Skip to content

Bump to @metamask/eslint-config-* v15#294

Merged
mcmire merged 1 commit intomainfrom
bump-to-eslint-config-v15
Dec 10, 2025
Merged

Bump to @metamask/eslint-config-* v15#294
mcmire merged 1 commit intomainfrom
bump-to-eslint-config-v15

Conversation

@mcmire
Copy link
Contributor

@mcmire mcmire commented Dec 10, 2025
edited by cursor bot
Loading

Fix lint violations from the upgrade.

Also bump typescript-eslint to 8.48.1.

Changes for @metamask/eslint-config-* packages:

Note

Upgrades MetaMask ESLint configs to v15 and typescript-eslint 8.48.1, with minor ESLint and Yarn config adjustments.

  • Tooling:
    • Dev deps: Bump @metamask/eslint-config* to ^15.0.0 and typescript-eslint to ^8.48.1.
    • ESLint config (eslint.config.mjs): Remove parserOptions.project, keep tsconfigRootDir; no other rule changes.
    • Yarn constraints (yarn.config.cjs): Add Yarn typedef alias and JSDoc for constraints args.

Written by Cursor Bugbot for commit 63fbdfc. This will update automatically on new commits. Configure here.

@mcmire
Bump to @metamask/eslint-config-* v15
63fbdfc 
Fix lint violations from the upgrade.

Also bump `typescript-eslint` to 8.48.1.
@mcmire mcmire requested a review from a team as a code owner December 10, 2025 20:53
@socket-security
Copy link

socket-security bot commented Dec 10, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​metamask/​eslint-config-vitest@​1.0.0 ⏵ 15.0.068 +310078 +289 +6100
Updatedtypescript-eslint@​8.12.2 ⏵ 8.48.110010074 -198100
Updated@​typescript-eslint/​utils@​8.26.0 ⏵ 8.48.110010077 +198100
Updated@​metamask/​eslint-config@​14.0.0 ⏵ 15.0.09910085 +191 +10100
Updated@​metamask/​eslint-config-nodejs@​14.0.0 ⏵ 15.0.099 +11008689 +8100
Updated@​metamask/​eslint-config-typescript@​14.0.0 ⏵ 15.0.099 +110086 +291 +8100

View full report

@socket-security
Copy link

socket-security bot commented Dec 10, 2025
edited
Loading

Warning

MetaMask internal reviewing guidelines:

  • Do not ignore-all
  • Each alert has instructions on how to review if you don't know what it means. If lost, ask your Security Liaison or the supply-chain group
  • Copy-paste ignore lines for specific packages or a group of one kind with a note on what research you did to deem it safe.
    @SocketSecurity ignore npm/PACKAGE@VERSION
Action Severity Alert  (click "▶" to expand/collapse)
Warn Low
Potential code anomaly (AI signal): npm ignore is 100.0% likely to have a medium risk anomaly

Notes: The code fragment represents a conventional, well-structured path-ignore utility with caching and recursive parent-directory evaluation. Windows path normalization is present for compatibility but does not indicate malicious intent. No indicators of data leakage, external communication, or covert backdoors were found. Security impact primarily revolves around correct ignore semantics rather than intrinsic vulnerabilities. The component remains appropriate for use in a broader security-conscious pipeline if used with careful awareness of what is being ignored.

Confidence: 1.00

Severity: 0.60

From: ?npm/typescript-eslint@8.48.1npm/ignore@7.0.5

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ignore@7.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Ignoring alerts on:

  • @typescript-eslint/typescript-estree@8.48.1
  • @typescript-eslint/utils@8.48.1

View full report

@mcmire
Copy link
Contributor Author

mcmire commented Dec 10, 2025

@SocketSecurity ignore npm/@typescript-eslint/typescript-estree@8.48.1

I have searched the codebase and am not finding where this fetch is happening 🤔

@Gudahtt
Copy link
Member

Gudahtt commented Dec 10, 2025

That alert is a false positive - I asked the Socket team about it recently

Gudahtt
Gudahtt reviewed Dec 10, 2025
View reviewed changes
Gudahtt
Gudahtt approved these changes Dec 10, 2025
View reviewed changes
Copy link
Member

@Gudahtt Gudahtt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Gudahtt
Copy link
Member

Gudahtt commented Dec 10, 2025

@SocketSecurity ignore npm/@typescript-eslint/utils@8.48.1

This is another known false positive that I investigated elsewhere

cryptodev-2s
cryptodev-2s approved these changes Dec 10, 2025
View reviewed changes
Copy link

@cryptodev-2s cryptodev-2s left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mcmire mcmire merged commit 7979135 into main Dec 10, 2025
26 checks passed
@mcmire mcmire deleted the bump-to-eslint-config-v15 branch December 10, 2025 22:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Gudahtt Gudahtt Gudahtt approved these changes

@cryptodev-2s cryptodev-2s cryptodev-2s approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mcmire @Gudahtt @cryptodev-2s

Comments