[Snyk] Upgrade babel-eslint from 5.0.4 to 10.1.0 #4

snyk-bot · 2022-08-20T03:37:09Z

Snyk has created this PR to upgrade babel-eslint from 5.0.4 to 10.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 49 versions ahead of your current version.
The recommended version was released 2 years ago, on 2020-02-26.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:underscore.string:20170908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-174125	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-450213	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MIXINDEEP-450212	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-INI-1048974	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary Code Execution SNYK-JS-ESLINTUTILS-460220	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Remote Memory Exposure SNYK-JS-BL-608877	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Time of Check Time of Use (TOCTOU) npm:chownr:20180731	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-JUSTEXTEND-72674	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: babel-eslint

10.1.0 - 2020-02-26
- Added ability to parse Flow enums #812 (@ gkz)
10.0.3 - 2019-08-25
Fixes #791, also eslint/eslint#12117

Some context: #793 (comment)

We ended up going with @ JLHwung's PR #794 which uses ESLint's deps instead of going with peerDeps since it really depends on the version being used and we don't want users to have to install it directly on their own.

babel-eslint is patching patches of the dependencies of ESLint itself so these kinds of issues have happened in the past. We'll need to look into figuring out how to have a more solid way of modifying behavior instead of this monkeypatching type of thing for future releases.
10.0.2 - 2019-06-17

Fixes #772
10.0.1 - 2018-09-27
v10.0.1
- Reverting #584
The TypeAlias "conversion" to a function has issues. Sounds like we need to rethink the change, most likely we can just actually change the scoping rather than hardcode an AST change.
10.0.0 - 2018-09-25
v10.0.0

Small breaking change: add a peerDependency starting from the ESLint version that added a parser feature that we were monkeypatching before (and drop that code). If already using ESLint 5 shouldn't be any different.
- Bugfix for TypeAlias: #584
/* @ flow */
type Node<T> = { head: T; tail: Node<T> }

// or

type File = {chunks: Array<Chunk>}
type Chunk = {file: File}
- Update to test against ESLint 5, add a peerDependency: #689
- Drop monkeypatching behavior: #690
9.0.0 - 2018-08-27
v9.0.0

We've released v7: https://twitter.com/left_pad/status/1034204330352500736, so this just updates babel-eslint to use those versions internally. That in itself doesn't break anything but:
- Babel now supports the new decorators proposal by default, so we need to switch between the new and the old proposal. This is a breaking change.
To enable the legacy decorators proposal users should add a specific parser option:
```
{
  parserOptions: {
    ecmaFeatures: {
      legacyDecorators: true
    }
  }
}
```
- Babel removed the support for Node 4 , so I propagated that here.
9.0.0-beta.3 - 2018-07-12
9.0.0-beta.3
9.0.0-beta.2 - 2018-07-06
9.0.0-beta.1 - 2018-06-29
8.2.6 - 2018-07-12
8.2.6
8.2.5 - 2018-06-23
8.2.4 - 2018-06-22
8.2.3 - 2018-04-13
8.2.2 - 2018-02-20
8.2.1 - 2018-01-09
8.2.0 - 2018-01-08
8.1.2 - 2017-12-26
8.1.1 - 2017-12-25
8.1.0 - 2017-12-24
8.0.3 - 2017-12-01
8.0.2 - 2017-11-06
8.0.1 - 2017-09-26
8.0.0 - 2017-09-12
8.0.0-alpha.17 - 2017-07-26
8.0.0-alpha.15 - 2017-07-13
8.0.0-alpha.13 - 2017-06-18
8.0.0-alpha.12 - 2017-06-16
7.2.3 - 2017-04-21
7.2.2 - 2017-04-12
7.2.1 - 2017-03-23
7.2.0 - 2017-03-20
7.1.1 - 2016-11-17
7.1.0 - 2016-10-26
7.0.0 - 2016-09-27
6.1.2 - 2016-07-09
6.1.1 - 2016-07-08
6.1.0 - 2016-06-22
6.0.5 - 2016-06-20
6.0.4 - 2016-04-25
6.0.3 - 2016-04-20
6.0.2 - 2016-03-31
6.0.1 - 2016-03-31
6.0.0 - 2016-03-26
6.0.0-beta.6 - 2016-03-14
6.0.0-beta.5 - 2016-03-08
6.0.0-beta.4 - 2016-03-08
6.0.0-beta.3 - 2016-03-08
6.0.0-beta.2 - 2016-03-07
6.0.0-beta.1 - 2016-03-02
5.0.4 - 2016-03-31

from babel-eslint GitHub release notes

Commit messages

Package name: babel-eslint

4bd049e 10.1.0
2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (#812)
183d13e 10.0.3
354953d fix: require eslint dependencies from eslint base (#794)
48f6d78 10.0.2
0241b48 removed unused file reference (#773)
4cf0a21 10.0.1
98c1f13 Revert #584 (#697)
8f78e28 10.0.0
717fba7 test value should be switched
020d012 Treat type alias declarationlike function declaration (#584)
b400cb1 Test eslint5, update peerDep (#690)
c333bd6 Drop old monkeypatching behavior (#689)
6aa8b6f 9.0.0
c7ee9ae Bump to babel@7.0.0 🎉 (#676)
3ece549 Docs: Make the default parserOptions more explicit (#673)
0b36951 Add logical assignment plugin (#674)
5856ff5 Bump some devDeps
45938d9 build(deps): upgrade @ babel/* to 7.0.0-rc.2 (#668)
bc97875 9.0.0-beta.3
74c5d62 update lock
6a45632 chore - fixing eslint-scope to a safe version; resolves #656. (#657)
e0119e0 9.0.0-beta.2
198964b Merge pull request #645 from rubennorte/support-new-flow-syntax-in-scope-analysis