🚨 [security] Update eslint 8.30.0 → 9.15.0 (major) #709
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![depfu[bot]](https://avatars.githubusercontent.com/in/715?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ eslint (8.30.0 → 9.15.0) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by 51 commits:
chore: release 3.2.0 (#174)feat: merge rule.meta.defaultOptions before validation (#166)docs: add `compat.extends` example with plugin config (#173)ci: run tests in Node.js 23 (#170)ci: reduce list of releasable tags to `feat`, `fix` and `perf` (#161)chore: release 3.1.0 (#155)feat: Expose loadConfigFile() function (#160)chore: update dependency shelljs to ^0.8.5 (#156)ci: run tests in Node.js 22 (#154)chore: release 3.0.2 (#153)chore: maintenance update of `globals` to `v14` (#152)chore: release 3.0.1 (#145)chore: upgrade [email protected] (#151)docs: More explicit about all and recommended configs (#150)docs: fix changelog for v3.0.0 (#144)chore: release 3.0.0 (#141)chore: upgrade github actions (#143)feat!: Require Node.js `^18.18.0 || ^20.9.0 || >=21.1.0` (#142)feat!: Set default `schema: []`, drop support for function-style rules (#139)chore: release 2.1.4 (#138)fix: Use original plugin from disk in FlatCompat (#137)chore: release 2.1.3 (#131)docs: Add CommonJS example to README (#134)ci: run tests in Node.js 21 (#130)chore: release 2.1.2 (#124)fix: Ensure environments in overrides respect files patterns (#126)chore: standardize npm script names (#122)chore: Remove add-to-triage (#123)chore: release 2.1.1 (#120)chore: Add PRs to triage (#121)ci: generate provenance statements when release (#119)chore: release 2.1.0 (#117)chore: upgrade [email protected] (#118)feat: add `es2023` and `es2024` environments (#116)chore: release 2.0.3 (#112)chore: upgrade [email protected] (#113)chore: set up release-please (#111)ci: run tests on Node.js v20 (#108)2.0.2Build: changelog update for 2.0.2chore: upgrade [email protected] (#106)2.0.1Build: changelog update for 2.0.1chore: upgrade [email protected] (#104)2.0.0Build: changelog update for 2.0.0feat!: Require eslint:all and eslint:recommended as parameters. (#103)chore: Add triage action (#101)1.4.1Build: changelog update for 1.4.1fix: Update FlatCompat docs + typings to reflect Array (#99)Sorry, we couldn't find anything useful about this release.
Sorry, we couldn't find anything useful about this release.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by 11 commits:
chore: publish v5.62.0fix(eslint-plugin): replace auto-fix of class literal property style rule with suggestion (#7054)docs: be more explicit about what restrict-template-expressions restricts (#7009)chore(deps): update dependency eslint-plugin-unicorn to v46.0.1 (#7023)chore: update contributors (#7152)chore(deps): update dependency @types/debug to v4.1.8 (#7072)fix(eslint-plugin): [comma-spacing] allow no space after trailing comma in objects and arrays (#6938)fix(eslint-plugin): [prefer-includes] escape special characters (#7161)feat(eslint-plugin): [prefer-nullish-coalescing] add `ignorePrimitives` option (#6487)chore: update sponsors (#7169)docs: added announcing-typescript-eslint-v6 blog post (#7156)Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by 11 commits:
chore: publish v5.62.0fix(eslint-plugin): replace auto-fix of class literal property style rule with suggestion (#7054)docs: be more explicit about what restrict-template-expressions restricts (#7009)chore(deps): update dependency eslint-plugin-unicorn to v46.0.1 (#7023)chore: update contributors (#7152)chore(deps): update dependency @types/debug to v4.1.8 (#7072)fix(eslint-plugin): [comma-spacing] allow no space after trailing comma in objects and arrays (#6938)fix(eslint-plugin): [prefer-includes] escape special characters (#7161)feat(eslint-plugin): [prefer-nullish-coalescing] add `ignorePrimitives` option (#6487)chore: update sponsors (#7169)docs: added announcing-typescript-eslint-v6 blog post (#7156)Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by 11 commits:
chore: publish v5.62.0fix(eslint-plugin): replace auto-fix of class literal property style rule with suggestion (#7054)docs: be more explicit about what restrict-template-expressions restricts (#7009)chore(deps): update dependency eslint-plugin-unicorn to v46.0.1 (#7023)chore: update contributors (#7152)chore(deps): update dependency @types/debug to v4.1.8 (#7072)fix(eslint-plugin): [comma-spacing] allow no space after trailing comma in objects and arrays (#6938)fix(eslint-plugin): [prefer-includes] escape special characters (#7161)feat(eslint-plugin): [prefer-nullish-coalescing] add `ignorePrimitives` option (#6487)chore: update sponsors (#7169)docs: added announcing-typescript-eslint-v6 blog post (#7156)Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by 11 commits:
chore: publish v5.62.0fix(eslint-plugin): replace auto-fix of class literal property style rule with suggestion (#7054)docs: be more explicit about what restrict-template-expressions restricts (#7009)chore(deps): update dependency eslint-plugin-unicorn to v46.0.1 (#7023)chore: update contributors (#7152)chore(deps): update dependency @types/debug to v4.1.8 (#7072)fix(eslint-plugin): [comma-spacing] allow no space after trailing comma in objects and arrays (#6938)fix(eslint-plugin): [prefer-includes] escape special characters (#7161)feat(eslint-plugin): [prefer-nullish-coalescing] add `ignorePrimitives` option (#6487)chore: update sponsors (#7169)docs: added announcing-typescript-eslint-v6 blog post (#7156)Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Security Advisories 🚨
🚨 Regular Expression Denial of Service (ReDoS) in cross-spawn
Release Notes
7.0.5 (from changelog)
7.0.4 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 11 commits:
chore(release): 7.0.5fix: fix escaping bug introduced by backtrackingchore: remove codecovchore: replace travis with github workflowschore(release): 7.0.4fix: disable regexp backtracking (#160)chore: fix tests in recent node js versionschore: convert package lockchore: remove unused argument (#156)chore: add travis jobs on ppc64le (#142)chore: fix audit warningCommits
See the full diff on Github. The new version differs by 3 commits:
0.1.4Use non-deprecated `license` formatno longer testing 0.4Release Notes
10.3.0 (from changelog)
10.2.0 (from changelog)
10.1.0
10.0.1
10.0.0
9.6.1
9.6.0
9.5.2
9.5.1
9.5.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 26 commits:
Version 1.6.0allow naked binaryOp at the start of a selector within :has() (#145)pull lowercasing out of class matcher (#141)Version 1.5.0External class resolve (#140)Allow for custom node type keys (#139)Version 1.4.2Check that the node has a parent before matching a 'child' selector (#138)Version 1.4.1pin some dev dependencies that seem to have made breaking changesadd node 18 to the test matrixdrop node 6 from test matrixcombine the from-start and from-end paths in nthChildseparate the caching wrapper from the matcher generatorStyle fix: ++k instead of k++Cache selector matcher functions in a WeakMapAllow negative `nth` parameter in nthChildFix code style issuesCreate fewer intermediate objects in inPathTraverse only once & break early in "has" selectorReplace 'has' rule collector array with a boolean flagAvoid .indexOf in nthChildUse basic for loops instead of for-ofCreate even more specific attribute matchersHoist repeatedly recreated constantsCreate cached matcher functions for selectorsCommits
See the full diff on Github. The new version differs by 52 commits:
3.3.1Fixed another typo on TS definition3.3.0Fixed types and TS logo in npmRemoved jsr.json from npm3.2.13Fixed typo in JSDoc TS3.2.12Last attempt to fix jsr.ioStill trying to fix jsr.io publishing3.2.11Improved TS typesBumped jsr.io too3.2.10Trying this jsr thingUpdated dev-dependenciesUpdated all dev/dependenciesMerge pull request #71 from WebReflection/python3.2.9Added Python version of the very same thing3.2.8Merge pull request #70 from WebReflection/issue-69Fix #69 - Make `$value` an explicit class fieldRemoved a disturbingly unnecessary early returnMerge pull request #63 from WebReflection/dependabot/npm_and_yarn/json5-2.2.3Bump json5 from 2.2.1 to 2.2.33.2.7Updated dev-dependenciesMerge pull request #60 from Fdawgs/patch-1Reduce published package size3.2.6Fix #58 + updated dev dependencies + exported flatted/esmMerge pull request #55 from WebReflection/dependabot/npm_and_yarn/minimist-1.2.6Bump minimist from 1.2.5 to 1.2.63.2.5Fix #54 - Allow tools to read flatted/package.jsonMerge pull request #53 from karlhorky/patch-1Follow style of toJSONFixed a few typos in the README3.2.4updated package-lock.json3.2.3Added benchmark and info about @ungap/structured-clone alternativeMoving away from Travis CI3.2.2Merge pull request #50 from mattamusprime/typings-patchAdds fromJSON and toJSON to types.d.ts3.2.1Updated Travis bedgeRenamed master to mainUsing c8 instead of nycUpdated dev-dependencies + excluded test.phpRelease Notes
14.0.0
13.24.0
13.23.0
13.22.0
13.21.0
13.20.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 15 commits:
14.0.0Require Node.js 18Generate types rather than relying on `type-fest` (#209)Add script to get builtin globals (#207)13.24.0Meta tweaksAdd WebXR classes to `browser` (#206)13.23.0Add `ToggleEvent` to `browser` (#203)13.22.0Add `MediaStreamConstraints` to `browser` (#202)13.21.0Add missing Node.js and browser globals (#200)13.20.0Add missing Fetch API globals for Node.js (#197)Security Advisories 🚨
🚨 word-wrap vulnerable to Regular Expression Denial of Service
Release Notes
1.2.5
1.2.4
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 16 commits:
1.2.5revert default indentrun verb to generate READMEMerge pull request #42 from jonschlinkert/chore/publish-workflowMerge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2Update .github/workflows/publish.ymlchore: bump version to 1.2.4chore: add publish workflowchore: fix testchore: remove package-lockchore: added an additional testcasefix: cve 2023-26115fix: settle for new regex to support lower node versions:lock: fix: CVE-2023-26115Merge pull request #24 from mohd-akram/remove-default-indentRemove default indent🆕 @​eslint-community/regexpp (added, 4.12.1)
🆕 @​eslint/config-array (added, 0.19.0)
🆕 @​eslint/core (added, 0.9.0)
🆕 @​eslint/js (added, 9.15.0)
🆕 @​eslint/object-schema (added, 2.1.4)
🆕 @​eslint/plugin-kit (added, 0.2.3)
🆕 @​humanfs/core (added, 0.19.1)
🆕 @​humanfs/node (added, 0.16.6)
🆕 @​humanwhocodes/retry (added, 0.4.1)
🆕 json-buffer (added, 3.0.1)
🆕 keyv (added, 4.5.4)
🗑️ @​humanwhocodes/config-array (removed)
🗑️ @​humanwhocodes/object-schema (removed)
🗑️ @​typescript-eslint/experimental-utils (removed)
🗑️ @​typescript-eslint/utils (removed)
🗑️ doctrine (removed)
🗑️ grapheme-splitter (removed)
🗑️ js-sdsl (removed)
🗑️ text-table (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands