🚨 [security] Update eslint 8.33.0 → 8.57.1 (minor) #16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ eslint (8.33.0 → 8.57.1) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.1.4
2.1.3
2.1.2
2.1.1
2.1.0
2.0.3
2.0.2
2.0.1
2.0.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 29 commits:
chore: release 2.1.4 (#138)fix: Use original plugin from disk in FlatCompat (#137)chore: release 2.1.3 (#131)docs: Add CommonJS example to README (#134)ci: run tests in Node.js 21 (#130)chore: release 2.1.2 (#124)fix: Ensure environments in overrides respect files patterns (#126)chore: standardize npm script names (#122)chore: Remove add-to-triage (#123)chore: release 2.1.1 (#120)chore: Add PRs to triage (#121)ci: generate provenance statements when release (#119)chore: release 2.1.0 (#117)chore: upgrade espree@9.6.0 (#118)feat: add `es2023` and `es2024` environments (#116)chore: release 2.0.3 (#112)chore: upgrade espree@9.5.2 (#113)chore: set up release-please (#111)ci: run tests on Node.js v20 (#108)2.0.2Build: changelog update for 2.0.2chore: upgrade espree@9.5.1 (#106)2.0.1Build: changelog update for 2.0.1chore: upgrade espree@9.5.0 (#104)2.0.0Build: changelog update for 2.0.0feat!: Require eslint:all and eslint:recommended as parameters. (#103)chore: Add triage action (#101)Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
3.4.3
3.4.2
3.4.1
3.4.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 23 commits:
chore: release 3.4.3 (#57)chore: Add back add-to-triage (#59)chore: standardize npm script names (#55)chore: update `typedef` in build keys template (#58)chore: Remove add-to-triage (#56)chore: release 3.4.2 (#51)chore: Add PRs to triage (#54)ci: generate provenance statements when release (#53)docs: remove `release` script reference from README (#52)docs: fix spelling mistakes (#50)chore: release 3.4.1 (#49)chore: set up release-please (#48)fix: correct types for node16 resolution (#47)ci: run tests on Node.js v20 (#45)3.4.0Build: changelog update for 3.4.0fix: remove useless sourcemap url (fixes #43) (#44)chore: add triage action (#42)ci: add Node v19 (#41)chore: update github actions and add funding field (#40)build: add node v18 (#39)feat: add `JSXSpreadChild` and tool to build keys out of AST definitions (#36)docs: update badges (#37)Release Notes
9.6.1
9.6.0
9.5.2
9.5.1
9.5.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 20 commits:
chore: release 9.6.1 (#578)ci: generate provenance statements when release (#579)refactor: switch to eslint flat config (#577)chore: release 9.6.0 (#576)feat: Support ES2024 and regexp v flag (#575)chore: release 9.5.2 (#572)chore: add `npm install` step to release-please workflow (#573)chore: upgrade eslint-visitor-keys@3.4.1 (#574)chore: set up release-please (#569)ci: run tests on Node.js v20 (#571)9.5.1Build: changelog update for 9.5.1chore: upgrade eslint-visitor-keys@3.4.0 (#568)fix: remove useless sourcemap url (fixes #566) (#567)chore: Add `lint-staged` (#565)9.5.0Build: changelog update for 9.5.0feat: Add parser name (#562)ci: use LTS node version in lint job (#561)chore: Add triage action (#560)Sorry, we couldn't find anything useful about this release.
Release Notes
3.3.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 4 commits:
3.3.1Meta tweakFix Bun compatibility (#32)Meta tweaksSecurity Advisories 🚨
🚨 js-yaml has prototype pollution in merge (<<)
Release Notes
4.1.1 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 7 commits:
4.1.1 releaseddist rebuildlint fixfix prototype pollution in merge (<<)README.md: HTTP => HTTPS (#678)doc: 'empty' style option for !!nullFix demo link (#618)Security Advisories 🚨
🚨 word-wrap vulnerable to Regular Expression Denial of Service
Release Notes
1.2.5
1.2.4
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 16 commits:
1.2.5revert default indentrun verb to generate READMEMerge pull request #42 from jonschlinkert/chore/publish-workflowMerge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2Update .github/workflows/publish.ymlchore: bump version to 1.2.4chore: add publish workflowchore: fix testchore: remove package-lockchore: added an additional testcasefix: cve 2023-26115fix: settle for new regex to support lower node versions:lock: fix: CVE-2023-26115Merge pull request #24 from mohd-akram/remove-default-indentRemove default indent🆕 @eslint-community/eslint-utils (added, 4.9.1)
🆕 @eslint-community/regexpp (added, 4.12.2)
🆕 @eslint/js (added, 8.57.1)
🆕 @ungap/structured-clone (added, 1.3.0)
🆕 graphemer (added, 1.4.0)
🆕 globals (added, 13.24.0)
🆕 eslint-scope (added, 7.2.2)
🗑️ js-sdsl (removed)
👉 No CI detected
You don't seem to have any Continuous Integration service set up!
Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.
This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:
* [Circle CI](https://circleci.com), [Semaphore ](https://semaphoreci.com) and [Github Actions](https://docs.github.com/actions) are all excellent options. * If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github. * If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with `depfu/`.Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands