devDeps: update eslint packages by legobeat · Pull Request #1498 · MetaMask/core

legobeat · 2023-07-13T23:00:59Z

Explanation

Another rehash of #1014 and #1277, with more conservative enabling of rules introduced through @metamask/eslint-config* package updates.

References

Changelog

Checklist

I've updated the test suite for new or updated code as appropriate
I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
I've highlighted breaking changes using the "BREAKING" category above as appropriate

.eslintrc.js

socket-security · 2023-07-14T02:23:49Z

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
eslint-plugin-promise	6.1.1	None	`+23`	6.17 MB	eslint-community-bot
eslint-plugin-n	15.7.0	filesystem	`+26`	6.67 MB	weiran.zsd
@metamask/eslint-config-jest	9.0.0...12.1.0	None	`+38/-38`	10.9 MB	metamaskbot
@metamask/eslint-config-typescript	9.0.1...12.1.0	None	`+37/-37`	50.2 MB	metamaskbot
@metamask/eslint-config-nodejs	9.0.0...12.1.0	None	`+34/-29`	9.3 MB	metamaskbot
@metamask/eslint-config	9.0.0...12.1.0	None	`+30/-26`	8.71 MB	metamaskbot
@typescript-eslint/parser	4.33.0...5.62.0	None	`+28/-26`	7.58 MB	jameshenry
eslint	7.32.0...8.44.0	environment	`+22/-18`	6.11 MB	eslintbot
eslint-plugin-jsdoc	36.1.1...39.9.1	None	`+27/-24`	8.46 MB	gajus
eslint-plugin-prettier	3.4.1...4.2.1	None	`+23/-19`	6.17 MB	jounqin
eslint-plugin-jest	24.7.0...27.2.3	None	`+30/-29`	8.4 MB	simenb

🚮 Removed packages: @typescript-eslint/eslint-plugin@4.33.0, eslint-plugin-node@11.1.0

socket-security · 2023-07-14T02:23:52Z

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: @eslint/js@8.44.0, @typescript-eslint/utils@5.62.0, argparse@2.0.1, builtins@5.0.1, yocto-queue@0.1.0, is-path-inside@3.0.3, @eslint/eslintrc@2.1.0, eslint-plugin-n@15.7.0

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

legobeat · 2023-07-14T02:31:53Z

@SocketSecurity ignore @eslint/js@8.44.0
@SocketSecurity ignore @typescript-eslint/utils@5.62.0
@SocketSecurity ignore argparse@2.0.1
@SocketSecurity ignore builtins@5.0.1
@SocketSecurity ignore yocto-queue@0.1.0
@SocketSecurity ignore is-path-inside@3.0.3
@SocketSecurity ignore @eslint/eslintrc@2.1.0
@SocketSecurity ignore eslint-plugin-n@15.7.0

packages/base-controller/src/BaseControllerV2.ts

.eslintrc.js

Gudahtt · 2023-07-14T04:17:04Z

New peer dependency warning:

@metamask/core-monorepo@workspace:. provides typescript (pcb988) with version 4.6.3, which doesn't satisfy what @metamask/eslint-config-typescript requests

Though main is already in an incompatible state (it has a different TypeScript incompatibility, see the warning when yarn lint is run on main), so this still seems like a step forward. We should make updating TypeScript a priority though.

.eslintrc.js

Gudahtt

LGTM!

legobeat · 2023-07-14T04:42:35Z

@MetaMask/snaps-devs approval needed for merge

apart from typescript, which is kept at 4.6.3 despite @metamask/eslint-config-typescript wanting ~4.8.4

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

FrederikBolding

LGTM!

Note: I have only reviewed the files under snaps ownership since the PR already has two other approvals

* devDeps: eslint@7.24.0->8.44.0 * devDeps: bump eslint-related to accommodate with v8 apart from typescript, which is kept at 4.6.3 despite @metamask/eslint-config-typescript wanting ~4.8.4 * WIP: update eslint/ts config for new eslint version * lint update * eslint: update rules config * eslint: update rules config * eslint: disable @typescript-eslint/promise-function-async * eslint: disable jsdoc/match-description * eslint: disable @typescript-eslint/prefer-nullish-coalescing * eslint: disable @typescript-eslint/unbound-method * eslintrc fix typo * eslint: disable @typescript-eslint/prefer-reduce-type-parameter * eslint: disable id-denylist * lint:fix * Update packages/base-controller/src/BaseControllerV2.ts Co-authored-by: Mark Stacey <markjstacey@gmail.com> * eslintrc: remove redundant rules * lint tests,scripts * remove redundant parserOptions * Update .eslintrc.js Co-authored-by: Mark Stacey <markjstacey@gmail.com> --------- Co-authored-by: Mark Stacey <markjstacey@gmail.com>

legobeat force-pushed the devdeps-eslint-rebased-202307 branch from 7a1fe0f to 75df23a Compare July 13, 2023 23:13

legobeat commented Jul 13, 2023

View reviewed changes

.eslintrc.js Outdated Show resolved Hide resolved

legobeat marked this pull request as ready for review July 13, 2023 23:25

legobeat requested review from a team as code owners July 13, 2023 23:25

This was referenced Jul 13, 2023

Bump ESLint and related dependencies, and fix lint errors #1014

Closed

devDeps: upgrade eslint & friends #1277

Closed

legobeat added the dependencies Pull requests that update a dependency file label Jul 14, 2023