[Snyk] Security upgrade eslint from 8.57.1 to 9.26.0#1581
[Snyk] Security upgrade eslint from 8.57.1 to 9.26.0#1581
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ESLINT-15102420
There was a problem hiding this comment.
Pull request overview
This PR upgrades ESLint from version 8.57.1 to 9.26.0 to address a medium-severity security vulnerability (SNYK-JS-ESLINT-15102420) related to uncontrolled recursion. This is a major version upgrade with breaking changes.
Changes:
- Upgraded eslint from ^8.56.0 to ^9.26.0 in package.json
- Updated package-lock.json with new ESLint 9 dependencies and architecture
- Introduced new ESLint 9 core packages (@eslint/config-array, @eslint/core, @eslint/plugin-kit, etc.)
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Updates eslint dependency version from 8.56.0 to 9.26.0 |
| package-lock.json | Comprehensive dependency tree updates for ESLint 9, including new core packages, updated peer dependencies, and removal of deprecated packages |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "babel-loader": "^8.3.0", | ||
| "babel-polyfill": "^6.26.0", | ||
| "eslint": "^8.56.0", | ||
| "eslint": "^9.26.0", |
There was a problem hiding this comment.
ESLint major version upgrade from 8 to 9 is a breaking change. While the project already uses the ESLint 9 flat config format (eslint.config.js), there are several breaking changes in ESLint 9 that need verification: 1) Many formatting rules have been removed (use Prettier instead, which this project already does), 2) Some rule behaviors have changed, 3) Plugin compatibility - ensure all ESLint plugins (eslint-plugin-jsdoc, eslint-plugin-jsx-a11y, eslint-plugin-react, eslint-plugin-prettier) are compatible with ESLint 9. Testing the lint:js npm script in CI before merging is critical to ensure no unexpected breaking changes affect the build.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-ESLINT-15102420
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.