[Snyk] Upgrade eslint from 9.21.0 to 9.37.0

[Dustin4444]

Snyk has created this PR to upgrade eslint from 9.21.0 to 9.37.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 18 versions ahead of your current version.

• The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ESLINTPLUGINKIT-10847878	57	Proof of Concept

Release notes

Package name: eslint

• 9.37.0 - 2025-10-03
  

  Features

  • 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
  • f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

  Bug Fixes

  • a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
  • 09e04fc fix: add missing AST token types (#20172) (Pixel998)
  • 861c6da fix: correct ESLint typings (#20122) (Pixel998)

  Documentation

  • b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
  • 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
  • 29ea092 docs: Update README (GitHub Actions Bot)
  • 5c97a04 docs: show availableUntil in deprecated rule banner (#20170) (Pixel998)
  • 90a71bf docs: update README files to add badge and instructions (#20115) (루밀LuMir)
  • 1603ae1 docs: update references from master to main (#20153) (루밀LuMir)

  Chores

  • afe8a13 chore: update @ eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
  • abee4ca chore: package.json update for @ eslint/js release (Jenkins)
  • fc9381f chore: fix typos in comments (#20175) (overlookmotel)
  • e1574a2 chore: unpin jiti (#20173) (renovate[bot])
  • e1ac05e refactor: mark ESLint.findConfigFile() as async, add missing docs (#20157) (Pixel998)
  • 347906d chore: update eslint (#20149) (renovate[bot])
  • 0cb5897 test: remove tmp dir created for circular fixes in multithread mode test (#20146) (Milos Djermanovic)
  • bb99566 ci: pin jiti to version 2.5.1 (#20151) (Pixel998)
  • 177f669 perf: improve worker count calculation for "auto" concurrency (#20067) (Francesco Trotta)
  • 448b57b chore: Mark deprecated formatting rules as available until v11.0.0 (#20144) (Milos Djermanovic)
• 9.36.0 - 2025-09-19
  

  Features

  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)

  Bug Fixes

  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)

  Documentation

  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 91f97c5 docs: Update README (GitHub Actions Bot)

  Chores

  • 12411e8 chore: upgrade @ eslint/js@9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @ eslint/js release (Jenkins)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
• 9.35.0 - 2025-09-05
  

  Features

  • 42761fa feat: implement suggestions for no-empty-function (#20057) (jaymarvelz)
  • 102f444 feat: implement suggestions for no-empty-static-block (#20056) (jaymarvelz)
  • e51ffff feat: add preserve-caught-error rule (#19913) (Amnish Singh Arora)

  Bug Fixes

  • 10e7ae2 fix: update uncloneable options error message (#20059) (soda-sorcery)
  • bfa4601 fix: ignore empty switch statements with comments in no-empty rule (#20045) (jaymarvelz)
  • dfd11de fix: add before and after to test case types (#20049) (Francesco Trotta)
  • dabbe95 fix: correct types for no-restricted-imports rule (#20034) (Milos Djermanovic)
  • ea789c7 fix: no-loss-of-precision false positive with uppercase exponent (#20032) (sethamus)

  Documentation

  • d265515 docs: improve phrasing - "if" → "even if" from getting-started section (#20074) (jjangga0214)
  • a355a0e docs: invert comparison logic for example in no-var doc page (#20064) (OTonGitHub)
  • 5082fc2 docs: Update README (GitHub Actions Bot)
  • 99cfd7e docs: add missing "the" in rule deprecation docs (#20050) (Josh Goldberg ✨)
  • 6ad8973 docs: update --no-ignore and --ignore-pattern documentation (#20036) (Francesco Trotta)
  • 8033b19 docs: add documentation for --no-config-lookup (#20033) (Francesco Trotta)

  Chores

  • da87f2f chore: upgrade @ eslint/js@9.35.0 (#20077) (Milos Djermanovic)
  • af2a087 chore: package.json update for @ eslint/js release (Jenkins)
  • 7055764 test: remove tests/lib/eslint/eslint.config.js (#20065) (Milos Djermanovic)
  • 84ffb96 chore: update @ eslint-community/eslint-utils (#20069) (Francesco Trotta)
  • d5ef939 refactor: remove deprecated context.parserOptions usage across rules (#20060) (sethamus)
  • 1b3881d chore: remove redundant word (#20058) (pxwanglu)
• 9.34.0 - 2025-08-22
  

  Features

  • 0bb777a feat: multithread linting (#19794) (Francesco Trotta)
  • 43a5f9e feat: add eslint-plugin-regexp to eslint-config-eslint base config (#19951) (Pixel998)

  Bug Fixes

  • 9b89903 fix: default value of accessor-pairs option in rule.d.ts file (#20024) (Tanuj Kanti)
  • 6c07420 fix: fix spurious failure in neostandard integration test (#20023) (Kirk Waiblinger)
  • 676f4ac fix: allow scientific notation with trailing zeros matching exponent (#20002) (Sweta Tanwar)

  Documentation

  • 0b4a590 docs: make rulesdir deprecation clearer (#20018) (Domenico Gemoli)
  • 327c672 docs: Update README (GitHub Actions Bot)
  • bf26229 docs: Fix typo in core-concepts/index.md (#20009) (Tobias Hernstig)
  • 2309327 docs: fix typo in the "Configuring Rules" section (#20001) (ghazi-git)
  • 2b87e21 docs: [no-else-return] clarify sample code. (#19991) (Yuki Takada (Yukinosuke Takada))
  • c36570c docs: Update README (GitHub Actions Bot)

  Chores

  • f19ad94 chore: upgrade to @ eslint/js@9.34.0 (#20030) (Francesco Trotta)
  • b48fa20 chore: package.json update for @ eslint/js release (Jenkins)
  • 4bce8a2 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 0c9999c refactor: prefer default options in grouped-accessor-pairs (#20028) (루밀LuMir)
  • d503f19 ci: fix stale.yml (#20010) (루밀LuMir)
  • e2dc67d ci: centralize stale.yml (#19994) (루밀LuMir)
  • 7093cb8 ci: bump actions/checkout from 4 to 5 (#20005) (dependabot[bot])
• 9.33.0 - 2025-08-08
  

  Features

  • e07820e feat: add global object access detection to no-restricted-globals (#19939) (sethamus)
  • 90b050e feat: support explicit resource management in one-var (#19941) (Sweta Tanwar)

  Bug Fixes

  • 732433c fix: allow any type for meta.docs.recommended in custom rules (#19995) (Francesco Trotta)
  • e8a6914 fix: Fixed potential bug in check-emfile-handling.js (#19975) (諏訪原慶斗)

  Documentation

  • 34f0723 docs: playground button for TypeScript code example (#19671) (Tanuj Kanti)
  • dc942a4 docs: Update README (GitHub Actions Bot)
  • 5a4b6f7 docs: Update no-multi-assign.md (#19979) (Yuki Takada (Yukinosuke Takada))
  • 247e156 docs: add missing let declarations in no-plusplus (#19980) (Yuki Takada (Yukinosuke Takada))
  • 0d17242 docs: Update README (GitHub Actions Bot)
  • fa20b9d docs: Clarify when to open an issue for a PR (#19974) (Nicholas C. Zakas)

  Build Related

  • 27fa865 build: use ESLint class to generate formatter examples (#19972) (Milos Djermanovic)

  Chores

  • 4258046 chore: update dependency @ eslint/js to v9.33.0 (#19998) (renovate[bot])
  • ad28371 chore: package.json update for @ eslint/js release (Jenkins)
  • 06a22f1 test: resolve flakiness in --mcp flag test (#19993) (Pixel998)
  • 54920ed test: switch to Linter.Config in ESLintRules type tests (#19977) (Francesco Trotta)
• 9.32.0 - 2025-07-25
  

  Features

  • 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
  • 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)

  Bug Fixes

  • 960fd40 fix: Upgrade @ eslint/js (#19971) (Nicholas C. Zakas)
  • bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
  • d498887 fix: bump @ eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
  • f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
  • 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
  • 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

  Documentation

  • 86e7426 docs: Update README (GitHub Actions Bot)

  Chores

  • 50de1ce chore: package.json update for @ eslint/js release (Jenkins)
  • 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
  • 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
  • b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
  • f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
  • e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
  • e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
  • 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
  • c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)
• 9.31.0 - 2025-07-11
  

  Features

  • 35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)
  • a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)
  • 4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)
  • 5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)
  • bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)

  Bug Fixes

  • 07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)
  • 28cc7ab fix: Remove incorrect RuleContext types (#19910...

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-35a366e61d60fcc85bec322d04decacd

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @Dustin4444, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the project's eslint dependency to the latest stable version, 9.37.0. This update is critical for maintaining code quality and security, as it resolves several low-severity ReDoS vulnerabilities. Beyond security, the new eslint versions bring a host of new features and bug fixes, enhancing the linting capabilities and overall development experience.

Highlights

• Dependency Upgrade: The eslint dependency has been upgraded from version 9.21.0 to 9.37.0, incorporating 18 new versions.
• Security Fixes: This upgrade addresses multiple low-severity Regular Expression Denial of Service (ReDoS) vulnerabilities, specifically SNYK-JS-BRACEEXPANSION-9789073 and SNYK-JS-ESLINTPLUGINKIT-10847878.
• New Features and Bug Fixes: The updated eslint versions introduce new features such as multithread linting, support for TypeScript syntax in no-restricted-imports, and explicit resource management in various core rules. Numerous bug fixes and documentation improvements are also included.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request upgrades eslint to version 9.37.0 to resolve security vulnerabilities. While the dependency update in the root package.json is correct, a related peerDependency in the @jsdoc/eslint-config package was missed. I've added a comment to highlight this omission, which should be addressed to maintain consistency within the monorepo.

[gemini-code-assist]

While updating the eslint version here is correct, the corresponding peerDependency in packages/jsdoc-eslint-config/package.json was not updated. To ensure consumers of @jsdoc/eslint-config use a compatible version and to maintain consistency with the version used for development in this monorepo, please also update the peerDependency from ^9.21.0 to ^9.37.0.