[Snyk] Upgrade eslint-plugin-react from 7.23.2 to 7.33.2 #267

Loonz206 · 2023-09-06T18:05:28Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade eslint-plugin-react from 7.23.2 to 7.33.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 36 versions ahead of your current version.
The recommended version was released 22 days ago, on 2023-08-16.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Sandbox Bypass SNYK-JS-WEBPACK-3358798	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Prototype Pollution SNYK-JS-MONGOOSE-2961688	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Prototype Pollution SNYK-JS-MONGOOSE-5777721	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Information Exposure SNYK-JS-NANOID-2332193	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Session Fixation SNYK-JS-PASSPORT-2840631	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: eslint-plugin-react

7.33.2 - 2023-08-16
Fixed
- no-deprecated: prevent false positive on commonjs import (#3614 @ akulsr0)
- no-unsafe: report on the method instead of the entire component (@ ljharb)
- no-deprecated: report on the destructured property instead of the entire variable declarator (@ ljharb)
- no-deprecated: report on the imported specifier instead of the entire import statement (@ ljharb)
- no-invalid-html-attribute: report more granularly (@ ljharb)
7.33.1 - 2023-07-29
Fixed
- require-default-props: fix config schema (#3605 @ controversial)
- jsx-curly-brace-presence: Revert #3538 due to issues with intended string type casting usage (#3611 @ taozhou-glean)
- sort-prop-types: ensure sort-prop-types respects noSortAlphabetically (#3610 @ caesar1030)
7.33.0 - 2023-07-20
Added
- display-name: add checkContextObjects option (#3529 @ JulesBlm)
- jsx-first-prop-new-line: add multiprop option (#3533 @ haydncomley)
- no-deprecated: add React 18 deprecations (#3548 @ sergei-startsev)
- forbid-component-props: add disallowedFor option (#3417 @ jacketwpbb)
Fixed
- no-array-index-key: consider flatMap (#3530 @ k-yle)
- jsx-curly-brace-presence: handle single and only expression template literals (#3538 @ taozhou-glean)
- no-unknown-property: allow onLoad on source (@ ljharb)
- jsx-first-prop-new-line: ensure autofix preserves generics in component name (#3546 @ ljharb)
- no-unknown-property: allow fill prop on <symbol> (#3555 @ stefanprobst)
- display-name, prop-types: when checking for a capitalized name, ignore underscores entirely (#3560 @ ljharb)
- no-unused-state: avoid crashing on a class field function with destructured state (#3568 @ ljharb)
- no-unused-prop-types: allow using spread with object expression in jsx (#3570 @ akulsr0)
- Revert "destructuring-assignment: Handle destructuring of useContext in SFC" (#3583 #2797 @ 102)
- prefer-read-only-props: add TS support (#3593 @ HenryBrown0)
Changed
- [Docs] jsx-newline, no-unsafe, static-property-placement: Fix code syntax highlighting (#3563 @ nbsp1221)
- [readme] resore configuration URL (#3582 @ gokaygurcan)
- [Docs] jsx-no-bind: reword performance rationale (#3581 @ gpoole)
- [Docs] jsx-first-prop-new-line: add missing multiprop value (#3598 @ dzek69)
7.32.2 - 2023-01-29
Fixed
- configs: restore parserOptions in legacy configs ([#3523][] @ ljharb)
- jsx-no-constructed-context-values, jsx-no-useless-fragment: add a rule schema (@ ljharb)
  ( no-unknown-property: add fill for <marker> (#3525 @ alexey-koran)
7.32.1 - 2023-01-16
Fixed
- prevent circular dependency in index and "all" config (#3519 @ ljharb)
- destructuring-assignment: do not force destructuring of optionally chained properties (#3520 @ ljharb)
7.32.0 - 2023-01-11
Read more
7.31.11 - 2022-11-18
Fixed
- jsx-no-target-blank: allow ternaries with literals (#3464 @ akulsr0)
- no-unknown-property: add inert attribute (#3484 @ ljharb)
- jsx-key: detect keys in logical expression and conditional expression (#3490 @ metreniuk)
Changed
- [Perf] component detection: improve performance by avoiding traversing parents unnecessarily (#3459 @ golopot)
- [Docs] forbid-component-props: inclusive language w/ allowlist (#3473 @ AndersDJohnson)
- [Docs] automate doc generation with eslint-doc-generator (#3469 @ bmish)
7.31.10 - 2022-10-10
Fixed
- no-unknown-property: allow allowFullScreen on iframe (#3455 @ almeidx)
7.31.9 - 2022-10-09
Read more
7.31.8 - 2022-09-09
Read more
7.31.7 - 2022-09-05
7.31.6 - 2022-09-04
7.31.5 - 2022-09-04
7.31.4 - 2022-09-03
7.31.3 - 2022-09-03
7.31.2 - 2022-09-02
7.31.1 - 2022-08-26
7.31.0 - 2022-08-24
7.30.2 - 2022-08-24
7.30.1 - 2022-06-23
7.30.0 - 2022-05-18
7.29.4 - 2022-03-13
7.29.3 - 2022-03-03
7.29.2 - 2022-02-26
7.29.1 - 2022-02-25
7.29.0 - 2022-02-25
7.28.0 - 2021-12-22
7.27.1 - 2021-11-19
7.27.0 - 2021-11-10
7.26.1 - 2021-09-30
7.26.0 - 2021-09-21
7.25.3 - 2021-09-19
7.25.2 - 2021-09-16
7.25.1 - 2021-08-30
7.25.0 - 2021-08-29
7.24.0 - 2021-05-29
7.23.2 - 2021-04-08

from eslint-plugin-react GitHub release notes

Commit messages

Package name: eslint-plugin-react

6d86837 Update CHANGELOG and bump version
e1dd37f [Refactor] use `es-iterator-helpers` in a couple places
37b02ac [Tests] skip some tests that have broken ordering in certain node/eslint combinations
a7a814e [patch] `no-invalid-html-attribute`: report more granularly
3636689 [patch] `no-deprecated`: report on the imported specifier instead of the entire import statement
f9e4fa9 [patch] `no-deprecated`: report on the destructured property instead of the entire variable declarator
3be1d19 [patch] `no-unsafe`: report on the method instead of the entire component
d5178be [Tests] add disambiguators to tests with multiple errors
d73cd51 [Fix] `no-deprecated`: prevent false positive on commonjs import
0667fb0 [actions] release: Replace `set-output` commands with environment files
354cb62 Update CHANGELOG and bump version
26e9578 [Refactor] use `slice` instead of `substring`
1629d44 [eslint] fix import ordering
3c11201 [Fix] `sort-prop-types`: ensure sort-prop-types respects noSortAlphabetically
302925b [Tests] remove or make explicit trailing whitespace
f818096 Revert "[Fix] `jsx-curly-brace-presence`: handle single and only expression template literals"
1a3a17a [Fix] `require-default-props`: fix config schema
31282dd Update CHANGELOG and bump version
4e72b82 [Docs] `jsx-first-prop-new-line`: add missing `multiprop` value
9c5ac98 [Fix] `prefer-read-only-props`: add TS support
fa1c277 [Deps] update `semver`
bf1fc74 [Dev Deps] update `@ babel/core`, `@ babel/eslint-parser`, `aud`
9fdcba7 [Dev Deps] update `@ babel/core`, `@ babel/eslint-parser`, `@ babel/plugin-syntax-decorators`, `@ babel/plugin-syntax-do-expressions`, `@ babel/plugin-syntax-function-bind`, `@ babel/preset-react`, `eslint-remote-tester-repositories`
ae64aa8 [Docs] `jsx-no-bind`: reword performance rationale