Skip to content

chore(deps): update dependency eslint-plugin-security to v3#427

Open
descope[bot] wants to merge 1 commit intomainfrom
renovate/eslint-plugin-security-3.x
Open

chore(deps): update dependency eslint-plugin-security to v3#427
descope[bot] wants to merge 1 commit intomainfrom
renovate/eslint-plugin-security-3.x

Conversation

@descope
Copy link
Contributor

@descope descope bot commented May 1, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
eslint-plugin-security devDependencies major 1.7.1 -> 3.0.1 OpenSSF Scorecard

Release Notes

eslint-community/eslint-plugin-security (eslint-plugin-security)

v3.0.1

Compare Source

⚠ BREAKING CHANGES
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)
  • switch the recommended config to flat (#​118)
Features
Bug Fixes
  • Add ESLint 10 compatibility for context.sourceCode API change (#​186) (7f9ee77)
  • add name to recommended flat config (#​161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #​82 #​23
  • Avoid TypeError when exec stub is used with no arguments (#​97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#​102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#​103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#​145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#​109) (56102b5)
  • generate provenance statement for release (#​168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #​63 #​80
  • release-please config (#​189) (2443d10)
3.0.1 (2024-06-14)
Bug Fixes
3.0.1 (2024-06-13)
Bug Fixes

v3.0.0

Compare Source

⚠ BREAKING CHANGES
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)
  • switch the recommended config to flat (#​118)
Features
Bug Fixes
  • Add ESLint 10 compatibility for context.sourceCode API change (#​186) (7f9ee77)
  • add name to recommended flat config (#​161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #​82 #​23
  • Avoid TypeError when exec stub is used with no arguments (#​97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#​102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#​103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#​145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#​109) (56102b5)
  • generate provenance statement for release (#​168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #​63 #​80
  • release-please config (#​189) (2443d10)
3.0.1 (2024-06-14)
Bug Fixes
3.0.1 (2024-06-13)
Bug Fixes

v2.1.1

Compare Source

⚠ BREAKING CHANGES
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)
Features
Bug Fixes
2.1.1 (2024-02-14)
Bug Fixes
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)

v2.1.0

Compare Source

⚠ BREAKING CHANGES
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)
Features
Bug Fixes
2.1.1 (2024-02-14)
Bug Fixes
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)

v2.0.0

Compare Source

⚠ BREAKING CHANGES
  • switch the recommended config to flat (#​118)
Features
1.7.1 (2023-02-02)
Bug Fixes
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#​109) (56102b5)

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,every weekend,before 5am every weekday" in timezone Asia/Jerusalem, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@descope descope bot added the renovate label May 1, 2024
@descope descope bot enabled auto-merge (squash) May 1, 2024 21:36
@vercel
Copy link

vercel bot commented May 1, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-hosting ❌ Failed (Inspect) Jul 16, 2025 10:38pm
auth-hosting-dev-24111df ❌ Failed (Inspect) Jul 16, 2025 10:38pm
auth-hosting-sandbox-us ❌ Failed (Inspect) Jul 16, 2025 10:38pm
nir-itai-playground ❌ Failed (Inspect) Jul 16, 2025 10:38pm
5 Skipped Deployments
Name Status Preview Comments Updated (UTC)
auth-hosting-dev ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2025 10:38pm
auth-hosting-euc1 ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2025 10:38pm
auth-hosting-sandbox ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2025 10:38pm
auth-hosting-star1 ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2025 10:38pm
auth-hosting-star2 ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2025 10:38pm

@descope descope bot force-pushed the renovate/eslint-plugin-security-3.x branch from c99e5d6 to 2f7a271 Compare May 1, 2024 21:43
@descope descope bot force-pushed the renovate/eslint-plugin-security-3.x branch from 2f7a271 to 4d374d3 Compare May 2, 2024 00:57
@descope descope bot force-pushed the renovate/eslint-plugin-security-3.x branch from 4d374d3 to 2c2dbf3 Compare May 2, 2024 19:12
@vercel vercel bot temporarily deployed to Preview – auth-hosting May 2, 2024 19:19 Inactive
@descope descope bot force-pushed the renovate/eslint-plugin-security-3.x branch from 2c2dbf3 to 6ce7b35 Compare May 2, 2024 19:24
descope-approve[bot]
descope-approve bot previously approved these changes Mar 2, 2026
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@descope-approve descope-approve[bot] descope-approve[bot] approved these changes

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants