Skip to content

chore(deps): update secretlint monorepo to v13 (major)#385

Merged
prisis merged 1 commit intomainfrom
renovate/major-13-secretlint-monorepo
May 8, 2026
Merged

chore(deps): update secretlint monorepo to v13 (major)#385
prisis merged 1 commit intomainfrom
renovate/major-13-secretlint-monorepo

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 7, 2026

This PR contains the following updates:

Package Change Age Confidence
@secretlint/secretlint-rule-preset-recommend (source) ^12.3.1^13.0.0 age confidence
secretlint (source) 12.3.113.0.0 age confidence

Release Notes

secretlint/secretlint (@​secretlint/secretlint-rule-preset-recommend)

v13.0.0

Compare Source

Highlights

v13 changes how files are discovered on disk and adds three credential detection rules.

.gitignore is respected by default

Nested .gitignore files now apply to file discovery with ripgrep semantics: rules from each directory cascade into its subtree, and a negation rule in a deeper file can flip an earlier verdict.

Files excluded by any .gitignore on the path are no longer scanned. Repositories that previously relied on Secretlint scanning ignored files (such as dist/ or generated artefacts) will see fewer files in the output. .secretlintignore is unchanged and continues to apply alongside .gitignore.

To restore the v12 behaviour:

secretlint --no-gitignore "**/*"

If a file is matched by a .gitignore rule but still appears in Secretlint's output, please open an issue at https://github.com/secretlint/secretlint/issues.

Glob-shaped paths that exist on disk are treated literally

--no-glob and "globs by default" both existed in v12. What changed in v13 is the fallback for inputs that contain glob metacharacters but resolve to a real file or directory.

In v12, an input like src/(group)/page.tsx was always parsed as a glob, so SvelteKit / Next.js routes whose names contain (), [], {}, or ? required --no-glob. v13 runs a single stat per glob-shaped input: if it exists, the input is treated literally; otherwise it stays a glob.

Pattern On disk v12 default v13 default
src/(group)/page.tsx exists parsed as glob, no match matched literally
src/(missing)/page.tsx absent parsed as glob parsed as glob
src/[a-z]ormal.tsx normal.tsx exists matched via glob matched via glob

Pass --no-glob to skip the probe and force literal interpretation.

New and promoted rules

Added to preset-recommend:

Rule Detects
@secretlint/secretlint-rule-tailscale Tailscale API keys (new package)
@secretlint/secretlint-rule-stripe Stripe API keys (new package)
@secretlint/secretlint-rule-cloudflare Cloudflare API tokens (promoted from preset-canary)
What's Changed
Breaking Changes
Features
CI
Dependency Updates
Other Changes

Full Changelog: secretlint/secretlint@v12.3.1...v13.0.0

Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • "after 10:00 before 19:00 every weekday except after 13:00 before 14:00"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
chore(deps): update secretlint monorepo to v13
f1de272 
BREAKING CHANGE: updated dependencies to major versions
@renovate renovate Bot requested a review from prisis as a code owner May 7, 2026 14:52
@renovate renovate Bot added the c: dependencies Pull requests that adds/updates a dependency label May 7, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 7, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​secretlint/​secretlint-rule-preset-recommend@​12.3.1 ⏵ 13.0.09810010096 -1100
Updatedsecretlint@​12.3.1 ⏵ 13.0.0100 +110097 +196 -1100

View full report

@prisis prisis merged commit a6331a3 into main May 8, 2026
11 checks passed
@prisis prisis deleted the renovate/major-13-secretlint-monorepo branch May 8, 2026 05:45
prisis pushed a commit that referenced this pull request May 8, 2026
@github-actions
chore(release): v14.0.0 [skip ci]\n\n## [14.0.0](v13.1.3...v14.0.0) (…
62df0b5 
…2026-05-08)

### ⚠ BREAKING CHANGES

* **deps:** updated dependencies to major versions

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

### Bug Fixes

* **deps:** update dependency undici@<6.24.0 to >=8.2.0 ([#383](#383)) ([b8167df](b8167df))

### Miscellaneous Chores

* **deps:** update secretlint monorepo to v13 ([#385](#385)) ([a6331a3](a6331a3))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisis prisis Awaiting requested review from prisis prisis is a code owner

Assignees

No one assigned

Labels

c: dependencies Pull requests that adds/updates a dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@prisis