Bump @biomejs/biome from 2.2.7 to 2.3.9

[dependabot]

Bumps @biomejs/biome from 2.2.7 to 2.3.9.

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.9

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

  Caution

  This is a first iteration of the rule, and does not yet detect generic "thenable" values.

• #8034 e7e0f6c Thanks @​Netail! - Added the nursery rule useRegexpExec. Enforce RegExp#exec over String#match if no global flag is provided.

• #8137 d407efb Thanks @​denbezrukov! - Reduced the internal memory used by the Biome formatter.

• #8281 30b046f Thanks @​tylersayshi! - Added the rule useRequiredScripts, which enforces presence of configurable entries in the scripts section of package.json files.

• #8290 d74c8bd Thanks @​dyc3! - The HTML formatter has been updated to match Prettier 3.7's behavior for handling <iframe>'s allow attribute.

  - <iframe allow="layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';"></iframe>
  + <iframe
  + 	allow="
  + 		layout-animations 'none';
  + 		unoptimized-images 'none';
  + 		oversized-images 'none';
  + 		sync-script 'none';
  + 		sync-xhr 'none';
  + 		unsized-media 'none';
  + 	"
  + ></iframe>

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

  Caution

  This is a first iteration of the rule, and does not yet detect generic "thenable" values.

• #8034 e7e0f6c Thanks @​Netail! - Added the nursery rule useRegexpExec. Enforce RegExp#exec over String#match if no global flag is provided.

• #8137 d407efb Thanks @​denbezrukov! - Reduced the internal memory used by the Biome formatter.

• #8281 30b046f Thanks @​tylersayshi! - Added the rule useRequiredScripts, which enforces presence of configurable entries in the scripts section of package.json files.

• #8290 d74c8bd Thanks @​dyc3! - The HTML formatter has been updated to match Prettier 3.7's behavior for handling <iframe>'s allow attribute.

  - <iframe allow="layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';"></iframe>
  + <iframe
  + 	allow="
  + 		layout-animations 'none';
  + 		unoptimized-images 'none';
  + 		oversized-images 'none';
  + 		sync-script 'none';
  + 		sync-xhr 'none';
  + 		unsized-media 'none';
  + 	"
  + ></iframe>

• #8302 d1d5014 Thanks @​mlafeldt! - Fixed #8109: return statements in Astro frontmatter no longer trigger "Illegal return statement" errors when using experimentalFullSupportEnabled.

... (truncated)

Commits

• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• 3710702 feat(lint): implement useDestructuring (#8335)
• 111ff34 chore: move depot to platinum sponsor (#8337)
• 343dc4d feat(linter): implement useAwaitThenable (#8341)
• 153e3c6 fix(lint): improve noBiomeFirstException (#8326)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​biomejs/biome since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)