[Snyk] Upgrade babel-eslint from 6.1.2 to 10.1.0 #36

badsaarow · 2022-11-12T04:26:09Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade babel-eslint from 6.1.2 to 10.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 34 versions ahead of your current version.
The recommended version was released 3 years ago, on 2020-02-26.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary Code Injection npm:growl:20160721	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:diff:20180305	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:diff:20180305	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-450213	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-MIXINDEEP-450212	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-450202	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-CACHEDPATHRELATIVE-2342653	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept
Timing Attack SNYK-JS-ELLIPTIC-511941	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	704/1000 Why? Has a fix available, CVSS 9.8	No Known Exploit
Validation Bypass SNYK-JS-KINDOF-537849	704/1000 Why? Has a fix available, CVSS 9.8	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: babel-eslint

10.1.0 - 2020-02-26
- Added ability to parse Flow enums #812 (@ gkz)
10.0.3 - 2019-08-25
Fixes #791, also eslint/eslint#12117

Some context: #793 (comment)

We ended up going with @ JLHwung's PR #794 which uses ESLint's deps instead of going with peerDeps since it really depends on the version being used and we don't want users to have to install it directly on their own.

babel-eslint is patching patches of the dependencies of ESLint itself so these kinds of issues have happened in the past. We'll need to look into figuring out how to have a more solid way of modifying behavior instead of this monkeypatching type of thing for future releases.
10.0.2 - 2019-06-17

Fixes #772
10.0.1 - 2018-09-27
v10.0.1
- Reverting #584
The TypeAlias "conversion" to a function has issues. Sounds like we need to rethink the change, most likely we can just actually change the scoping rather than hardcode an AST change.
10.0.0 - 2018-09-25
v10.0.0

Small breaking change: add a peerDependency starting from the ESLint version that added a parser feature that we were monkeypatching before (and drop that code). If already using ESLint 5 shouldn't be any different.
- Bugfix for TypeAlias: #584
/* @ flow */
type Node<T> = { head: T; tail: Node<T> }

// or

type File = {chunks: Array<Chunk>}
type Chunk = {file: File}
- Update to test against ESLint 5, add a peerDependency: #689
- Drop monkeypatching behavior: #690
9.0.0 - 2018-08-27
v9.0.0

We've released v7: https://twitter.com/left_pad/status/1034204330352500736, so this just updates babel-eslint to use those versions internally. That in itself doesn't break anything but:
- Babel now supports the new decorators proposal by default, so we need to switch between the new and the old proposal. This is a breaking change.
To enable the legacy decorators proposal users should add a specific parser option:
```
{
  parserOptions: {
    ecmaFeatures: {
      legacyDecorators: true
    }
  }
}
```
- Babel removed the support for Node 4 , so I propagated that here.
9.0.0-beta.3 - 2018-07-12
9.0.0-beta.3
9.0.0-beta.2 - 2018-07-06
9.0.0-beta.1 - 2018-06-29
8.2.6 - 2018-07-12
8.2.6
8.2.5 - 2018-06-23
8.2.4 - 2018-06-22
8.2.3 - 2018-04-13
8.2.2 - 2018-02-20
8.2.1 - 2018-01-09
8.2.0 - 2018-01-08
8.1.2 - 2017-12-26
8.1.1 - 2017-12-25
8.1.0 - 2017-12-24
8.0.3 - 2017-12-01
8.0.2 - 2017-11-06
8.0.1 - 2017-09-26
8.0.0 - 2017-09-12
8.0.0-alpha.17 - 2017-07-26
8.0.0-alpha.15 - 2017-07-13
8.0.0-alpha.13 - 2017-06-18
8.0.0-alpha.12 - 2017-06-16
7.2.3 - 2017-04-21
7.2.2 - 2017-04-12
7.2.1 - 2017-03-23
7.2.0 - 2017-03-20
7.1.1 - 2016-11-17
7.1.0 - 2016-10-26
7.0.0 - 2016-09-27
6.1.2 - 2016-07-09