⬆️ Updates eslint-plugin-unicorn to v48 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
eslint-plugin-unicorn	^34.0.1 -> ^48.0.0

---

Release Notes

sindresorhus/eslint-plugin-unicorn (eslint-plugin-unicorn)

v48.0.0

Compare Source

Improvements

• Deprecate no-unsafe-regex rule (#​2135) 7b473aa
• prefer-top-level-await: Ignore promises inside Promise.{all,allSettled,any,race}() (#​2139) d3f6b60
• no-process-exit: Ignore when using node:worker_threads module (#​2136) 2907805
• prefer-array-some: Ignore filter calls with literal argument (#​2097) 7a32edb
• prefer-modern-math-api: Check cases that Math.hypot() should be preferred (#​2080) 9bbc948
• explicit-length-check: Ignore .length || number (#​1977) b9b8794

Fixes

• Fix crash on array holes (#​2129) f10f1a6
• prefer-dom-node-dataset: Fix edge cases (#​2171) b2d7378
• prefer-dom-node-dataset: Remove broken fix for element.setAttribute (#​2169) 61234af
• no-lonely-if: Fix an edge case (#​2168) ca837a8
• no-useless-undefined: Turn parameter with undefined default value into optional parameter (#​2138) 4aa7d60
• no-thenable: Fix Object.fromEntries() check (#​2130) f3265b9
• prefer-dom-node-remove: Fix incorrect auto-fix (#​2084) 74bb36d

v47.0.0

Compare Source

Breaking

• Require Node.js 16 (#​2073) a3bc120
• Require eslint@>=8.38.0 (#​2066) 04af765
• Enable prefer-at, prefer-event-target, and prefer-string-replace-all in recommended config (#​2073) a3bc120

New rules

• prefer-blob-reading-methods (#​2065) 2bb1a04

Improvements

• prefer-top-level-await: Ignore .cjs files (#​2072) 0c3ccb1
• prefer-spread: Stop checking Array.from call with map function (#​2064) f5beccb
• prefer-dom-node-text-content: Check optional chaining (#​2062) 8d6d007
• prefer-dom-node-{append,remove}: Check optional chaining (#​2061) 443999b

Fixes

• prefer-number-properties: Fix false positives (#​2050) 124bfa7

v46.0.1

Compare Source

• Fix expiring-todo-comments (#​2077) 7a6861a

v46.0.0

Compare Source

Improvements

• Add elems to abbreviations (#​2040) 2a9c840
• no-useless-spread: Check Array#{toReversed,toSorted,toSpliced,with} (#​2030) 55469e5
• prefer-set-has: Support Array#{toReversed,toSorted,toSpliced,with} (#​2032) fea5b42
• prefer-spread: Forbid use of Array#toSpliced() to copy array (#​2034) 4ada50e
• prefer-negative-index: Check .toSpliced() and .with() (#​2031) 7ed738a
• no-empty-file: Support .jsx and .tsx extensions (#​2002) ba1a00e

Fixes

• expiring-todo-comments: Do not normalize package.json (#​1871) (#​2020) fcd8934

v45.0.2

Compare Source

• prefer-string-replace-all: Don't crash on invalid pattern (#​2011) 3bbe027
• prevent-abbreviations: Skip fix for variables used in Vue template (#​2012) 8cd1ded

v45.0.1

Compare Source

• no-useless-spread: Remove unsafe fix (#​1996) 6756cbd

v45.0.0

Compare Source

New rules

• no-typeof-undefined (#​1966) d7f7341
• no-negated-condition (#​1963) e4aaa42
• prefer-set-size (#​1952) 5f23c98

Improvements

• prefer-at: Support private fields (#​1929) 60bb455
• no-useless-undefined: Ignore Array#includes() and Set#has() (#​1951) 8dfd5a7
• no-useless-spread: Check cloning inline arrays (#​1980) 5d90d73
• prefer-top-level-await: Ignore expressions in class (#​1976) b90a3aa
• prefer-string-replace-all: Improve RegExp to string fix (#​1971) b844dbc
• prefer-string-replace-all: Check pattern even if it's already using .replaceAll (#​1981) e8c5156
• prefer-string-replace-all: Report all String#replace() when the pattern has g flag (#​1965) 6316f05
• prefer-string-replace-all: Ignore regex with pipe (#​1962) 76deaa3
• prefer-regexp-test: Use suggestions if not sure regexp without g flag (#​1954) 505a203
• no-array-for-each: Skip fix for some edge cases (#​1979) 48efc7a
• prefer-add-event-listener: Only fix ExpressionStatement, check operator (#​1955) aca21f2
• prevent-abbreviations: Improve fix for retVal (#​1953) 25cd810

Fixes

• prefer-top-level-await: Fix crash on for..of loop (#​1950) 00a29c8

v44.0.2

Compare Source

• no-array-method-this-argument: Ignore lodash.findLast and lodash.findLastIndex (#​1927) 86e8add

v44.0.1

Compare Source

• prefer-array-index-of: Add missing message (#​1924) a981a13

v44.0.0

Compare Source

New rules

• no-unnecessary-await (#​1904) 412fc6f
• switch-case-braces (#​1902) 690ed8c

Improvements

• prefer-array-find: Add option to also prefer .findLast() (#​1900) 02252c7
• template-indent: Preserve trailing spaces (#​1872) e4071f5
• no-document-cookie: Check window.document.cookie (#​1833) 0886544
• prefer-array-index-of: Prefer .lastIndexOf() over .findLastIndex() (#​1896) 70e5bdd
• prefer-array-some: Check .findLast() (#​1897) 3e6ae43
• prefer-native-coercion-functions: Check .findLast and .findLastIndex (#​1893) f2c6acc
• no-array-method-this-argument: Check .findLast and .findLastIndex (#​1890) 3bc28ad
• no-array-callback-reference: Check .findLast and .findLastIndex (#​1889) 37a5cda
• prefer-negative-index: Remove ArrayBuffer#at (#​1899) a10e3f6
• prefer-at: Improve fix (#​1901) 1c457bb

Fixes

• no-await-expression-member: Fix crash on TypeScript parser (#​1910) b002e75
• prevent-abbreviations: Skip fix when variable is JSX component (#​1907) 9ed08ab
• better-regexp: Don't fix if .source or .toString() is used (#​1903) 8ad592b

v43.0.2

Compare Source

• prefer-spread: Ignore Array#join().concat() and (a + b).concat() (#​1859) ab71971

v43.0.1

Compare Source

• Remove prefer-event-target from the recommended preset 4d2faac
  • EventTarget requires Node.js 16 and we target Node.js 14. We'll enable it again in a year when we can target Node.js 16.

v43.0.0

Compare Source

New rules

• prefer-logical-operator-over-ternary (#​1830) 5d7e622
• prefer-event-target (#​1792) 166524a

Breaking

• Require Node.js 14

Improvements

• Add prefer-top-level-await rule to recommended preset (#​1803) 6f5ecf5
• Deprecate import-index rule (#​1787) 0034e69
• Update abbreviations to support Next.js functions (#​1804) 4b96057
• text-encoding-identifier-case: Ignore JSX meta[charset="utf-8"] (#​1817) c67a70f
• prefer-number-properties: Check any use of global functions (#​1834) 51d7e06
• prefer-number-properties: Detect usage via global object (#​1832) 80c4af2
• no-array-for-each: Check reassign in for..in and for..of (#​1824) d3b2548
• no-useless-undefined: Ignore ref(undefined) in Vue project (#​1828) e7306e5
• prefer-node-protocol: Always check require() (#​1827) 2c914d4
• no-array-for-each: Improve parameter reassign detection (#​1823) 56df468
• no-array-for-each: Add fix for arrow function body (#​1785) 59218e3

Fixes

• no-array-for-each: Fix auto-fix causing SyntaxError (#​1813) 47c8337

v42.0.0

Compare Source

The project has passed 100 lint rules 🎉

Thanks to everyone that has contributed so far.

And special thanks to our team member @​fisker for doing most of the work on this project. We could not have gotten this far without him.

New rules

• no-useless-switch-case (#​1779) a8fb966
• prefer-modern-math-apis (#​1780) 6dfdeb0
• no-unreadable-iife (#​1765) ce8a4b7
• prefer-native-coercion-functions (#​1767) 51166f4

Improvements

• template-indent: Set the rule error instead of warn in recommended preset (#​1781) 09923af
• prefer-json-parse-buffer: Remove from recommended preset (#​1750) 93f49f2
• no-array-for-each: Add fixer for parenthesized call (#​1784) 5f39c37
• no-array-for-each: Handle optional chaining (#​1753) 1d32db4
• prefer-object-from-entries: Stop checking unknown cases (#​1771) 309771d
• prefer-string-trim-start-end: Check optional chaining (#​1768) 1920597
• no-useless-undefined: Ignore arguments in Function#bind() (#​1762) c501243
• prefer-ternary: Skip fix if there are comments (#​1763) 3013565
• text-encoding-identifier-case: Auto-fix encoding in fs.{readFile,readFileSync}() (#​1755) 5e1c932
• Add dist and dst abbreviations (#​1756) dffcea8

Fixes

• no-array-for-each: Handle ChainExpression correctly (#​1772) e615a37

v41.0.1

Compare Source

• relative-url-style: Improve fix (#​1748) f406795

v41.0.0

Compare Source

New rules

• text-encoding-identifier-case (#​1718) 4370602

Breaking

• Require ESLint 8 (#​1724) 608a90c

Fixes

• prefer-export-from: Fix TypeScript compatibility (#​1728) f14aa95
• prefer-at: Remove auto-fix for arguments (#​1705) bba518e

v40.1.0

Compare Source

• expiring-todo-comments: Add date option (#​1683) 16bc33a
• consistent-function-scoping: Allow React.useHook (#​1691) e910633
• no-useless-undefined: Allow React.createContext(undefined) (#​1688) 40bc603

v40.0.0

Compare Source

New rules

• no-thenable (#​1616) c318644
• no-useless-promise-resolve-reject (#​1623) 054436e
• relative-url-style (#​1672) 6ab705b
• prefer-json-parse-buffer (#​1676) 84c9c70

Improvements

• prefer-object-has-own: Deprecate in favor of the built-in prefer-object-has-own rule (#​1646) e59a856
• filename-case: Ignore $ in filenames (#​1628) a43a174
• no-useless-promise-resolve-reject: Detect unnecessary Promise.resolve/reject in promise callback functions (#​1666) f6215f3
• prefer-export-from: Support import assertions (#​1618) 1d7a6b6
• prefer-top-level-await: Improve top-level expression detection (#​1526) b054d65
• prefer-dom-node-dataset: Check .hasAttribute() and .getAttribute() (#​1673) 152f153
• prefer-dom-node-dataset: Check .removeAttribute() (#​1668) 22d8d03
• prefer-string-slice: Improve fix (#​1675) 267115a
• prefer-math-trunc: Improve fix logic (#​1670) 784c7a8
• prefer-string-slice: Improve argument type detection (#​1664) 03b0946
• prefer-add-event-listener: Remove fix for onerror (#​1650) 7bf63bb
• no-array-push-push: Ignore process.{stdin,stdout,stderr} (#​1654) 10ad699
• no-new-array & no-new-buffer: Improve argument type detection (#​1648) 9b04e43
• no-array-for-each: Ignore pIteration.forEach (#​1649) 2b92385
• no-array-callback-reference: Ignore primitive wrappers in Array#map() (#​1642) 0362c09
• prefer-export-from: Support "string literal specifier" (#​1636) 0866b41
• template-indent: Check Jest inline snapshots by default (#​1637) 64460e2

Fixes

• prefer-dom-node-dataset: Fix name conversion (#​1674) 7fb6f7b
• prefer-export-from: Fix crash in TypeScript files (#​1647) 1ff8e42

v39.0.0

Compare Source

New rules

• prefer-code-point (#​1584) 31c83cd
• no-await-expression-member (#​1586) 0485924

Improvements

• prefer-export-from: Add ignoreUsedVariables option (#​1590) a8d52e4
• prevent-abbreviations: Show file basename instead of full path (#​1593) 7c2867d
• Remove require-post-message-target-origin rule from recommended config (#​1581) 014b4dc

Fixes

• no-empty-file: Fix false positive with triple-slash directives (#​1605) 6354bb8
• require-number-to-fixed-digits-argument: Ignore .toFixed from new expression (#​1601) 20d61e7
• prefer-export-from: Fix bug on fixing export namespace as default (#​1583) b564ff1
• Add missing additionalProperties to schema (#​1589) 579d05d

v38.0.1

Compare Source

• prefer-export-from: Ignore variables with type (#​1580) ea49b21

v38.0.0

Compare Source

New rules

• no-empty-file (#​1506) a2ba25e
• prefer-export-from (#​1453) ff43745

Improvements

• Ignore Ramda methods in rules (#​1557) 5f3bad5
• no-array-callback-reference: Only ignore Boolean in reasonable places (#​1570) 46f8638
• require-array-join-separator: Check optional member (#​1569) 15f9028

v37.0.1

Compare Source

• Fix compatibility with ESLint 7 (#​1548) e6cee0f

v37.0.0

Compare Source

New rules

• template-indent (#​1478) 5f4c440

Improvements

• Support ESLint 8 (#​1488) e97ab7e
• Use 'latest' as ecmaVersion (#​1465) 9feb181

v36.0.0

Compare Source

New rules

• no-useless-fallback-in-spread (#​1481) 1675118
• no-invalid-remove-event-listener (#​1216) f0ff04d

Improvements

• Add all config (#​1512) a512ad1
  • This config includes all the rules, except deprecated ones.
• prefer-spread: Check String#split('') (#​1489) d51a197
• prefer-module: Use suggestions for 'use strict' directive (#​1470) 57c7906
• error-message: Handle shadowed Error constructor (#​1496) fdadd88

Fixes

• prefer-spread: Fix false negative on array constants (#​1474) 4162145

v35.0.0

Compare Source

New rules

• prefer-object-from-entries (#​1308) 4a14187
• no-useless-length-check (#​1398) 1107455
• no-useless-spread (#​1401) 1463f52

Breaking

• explicit-length-check: Remove greater-than-or-equal option (#​1397) db1a2b5
  • It enabled a style that no one actually uses.

Improvements

• no-array-reduce: Add allowSimpleOperations option (#​1418) 153eb2c
• no-array-callback-reference: Ignore jQuery methods (#​1457) 7af9a6f
• prevent-abbreviations: Ignore i18n and l10n (#​1445) efdd90e
• no-array-callback-reference: Ignore mobx-state-tree usage (#​1455) 73c0dfd
• new-for-builtins: Check WeakRef and FinalizationRegistry (#​1450) fce9d1d
• no-zero-fractions: Handle .0 correctly (#​1444) fcca35d
• new-for-builtins: Enforce new for SharedArrayBuffer and Proxy (#​1438) 2ba83ad
• no-null: Allow Object.create(null, …) (#​1432) 768f301
• number-literal-case: Support Vue SFC (#​1434) ee9f609
• no-object-as-default-parameter: Forbid destructuring (#​1433) 3fcc4bb
• prefer-spread: Better auto-fix (#​1426) 7bdf0dd
• prefer-array-some: Check cases comparing .find() with undefined (#​1422) 3dc2f77
• no-useless-spread: Check useless "iterable to array" (#​1414) 61bc6a3
• prefer-dom-node-text-content: Check destructuring, Use suggestion instead of auto-fix (#​1417) c4bfc42
• require-post-message-target-origin: Disable for TypeScript files (#​1415) 741484a
• prefer-add-event-listener: Update event types list (#​1412) 7f88b2f
• no-instanceof-array: Support Vue SFC (#​1410) 3b22917
• prevent-abbreviations: Add def (#​1402) f783472
• no-instanceof-array: Improve report location (#​1389) 6512fbd
• Use original quote when auto-fixing (#​1411) bb81582

Fixes

• throw-new-error: Fix an edge case (#​1390) 806831b
• Fix cases without space after keywords (#​1436) 179b7df

v34.0.1

Compare Source

• no-array-method-this-argument: Fix false positives (#​1386) d364d67

v34.0.0

Compare Source

New rules

• no-array-method-this-argument (#​1357) 96587f2
• require-post-message-target-origin (#​1326) 03c540b
• prefer-top-level-await (#​1325) 05722a1
  • Disabled in the recommended preset.
• prefer-at (#​1331) 8ca5b46
  • Disabled in the recommended preset.

Improvements

• prefer-module: Ignore .cjs files (#​1355) ebdc3c2
• error-message: Support AggregateError (#​1351) e7b4300
• filename-case: Enforce lowercased file extension (#​1336) 119615b
• expiring-todo-comments: More helpful error when no conditions (#​1375) 914a996
• prefer-array-some and prefer-regexp-test: Support Vue SFC (#​1364) a46050e
• explicit-length-check: Support v-show directive (#​1363) f163c4a
• explicit-length-check: Support Vue SFC files (#​1360) 9199611
• prefer-type-error: Improve report location (#​1354) bc3d58b
• no-useless-undefined: Ignore Set#add() Map#set() Array#{push,unshift}() (#​1353) c6359c3
• prefer-prototype-methods: Only check methods from [] and {} (#​1347) 29a4e75
• prefer-array-some: Report non-zero check on array.filter().length (#​1337) f8aaac2
• Use context.getPhysicalFilename() (#​1344) e2540cb

Fixes

• prefer-array-find and prefer-at: Fix crash on LHS zero index access (#​1373) da1f6d8
• prefer-prototype-methods: Fix a missing condition on object literal check (#​1332) cec7f11

v33.0.1

Compare Source

• prefer-prototype-methods: Ignore known object literal methods (#​1330) 639e7af

v33.0.0

Compare Source

New rules

• require-array-join-separator (#​1284) 36e7103
• require-number-to-fixed-digits-argument (#​1288) 4a30863
• prefer-prototype-methods (#​1247) 7bde733
• prefer-object-has-own (#​1322) ca34b40
  • Not enabled in the recommended preset.

Improvements

• no-array-for-each: Handle only return statement inside if or else (#​1319) 298a104
• new-for-builtins & no-new-buffer: Handle line breaks after new keyword (#​1301) d37439f
• prefer-array-flat-map: Remove check on [].concat(...array.map(…)) ([#​1299](https://togithub.com/sindresorhus/eslint-plugin-unicorn/

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Moscow, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[viezly]

Pull request by bot. No need to analyze

[github-actions]

Thanks for the PR!

This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.

[github-actions]

Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.

[github-actions]

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.

[socket-security]

Updated and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
jest-puppeteer	4.4.0...5.0.4	eval	+40/-8	7.33 MB	tonybrix
ts-node	9.1.1...10.9.1	shell, environment	+12/-2	68.5 MB	cspotcode
typescript	4.1.5...4.9.5	None	+0/-0	66.8 MB	typescript-bot
eslint-config-prettier	6.15.0...8.8.0	None	+25/-17	6.7 MB	lydell
qawolf	1.2.0...2.6.1	None	+21/-132	3.39 MB	jperl
del-cli	3.0.0...4.0.1	None	+31/-22	867 kB	sindresorhus
husky	5.1.3...7.0.4	None	+0/-0	6.06 kB	typicode
ts-jest	26.5.1...27.1.5	environment	+159/-127	87.2 MB	kul
playwright-chromium	1.8.1...1.36.1	None	+0/-1	16.4 kB	aslushnikov
jest-circus	26.6.3...27.5.1	eval	+95/-106	12.3 MB	simenb
jest	26.6.3...27.5.1	None	+156/-125	86.8 MB	simenb
@vercel/node	1.9.0...1.15.4	network	+3/-2	64.2 MB	vercel-release-bot
jsdom	16.4.0...17.0.0	network	+21/-15	5.19 MB	domenic
@types/jest	26.0.20...27.5.2	eval	+8/-8	356 kB	types
coveralls	3.1.0...3.1.1	None	+0/-0	33 kB	nickmerwin
eslint-plugin-spellcheck	0.0.8...0.0.19	None	+25/-17	9.1 MB	aotaduy
eslint	7.20.0...7.32.0	None	+24/-15	6.68 MB	eslintbot
@semantic-release/release-notes-generator	9.0.1...9.0.3	None	+58/-51	19.4 MB	semantic-release-bot
typedoc	0.20.35...0.21.10	network, shell, environment	+7/-5	77.9 MB	gerrit0
eslint-plugin-import	2.22.1...2.27.5	None	+74/-41	12 MB	ljharb
@semantic-release/npm	7.0.10...7.1.3	None	+58/-51	19.4 MB	semantic-release-bot
eslint-plugin-unicorn	17.2.0...48.0.0	None	+37/-23	8.32 MB	sindresorhus
semantic-release	17.3.9...17.4.7	None	+58/-51	19.4 MB	semantic-release-bot
@semantic-release/github	7.2.0...7.2.3	None	+58/-51	19.4 MB	semantic-release-bot
eslint-plugin-prettier	3.3.1...3.4.1	filesystem	+26/-17	6.78 MB	bpscott
@typescript-eslint/parser	4.15.0...4.33.0	None	+41/-30	75.7 MB	jameshenry
@typescript-eslint/eslint-plugin	4.15.0...4.33.0	None	+45/-33	78.9 MB	jameshenry
eslint-plugin-jest	23.20.0...24.7.0	None	+46/-21	79.2 MB	simenb

🚮 Removed packages: eslint-plugin-github@4.1.1, lodash@4.17.20, playwright-core@1.8.1

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Native code	cpu-features	0.0.8	Location: mscdex-cpu-features-f72d936/binding.gyp	qawolf@2.6.1 via package.json
Install scripts	ssh2	1.14.0	Install script: install Source: node install.js	qawolf@2.6.1 via package.json

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore ssh2@1.14.0
• @SocketSecurity ignore cpu-features@0.0.8