style(deps): update dependency stylelint to v17

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
stylelint (source)	^15.11.0 || 16.x → ^15.11.0 || 16.x || 17.x

---

Release Notes

stylelint/stylelint (stylelint)

v17.4.0

Compare Source

It adds 2 options to the rules and fixes 7 bugs.

• Added: ignoreAtRules: [] to at-rule-no-vendor-prefix (#​9096) (@​theacrat).
• Added: ignoreMediaFeatureNames: [] to media-feature-name-no-vendor-prefix (#​9097) (@​theacrat).
• Fixed: performance of selector cloning rules (#​9089) (@​jeddy3).
• Fixed: *-empty-line-before performance (#​9092) (@​jeddy3).
• Fixed: declaration-property-value-no-unknown performance (#​9090) (@​jeddy3).
• Fixed: no-irregular-whitespace performance (#​9091) (@​jeddy3).
• Fixed: property-no-unknown false negatives for at-rule descriptors (#​9109) (@​jeddy3).
• Fixed: property-no-unknown false positives for corner-shape (#​9099) (@​jeddy3).
• Fixed: property-no-unknown false positives for double-slashed properties (#​9099) (@​jeddy3).

v17.3.0

Compare Source

It fixes 17 bugs. 3 related to supporting calc() in declaration-property-value-no-unknown, and 13 performance ones that make Stylelint a further 3x faster when using the rules in our standard config.

• Fixed: performance of rule sequencing (#​9055) (@​jeddy3).
• Fixed: *-list performance (#​9056) (@​jeddy3).
• Fixed: *-notation performance (#​9044) (@​jeddy3).
• Fixed: declaration-property-max-values performance (#​9057) (@​jeddy3).
• Fixed: declaration-property-value-keyword-no-deprecated performance (#​9058) (@​jeddy3).
• Fixed: declaration-property-value-no-unknown false negatives for math functions inside of non-math functions (#​9064) (@​romainmenke).
• Fixed: declaration-property-value-no-unknown false positives for calc() with mixed operations (#​9064) (@​romainmenke).
• Fixed: declaration-property-value-no-unknown performance (#​9062) (@​jeddy3).
• Fixed: declaration-property-value-no-unknown reported ranges for multiple math functions (#​9064) (@​romainmenke).
• Fixed: length-zero-no-unit performance (#​9046) (@​jeddy3).
• Fixed: named-grid-areas-no-invalid false positives for mix of tabs and spaces (#​9039) (@​adalinesimonian).
• Fixed: no-unknown-custom-media performance (#​9059) (@​jeddy3).
• Fixed: selector-max-* performance (#​9042) (@​jeddy3).
• Fixed: shorthand-property-no-redundant-values performance (#​9047) (@​jeddy3).
• Fixed: syntax-string-no-invalid performance (#​9061) (@​jeddy3).
• Fixed: time-min-milliseconds performance (#​9060) (@​jeddy3).
• Fixed: value-keyword-case performance (#​9048) (@​jeddy3).

v17.2.0

Compare Source

It fixes 7 bugs, including 5 performance ones that make Stylelint 7x faster and use 3x less memory on larger codebases such as design systems and monorepos. We also restructured our docs to create a contributor guide. If you'd like to help out and contribute to Stylelint, that's the place to start.

• Fixed: performance of config augmentation and module imports (#​9021) (@​adalinesimonian).
• Fixed: performance of config override matching (#​9023) (@​adalinesimonian).
• Fixed: performance of config resolution (#​9033) (@​adalinesimonian).
• Fixed: performance of rule resolution (#​9022) (@​adalinesimonian).
• Fixed: declaration-property-value-no-unknown false negatives for math functions (#​9011) (@​ragini-pandey).
• Fixed: no-duplicate-selectors false negatives for matching escaped selectors (#​8953) (@​bjnewman).
• Fixed: no-invalid-position-at-import-rule false negatives for layers with blocks (#​9026) (@​romainmenke).

v17.1.1

Compare Source

It fixes 2 bugs.

• Fixed: resolution of configs, plugins, processors, and custom syntaxes in Yarn PnP environments (#​9010) (@​adalinesimonian).
• Fixed: lightness-notation autofix for decimals (#​9009) (@​IlyaSemenov).

v17.1.0

Compare Source

It fixes 5 bugs and adds the display-notation rule. Before we turn it on in our standard config, we'd like to hear the community's thoughts on which options to use.

• Added: display-notation rule (#​8981) (@​romainmenke).
• Fixed: GlobbyOptions TypeScript errors (#​8992) (@​zalishchuk).
• Fixed: hue-degree-notation false negatives and positives for relative colors (#​8985) (@​jamesnw).
• Fixed: lightness-notation false negatives for relative colors (#​8987) (@​jamesnw).
• Fixed: selector-type-no-unknown false positives for geolocation and usermedia (#​9004) (@​Mouvedia).
• Fixed: selector-type-no-unknown false positives for rb, rtc and menuitem (#​8972) (@​Mouvedia).

v17.0.0

Compare Source

It contains 14 breaking changes, which we've detailed in the migrating to 17.0.0 guide. Additionally, it adds 3 options to the rules and fixes 9 bugs. We've also released compatible versions of our shared config, Visual Studio Code extension, Node.js Rule Tester and Jest preset.

• Removed: CommonJS Node.js API (#​8859) (@​jeddy3).
• Removed: output property in the Node.js API returned resolved object (#​8878) (@​jeddy3).
• Removed: support for Node.js less than 20.19.0 (#​8867) (@​jeddy3).
• Removed: GitHub formatter (#​8888) (@​jeddy3).
• Removed: resolveNestedSelectors option from selector-class-pattern (#​8931) (@​jeddy3).
• Removed: checkContextFunctionalPseudoClasses option from selector-max-id (#​8913) (@​jeddy3).
• Changed: default fix mode to strict (#​8889) (@​jeddy3).
• Changed: report to be consistent and predictable in how it handles the provided position arguments (#​8217) (@​romainmenke).
• Changed: selector-max-* syntax rules for standard CSS nesting and modern functional pseudo-classes (#​8913) (@​jeddy3).
• Changed: *-specificity semantic rules for standard CSS nesting (#​8913) (@​jeddy3).
• Changed: no-duplicate-selectors and selector-no-qualifying-type for standard CSS nesting (#​8913) (@​jeddy3).
• Changed: *-list rules to have consistent behaviour for vendor prefixes and case (#​8912) (@​jeddy3).
• Changed: *-no-vendor-prefix rules to have consistent behaviour for their ignore*: [] secondary options (#​8924) (@​jeddy3).
• Changed: declaration-property-max-values rule to have consistent behaviour for vendor prefixes (#​8926) (@​jeddy3).
• Added: except: ["after-block"] to custom-property-empty-line-before (#​8921) (@​kovsu).
• Added: except: ["after-block"] to declaration-empty-line-before (#​8910) (@​kovsu).
• Added: ignoreSelectors: [] to no-duplicate-selectors (#​8883) (@​kovsu).
• Fixed: Windows drive letter casing inconsistencies when matching patterns against file paths (#​8941) (@​adalinesimonian).
• Fixed: CLI help to include TypeScript config files (#​8908) (@​kovsu).
• Fixed: at-rule-descriptor-no-unknown false positives for declarations within feature-value-blocks (#​8868) (@​kovsu).
• Fixed: declaration-block-no-redundant-longhand-properties false negatives for short and long combinations (#​8892) (@​nathannewyen).
• Fixed: media-feature-name-no-unknown false positives for namespaced dollar variables and range context queries (#​8890) (@​kovsu).
• Fixed: nesting-selector-no-missing-scoping-root false positives for CSS-in-JS (#​8905) (@​kovsu).
• Fixed: no-invalid-position-declaration false negatives for embedded blocks (#​8907) (@​kovsu).
• Fixed: selector-no-qualifying-type false negatives for :is/where() (#​8940) (@​romainmenke).
• Fixed: selector-type-no-unknown false positives for MathML 4 tags (#​8874) (@​jeddy3).

---

Configuration

📅 Schedule: Branch creation - "after 1am and before 5am every weekend" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Scope: all 8 workspace projects
 ERR_PNPM_CATALOG_ENTRY_NOT_FOUND_FOR_SPEC  No catalog entry '@tsconfig/node16' was found for catalog 'tsc'.

[github-actions]

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details:

Unknown release type "style" found in pull request title "style(deps): update dependency stylelint to v17".

Available types:
 - build
 - chore
 - ci
 - docs
 - feat
 - fix
 - perf
 - infra
 - refactor
 - revert
 - test

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	esbuild@​0.27.3
	eslint-plugin-no-for-of-array@​0.1.0
	cz-conventional-changelog@​3.3.0
	eslint-plugin-antfu@​3.2.2
	eslint-import-resolver-node@​0.3.9
	eslint-merge-processors@​2.0.0
	eslint-plugin-simple-import-sort@​12.1.1
	eslint-plugin-no-only-tests@​3.3.0
	cross-env@​10.1.0
	eslint-plugin-react-perf@​3.3.3
	eslint-plugin-promise@​7.2.1
	eslint-plugin-tailwindcss@​3.18.2
	eslint-plugin-sonarjs@​3.0.7
	eslint-plugin-react@​7.37.5
	eslint-plugin-no-unsanitized@​4.1.5
	eslint-plugin-html@​8.1.4
	eslint-plugin-jsx-a11y@​6.10.2
	eslint-config-flat-gitignore@​2.2.1
	eslint-plugin-no-secrets@​2.2.2
	eslint-plugin-astro@​1.6.0
	eslint-plugin-erasable-syntax-only@​0.4.0
	eslint-plugin-security@​3.0.1
	eslint-plugin-es-x@​9.4.1
	eslint-plugin-format@​1.4.0
	eslint-plugin-pnpm@​1.5.0
	eslint-plugin-react-compiler@​19.1.0-rc.2
	eslint-import-resolver-typescript@​4.4.4
	eslint-plugin-compat@​6.2.0
	eslint-flat-config-utils@​2.1.4
	eslint-plugin-regexp@​2.10.0
	eslint-plugin-perfectionist@​4.15.1
	eslint-plugin-n@​17.24.0
	eslint-plugin-playwright@​2.7.0
See 8 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/astro-eslint-parser@1.3.0 → npm/entities@6.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report