Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-AJV-15274295 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR upgrades npm devDependencies to remediate 5 reported vulnerabilities, specifically by bumping major versions of eslint and jest.
Changes:
- Upgrade
eslintfrom7.15.0to10.0.0 - Upgrade
jestfrom26.6.3to27.0.0
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "@typescript-eslint/parser": "4.10.0", | ||
| "eslint": "7.15.0", | ||
| "jest": "26.6.3", | ||
| "eslint": "10.0.0", |
There was a problem hiding this comment.
Upgrading to eslint 10 will break the CI/build as configured: the workflow uses Node 12 (see .github/workflows/build-and-test.yml:20), but eslint 10 requires a much newer Node runtime. Either keep eslint on a Node-12-compatible major, or bump the CI/tooling Node version (and ensure local/dev tooling matches).
| "eslint": "10.0.0", | |
| "eslint": "8.57.0", |
| "@typescript-eslint/eslint-plugin": "4.10.0", | ||
| "@typescript-eslint/parser": "4.10.0", |
There was a problem hiding this comment.
eslint 10 is not compatible with the currently pinned @typescript-eslint/parser and @typescript-eslint/eslint-plugin v4.10.0; lint will fail to load/execute with this combination. Please upgrade the @typescript-eslint packages to versions that support eslint 10 and adjust .eslintrc.json if any rules/options were renamed/removed.
| "@typescript-eslint/eslint-plugin": "4.10.0", | |
| "@typescript-eslint/parser": "4.10.0", | |
| "@typescript-eslint/eslint-plugin": "^8.0.0", | |
| "@typescript-eslint/parser": "^8.0.0", |
| "jest": "27.0.0", | ||
| "ts-jest": "26.4.4", |
There was a problem hiding this comment.
jest is bumped to 27, but ts-jest remains on 26.4.4 (and @types/jest is still 26.0.19). This version skew is likely to break test runs and TypeScript typings. Please align jest/ts-jest/@types-jest to the same major family (or keep jest at 26 if you need to stay on ts-jest 26).
Snyk has created this PR to fix 5 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-BRACES-6838727
SNYK-JS-AJV-15274295
SNYK-JS-INFLIGHT-6095116
SNYK-JS-UNSETVALUE-2400660
SNYK-JS-MICROMATCH-6838728
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution