[Snyk] Security upgrade eslint from 7.32.0 to 9.0.0

[cc-prodsec]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/internal-lib-build/package.json
• packages/internal-lib-build/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	803

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[cc-prodsec]

The upgrade from ESLint v7 to v9 is a major transition that includes two sets of significant breaking changes from both v8 and v9. This upgrade requires mandatory configuration changes and will likely break existing setups without manual intervention.

Key Breaking Changes:

• New Configuration Format (v9): The most impactful change is the switch to a new "flat config" system (eslint.config.js) by default. The traditional .eslintrc configuration format is now deprecated. Projects must migrate their configuration to the new format.
• Node.js Version Support: Support for older Node.js versions has been dropped. ESLint v8 requires Node.js 12.22+, 14.17+, or 16+. ESLint v9 requires Node.js ^18.18.0, ^20.9.0, or >=21.1.0.
• CLIEngine Removed (v8): The CLIEngine class, used for programmatic access, was removed in v8 and replaced by the ESLint class. Any scripts or integrations using CLIEngine must be updated.
• Removed Rules and Formatters: The valid-jsdoc and require-jsdoc rules were removed in v9. Several formatters like codeframe, table, compact, junit, and checkstyle were also removed across both versions.
• Plugin and Shareable Config Compatibility: All ESLint plugins and shareable configs must be updated to versions that are compatible with ESLint v9 and its flat config system.

Recommendation: This upgrade cannot be completed automatically. A developer must manually migrate the existing .eslintrc configuration to the new eslint.config.js format. It is highly recommended to follow the official migration guides from the ESLint team. Ensure all related dependencies (plugins, configs) are updated to compatible versions.

Sources:

• ESLint v8 Migration Guide
• ESLint v9 Migration Guide
• ESLint v9.0.0 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[cc-prodsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.