[Snyk] Security upgrade babel-eslint from 10.0.1 to 10.1.0 by jhamot · Pull Request #114 · jhamot/atom

jhamot · 2025-10-24T00:16:24Z

Snyk has created this PR to fix 6 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

script/package.json
script/package-lock.json

This is a minor update that adds a new feature for parsing Flow enums and includes a deprecation notice. The package has been renamed to @babel/eslint-parser and babel-eslint will no longer receive updates. This upgrade itself introduces no functional breaking changes. Source: Package documentation

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Code Injection SNYK-JS-LODASH-1040724	398
	Prototype Pollution SNYK-JS-LODASH-567746	317
	Prototype Pollution SNYK-JS-LODASH-6139239	267
	Prototype Pollution SNYK-JS-LODASH-450202	256
	Prototype Pollution SNYK-JS-LODASH-608086	250
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	104

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection
🦉 Prototype Pollution

…bilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905

jhamot · 2025-12-17T21:49:06Z

The upgrade from babel-eslint@10.0.1 to 10.1.0 is a minor release. According to the official release notes, this version only adds the ability to parse Flow enums, which is a new feature and not a breaking change.

While the babel-eslint package is deprecated in favor of @babel/eslint-parser, this deprecation itself does not introduce a functional breaking change in the 10.1.0 version. Therefore, no immediate code changes are required for this specific upgrade.

jhamot · 2025-12-18T22:41:40Z

This is a minor update with no breaking changes. The primary change is the addition of parsing for Flow enums. [1] Note that the babel-eslint package is deprecated and has been replaced by @babel/eslint-parser. [2, 4]

Recommendation: While this upgrade is safe, plan to migrate to @babel/eslint-parser to receive future updates.

jhamot · 2025-12-19T21:33:50Z

This is a minor version update for a deprecated package. According to semantic versioning, there should be no breaking changes. The primary change to be aware of is that babel-eslint is deprecated and has been replaced by @babel/eslint-parser. This specific version bump from 10.0.1 to 10.1.0 does not introduce any breaking API changes itself; it was the version where the deprecation message was added. Future updates will no longer be provided to this package.

jhamot · 2025-12-21T00:45:37Z

This is a minor update with no functional breaking changes. However, babel-eslint is deprecated as of version 10.1.0 and has been replaced by @babel/eslint-parser. [2, 3, 4] While your code will not break with this update, you will see a deprecation warning upon installation.
Source: Package documentation
Recommendation: Plan to migrate from babel-eslint to @babel/eslint-parser to receive future updates.

jhamot · 2025-12-21T22:13:41Z

This is a minor update with no breaking API changes. However, version 10.1.0 is the final release of babel-eslint, which is now deprecated and has been replaced by the @babel/eslint-parser package. This package will no longer receive updates.

Source: npm & GitHub documentation
Recommendation: Plan to migrate from babel-eslint to @babel/eslint-parser to receive future updates and support.

jhamot · 2025-12-22T20:29:07Z

This is a minor update with no breaking API changes. However, babel-eslint@10.1.0 is deprecated and has been replaced by @babel/eslint-parser. The package will no longer receive updates.

Source: Package documentation
Recommendation: Plan to migrate to @babel/eslint-parser to stay current.

jhamot · 2025-12-24T18:47:11Z

This is a minor update with no documented breaking changes. The release added the ability to parse Flow enums. [1] Note that the babel-eslint package is deprecated and has been replaced by @babel/eslint-parser. [2, 3, 4] Future updates will require migrating to the new package.

jhamot · 2025-12-29T19:44:27Z

This is a minor update that does not introduce functional breaking changes. However, version 10.1.0 marks the package as deprecated. It has been replaced by @babel/eslint-parser, and babel-eslint will no longer receive updates.

Source: Package documentation
Recommendation: Plan to migrate from babel-eslint to @babel/eslint-parser to ensure future compatibility and updates.

jhamot · 2026-01-06T23:50:29Z

This is a minor update with no functional breaking changes. However, the babel-eslint package is deprecated as of version 10.1.0 and has been replaced by @babel/eslint-parser. This package will no longer receive updates.

Recommendation: Plan to migrate from babel-eslint to @babel/eslint-parser to continue receiving updates and support.

jhamot · 2026-01-07T18:15:42Z

This version bump is non-breaking, but the babel-eslint package is deprecated as of version 10.1.0 and has been replaced by @babel/eslint-parser. [2, 3, 4] This package will no longer receive updates. [2, 4]

Source: npm & GitHub documentation
Recommendation: Plan to migrate to the @babel/eslint-parser package to ensure future compatibility and updates.

jhamot · 2026-01-08T19:27:34Z

This is a minor update with no functional breaking changes. The only change is the added ability to parse Flow enums. [1] However, this version is deprecated and has been replaced by @babel/eslint-parser. [2, 3, 4] You will see a deprecation warning upon installation, but existing configurations will not break. [2]

Source: Package documentation

jhamot · 2026-01-09T16:33:39Z

This is a minor update with no breaking changes. However, the babel-eslint package is deprecated as of version 10.1.0 and has been replaced by @babel/eslint-parser. This package will no longer receive updates.

Source: Official npm package page, GitHub repository
Recommendation: Plan to migrate from babel-eslint to @babel/eslint-parser to ensure future compatibility and updates.

jhamot · 2026-01-10T20:02:08Z

While this minor version update contains no direct API breaking changes, version 10.1.0 is the final version of babel-eslint. The package has been deprecated and renamed to @babel/eslint-parser. It will no longer receive updates.

Source: Package documentation
Recommendation: Plan to migrate from babel-eslint to @babel/eslint-parser to continue receiving updates and support.

jhamot · 2026-01-11T22:06:40Z

This is a minor update with no breaking changes. The release notes for v10.1.0 indicate it only adds the ability to parse Flow enums. The package itself is deprecated in favor of @babel/eslint-parser and will no longer receive updates.

Source: Package documentation

Conversation

jhamot commented Oct 24, 2025

Snyk has created this PR to fix 6 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

jhamot commented Dec 17, 2025

Uh oh!

jhamot commented Dec 18, 2025

Uh oh!

jhamot commented Dec 19, 2025

Uh oh!

jhamot commented Dec 21, 2025

Uh oh!

jhamot commented Dec 21, 2025

Uh oh!

jhamot commented Dec 22, 2025

Uh oh!

jhamot commented Dec 24, 2025

Uh oh!

jhamot commented Dec 29, 2025

Uh oh!

jhamot commented Jan 6, 2026

Uh oh!

jhamot commented Jan 7, 2026

Uh oh!

jhamot commented Jan 8, 2026

Uh oh!

jhamot commented Jan 9, 2026

Uh oh!

jhamot commented Jan 10, 2026

Uh oh!

jhamot commented Jan 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants