Bump eslint from 8.19.0 to 9.7.0

[dependabot]

Bumps eslint from 8.19.0 to 9.7.0.

Release notes

Sourced from eslint's releases.

v9.7.0

Features

• 7bd9839 feat: add support for es2025 duplicate named capturing groups (#18630) (Yosuke Ota)
• 1381394 feat: add regex option in no-restricted-imports (#18622) (Nitin Kumar)

Bug Fixes

• 14e9f81 fix: destructuring in catch clause in no-unused-vars (#18636) (Francesco Trotta)

Documentation

• 9f416db docs: Add Powered by Algolia label to the search. (#18633) (Amaresh S M)
• c8d26cb docs: Open JS Foundation -> OpenJS Foundation (#18649) (Milos Djermanovic)
• 6e79ac7 docs: loadESLint does not support option cwd (#18641) (Francesco Trotta)

Chores

• 793b718 chore: upgrade @​eslint/js@​9.7.0 (#18680) (Francesco Trotta)
• 7ed6f9a chore: package.json update for @​eslint/js release (Jenkins)
• 7bcda76 refactor: Add type references (#18652) (Nicholas C. Zakas)
• 51bf57c chore: add tech sponsors through actions (#18624) (Strek)
• 6320732 refactor: don't use parent property in NodeEventGenerator (#18653) (Milos Djermanovic)
• 9e6d640 refactor: move "Parsing error" prefix adding to Linter (#18650) (Milos Djermanovic)

v9.6.0

Features

• e2b16e2 feat: Implement feature flags (#18516) (Nicholas C. Zakas)
• 8824aa1 feat: add ecmaVersion: 2025, parsing duplicate named capturing groups (#18596) (Milos Djermanovic)

Bug Fixes

• 1613e2e fix: Allow escaping characters in config patterns on Windows (#18628) (Milos Djermanovic)
• 21d3766 fix: no-unused-vars include caught errors pattern in report message (#18609) (Kirk Waiblinger)
• d7a7736 fix: improve no-unused-vars message on unused caught errors (#18608) (Kirk Waiblinger)
• f9e95d2 fix: correct locations of invalid /* eslint */ comments (#18593) (Milos Djermanovic)

Documentation

• 13dbecd docs: Limit search to just docs (#18627) (Nicholas C. Zakas)
• 375227f docs: Update getting-started.md - add pnpm to init eslint config (#18599) (Kostiantyn Ochenash)
• 44915bb docs: Update README (GitHub Actions Bot)
• d50db7b docs: Update vscode-eslint info (#18595) (Nicholas C. Zakas)

Chores

• b15ee30 chore: upgrade @​eslint/js@​9.6.0 (#18632) (Milos Djermanovic)
• d655503 chore: package.json update for @​eslint/js release (Jenkins)
• 7c78ad9 refactor: Use language.visitorKeys and check for non-JS SourceCode (#18625) (Nicholas C. Zakas)
• 69ff64e refactor: Return value of applyInlineConfig() (#18623) (Nicholas C. Zakas)
• d2d06f7 refactor: use / separator when adjusting ignorePatterns on Windows (#18613) (Milos Djermanovic)
• 6421973 refactor: fix disable directives for languages with 0-based lines (#18605) (Milos Djermanovic)
• 0a13539 refactor: Allow optional methods for languages (#18604) (Nicholas C. Zakas)
• c7ddee0 chore: make internal-rules not being a package (#18601) (Milos Djermanovic)
• 3379164 chore: remove .eslintrc.js (#18011) (唯然)
• d0c3a32 chore: update knip (with webdriver-io plugin) (#18594) (Lars Kappert)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.7.0 - July 12, 2024

• 793b718 chore: upgrade @​eslint/js@​9.7.0 (#18680) (Francesco Trotta)
• 7ed6f9a chore: package.json update for @​eslint/js release (Jenkins)
• 14e9f81 fix: destructuring in catch clause in no-unused-vars (#18636) (Francesco Trotta)
• 7bcda76 refactor: Add type references (#18652) (Nicholas C. Zakas)
• 51bf57c chore: add tech sponsors through actions (#18624) (Strek)
• 9f416db docs: Add Powered by Algolia label to the search. (#18633) (Amaresh S M)
• 6320732 refactor: don't use parent property in NodeEventGenerator (#18653) (Milos Djermanovic)
• 7bd9839 feat: add support for es2025 duplicate named capturing groups (#18630) (Yosuke Ota)
• 1381394 feat: add regex option in no-restricted-imports (#18622) (Nitin Kumar)
• 9e6d640 refactor: move "Parsing error" prefix adding to Linter (#18650) (Milos Djermanovic)
• c8d26cb docs: Open JS Foundation -> OpenJS Foundation (#18649) (Milos Djermanovic)
• 6e79ac7 docs: loadESLint does not support option cwd (#18641) (Francesco Trotta)

v9.6.0 - June 28, 2024

• b15ee30 chore: upgrade @​eslint/js@​9.6.0 (#18632) (Milos Djermanovic)
• d655503 chore: package.json update for @​eslint/js release (Jenkins)
• 1613e2e fix: Allow escaping characters in config patterns on Windows (#18628) (Milos Djermanovic)
• 13dbecd docs: Limit search to just docs (#18627) (Nicholas C. Zakas)
• 7c78ad9 refactor: Use language.visitorKeys and check for non-JS SourceCode (#18625) (Nicholas C. Zakas)
• e2b16e2 feat: Implement feature flags (#18516) (Nicholas C. Zakas)
• 69ff64e refactor: Return value of applyInlineConfig() (#18623) (Nicholas C. Zakas)
• 375227f docs: Update getting-started.md - add pnpm to init eslint config (#18599) (Kostiantyn Ochenash)
• 44915bb docs: Update README (GitHub Actions Bot)
• d2d06f7 refactor: use / separator when adjusting ignorePatterns on Windows (#18613) (Milos Djermanovic)
• 21d3766 fix: no-unused-vars include caught errors pattern in report message (#18609) (Kirk Waiblinger)
• 6421973 refactor: fix disable directives for languages with 0-based lines (#18605) (Milos Djermanovic)
• d7a7736 fix: improve no-unused-vars message on unused caught errors (#18608) (Kirk Waiblinger)
• 0a13539 refactor: Allow optional methods for languages (#18604) (Nicholas C. Zakas)
• f9e95d2 fix: correct locations of invalid /* eslint */ comments (#18593) (Milos Djermanovic)
• 8824aa1 feat: add ecmaVersion: 2025, parsing duplicate named capturing groups (#18596) (Milos Djermanovic)
• c7ddee0 chore: make internal-rules not being a package (#18601) (Milos Djermanovic)
• 3379164 chore: remove .eslintrc.js (#18011) (唯然)
• d0c3a32 chore: update knip (with webdriver-io plugin) (#18594) (Lars Kappert)
• d50db7b docs: Update vscode-eslint info (#18595) (Nicholas C. Zakas)

v9.5.0 - June 14, 2024

• f588160 chore: upgrade @​eslint/js@​9.5.0 (#18591) (Milos Djermanovic)
• 5890841 chore: package.json update for @​eslint/js release (Jenkins)
• 455f7fd docs: add section about including .gitignore files (#18590) (Milos Djermanovic)
• e9f4ccd chore: remove unused eslint-disable directive (#18589) (Milos Djermanovic)
• 721eafe docs: update info about universal files patterns (#18587) (Francesco Trotta)
• 4b23ffd refactor: Move JS parsing logic into JS language (#18448) (Nicholas C. Zakas)
• 6880286 fix: treat * as a universal pattern (#18586) (Milos Djermanovic)
• 8127127 docs: Update README (GitHub Actions Bot)
• b2d256c feat: no-sparse-arrays report on "comma" instead of the whole array (#18579) (fisker Cheung)
• 1495b93 chore: update WebdriverIO packages (#18558) (Christian Bromann)

... (truncated)

Commits

• 05ab812 9.7.0
• 1917cd3 Build: changelog update for 9.7.0
• 793b718 chore: upgrade @​eslint/js@​9.7.0 (#18680)
• 7ed6f9a chore: package.json update for @​eslint/js release
• 14e9f81 fix: destructuring in catch clause in no-unused-vars (#18636)
• 7bcda76 refactor: Add type references (#18652)
• 51bf57c chore: add tech sponsors through actions (#18624)
• 9f416db docs: Add Powered by Algolia label to the search. (#18633)
• 6320732 refactor: don't use parent property in NodeEventGenerator (#18653)
• 7bd9839 feat: add support for es2025 duplicate named capturing groups (#18630)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided code change updates the eslint package in the package.json file from version ^8.19 to ^9.7, which is a routine package update that does not raise any immediate security concerns, but it is important to review the release notes and changelog for the new version and thoroughly test the changes to ensure the application's security is not compromised.

Expand for full summary

Summary:

The provided code change is an update to the package.json file, which is a configuration file used by the Node.js package manager, npm. The change is updating the version of the eslint package from ^8.19 to ^9.7.

From an application security perspective, this change is not particularly concerning. ESLint is a tool used for linting JavaScript code, which helps identify and fix potential issues, including security vulnerabilities. Upgrading to a newer version of ESLint is generally a good practice, as it may include bug fixes, security patches, and improved rule sets. However, it's important to review the release notes and changelog for the new version of ESLint to ensure that there are no known security vulnerabilities or breaking changes that could impact the application. Additionally, it's recommended to run the updated linting rules against the codebase to verify that no new issues are introduced.

Overall, this code change appears to be a routine package update and does not raise any immediate security concerns. As with any dependency update, it's important to thoroughly test the changes and review the relevant documentation to ensure the application's security is not compromised.

Files Changed:

• package.json: This file has been updated to use version ^9.7 of the eslint package, which is a tool used for linting JavaScript code. Upgrading to a newer version of ESLint is generally a good practice, as it may include bug fixes, security patches, and improved rule sets.

Code Analysis

We ran 7 analyzers against 2 files and 1 analyzer had findings. 6 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[guardrails]

⚠️ We detected 11 security issues in this pull request:

Vulnerable Libraries (11)

Severity	Details
Medium	pkg:npm/[email protected] (t) upgrade to: 0.16.10
Medium	pkg:npm/@babel/[email protected] (t) upgrade to: > 7.18.6
N/A	pkg:npm/[email protected] (t) upgrade to: 15.10.1
High	pkg:npm/@babel/[email protected] (t) upgrade to: > 7.18.6
Medium	pkg:npm/@fullhuman/[email protected] (t) upgrade to: > 4.1.3
Medium	pkg:npm/[email protected] (t) upgrade to: 3.2.10
Medium	pkg:npm/[email protected] (t) upgrade to: 8.4.31
Medium	pkg:npm/[email protected] (t) upgrade to: > 2.4.0
High	pkg:npm/@babel/[email protected] (t) upgrade to: > 7.18.6
High	pkg:npm/[email protected] (t) upgrade to: > 3.1.0
High	pkg:npm/[email protected] (t) upgrade to: > 10.0.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[dependabot]

Superseded by #159.