Update dependency eslint to v10 by renovate-bot · Pull Request #5163 · xwiki/xwiki-platform

renovate-bot · 2026-02-07T02:17:14Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
eslint (source)	`9.39.3` → `10.0.2`

Release Notes

eslint/eslint (eslint)

`v10.0.2`

Compare Source

`v10.0.1`

Compare Source

Bug Fixes

c87d5bd fix: update eslint (#20531) (renovate[bot])
d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
04c2147 fix: update error message for unused suppressions (#20496) (fnx)
38b089c fix: update dependency @eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

e5c281f chore: updates for v9.39.3 release (Jenkins)
8c3832a chore: update @typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
84fb885 chore: package.json update for @eslint/js release (Jenkins)
1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

`v10.0.0`

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

socket-security · 2026-02-07T02:17:45Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Quality	Maintenance
	npm/fast-xml-parser@5.3.4
	npm/@playwright/experimental-ct-react@1.58.2
	npm/@blocknote/mantine@0.47.0
	npm/@types/jsdom@27.0.0
	npm/@types/react-dom@19.2.3
	npm/@tsconfig/node24@24.0.4
	npm/flush-promises@1.0.2
	npm/@types/mdast@4.0.4
	npm/@types/lodash-es@4.17.12
	npm/@types/react@19.2.7
	npm/@mantine/hooks@8.3.14
	npm/@types/node@22.5.4 ⏵ 24.10.13	⁺¹	⁺¹
	npm/eslint-plugin-promise@7.2.1
	npm/eslint-plugin-headers@1.3.3
	npm/@blocknote/core@0.47.0
	npm/@blocknote/react@0.47.0
	npm/@mantine/core@8.3.14
	npm/dompurify@3.3.0
	npm/eslint-plugin-tsdoc@0.5.0
	npm/eslint-plugin-import@2.32.0
	npm/@vue/eslint-config-prettier@10.2.0
	npm/@vue/tsconfig@0.8.1
	npm/@vue/test-utils@2.4.6
	npm/globals@11.12.0 ⏵ 17.3.0		⁺³	⁺¹
	npm/bootstrap-icons@1.13.1
	npm/inversify@7.10.4
	npm/happy-dom@20.7.0
	npm/eventemitter3@4.0.7 ⏵ 5.0.4	⁺¹	^-2
	npm/@microsoft/api-extractor@7.57.3
	npm/eslint-import-resolver-typescript@4.4.4
	npm/eslint-plugin-vue@10.8.0
	npm/i18next@25.8.13
	npm/@eslint/config-helpers@0.5.2
See 7 more rows in the dashboard

View full report

socket-security · 2026-02-13T11:42:03Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: npm `fast-xml-parser` has an entity encoding bypass via regex injection in DOCTYPE entity names CVE: GHSA-m7jm-9gc2-mpf2 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names (CRITICAL) Affected versions: >= 4.1.3 < 5.3.5 Patched version: 5.3.5 From: pnpm-lock.yaml → `npm/fast-xml-parser@5.3.4` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/fast-xml-parser@5.3.4`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → `npm/entities@4.5.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@4.5.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → `npm/entities@6.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@6.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

manuelleduc · 2026-02-23T14:24:54Z

Waiting for eslint-plugin-import, eslint-plugin-promise and eslint-plugin-tsdoc to have new releases supporting the new major version

forking-renovate bot added the dependencies A dependency upgrade label Feb 7, 2026

forking-renovate bot assigned manuelleduc Feb 7, 2026

renovate-bot force-pushed the renovate/eslint-10.x branch 2 times, most recently from e251270 to cde6ebe Compare February 13, 2026 11:41

renovate-bot force-pushed the renovate/eslint-10.x branch 2 times, most recently from 09062b9 to 7028d58 Compare February 17, 2026 15:28

renovate-bot force-pushed the renovate/eslint-10.x branch 4 times, most recently from 4390875 to d612da0 Compare February 23, 2026 14:24

manuelleduc added the blocked Cannot be done yet (there is a regression, some other dep needs to be upgraded first, etc.) label Feb 23, 2026

renovate-bot force-pushed the renovate/eslint-10.x branch 4 times, most recently from b52256f to 7ed19e9 Compare February 23, 2026 16:35

Update dependency eslint to v10

72f8ab4

renovate-bot force-pushed the renovate/eslint-10.x branch from 7ed19e9 to 72f8ab4 Compare February 23, 2026 23:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comments

Update dependency eslint to v10#5163

Update dependency eslint to v10#5163
renovate-bot wants to merge 1 commit intoxwiki:masterfrom
renovate-bot:renovate/eslint-10.x

renovate-bot commented Feb 7, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Feb 7, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Feb 13, 2026 •

edited

Loading

Uh oh!

manuelleduc commented Feb 23, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Comments

Conversation

renovate-bot commented Feb 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v10.0.2

v10.0.1

Bug Fixes

Documentation

Chores

v10.0.0

Configuration

Uh oh!

socket-security bot commented Feb 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Feb 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

manuelleduc commented Feb 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

renovate-bot commented Feb 7, 2026 •

edited

Loading

`v10.0.2`

`v10.0.1`

`v10.0.0`

socket-security bot commented Feb 7, 2026 •

edited

Loading

socket-security bot commented Feb 13, 2026 •

edited

Loading

manuelleduc commented Feb 23, 2026 •

edited

Loading