[Snyk] Upgrade eslint-plugin-react from 7.23.2 to 7.33.2

[Balantion2020]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade eslint-plugin-react from 7.23.2 to 7.33.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 36 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2023-08-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	375/1000 Why? CVSS 7.5	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	375/1000 Why? CVSS 7.5	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	375/1000 Why? CVSS 7.5	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-ETA-2936803	375/1000 Why? CVSS 7.5	Proof of Concept
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	375/1000 Why? CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	375/1000 Why? CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	375/1000 Why? CVSS 7.5	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	375/1000 Why? CVSS 7.5	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	375/1000 Why? CVSS 7.5	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-NANOID-2332193	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	375/1000 Why? CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	375/1000 Why? CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ETA-3261240	375/1000 Why? CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	375/1000 Why? CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-ALGOLIASEARCHHELPER-1570421	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	375/1000 Why? CVSS 7.5	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	375/1000 Why? CVSS 7.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	375/1000 Why? CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-IMMER-1540542	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	375/1000 Why? CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	375/1000 Why? CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	375/1000 Why? CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: eslint-plugin-react

• 7.33.2 - 2023-08-16
  

  Fixed

  • no-deprecated: prevent false positive on commonjs import (#3614 @ akulsr0)
  • no-unsafe: report on the method instead of the entire component (@ ljharb)
  • no-deprecated: report on the destructured property instead of the entire variable declarator (@ ljharb)
  • no-deprecated: report on the imported specifier instead of the entire import statement (@ ljharb)
  • no-invalid-html-attribute: report more granularly (@ ljharb)
• 7.33.1 - 2023-07-29
  

  Fixed

  • require-default-props: fix config schema (#3605 @ controversial)
  • jsx-curly-brace-presence: Revert #3538 due to issues with intended string type casting usage (#3611 @ taozhou-glean)
  • sort-prop-types: ensure sort-prop-types respects noSortAlphabetically (#3610 @ caesar1030)
• 7.33.0 - 2023-07-20
  

  Added

  • display-name: add checkContextObjects option (#3529 @ JulesBlm)
  • jsx-first-prop-new-line: add multiprop option (#3533 @ haydncomley)
  • no-deprecated: add React 18 deprecations (#3548 @ sergei-startsev)
  • forbid-component-props: add disallowedFor option (#3417 @ jacketwpbb)

  Fixed

  • no-array-index-key: consider flatMap (#3530 @ k-yle)
  • jsx-curly-brace-presence: handle single and only expression template literals (#3538 @ taozhou-glean)
  • no-unknown-property: allow onLoad on source (@ ljharb)
  • jsx-first-prop-new-line: ensure autofix preserves generics in component name (#3546 @ ljharb)
  • no-unknown-property: allow fill prop on <symbol> (#3555 @ stefanprobst)
  • display-name, prop-types: when checking for a capitalized name, ignore underscores entirely (#3560 @ ljharb)
  • no-unused-state: avoid crashing on a class field function with destructured state (#3568 @ ljharb)
  • no-unused-prop-types: allow using spread with object expression in jsx (#3570 @ akulsr0)
  • Revert "destructuring-assignment: Handle destructuring of useContext in SFC" (#3583 #2797 @ 102)
  • prefer-read-only-props: add TS support (#3593 @ HenryBrown0)

  Changed

  • [Docs] jsx-newline, no-unsafe, static-property-placement: Fix code syntax highlighting (#3563 @ nbsp1221)
  • [readme] resore configuration URL (#3582 @ gokaygurcan)
  • [Docs] jsx-no-bind: reword performance rationale (#3581 @ gpoole)
  • [Docs] jsx-first-prop-new-line: add missing multiprop value (#3598 @ dzek69)
• 7.32.2 - 2023-01-29
  

  Fixed

  • configs: restore parserOptions in legacy configs ([#3523][] @ ljharb)
  • jsx-no-constructed-context-values, jsx-no-useless-fragment: add a rule schema (@ ljharb)
    ( no-unknown-property: add fill for <marker> (#3525 @ alexey-koran)
• 7.32.1 - 2023-01-16
  

  Fixed

  • prevent circular dependency in index and "all" config (#3519 @ ljharb)
  • destructuring-assignment: do not force destructuring of optionally chained properties (#3520 @ ljharb)
• 7.32.0 - 2023-01-11
  Read more
• 7.31.11 - 2022-11-18
  

  Fixed

  • jsx-no-target-blank: allow ternaries with literals (#3464 @ akulsr0)
  • no-unknown-property: add inert attribute (#3484 @ ljharb)
  • jsx-key: detect keys in logical expression and conditional expression (#3490 @ metreniuk)

  Changed

  • [Perf] component detection: improve performance by avoiding traversing parents unnecessarily (#3459 @ golopot)
  • [Docs] forbid-component-props: inclusive language w/ allowlist (#3473 @ AndersDJohnson)
  • [Docs] automate doc generation with eslint-doc-generator (#3469 @ bmish)
• 7.31.10 - 2022-10-10
  

  Fixed

  • no-unknown-property: allow allowFullScreen on iframe (#3455 @ almeidx)
• 7.31.9 - 2022-10-09
  Read more
• 7.31.8 - 2022-09-09
  Read more
• 7.31.7 - 2022-09-05
• 7.31.6 - 2022-09-04
• 7.31.5 - 2022-09-04
• 7.31.4 - 2022-09-03
• 7.31.3 - 2022-09-03
• 7.31.2 - 2022-09-02
• 7.31.1 - 2022-08-26
• 7.31.0 - 2022-08-24
• 7.30.2 - 2022-08-24
• 7.30.1 - 2022-06-23
• 7.30.0 - 2022-05-18
• 7.29.4 - 2022-03-13
• 7.29.3 - 2022-03-03
• 7.29.2 - 2022-02-26
• 7.29.1 - 2022-02-25
• 7.29.0 - 2022-02-25
• 7.28.0 - 2021-12-22
• 7.27.1 - 2021-11-19
• 7.27.0 - 2021-11-10
• 7.26.1 - 2021-09-30
• 7.26.0 - 2021-09-21
• 7.25.3 - 2021-09-19
• 7.25.2 - 2021-09-16
• 7.25.1 - 2021-08-30
• 7.25.0 - 2021-08-29
• 7.24.0 - 2021-05-29
• 7.23.2 - 2021-04-08

from eslint-plugin-react GitHub release notes

Commit messages

Package name: eslint-plugin-react

• 6d86837 Update CHANGELOG and bump version
• e1dd37f [Refactor] use `es-iterator-helpers` in a couple places
• 37b02ac [Tests] skip some tests that have broken ordering in certain node/eslint combinations
• a7a814e [patch] `no-invalid-html-attribute`: report more granularly
• 3636689 [patch] `no-deprecated`: report on the imported specifier instead of the entire import statement
• f9e4fa9 [patch] `no-deprecated`: report on the destructured property instead of the entire variable declarator
• 3be1d19 [patch] `no-unsafe`: report on the method instead of the entire component
• d5178be [Tests] add disambiguators to tests with multiple errors
• d73cd51 [Fix] `no-deprecated`: prevent false positive on commonjs import
• 0667fb0 [actions] release: Replace `set-output` commands with environment files
• 354cb62 Update CHANGELOG and bump version
• 26e9578 [Refactor] use `slice` instead of `substring`
• 1629d44 [eslint] fix import ordering
• 3c11201 [Fix] `sort-prop-types`: ensure sort-prop-types respects noSortAlphabetically
• 302925b [Tests] remove or make explicit trailing whitespace
• f818096 Revert "[Fix] `jsx-curly-brace-presence`: handle single and only expression template literals"
• 1a3a17a [Fix] `require-default-props`: fix config schema
• 31282dd Update CHANGELOG and bump version
• 4e72b82 [Docs] `jsx-first-prop-new-line`: add missing `multiprop` value
• 9c5ac98 [Fix] `prefer-read-only-props`: add TS support
• fa1c277 [Deps] update `semver`
• bf1fc74 [Dev Deps] update `@ babel/core`, `@ babel/eslint-parser`, `aud`
• 9fdcba7 [Dev Deps] update `@ babel/core`, `@ babel/eslint-parser`, `@ babel/plugin-syntax-decorators`, `@ babel/plugin-syntax-do-expressions`, `@ babel/plugin-syntax-function-bind`, `@ babel/preset-react`, `eslint-remote-tester-repositories`
• ae64aa8 [Docs] `jsx-no-bind`: reword performance rationale

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs