Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade eslint from 7.1.0 to 7.21.0 #4

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade eslint from 7.1.0 to 7.21.0 #4

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade eslint from 7.1.0 to 7.21.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 23 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2021-02-27.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-Y18N-1021887		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-610226		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1023599		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-1056752		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-PROPERTYEXPR-598800		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1076581		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-OBJECTPATH-1017036		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-NODEFORGE-598677		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-608086		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-590103		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Command Injection
SNYK-JS-LODASH-1040724		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-INI-1048974		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-IMMER-1019369		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-ENGINEIO-1056749		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Command Injection
SNYK-JS-DEVCERT-571955		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Improper Input Validation
SNYK-JS-URLPARSE-1078283		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-UAPARSERJS-1072471		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Insecure Defaults
SNYK-JS-SOCKETIO-1024859		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Denial of Service
SNYK-JS-NODEFETCH-674311		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Denial of Service
SNYK-JS-NODEFETCH-674311		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Denial of Service
SNYK-JS-NODEFETCH-674311		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Cross-site Scripting (XSS)
SNYK-JS-NETLIFYCMSWIDGETMARKDOWN-1039890		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-567746		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-JPEGJS-570039		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Command Injection
SNYK-JS-GRAPHQLTOOLSGITLOADER-1062543		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-FLAT-596927		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: eslint
  • 7.21.0 - 2021-02-27
    • 3cd5440 Upgrade: @ eslint/eslintrc to 0.4.0 (#14147) (Brandon Mills)
    • c0b8c71 Upgrade: Puppeteer to 7.1.0 (#14122) (Tim van der Lippe)
    • 08ae31e New: Implement cacheStrategy (refs eslint/rfcs#63) (#14119) (Manu Chambon)
    • 5e51fd2 Update: do not ignore symbolic links (fixes #13551, fixes #13615) (#14126) (Pig Fang)
    • 87c43a5 Chore: improve a few comments and fix typos (#14125) (Tobias Nießen)
    • e19c51e Sponsors: Sync README with website (ESLint Jenkins)
    • b8aea99 Fix: pluralize 'line' to 'lines' in max-lines-per-function description (#14115) (Trevin Hofmann)
    • f5b53e2 Sponsors: Sync README with website (ESLint Jenkins)
    • eee1213 Sponsors: Sync README with website (ESLint Jenkins)
    • 5c4d7ea Sponsors: Sync README with website (ESLint Jenkins)
  • 7.20.0 - 2021-02-12
    • f4ac3b0 Docs: fix sibling selector descriptions (#14099) (Milos Djermanovic)
    • 9d6063a Fix: Crash with esquery when using JSX (fixes #13639) (#14072) (Yosuke Ota)
    • a0871f1 Docs: Triage process (#14014) (Nicholas C. Zakas)
    • ad90761 Update: add enforceForJSX option to no-unused-expressions rule (#14012) (Duncan Beevers)
    • d6c84af Fix: --init autoconfig shouldn't add deprecated rules (fixes #14017) (#14060) (Milos Djermanovic)
    • 9b277a1 Fix: Support ENOTDIR error code in the folder existence checking utility (#13973) (Constantine Genchevsky)
    • 7aeb127 Upgrade: pin @ babel/code-frame@7.12.11 (#14067) (Milos Djermanovic)
    • b4e2af5 Docs: Add more fields to bug report template (#14039) (Nicholas C. Zakas)
    • 96f1d49 Sponsors: Sync README with website (ESLint Jenkins)
    • cb27b0a Build: package.json update for eslint-config-eslint release (ESLint Jenkins)
    • 4cab165 Sponsors: Sync README with website (ESLint Jenkins)
  • 7.19.0 - 2021-01-31
    • ce7f061 Update: add shadowed variable loc to message in no-shadow (fixes #13646) (#13841) (t-mangoe)
    • c60e23f Update: fix let logic in for-in and for-of loops in no-extra-parens (#14011) (Milos Djermanovic)
    • d76e8f6 Fix: no-useless-rename invalid autofix with parenthesized identifiers (#14032) (Milos Djermanovic)
    • 5800d92 Docs: Clarify stylistic rule update policy (#14052) (Brandon Mills)
    • 0ccf6d2 Docs: remove configuring.md (#14036) (Milos Djermanovic)
    • 65bb0ab Chore: Clean up new issue workflow (#14040) (Nicholas C. Zakas)
    • e1da90f Fix: nested indenting for offsetTernaryExpressions: true (fixes #13971) (#13972) (Chris Brody)
    • 1a078b9 Update: check ternary : even if ? was reported in space-infix-ops (#13963) (Milos Djermanovic)
    • fb27422 Fix: extend prefer-const fixer range to whole declaration (fixes #13899) (#14033) (Nitin Kumar)
    • e0b05c7 Docs: add a correct example to no-unsafe-optional-chaining (refs #14029) (#14050) (armin yahya)
    • 46e836d Sponsors: Sync README with website (ESLint Jenkins)
    • 3fc4fa4 Docs: update configuring links (#14038) (Milos Djermanovic)
    • 8561c21 Docs: fix broken links in configuring/README.md (#14046) (Milos Djermanovic)
    • 1c309eb Update: fix no-invalid-regexp false negatives with no flags specified (#14018) (Milos Djermanovic)
    • f6602d5 Docs: Reorganize Configuration Documentation (#13837) (klkhan)
    • c753b44 Sponsors: Sync README with website (ESLint Jenkins)
    • a4fdb70 Docs: Fixed Typo (#14007) (Yash Singh)
    • f7ca481 Docs: Explain why we disable lock files (refs eslint/tsc-meetings#234) (#14006) (Brandon Mills)
  • 7.18.0 - 2021-01-15
    Read more
  • 7.17.0 - 2021-01-02
    Read more
  • 7.16.0 - 2020-12-18
    Read more
  • 7.15.0 - 2020-12-05
    Read more
  • 7.14.0 - 2020-11-20
    Read more
  • 7.13.0 - 2020-11-07
    • 254e00f New: Configurable List Size For Per-Rule Performance Metrics (#13812) (Bryan Mishkin)
    • 6c3c710 Docs: fix broken url in docs (#13815) (SaintMalik)
    • 4a09149 Sponsors: Sync README with website (ESLint Jenkins)
    • fb6fcbf Docs: Fix reference to Code of Conduct (#13797) (Tobias Nießen)
    • 1b89ebe Sponsors: Sync README with website (ESLint Jenkins)
  • 7.12.1 - 2020-10-27
    Read more
  • 7.12.0 - 2020-10-24
  • 7.11.0 - 2020-10-09
  • 7.10.0 - 2020-09-26
  • 7.9.0 - 2020-09-12
  • 7.8.1 - 2020-09-01
  • 7.8.0 - 2020-08-31
  • 7.7.0 - 2020-08-14
  • 7.6.0 - 2020-07-31
  • 7.5.0 - 2020-07-18
  • 7.4.0 - 2020-07-03
  • 7.3.1 - 2020-06-23
  • 7.3.0 - 2020-06-19
  • 7.2.0 - 2020-06-05
  • 7.1.0 - 2020-05-23
from eslint GitHub release notes
Commit messages
Package name: eslint
  • d12fb74 7.21.0
  • 7814cd3 Build: changelog update for 7.21.0
  • 3cd5440 Upgrade: @ eslint/eslintrc to 0.4.0 (#14147)
  • c0b8c71 Upgrade: Puppeteer to 7.1.0 (#14122)
  • 08ae31e New: Implement cacheStrategy (refs New: Add option to allow use of file contents for cache eslint/rfcs#63) (#14119)
  • 5e51fd2 Update: do not ignore symbolic links (fixes #13551, fixes #13615) (#14126)
  • 87c43a5 Chore: improve a few comments and fix typos (#14125)
  • e19c51e Sponsors: Sync README with website
  • b8aea99 Fix: pluralize 'line' to 'lines' in max-lines-per-function description (#14115)
  • f5b53e2 Sponsors: Sync README with website
  • eee1213 Sponsors: Sync README with website
  • 5c4d7ea Sponsors: Sync README with website
  • a665b69 7.20.0
  • 38293d5 Build: changelog update for 7.20.0
  • f4ac3b0 Docs: fix sibling selector descriptions (#14099)
  • 9d6063a Fix: Crash with esquery when using JSX (fixes #13639) (#14072)
  • a0871f1 Docs: Triage process (#14014)
  • ad90761 Update: add enforceForJSX option to no-unused-expressions rule (#14012)
  • d6c84af Fix: `--init` autoconfig shouldn't add deprecated rules (fixes #14017) (#14060)
  • 9b277a1 Fix: Support ENOTDIR error code in the folder existence checking utility (#13973)
  • 7aeb127 Upgrade: pin @ babel/code-frame@7.12.11 (#14067)
  • b4e2af5 Docs: Add more fields to bug report template (#14039)
  • 96f1d49 Sponsors: Sync README with website
  • cb27b0a Build: package.json update for eslint-config-eslint release

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot