devDeps: bump @metamask/eslint-config* to v12

[legobeat]

Description

Combines:

• Bump @metamask/eslint-config-nodejs from 11.1.0 to 12.1.0 #246
• Bump @metamask/eslint-config-jest from 11.1.0 to 12.1.0 #256
• Bump @metamask/eslint-config-typescript from 11.1.0 to 12.1.0 #257
• Bump @metamask/eslint-config from 11.1.0 to 12.2.0 #270
• aligns peerDependencies
• bumps devDeps
• applies new linting

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation for new or updated code as appropriate (note: this will usually be JSDoc)
• I've highlighted breaking changes using the "BREAKING" category above as appropriate

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@types/node	16.18.57	None	+0	3.52 MB
eslint-plugin-n	15.7.0	filesystem	+4	883 kB	weiran.zsd
@metamask/eslint-config-jest	11.1.0...12.1.0	None	+0/-127	8.72 kB	metamaskbot
@metamask/eslint-config-typescript	11.1.0...12.1.0	None	+0/-8	18.5 kB	metamaskbot
@metamask/eslint-config-nodejs	11.1.0...12.1.0	None	+5/-9	978 kB	metamaskbot
depcheck	1.4.3...1.4.5	filesystem	+15/-14	4.69 MB	rumpl
eslint-plugin-jsdoc	40.3.0...41.1.2	None	+1/-3	1.73 MB	gajus

🚮 Removed packages: @metamask/eslint-config@11.1.0, eslint-plugin-node@11.1.0, jest@29.5.0

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: global-prefix@1.0.2, resolve-dir@1.0.1, expand-tilde@2.0.2, @types/node@16.18.57

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

[legobeat]

@SocketSecurity ignore builtins@5.0.1
@SocketSecurity ignore eslint-plugin-n@15.7.0

[legobeat]

@SocketSecurity ignore tiny-glob@0.2.9
@SocketSecurity ignore node-watch@0.7.3

filesystem access ok

[legobeat]

@SocketSecurity ignore is-ci@2.0.0
@SocketSecurity ignore globalyzer@0.1.0
@SocketSecurity ignore buffer@5.7.1
@SocketSecurity ignore object-assign@4.1.1
@SocketSecurity ignore globrex@0.1.2
@SocketSecurity ignore base64-js@1.5.1
@SocketSecurity ignore ieee754@1.2.1

unmaintained ok

[legobeat]

@SocketSecurity ignore global-prefix@1.0.2
@SocketSecurity ignore resolve-dir@1.0.1
@SocketSecurity ignore expand-tilde@2.0.2

new author ok

[jiexi]

why are these being forced?

[legobeat]

Higher versions introduce peerDependency on newer version of react. You can try to omit 4bab13d and run the suite locally to verify.

[jiexi]

ink 3.2.0 has peer deps for "react": ">=16.8.0" and only devDeps for react 17. So it should be fine??

I see why react-reconciler must be in the resolutions though

[legobeat]

ink depends on react-reconciler: ^0.26.2, hence getting dragged down with it here.

[jiexi]

Doesn't "react-reconciler": "0.24.0" already force the version of react-reconcile in ink? No big deal, just trying to understand if I had a wrong assumption of how the resolution works in yarn. Going to approve

[legobeat]

@SocketSecurity ignore @types/node@16.18.57