Skip to content

chore(deps): migrate to ESLint 9 and @lichtblick/eslint-plugin 2.x#191

Merged
jdsika merged 3 commits into
mainfrom
chore/eslint9-migration
May 4, 2026
Merged

chore(deps): migrate to ESLint 9 and @lichtblick/eslint-plugin 2.x#191
jdsika merged 3 commits into
mainfrom
chore/eslint9-migration

Conversation

@jdsika

@jdsika jdsika commented May 4, 2026

Copy link
Copy Markdown
Collaborator

Summary

Migrates from ESLint 8 to ESLint 9 with flat config, aligning with Lichtblick v1.25.0 which completed this migration in #1038.

Resolves #180

Context

Issue #180 documented that this migration was blocked because the Lichtblick framework was still on ESLint 8 + @lichtblick/eslint-plugin@1.x. That blocker is now resolved:

  • Lichtblick v1.25.0 ships with eslint@9.38.0 + @lichtblick/eslint-plugin@2.0.7
  • create-lichtblick-extension also uses ESLint 9

Changes

Config migration

  • Replace .eslintrc.yaml + .eslintignore with eslint.config.mjs (ESLint 9 flat config)
  • Use lichtblickPlugin.configs.{base,typescript,react,jest} arrays from the plugin
  • Disable import/named for TypeScript files (false positives — same approach as Lichtblick)

Dependency changes

  • eslint: ^8.57.0^9.38.0
  • @lichtblick/eslint-plugin: ^1.0.2^2.0.7
  • Removed standalone plugins now bundled in @lichtblick/eslint-plugin@2.x:
    eslint-plugin-es, eslint-plugin-filenames, eslint-plugin-import, eslint-plugin-jest, eslint-plugin-prettier, eslint-plugin-react, eslint-plugin-react-hooks, @typescript-eslint/eslint-plugin, @typescript-eslint/parser

Autofix cleanup

  • Removed 15 unnecessary type assertions detected by newly-enabled @typescript-eslint/no-unnecessary-type-assertion
  • Removed resulting unused imports (Point3, ReferenceLine)

Security impact

Resolves 3 high-severity minimatch ReDoS vulnerabilities rooted in the eslint@8 dependency tree:

Metric Before After
Audit vulnerabilities 23 (3 High) 19 (0 High)
Lint errors 76 73
Packages audited 826 796

Verification

  • yarn build — succeeds
  • yarn test — 68/68 tests pass
  • yarn lint:ci — 73 errors (3 fewer than baseline; all pre-existing, none new)
  • yarn audit — 0 high-severity findings

Migrate from ESLint 8 to ESLint 9 flat config, aligning with Lichtblick v1.25.0:

- Replace .eslintrc.yaml + .eslintignore with eslint.config.mjs (flat config)
- Upgrade @lichtblick/eslint-plugin from 1.x to 2.0.7
- Upgrade eslint from 8.x to 9.x
- Remove standalone ESLint plugins now bundled in @lichtblick/eslint-plugin 2.x:
  eslint-plugin-es, eslint-plugin-filenames, eslint-plugin-import,
  eslint-plugin-jest, eslint-plugin-prettier, eslint-plugin-react,
  eslint-plugin-react-hooks, @typescript-eslint/eslint-plugin,
  @typescript-eslint/parser
- Disable import/named for TypeScript files (false positives, same as Lichtblick)

Security: resolves 3 high-severity minimatch ReDoS vulnerabilities
(GHSA-2qfj-455h-2qmm, GHSA-952p-fqcp-g8pc, GHSA-3fvg-4v2m-98jf)
that were rooted in the eslint@8 / @lichtblick/eslint-plugin@1.x dependency tree.

Audit: 23 vulnerabilities (3 High) -> 19 vulnerabilities (0 High)
Lint: 76 errors -> 73 errors (net improvement from autofix of newly detected issues)

Resolves #180

Signed-off-by: Carlo van Driesten <carlo.van-driesten@bmw.de>
@jdsika jdsika requested a review from thomassedlmayer as a code owner May 4, 2026 13:59
Autofix from @typescript-eslint/no-unnecessary-type-assertion rule
newly enabled by @lichtblick/eslint-plugin 2.x. Removes redundant
`as Point3`, `as LinePrimitive`, `as GroundTruth` etc. casts and
their now-unused imports.

Signed-off-by: Carlo van Driesten <carlo.van-driesten@bmw.de>
@jdsika jdsika force-pushed the chore/eslint9-migration branch from cde4db0 to 014dca7 Compare May 4, 2026 14:09
@jdsika jdsika self-assigned this May 4, 2026
@jdsika jdsika added the dependencies Pull requests that update a dependency file label May 4, 2026
@jdsika jdsika merged commit b3f399c into main May 4, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

chore: remaining security vulnerabilities blocked on eslint@9 migration

1 participant