Skip to content

Comments

[Snyk] Security upgrade eslint from 8.57.0 to 10.0.0#1016

Open
JJediny wants to merge 1 commit intodevelopfrom
snyk-fix-ebd3b5a40b859f5b1574317be5571aa4
Open

[Snyk] Security upgrade eslint from 8.57.0 to 10.0.0#1016
JJediny wants to merge 1 commit intodevelopfrom
snyk-fix-ebd3b5a40b859f5b1574317be5571aa4

Conversation

@JJediny
Copy link

@JJediny JJediny commented Feb 13, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AJV-15274295		   803  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Copilot AI review requested due to automatic review settings February 13, 2026 15:29
Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This Snyk-generated PR upgrades the repository’s JavaScript linting toolchain by bumping eslint to a new major version to address a reported vulnerability in the dependency graph.

Changes:

  • Upgrades eslint from 8.x to 10.0.0 in package.json.
  • Regenerates package-lock.json to reflect the new eslint version and its updated transitive dependency tree.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Bumps the eslint devDependency to ^10.0.0.
package-lock.json Updates the lockfile to the eslint@10 dependency graph.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

package.json
"dotenv": "^16.4.5",
"dotenv-cli": "^7.4.3",
"eslint": "^8.56.0",
"eslint": "^10.0.0",
Copy link

Copilot AI Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Upgrading to eslint@^10 introduces a peer-dependency conflict with eslint-plugin-jsdoc (the lockfile's eslint-plugin-jsdoc entry only supports eslint ^7 || ^8 || ^9). With npm's default peer resolution, npm ci may fail (ERESOLVE) and/or the plugin may not work correctly. Either upgrade eslint-plugin-jsdoc to a version that declares compatibility with eslint 10, or keep eslint on a compatible major version until that support exists.

Suggested change
"eslint": "^10.0.0",
"eslint": "^9.0.0",

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JJediny @snyk-bot