chore(deps-dev): bump secretlint from 12.3.1 to 13.0.2

[dependabot]

Bumps secretlint from 12.3.1 to 13.0.2.

Release notes

Sourced from secretlint's releases.

v13.0.2

What's Changed

📝 v13.0.1 published as v13.0.2

Bug Fixes

• Fix secp256k1 private key detection to avoid false positives by @​azu in secretlint/secretlint#1564

CI

• ci: replace merge-gatekeeper with automerge-gate by @​azu in secretlint/secretlint#1543
• Update github/codeql-action action to v3.35.3 by @​renovate[bot] in secretlint/secretlint#1546
• ci(release): prevent cache poisoning by @​azu in secretlint/secretlint#1555
• chore(CI): update to pkgdeps/automerge-gate@4.1 by @​azu in secretlint/secretlint#1557
• Update rhysd/github-action-benchmark action to v1.22.1 by @​renovate[bot] in secretlint/secretlint#1558
• Update github/codeql-action action to v3.35.4 by @​renovate[bot] in secretlint/secretlint#1563

Dependency Updates

• Update dependency turbo to ^2.9.8 by @​renovate[bot] in secretlint/secretlint#1542
• Update dependency turbo to ^2.9.9 by @​renovate[bot] in secretlint/secretlint#1544
• Update Patch updates (patch) by @​renovate[bot] in secretlint/secretlint#1545
• Update pnpm to v10.33.4 by @​renovate[bot] in secretlint/secretlint#1551
• Update dependency @​types/node to ^25.6.1 by @​renovate[bot] in secretlint/secretlint#1552
• Update dependency turbo to ^2.9.10 by @​renovate[bot] in secretlint/secretlint#1553
• Update dependency @​types/node to ^25.6.2 by @​renovate[bot] in secretlint/secretlint#1554
• Update dependency turbo to ^2.9.12 by @​renovate[bot] in secretlint/secretlint#1556
• Update textlint to ^15.6.1 by @​renovate[bot] in secretlint/secretlint#1559
• Update dependency vitest to ^4.1.6 by @​renovate[bot] in secretlint/secretlint#1561
• Update dependency @​types/node to ^25.7.0 by @​renovate[bot] in secretlint/secretlint#1562

Other Changes

• Reorganize CLI options and update glob syntax documentation by @​azu in secretlint/secretlint#1540

Full Changelog: secretlint/secretlint@v13.0.0...v13.0.2

v13.0.0

Highlights

v13 changes how files are discovered on disk and adds three credential detection rules.

.gitignore is respected by default

Nested .gitignore files now apply to file discovery with ripgrep semantics: rules from each directory cascade into its subtree, and a negation rule in a deeper file can flip an earlier verdict.

Files excluded by any .gitignore on the path are no longer scanned. Repositories that previously relied on Secretlint scanning ignored files (such as dist/ or generated artefacts) will see fewer files in the output. .secretlintignore is unchanged and continues to apply alongside .gitignore.

To restore the v12 behaviour:

secretlint --no-gitignore "**/*"

... (truncated)

Commits

• 56012e5 v13.0.2 (#1566)
• 63a6fd4 v13.0.1 (#1565)
• f0ec5c0 Fix secp256k1 private key detection to avoid false positives (#1564)
• 5c2df17 Update github/codeql-action action to v3.35.4 (#1563)
• 3cbe8d9 Update dependency @​types/node to ^25.7.0 (#1562)
• b5bd0a9 Update dependency vitest to ^4.1.6 (#1561)
• 4356d15 Update textlint to ^15.6.1 (#1559)
• 4d13ae9 Update rhysd/github-action-benchmark action to v1.22.1 (#1558)
• 8a1b8ab chore(CI): update to pkgdeps/automerge-gate@4.1 (#1557)
• 5351a4d Update dependency turbo to ^2.9.12 (#1556)
• Additional commits viewable in compare view

Summary by CodeRabbit

• Chores
  • Updated development dependencies to maintain code quality standards.

**Disclaimer This is AxiomID Review Agent.

Greptile Summary

This dependabot PR bumps secretlint from 12.3.1 to 13.0.2 in package.json and updates the corresponding lock file entries, but leaves @secretlint/secretlint-rule-preset-recommend at ^12.2.0. The two packages are part of the same monorepo and must stay in lockstep.

• secretlint CLI is updated to ^13.0.2, but the companion rule preset @secretlint/secretlint-rule-preset-recommend remains at ^12.2.0 (locked to 12.3.1), creating a major-version mismatch that will cause secretlint to fail at runtime.
• All other @secretlint/* sub-packages in the lock file (@secretlint/core, @secretlint/types, @secretlint/config-loader, etc.) are correctly updated to 13.0.2; only the rule preset is out of sync.
• secretlint v13 is a breaking release (new file-discovery via ripgrep, new credential rules), so the preset must also be updated to ^13.0.2 before merging.

Confidence Score: 4/5

The bump is incomplete: the rule preset is left at v12 while the secretlint core moves to v13, which will break the pre-commit hook on every developer machine until fixed.

The @secretlint/secretlint-rule-preset-recommend package is still locked to 12.3.1 in the lock file. secretlint v13 changed internal types across the monorepo; loading a v12 preset against a v13 core causes a runtime failure in the secretlint pre-commit hook, blocking all commits. The fix is a one-line bump to ^13.0.2 followed by a fresh npm install.

package.json — the rule preset version needs to be updated alongside the secretlint CLI bump

Important Files Changed

Filename	Overview
package.json	secretlint bumped to ^13.0.2 but @secretlint/secretlint-rule-preset-recommend left at ^12.2.0 (resolves to 12.3.1) — major version mismatch in the same monorepo
package-lock.json	Lock file confirms @secretlint/secretlint-rule-preset-recommend is resolved at 12.3.1 while all other @secretlint/* packages are at 13.0.2

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[git commit] --> B[husky pre-commit hook]
    B --> C[npx secretlint]
    C --> D{Load config}
    D --> E[config-loader v13]
    E --> F[Load rule preset]
    F --> G[rule-preset-recommend v12]
    G -->|Type mismatch with types v13| H[Runtime failure]
    H --> I[Commit blocked for all developers]

    style G fill:#f88,stroke:#c00
    style H fill:#f88,stroke:#c00
    style I fill:#f88,stroke:#c00

Loading

Comments Outside Diff (1)

1. package.json, line 70 (link)

   @secretlint/secretlint-rule-preset-recommend is still pinned to ^12.2.0 (resolves to 12.3.1 in the lock file) while secretlint core was just bumped to 13.0.2. All @secretlint/* internal packages (@secretlint/core, @secretlint/types, @secretlint/walker, etc.) are now at 13.0.2 in the lock file. A v12 rule preset loaded against a v13 core will encounter incompatible internal types, causing secretlint to fail at runtime — this breaks the pre-commit hook in .husky/pre-commit and blocks every commit for developers.

   

_{Reviews (2): Last reviewed commit: "chore(deps-dev): bump secretlint from 12..." | Re-trigger Greptile}

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates the secretlint development dependency from version ^12.2.0 to ^13.0.2 in package.json. This is a single-line version bump to the secret scanning linter tool used during development.

Changes

Dependency Update

Layer / File(s)	Summary
Secretlint version upgrade package.json	Development dependency secretlint is bumped from ^12.2.0 to ^13.0.2.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A version bump so clean and bright,
Secretlint upgrades in the night,
From twelve to thirteen, the change is light,
With just one line made right! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is missing most required sections from the template including core rationale, related issue, type of change checklist, and strict compliance checklist items.	Add a structured description following the template: explain how the secretlint upgrade improves the project, link any related issues, check the appropriate type-of-change checkbox, and complete the strict checklist sections (code quality, security/architecture, testing).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the core change: a development dependency bump of secretlint from version 12.3.1 to 13.0.2, which matches the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/secretlint-13.0.2

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 75: Update the `@secretlint/secretlint-rule-preset-recommend` dependency to
match secretlint v13 by changing the version specifier for
"`@secretlint/secretlint-rule-preset-recommend`" from "^12.2.0" to "^13.0.2" in
package.json so the preset and core are on the same major version and avoid
compatibility/runtime issues.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e0039e13-e054-4941-9600-93ed4d3d1cc8

📥 Commits

Reviewing files that changed from the base of the PR and between 3010e94 and 20adb24.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify secretlint/preset compatibility from npm metadata (read-only)
set -euo pipefail

npm view secretlint@13.0.2 version peerDependencies dependencies --json
npm view `@secretlint/secretlint-rule-preset-recommend`@12.2.0 version peerDependencies dependencies --json
npm view `@secretlint/secretlint-rule-preset-recommend`@13.0.2 version peerDependencies dependencies --json

Repository: AIX-Format/PiWorker-OS

Length of output: 413

---

🏁 Script executed:

cat -n package.json | sed -n '65,80p'

Repository: AIX-Format/PiWorker-OS

Length of output: 589

---

Upgrade @secretlint/secretlint-rule-preset-recommend to match secretlint v13.

Line 75 upgrades secretlint to ^13.0.2, but Line 70 keeps @secretlint/secretlint-rule-preset-recommend at ^12.2.0. The major version gap between the core (v13) and preset (v12) will cause compatibility issues. Secretlint v13's internal dependencies are all pinned to v13.0.2, confirming structural changes that require the matching preset version. Upgrade the preset to ^13.0.2 to ensure consistent rule loading and avoid runtime failures.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 75, Update the
`@secretlint/secretlint-rule-preset-recommend` dependency to match secretlint v13
by changing the version specifier for
"`@secretlint/secretlint-rule-preset-recommend`" from "^12.2.0" to "^13.0.2" in
package.json so the preset and core are on the same major version and avoid
compatibility/runtime issues.