Skip to content

Bump @eslint/js from 9.12.0 to 9.14.0 #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Unity-Billal-mesloub merged 1 commit into from
Nov 9, 2024
Merged

Bump @eslint/js from 9.12.0 to 9.14.0 #55

Unity-Billal-mesloub merged 1 commit into from
Nov 9, 2024

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 9, 2024
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps @eslint/js from 9.12.0 to 9.14.0.

Release notes

Sourced from @​eslint/js's releases.

v9.14.0

Features

  • 3fa009f feat: add support for Import Attributes and RegExp Modifiers (#19076) (Milos Djermanovic)
  • b0faee3 feat: add types for the @eslint/js package (#19010) (Nitin Kumar)

Bug Fixes

  • 24d0172 fix: enable retry concurrency limit for readFile() (#19077) (Nicholas C. Zakas)
  • b442067 fix: Don't crash when directory is deleted during traversal. (#19067) (Nicholas C. Zakas)
  • d474443 fix: avoid call stack overflow while processing globs (#19035) (Livia Medeiros)

Documentation

  • 151c965 docs: update context.languageOptions.parser description (#19084) (Nitin Kumar)
  • dc34f94 docs: Update README (GitHub Actions Bot)
  • f16e846 docs: Update README (GitHub Actions Bot)
  • ee0a77e docs: change link from @​types/eslint to lib/types (#19049) (Karl Horky)
  • 50f03a1 docs: Clarify global ignores in config migration guide (#19032) (Milos Djermanovic)

Build Related

  • 37c9177 build: update @wdio/* dependencies (#19068) (Francesco Trotta)
  • 35a8858 build: exclude flawed dendency versions (#19065) (Francesco Trotta)

Chores

  • f36cb16 chore: upgrade @​eslint/js@​9.14.0 (#19086) (Milos Djermanovic)
  • 28be447 chore: package.json update for @​eslint/js release (Jenkins)
  • f48a2a0 test: add no-invalid-regexp tests with RegExp Modifiers (#19075) (Milos Djermanovic)
  • 425202e perf: Fix caching in config loaders (#19042) (Milos Djermanovic)
  • 3d44b3c ci: run tests in Node.js 23 (#19055) (Francesco Trotta)
  • 7259627 test: ensure tmp directory cleanup in check-emfile-handling.js (#19036) (Livia Medeiros)

v9.13.0

Features

  • 381c32b feat: Allow languages to provide defaultLanguageOptions (#19003) (Milos Djermanovic)
  • bf723bd feat: Improve eslintrc warning message (#19023) (Milos Djermanovic)
  • 1def4cd feat: drop support for jiti v1.21 (#18996) (Francesco Trotta)
  • f879be2 feat: export ESLint.defaultConfig (#18983) (Nitin Kumar)

Bug Fixes

Documentation

  • abdbfa8 docs: mark LintMessage#nodeType as deprecated (#19019) (Nitin Kumar)
  • 19e68d3 docs: update deprecated rules type definitions (#19018) (Nitin Kumar)
  • 7dd402d docs: Update examples of passing multiple values to a CLI option (#19006) (Milos Djermanovic)
  • 5dcbc51 docs: Add example with side-effect imports to no-restricted-imports (#18997) (Milos Djermanovic)
  • 1ee87ca docs: Update README (GitHub Actions Bot)
  • 2c3dbdc docs: Use prerendered sponsors for README (#18988) (Milos Djermanovic)

Chores

... (truncated)

Changelog

Sourced from @​eslint/js's changelog.

v9.14.0 - November 1, 2024

  • f36cb16 chore: upgrade @​eslint/js@​9.14.0 (#19086) (Milos Djermanovic)
  • 28be447 chore: package.json update for @​eslint/js release (Jenkins)
  • 24d0172 fix: enable retry concurrency limit for readFile() (#19077) (Nicholas C. Zakas)
  • 3fa009f feat: add support for Import Attributes and RegExp Modifiers (#19076) (Milos Djermanovic)
  • b0faee3 feat: add types for the @eslint/js package (#19010) (Nitin Kumar)
  • 151c965 docs: update context.languageOptions.parser description (#19084) (Nitin Kumar)
  • dc34f94 docs: Update README (GitHub Actions Bot)
  • f48a2a0 test: add no-invalid-regexp tests with RegExp Modifiers (#19075) (Milos Djermanovic)
  • 37c9177 build: update @wdio/* dependencies (#19068) (Francesco Trotta)
  • b442067 fix: Don't crash when directory is deleted during traversal. (#19067) (Nicholas C. Zakas)
  • 35a8858 build: exclude flawed dendency versions (#19065) (Francesco Trotta)
  • 425202e perf: Fix caching in config loaders (#19042) (Milos Djermanovic)
  • 3d44b3c ci: run tests in Node.js 23 (#19055) (Francesco Trotta)
  • f16e846 docs: Update README (GitHub Actions Bot)
  • ee0a77e docs: change link from @​types/eslint to lib/types (#19049) (Karl Horky)
  • d474443 fix: avoid call stack overflow while processing globs (#19035) (Livia Medeiros)
  • 7259627 test: ensure tmp directory cleanup in check-emfile-handling.js (#19036) (Livia Medeiros)
  • 50f03a1 docs: Clarify global ignores in config migration guide (#19032) (Milos Djermanovic)

v9.13.0 - October 18, 2024

  • 68d2d9d chore: upgrade to @eslint/[email protected] and @eslint/core@^0.7.0 (#19034) (Francesco Trotta)
  • 2211f0a chore: package.json update for @​eslint/js release (Jenkins)
  • 381c32b feat: Allow languages to provide defaultLanguageOptions (#19003) (Milos Djermanovic)
  • 78836d4 fix: update the complexity rule type (#19027) (Nitin Kumar)
  • c7abaef perf: using Node.js compile cache (#19012) (唯然)
  • bf723bd feat: Improve eslintrc warning message (#19023) (Milos Djermanovic)
  • 1d7c077 chore: add pkg.type "commonjs" (#19011) (唯然)
  • abdbfa8 docs: mark LintMessage#nodeType as deprecated (#19019) (Nitin Kumar)
  • 468e3bd test: fix ESLint tests (#19021) (Francesco Trotta)
  • 19e68d3 docs: update deprecated rules type definitions (#19018) (Nitin Kumar)
  • 1def4cd feat: drop support for jiti v1.21 (#18996) (Francesco Trotta)
  • 7dd402d docs: Update examples of passing multiple values to a CLI option (#19006) (Milos Djermanovic)
  • 064c8b6 fix: update rule types (#18925) (Nitin Kumar)
  • f879be2 feat: export ESLint.defaultConfig (#18983) (Nitin Kumar)
  • 5dcbc51 docs: Add example with side-effect imports to no-restricted-imports (#18997) (Milos Djermanovic)
  • ed4635f ci: upgrade [email protected] (#18992) (Milos Djermanovic)
  • efad767 chore: remove unused ignore dependency (#18993) (Amaresh S M)
  • 1ee87ca docs: Update README (GitHub Actions Bot)
  • 2c3dbdc docs: Use prerendered sponsors for README (#18988) (Milos Djermanovic)
Commits
  • 28be447 chore: package.json update for @​eslint/js release
  • b0faee3 feat: add types for the @eslint/js package (#19010)
  • 2211f0a chore: package.json update for @​eslint/js release
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 9, 2024
@socket-security
Copy link

socket-security bot commented Nov 9, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@google/[email protected] network 0 1.54 MB google-wombot
npm/[email protected] None 0 951 kB tonybrix
npm/[email protected] None +17 41.4 MB eventualbuddha, lukastaegert, rich_harris, ...2 more

🚮 Removed packages: npm/@eslint/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@socket-security
Copy link

socket-security bot commented Nov 9, 2024

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Filesystem access npm/[email protected] ⚠︎
Environment variable access npm/[email protected] ⚠︎
Network access npm/@google/[email protected] ⚠︎
Shell access npm/[email protected] ⚠︎

View full report↗︎

Next steps

What is filesystem access?

Accesses the file system, and could potentially read sensitive data.

If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.

What is environment variable access?

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to.

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@dependabot
Bump @eslint/js from 9.12.0 to 9.14.0
9f17b03 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.12.0 to 9.14.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.14.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/eslint/js-9.14.0 branch from 9652809 to 9f17b03 Compare November 9, 2024 23:06
@Unity-Billal-mesloub Unity-Billal-mesloub merged commit 5f4deb9 into main Nov 9, 2024
6 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Unity-Billal-mesloub Unity-Billal-mesloub

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant