[Snyk] Security upgrade eslint from 8.41.0 to 10.0.0#66
[Snyk] Security upgrade eslint from 8.41.0 to 10.0.0#66
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-15274295
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on March 7
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "confusing-browser-globals": "^1.0.11", | ||
| "cross-spawn": "^7.0.3", | ||
| "eslint": "^9.0.0", | ||
| "eslint": "^10.0.0", |
There was a problem hiding this comment.
ESLint 10 breaks legacy config pipeline
High Severity
Upgrading eslint to ^10.0.0 breaks this package’s lint flow because ESLint 10 removed legacy eslintrc behavior. The codebase still uses new ESLint({ baseConfig: ... }) and documents .eslintrc.js extension usage, so bcs lint can no longer apply the intended configuration.
Additional Locations (1)
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AJV-15274295
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
Note
Medium Risk
ESLint major-version upgrade updates core linting engine and transitive deps (including Node engine requirements), which may break linting/config in consuming projects despite no runtime app code changes.
Overview
Updates
eslintfrom v8/9 to v10 inpackage.jsonand refreshespackage-lock.jsonwith the new ESLint dependency tree to address a Snyk-reported vulnerability.Lockfile changes include new/updated ESLint internal packages (e.g.
@eslint/*,espree,eslint-scope,minimatch, cache tooling) and removal of older transitive deps, reflecting the v10 ecosystem shift (including stricter Node engine constraints in dependencies).Written by Cursor Bugbot for commit 55b24ce. This will update automatically on new commits. Configure here.