80,7 @@
8080
"lint-staged": "17.0.5",
8181
"nx": "22.7.4",
8282
"rimraf": "6.1.3",
83-
"secretlint": "12.3.1",
83+
"secretlint": "13.0.2",
8484
"semver": "7.7.4",
8585
"typescript": "catalog:",
8686
"vitest": "catalog:"

pnpm-lock.yaml

Lines changed: 84 additions & 94 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)