⬆️ Updates eslint-plugin-prettier to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
eslint-plugin-prettier	^3.1.4 → ^5.5.5

---

Release Notes

prettier/eslint-plugin-prettier (eslint-plugin-prettier)

v5.5.5

Compare Source

Patch Changes

• #​772 7264ed0 Thanks @​BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

• #​776 77651a3 Thanks @​aswils! - fix: bump synckit for yarn PnP ESM issue

v5.5.4

Compare Source

Patch Changes

• #​755 723f7a8 Thanks @​kbrilla! - fix: add 'oxc', 'oxc-ts' and 'hermes' parsers to parserBlocklist

• #​751 cf52b30 Thanks @​andreww2012! - fix: disallow extra properties in rule options

v5.5.3

Compare Source

republish the latest version

Full Changelog: prettier/eslint-plugin-prettier@v5.5.2...v5.5.3

v5.5.2

Compare Source

republish the latest version

Full Changelog: prettier/eslint-plugin-prettier@v5.5.1...v5.5.2

v5.5.1

Compare Source

Patch Changes

• #​748 bfd1e95 Thanks @​JounQin! - fix: use prettierRcOptions directly for prettier 3.6+

v5.5.0

Compare Source

Minor Changes

• #​743 92f2c9c Thanks @​dotcarmen! - feat: support non-js languages like css for @eslint/css and json for @eslint/json

v5.4.1

Compare Source

Patch Changes

• #​740 c21521f Thanks @​JounQin! - fix(deps): bump synckit to v0.11.7 to fix potential TypeError: Cannot read properties of undefined (reading 'message') error

v5.4.0

Compare Source

Minor Changes

• #​736 59a0cae Thanks @​yashtech00! - refactor: migrate worker.js to worker.mjs

v5.3.1

Compare Source

Patch Changes

• #​734 dcf2c80 Thanks @​JounQin! - ci: enable NPM_CONFIG_PROVENANCE env

v5.3.0

Compare Source

Minor Changes

• #​674 6fe0c90 Thanks @​irsooti! - feat(types): prefer Config over FlatConfig when they're equal

v5.2.6

Compare Source

Patch Changes

• #​723 1451176 Thanks @​renovate! - fix(deps): bump synckit to v0.11.0

v5.2.5

Compare Source

Patch Changes

• #​721 4f5513d Thanks @​JounQin! - fix: clarify correct eslint-config-prettier peer range

v5.2.4

Compare Source

Patch Changes

• #​715 b8cfe56 Thanks @​JounQin! - chore: hourcekeeping, bump all (dev) deps

v5.2.3

Compare Source

Patch Changes

• #​703 9c6141f Thanks @​BPScott! - Add name field to recommended flat config

v5.2.2

Compare Source

Patch Changes

• #​700 aa5b59f Thanks @​ntnyq! - fix: report node when loc not found

v5.2.1

Compare Source

Patch Changes

• #​668 ac036cc Thanks @​OrlovAlexei! - build(deps): Bump synckit from 0.8.6 to 0.9.1

v5.1.3

Compare Source

Patch Changes

• #​629 985b33c Thanks @​JounQin! - chore: add package.json into exports map

v5.1.2

Compare Source

Patch Changes

• #​623 8210e44 Thanks @​BPScott! - Add exports mapping to package.json, to allow import eslintPluginRecommended from 'eslint-plugin-prettier/recommended' to work as expected.

  Strictly speaking this is a breaking change as it removes the ability for people to import from "eslint-plugin-prettier/eslint-plugin-prettier.js" and "eslint-plugin-prettier/recommended.js" but the former was never recommended in the first place and the latter has only been available for a few days.

• #​621 2b09e7f Thanks @​JounQin! - feat: support parsing markdown via eslint-mdx natively

  What means the following is unnecessary anymore when using with eslint-mdx/eslint-plugin-mdx!

  [
    {
      files: ["**/*.md"],
      rules: { "prettier/prettier": ["error", { parser: "markdown" }] },
    },
    {
      files: ["**/*.mdx"],
      rules: { "prettier/prettier": ["error", { parser: "mdx" }] },
    },
  ]

v5.1.1

Compare Source

Patch Changes

• #​619 b5c0dc5 Thanks @​JounQin! - chore: skip formatting inline scripts in pug files

v5.1.0

Compare Source

Minor Changes

• #​616 3856413 Thanks @​BPScott! - Add recommended config for the flat config format.

  If you are using flat config, import the recommended config from eslint-plugin-prettier/recommended. Like the legacy format recommended config, this automatically includes the contents of eslint-config-prettier.

  // eslint.config.js
  const eslintPluginPrettierRecommended = require("eslint-plugin-prettier/recommended");
  
  module.exports = [
    // Any other config imports go at the top
    eslintPluginPrettierRecommended,
  ];

Patch Changes

• #​614 5270877 Thanks @​BPScott! - Add meta block to plugin. This improves debugging and cachebusting when using the new flat config

• #​603 a63a570 Thanks @​filiptammergard! - fix: specify eslint-config-prettier as peer dependency

  It's already added to peerDependenciesMeta as optional, which means it should also be specified in peerDependencies.

v5.0.1

Compare Source

Patch Changes

• #​588 21a7146 Thanks @​krist7599555! - fix: parserPath type might be undefined on Eslint Falt Config

v5.0.0

Compare Source

Major Changes

• #​508 910aeb6 Thanks @​JounQin! - feat!: bump peer eslint to ">=8.0.0" and node to "^14.18.0 || >=16.0.0"

• #​508 910aeb6 Thanks @​JounQin! - feat!: upgrade to prettier v3

Minor Changes

• #​508 910aeb6 Thanks @​JounQin! - feat: add typings support

Patch Changes

• #​548 82a3db8 Thanks @​fisker! - fix: add missing dependency synckit

• #​564 ae7a73c Thanks @​auvred! - fix: compatibility with prettier@​3 without plugins

v4.2.5

Compare Source

republish the v4 version

Full Changelog: prettier/eslint-plugin-prettier@v4.2.4...v4.2.5

v4.2.4

Compare Source

republish the v4 version

Full Changelog: prettier/eslint-plugin-prettier@v4.2.1...v4.2.4

v4.2.1

Compare Source

Patch Changes

• #​485 5736ed5 Thanks @​JounQin! - chore: reuse prettierRcOptions instead of resolveConfig again

v4.2.0

Compare Source

Minor Changes

• #​483 7bd70b6 Thanks @​JounQin! - feat: support svelte out of box

  close #​472, close #​482

  We recommend to use eslint-plugin-svelte instead of eslint-plugin-svelte3.

v4.1.0

Compare Source

• feat: skip processing code blocks on specific languages like stylelint-prettier (#​415) (52eec48)
• build(deps): Bump minimist from 1.2.5 to 1.2.6 (#​464) (42bfe88)
• build(deps-dev): Bump graphql from 15.5.1 to 15.7.2 (#​442) (0158640)
• build(deps-dev): Bump @​graphql-eslint/eslint-plugin from 2.3.0 to 2.4.0 (#​444) (4bcaca2)
• chore(CI): add tests for ESLint 8 (#​428) (f3713be)
• README.md: HTTP => HTTPS (#​443) (44e1478)

v4.0.0

Compare Source

This breaking change drops support for old versions of ESLint, Prettier and
Node. You must use at least ESLint v7.28.0, Prettier v2.0.0 and Node v12.0.0.
Aside from that, usage of this plugin remains identical.

• v4 - Drop support for eslint 5/6, prettier 1, node 6/8 (#​429) (acb56f3)

v3.4.1

Compare Source

• build(deps): Bump glob-parent from 5.0.0 to 5.1.2 (#​420) (b6d075c)
• build(deps): Bump path-parse from 1.0.6 to 1.0.7 (#​425) (24f957e)
• feat: support @graphql-eslint/eslint-plugin out of box (#​413) (ec6fbb1)
• chore: add tests for Node 16 (#​410) (76bd45e)

v3.4.0

Compare Source

• feat: support processor virtual filename (#​401) (ee0ccc6)
• Simplify report logic (#​380) (d993f24)
• Update: README.md (#​375) (3ea4242)

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Moscow, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[viezly]

Pull request by bot. No need to analyze

[github-actions]

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

[github-actions]

🏷️ [bumpr] Next version:v2.0.2 Changes:v2.0.1...AlexRogalskiy:renovate/eslint-plugin-prettier-5.x

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	pretty-quick@​3.1.0
	lint-staged@​10.5.4
	eslint-plugin-prettier@​3.3.1 ⏵ 5.5.5
	semantic-release@​17.3.9
	prettier@​2.2.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: npm json-schema is vulnerable to Prototype Pollution CVE: GHSA-896r-f27r-55mw json-schema is vulnerable to Prototype Pollution (CRITICAL) Affected versions: < 0.4.0 Patched version: 0.4.0 From: package-lock.json → npm/@semantic-release/npm@7.0.10 → npm/jest@27.0.0-next.2 → npm/jest-circus@26.6.3 → npm/json-schema@0.2.3 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/json-schema@0.2.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Prototype Pollution in npm minimist CVE: GHSA-xvch-5gv4-984h Prototype Pollution in minimist (CRITICAL) Affected versions: >= 1.0.0 < 1.2.6; < 0.2.4 Patched version: 1.2.6 From: package-lock.json → npm/folio@0.3.18 → npm/cz-conventional-changelog@3.3.0 → npm/@semantic-release/npm@7.0.10 → npm/jest@27.0.0-next.2 → npm/eslint-plugin-import@2.22.1 → npm/jest-circus@26.6.3 → npm/@semantic-release/release-notes-generator@9.0.1 → npm/minimist@1.2.5 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/minimist@1.2.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm npm is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: package-lock.json → npm/@semantic-release/npm@7.0.10 → npm/npm@6.14.11 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/npm@6.14.11. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm safer-buffer is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: package-lock.json → npm/cz-conventional-changelog@3.3.0 → npm/@semantic-release/npm@7.0.10 → npm/jest@27.0.0-next.2 → npm/jest-circus@26.6.3 → npm/safer-buffer@2.1.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report