[Snyk] Upgrade eslint from 6.8.0 to 9.16.0

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade eslint from 6.8.0 to 9.16.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 134 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	124	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	124	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	124	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	124	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	124	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	124	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	124	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	124	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	124	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	124	Proof of Concept
	Authentication Bypass SNYK-JS-HAWK-6969142	124	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	124	Proof of Concept
	Insecure Randomness npm:cryptiles:20180710	124	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	124	Proof of Concept

Release notes

Package name: eslint

• 9.16.0 - 2024-11-29
  

  Features

  • 8f70eb1 feat: Add ignoreComputedKeys option in sort-keys rule (#19162) (Milos Djermanovic)

  Documentation

  • 9eefc8f docs: fix typos in use-isnan (#19190) (루밀LuMir)
  • 0c8cea8 docs: switch the order of words in no-unreachable (#19189) (루밀LuMir)
  • 0c19417 docs: add missing backtick to no-async-promise-executor (#19188) (루밀LuMir)
  • 8df9276 docs: add backtick in -0 in description of no-compare-neg-zero (#19186) (루밀LuMir)
  • 7e16e3f docs: fix caseSensitive option's title of sort-keys (#19183) (Tanuj Kanti)
  • 0c6b842 docs: fix typos in migration-guide.md (#19180) (루밀LuMir)
  • 353266e docs: fix a typo in debug.md (#19179) (루밀LuMir)
  • 5ff318a docs: delete unnecessary horizontal rule(---) in nodejs-api (#19175) (루밀LuMir)
  • 576bcc5 docs: mark more rules as handled by TypeScript (#19164) (Tanuj Kanti)
  • 742d054 docs: note that no-restricted-syntax can be used with any language (#19148) (Milos Djermanovic)

  Chores

  • feb703b chore: upgrade to @ eslint/[email protected] (#19195) (Francesco Trotta)
  • df9bf95 chore: package.json update for @ eslint/js release (Jenkins)
  • f831893 chore: add type for ignoreComputedKeys option of sort-keys (#19184) (Tanuj Kanti)
  • 3afb8a1 chore: update dependency @ eslint/json to ^0.8.0 (#19177) (Milos Djermanovic)
  • 1f77c53 chore: add repository.directory property to package.json (#19165) (루밀LuMir)
  • d460594 chore: update dependency @ arethetypeswrong/cli to ^0.17.0 (#19147) (renovate[bot])
  • 45cd4ea refactor: update default options in rules (#19136) (Milos Djermanovic)
• 9.15.0 - 2024-11-15
  

  Features

  • 01557ce feat: Implement Language#normalizeLanguageOptions() (#19104) (Nicholas C. Zakas)
  • 2edc0e2 feat: add meta.defaultOptions (#17656) (Josh Goldberg ✨)
  • bdec50e feat: fix no-useless-computed-key false negative with __proto__ (#19123) (Milos Djermanovic)
  • 3087c9e feat: add meta object to @ eslint/js plugin (#19095) (Francesco Trotta)

  Bug Fixes

  • fd33f13 fix: update types for no-restricted-imports rule (#19060) (Nitin Kumar)
  • bd35098 fix: switch away from Node.js node:assert and AssertionError (#19082) (Josh Goldberg ✨)
  • 9db5b15 fix: unsafe report for no-lonely-if (#19087) (Abraham Guo)
  • 68fa497 fix: ignore files on a different drive on Windows (#19069) (Francesco Trotta)
  • 4ce625a fix: upgrade @ humanwhocodes/[email protected] to avoid debug logs (#19102) (Milos Djermanovic)

  Documentation

  • d927920 docs: fix styles in no-js mode (#18916) (Tanuj Kanti)
  • 09bc2a8 docs: Update README (GitHub Actions Bot)
  • 39089c8 docs: add no-useless-computed-key examples with object patterns (#19109) (Milos Djermanovic)
  • 895c60f docs: add missing messageId property and suggestion properties (#19122) (fnx)
  • 298625e docs: Change CLI -c to use flat config (#19103) (Nicholas C. Zakas)
  • 522d8a3 docs: add deprecation on indent, quotes and semi rule types (#19090) (Marco Pasqualetti)

  Chores

  • 2967d91 chore: upgrade @ eslint/[email protected] (#19133) (Milos Djermanovic)
  • b441bee chore: package.json update for @ eslint/js release (Jenkins)
  • 7d6bf4a chore: upgrade @ eslint/[email protected] (#19131) (Milos Djermanovic)
  • 902e707 chore: upgrade @ eslint/[email protected] (#19130) (Milos Djermanovic)
  • 5ff6c1d chore: bump cross-spawn (#19125) (Ian Bobinac)
  • cceccc7 chore: update dependency @ eslint/json to ^0.6.0 (#19117) (renovate[bot])
  • 0da3f73 chore: update algolia referrer (#19114) (Strek)
  • 4f08332 ci: unpin trunk-io/trunk-action (#19108) (Francesco Trotta)
  • 6b75683 perf: optimize text-table by replacing regex with trimEnd (#19061) (Nitin Kumar)
• 9.14.0 - 2024-11-01
  

  Features

  • 3fa009f feat: add support for Import Attributes and RegExp Modifiers (#19076) (Milos Djermanovic)
  • b0faee3 feat: add types for the @ eslint/js package (#19010) (Nitin Kumar)

  Bug Fixes

  • 24d0172 fix: enable retry concurrency limit for readFile() (#19077) (Nicholas C. Zakas)
  • b442067 fix: Don't crash when directory is deleted during traversal. (#19067) (Nicholas C. Zakas)
  • d474443 fix: avoid call stack overflow while processing globs (#19035) (Livia Medeiros)

  Documentation

  • 151c965 docs: update context.languageOptions.parser description (#19084) (Nitin Kumar)
  • dc34f94 docs: Update README (GitHub Actions Bot)
  • f16e846 docs: Update README (GitHub Actions Bot)
  • ee0a77e docs: change link from @ types/eslint to lib/types (#19049) (Karl Horky)
  • 50f03a1 docs: Clarify global ignores in config migration guide (#19032) (Milos Djermanovic)

  Build Related

  • 37c9177 build: update @ wdio/* dependencies (#19068) (Francesco Trotta)
  • 35a8858 build: exclude flawed dendency versions (#19065) (Francesco Trotta)

  Chores

  • f36cb16 chore: upgrade @ eslint/[email protected] (#19086) (Milos Djermanovic)
  • 28be447 chore: package.json update for @ eslint/js release (Jenkins)
  • f48a2a0 test: add no-invalid-regexp tests with RegExp Modifiers (#19075) (Milos Djermanovic)
  • 425202e perf: Fix caching in config loaders (#19042) (Milos Djermanovic)
  • 3d44b3c ci: run tests in Node.js 23 (#19055) (Francesco Trotta)
  • 7259627 test: ensure tmp directory cleanup in check-emfile-handling.js (#19036) (Livia Medeiros)
• 9.13.0 - 2024-10-18
  

  Features

  • 381c32b feat: Allow languages to provide defaultLanguageOptions (#19003) (Milos Djermanovic)
  • bf723bd feat: Improve eslintrc warning message (#19023) (Milos Djermanovic)
  • 1def4cd feat: drop support for jiti v1.21 (#18996) (Francesco Trotta)
  • f879be2 feat: export ESLint.defaultConfig (#18983) (Nitin Kumar)

  Bug Fixes

  • 78836d4 fix: update the complexity rule type (#19027) (Nitin Kumar)
  • 064c8b6 fix: update rule types (#18925) (Nitin Kumar)

  Documentation

  • abdbfa8 docs: mark LintMessage#nodeType as deprecated (#19019) (Nitin Kumar)
  • 19e68d3 docs: update deprecated rules type definitions (#19018) (Nitin Kumar)
  • 7dd402d docs: Update examples of passing multiple values to a CLI option (#19006) (Milos Djermanovic)
  • 5dcbc51 docs: Add example with side-effect imports to no-restricted-imports (#18997) (Milos Djermanovic)
  • 1ee87ca docs: Update README (GitHub Actions Bot)
  • 2c3dbdc docs: Use prerendered sponsors for README (#18988) (Milos Djermanovic)

  Chores

  • 68d2d9d chore: upgrade to @ eslint/[email protected] and @ eslint/core@^0.7.0 (#19034) (Francesco Trotta)
  • 2211f0a chore: package.json update for @ eslint/js release (Jenkins)
  • c7abaef perf: using Node.js compile cache (#19012) (唯然)
  • 1d7c077 chore: add pkg.type "commonjs" (#19011) (唯然)
  • 468e3bd test: fix ESLint tests (#19021) (Francesco Trotta)
  • ed4635f ci: upgrade [email protected] (#18992) (Milos Djermanovic)
  • efad767 chore: remove unused ignore dependency (#18993) (Amaresh S M)
• 9.12.0 - 2024-10-04
  

  Features

  • 5a6a053 feat: update to jiti v2 (#18954) (Arya Emami)
  • 17a07fb feat: Hooks for test cases (RuleTester) (#18771) (Anna Bocharova)
  • 2ff0e51 feat: Implement alternate config lookup (#18742) (Nicholas C. Zakas)
  • 2d17453 feat: Implement modified cyclomatic complexity (#18896) (Dmitry Pashkevich)

  Bug Fixes

  • ea380ca fix: Upgrade retry to avoid EMFILE errors (#18986) (Nicholas C. Zakas)
  • fdd6319 fix: Issues with type definitions (#18940) (Arya Emami)

  Documentation

  • ecbd522 docs: Mention code explorer (#18978) (Nicholas C. Zakas)
  • 7ea4ecc docs: Clarifying the Use of Meta Objects (#18697) (Amaresh S M)
  • d3e4b2e docs: Clarify how to exclude .js files (#18976) (Milos Djermanovic)
  • 57232ff docs: Mention plugin-kit in language docs (#18973) (Nicholas C. Zakas)
  • b80ed00 docs: Update README (GitHub Actions Bot)
  • cb69ab3 docs: Update README (GitHub Actions Bot)
  • 7fb0d95 docs: Update README (GitHub Actions Bot)
  • 493348a docs: Update README (GitHub Actions Bot)
  • 87a582c docs: fix typo in id-match rule (#18944) (Jay)

  Chores

  • 555aafd chore: upgrade to @ eslint/[email protected] (#18987) (Francesco Trotta)
  • 873ae60 chore: package.json update for @ eslint/js release (Jenkins)
  • d0a5414 refactor: replace strip-ansi with native module (#18982) (Cristopher)
  • b827029 chore: Enable JSON5 linting (#18979) (Milos Djermanovic)
  • 8f55ca2 chore: Upgrade espree, eslint-visitor-keys, eslint-scope (#18962) (Nicholas C. Zakas)
  • c1a2725 chore: update dependency mocha to ^10.7.3 (#18945) (Milos Djermanovic)
• 9.11.1 - 2024-09-23
  

  Bug Fixes

  • 20fd916 fix: add @ eslint/core, @ types/estree, & @ types/json-schema deps (#18938) (Nitin Kumar)
  • 2738322 fix: add missing types for require-atomic-updates rule (#18937) (Kristóf Poduszló)
  • d71ff30 fix: add missing types for object-shorthand rule (#18935) (Kristóf Poduszló)
  • 561cadc fix: add missing types for no-unsafe-negation rule (#18932) (Kristóf Poduszló)
  • 8843656 fix: add missing types for no-underscore-dangle rule (#18931) (Kristóf Poduszló)
  • 92cde5c fix: add missing types for no-shadow rule (#18930) (Kristóf Poduszló)
  • b3cbe11 fix: add missing types for no-sequences rule (#18929) (Kristóf Poduszló)
  • 976f77f fix: add missing types for no-unused-expressions rule (#18933) (Kristóf Poduszló)

  Documentation

  • 3eff709 docs: replace deprecated Linter.FlatConfig type with Linter.Config (#18941) (Carlos Meira)

  Chores

  • df4a859 chore: upgrade @ eslint/[email protected] (#18943) (Milos Djermanovic)
  • 36d8095 chore: package.json update for @ eslint/js release (Jenkins)
• 9.11.0 - 2024-09-20
  

  Features

  • ec30c73 feat: add "eslint/universal" to export Linter (#18883) (唯然)
  • c591da6 feat: Add language to types (#18917) (Nicholas C. Zakas)
  • 492eb8f feat: limit the name given to ImportSpecifier in id-length (#18861) (Tanuj Kanti)
  • 19c6856 feat: Add no-useless-constructor suggestion (

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR upgrades eslint from 6.8.0 to 9.16.0 in the package.json file located in deps/v8/tools/clusterfuzz/js_fuzzer. This upgrade fixes several high and critical severity vulnerabilities, including prototype pollution, inefficient regular expression complexity, incomplete list of disallowed inputs, uncontrolled resource consumption, regular expression denial of service, denial of service, authentication bypass, prototype poisoning, insecure randomness, and more. The upgrade also introduces new features such as an ignoreComputedKeys option in the sort-keys rule, support for import attributes and RegExp modifiers, hooks for RuleTester test cases, alternate config lookup, and modified cyclomatic complexity. Several bug fixes, documentation updates, and build-related improvements are included as well.

State diagram of ESLint security improvements

stateDiagram-v2
    [*] --> ESLint_6.8.0
    ESLint_6.8.0 --> ESLint_9.16.0: Upgrade

    state ESLint_6.8.0 {
        Vulnerable --> PrototypePollution
        Vulnerable --> RegExpDoS
        Vulnerable --> AuthBypass
    }

    state ESLint_9.16.0 {
        Fixed --> SecurityPatches
        Fixed --> PerformanceImprovements
        Fixed --> NewFeatures
    }

    ESLint_9.16.0 --> [*]

Loading

File-Level Changes

Change	Details	Files
Upgrade eslint dependency	The eslint dependency was updated from version 6.8.0 to 9.16.0.	deps/v8/tools/clusterfuzz/js_fuzzer/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.