refactor: TypeScript ~4.8.4 and ESLint deps upgrades and initial type fixes

[leotm]

Description

This is the initial effort of: #5993

Refer to our pinned Google Sheet in Mobile Comms Practise for remaining initial type fixes done

TODO

• Upgrade to TypeScript 5 ~4.8.4
• Fix current ESLint warning i.e. upgrade @typescript-eslint/parser to support TypeScript version
• Upgrade @types devDeps (and add missing i18n-js)
• Upgrade various ESLint devDeps keeping linting errors 0
• Fix lint warning - remove dupe test
• Doc current @react-native-community lint config
• Convert prev files in Fix 18 JS type errors for TSC to output 683 TS/TSX errors #5975 from JS to TS
• Fix initial set of type errors (ref: our internal Google Sheet pinned in Slack channel)

Screenshots/Recordings

If applicable, add screenshots and/or recordings to visualize the before and after of your change

Issue

Checklist

• There is a related GitHub issue
• Tests are included if applicable
• Any added code is fully documented

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: @pkgr/utils@2.3.1, @metamask/eslint-config@9.0.0, comment-parser@1.2.4, tapable@2.2.1, regextras@0.8.0, eslint-plugin-jsdoc@36.1.1, get-tsconfig@4.5.0

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

[NicolasMassart]

Looks good to me. Thanks @leotm for the explanation of the changes.

dismiss as it requires to tested with upgraded nodejs to v16

[NicolasMassart]

@leotm I will approve again as soon as we test all this with new Node version. Otherwise looks good to me.

[leotm]

@leotm I will approve again as soon as we test all this with new Node version. Otherwise looks good to me.

updated in 833dea8#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L493-R493

[leotm]

@SocketSecurity ignore @pkgr/utils@2.3.1
@SocketSecurity ignore react-native-vector-icons@6.4.2
@SocketSecurity ignore tapable@2.2.1
@SocketSecurity ignore eslint-plugin-jsdoc@39.9.1
@SocketSecurity ignore get-tsconfig@4.5.0

prev semver pkg issues resolved by updating branch with main e.g. #6685 (comment)

https://github.com/MetaMask/metamask-mobile/pull/6080/checks?check_run_id=14556428146

• filesystem access expected for static analysis (eslint, ts)
  • eslint-plugin-jsdoc
  • get-tsconfig
• unmaintained (ideally migrate to maintained pkg)
  • react-native-vector-icons
  • tapable
• No README
  • @pkgr/utils

[leotm]

prev: https://github.com/MetaMask/metamask-mobile/pull/6080/checks?check_run_id=14556428146 X
current: https://github.com/MetaMask/metamask-mobile/pull/6080/checks?check_run_id=14557603138 ✅

• https://socket.dev/npm/package/@pkgr/utils/overview/2.3.1 Supply Chain Security: 76 (supply chain risk)
  • https://socket.dev/npm/issue/obfuscatedRequire severity: high
  • source: package.json via eslint-import-resolver-typescript@3.5.4 (devDep)
  • is Socket Security passing this since via a devDep? why only No README in report?
• https://socket.dev/npm/package/react-native-vector-icons Supply Chain Security: 41-42 (critical)
  • https://socket.dev/npm/issue/obfuscatedRequire severity: high
  • but only @types/react-native-vector-icons has been bumped in this PR (devDep)
  • is Socket Security passing this since via a devDep? but bugged linking to actual dep not the @type?
• https://socket.dev/npm/package/tapable Supply Chain Security: 100 ✅
• https://socket.dev/npm/package/eslint-plugin-jsdoc Supply Chain Security: 88 ✅
• https://socket.dev/npm/package/get-tsconfig Supply Chain Security: 98 ✅

[tommasini]

LGTM!

[leotm]

@SocketSecurity ignore @eslint/js@8.44.0
@SocketSecurity ignore @eslint/eslintrc@2.1.0

https://github.com/MetaMask/metamask-mobile/pull/6080/checks?check_run_id=15201697183

filesystem access expected for static analysis

• @eslint/js@8.44.0

No contributors or author data (package.json)

• @eslint/eslintrc@2.1.0

[leotm]

@SocketSecurity ignore @metamask/eslint-config@9.0.0
@SocketSecurity ignore comment-parser@1.2.4
@SocketSecurity ignore regextras@0.8.0
@SocketSecurity ignore eslint-plugin-jsdoc@36.1.1

https://github.com/MetaMask/metamask-mobile/runs/15326569677

filesystem access expected for static analysis

• eslint-plugin-jsdoc@36.1.1

new author

• metamask/eslint-config@9.0.0

unmaintained

• comment-parser@1.2.4
• regextras@0.8.0

[Gudahtt]

LGTM!

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

0.0% Coverage
0.0% Duplication