🚨 [security] Update all of typescript-eslint 6.21.0 → 8.24.0 (major) #431
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![depfu[bot]](https://avatars.githubusercontent.com/in/715?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ @typescript-eslint/eslint-plugin (6.21.0 → 8.24.0) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ @typescript-eslint/parser (6.21.0 → 8.24.0) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Security Advisories 🚨
🚨 Uncontrolled resource consumption in braces
Commits
See the full diff on Github. The new version differs by 12 commits:
3.0.3update eslint. lint, fix unit tests.Snyk js braces 6838727 (#40)fix tests, skip 1 test in test/braces.expandreadme bumpMerge pull request #37 from coderaiser/fix/vulnerabilityfeature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/36#issuecomment-2110820796)fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)remove funding fileupdate keepEscaping doc (#27)Failing test cases for issue \#29 (#30)Create FUNDING.ymlRelease Notes
3.3.3
3.3.2
3.3.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 19 commits:
3.3.3Merge pull request #464 from mrmlnc/3.3.3perf: optimizing the patterns set matching by exiting earlydocs: add information about enumerable properties for the fs optionfix: apply absolute negative patterns to full path instead of file pathbuild: fix watch commandchore: refer to [email protected] to avoid annoying npm audit spambuild: freeze fdir dependency to avoid tsc issues3.3.2fix: escape square braces on Windows platformfix: keep escaping after brace expansion3.3.1Merge pull request #407 from ivanhofer/patch-1fix typoMerge pull request #406 from mrmlnc/ISSUE-404_fix_patterns.reducefix: cast the ignore field to the arraybuild: fix build benchmark filesdocs: remove fundingdocs: update benchmark sectionCommits
See the full diff on Github. The new version differs by 7 commits:
7.1.1ensure that maxLen is passed down, to handle zero-paddingupdate eslint. lint.Delete FUNDING.ymlCreate FUNDING.yml7.0.1fix regressionsRelease Notes
5.3.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 25 commits:
5.3.2: fixes #130, fixes consequent escaped backslashesMerge pull request #128 from kaelzhang/dependabot/npm_and_yarn/rimraf-6.0.1dependabot.yml: ignore eslintBump rimraf from 5.0.9 to 6.0.1dependabot: ignore tapMerge pull request #110 from kaelzhang/dependabot/npm_and_yarn/tmp-0.2.3Bump tmp from 0.2.1 to 0.2.35.3.1: #108: remove BOM before processing .gitignore rules5.3.0: #105Merge pull request #105 from DamianGlowala/patch-1Update index.d.tstest: rollback tap for the breaking changeMerge pull request #103 from kaelzhang/dependabot/npm_and_yarn/tap-18.5.3Bump tap from 16.3.9 to 18.5.3test/typescript: add more tests for interface Ignorechore: upgrade dev deps#94: upgrade mkdirp -> 3.0.0Merge pull request #93 from kaelzhang/dependabot/npm_and_yarn/rimraf-5.0.0Bump rimraf from 4.4.1 to 5.0.0Merge pull request #92 from kaelzhang/dependabot/npm_and_yarn/typescript-5.0.2Bump typescript from 4.9.5 to 5.0.2test: update git actions: since ignore are node-version-agnostic, so only test on node LTStest: since ignore are node-version-agnostic, so only test on node LTSchore: upgrade dev dependencies, fixes #85, fixes #89, fixes #86Create dependabot.ymlSecurity Advisories 🚨
🚨 Regular Expression Denial of Service (ReDoS) in micromatch
Commits
See the full diff on Github. The new version differs by 16 commits:
4.0.8run verb to generate README documentationMerge branch 'v4' into hauserkristof-feature/v4.0.8Merge pull request #266 from hauserkristof/feature/v4.0.8lintfix: CHANGELOG about braces & CVE-2024-4068, v4.0.5fix: CVE numbers in CHANGELOGfeat: updated CHANGELOGfix: use actions/setup-node@v4feat: rework test to work on macos with node 10,12 and 14fix: removed unused isObject functionfeat: backported CVE fix from 4.0.6 over to 4.0.7Release 4.0.7.Prepare for 4.0.7 with picomatch v2Update README.mdAdd sponsor to readmeRelease Notes
7.7.1
7.7.0
7.6.3
7.6.2
7.6.1
7.6.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 46 commits:
chore: release 7.7.1 (#765)fix(inc): fully capture prerelease identifier (#764)chore: release 7.7.0 (#750)fix(diff): fix prerelease to stable version diff logic (#755)chore: bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747)fix: add identifier validation to `inc()` (#754)feat: add "release" inc type (#753)docs(readme): added missing period for consistency (#756)docs: clarify comment about obsolete prefixes (#749)chore: bump @npmcli/eslint-config from 4.0.5 to 5.0.0chore: postinstall for dependabot template-oss PRchore: bump @npmcli/template-oss from 4.23.1 to 4.23.3chore: bump @npmcli/template-oss from 4.22.0 to 4.23.1chore: bump @npmcli/template-oss from 4.22.0 to 4.23.1chore: release 7.6.3 (#720)fix: optimize Range parsing and formatting (#726)docs: fix extra backtick typo (#719)chore: release 7.6.2 (#714)fix(lru): use map.delete() directly (#713)chore: release 7.6.1 (#706)deps: uninstall `lru-cache` (#709)chore: postinstall for dependabot template-oss PRchore: bump @npmcli/template-oss to 4.22.0fix(linting): no-unused-varsfix: use internal cache implementationdeps: remove lru-cachechore: chore: chore: postinstall for dependabot template-oss PRchore: bump @npmcli/template-oss from 4.21.3 to 4.21.4chore: add benchmarks (#696)chore: various improvements to README (#688)fix: typo in compareBuild debug message (#682)chore: release 7.6.0 (#661)feat: preserve pre-release and build parts of a version on coerce (#671)chore: postinstall for dependabot template-oss PRchore: bump @npmcli/template-oss from 4.21.1 to 4.21.3chore: postinstall for dependabot template-oss PRchore: chore: chore: postinstall for dependabot template-oss PRchore: bump @npmcli/template-oss from 4.19.0 to 4.21.0chore: add clean() test for build metadata (#658)chore: add missing quotes in README.md (#656)chore: postinstall for dependabot template-oss PRchore: bump @npmcli/template-oss from 4.18.1 to 4.19.0chore: postinstall for dependabot template-oss PRchore: bump @npmcli/template-oss from 4.18.0 to 4.18.1chore: postinstall for dependabot template-oss PRchore: bump @npmcli/template-oss from 4.17.0 to 4.18.0🗑️ @types/json-schema (removed)
🗑️ @types/semver (removed)
🗑️ array-union (removed)
🗑️ dir-glob (removed)
🗑️ globby (removed)
🗑️ lru-cache (removed)
🗑️ path-type (removed)
🗑️ slash (removed)
🗑️ yallist (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands