[Snyk] Upgrade eslint from 8.57.0 to 9.36.0

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade eslint from 8.57.0 to 9.36.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 51 versions ahead of your current version.

• The recommended version was released a month ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	140	Proof of Concept
	Prototype Pollution SNYK-JS-INTLIFYSHARED-8442251	140	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	140	Mature
	Incorrect Authorization SNYK-JS-VITE-9653016	140	Proof of Concept
	Prototype Pollution SNYK-JS-VUEI18N-8442254	140	Proof of Concept
	Prototype Pollution SNYK-JS-VUEI18N-9376708	140	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	140	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	140	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	140	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-INTLIFYCOREBASE-10753753	140	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-INTLIFYCOREBASE-8442262	140	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-INTLIFYSHARED-10753754	140	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	140	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	140	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	140	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-9576207	140	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	140	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VUEI18N-10771082	140	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VUEI18N-8442260	140	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	140	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	140	Proof of Concept
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	140	Proof of Concept
	Directory Traversal SNYK-JS-VITE-9919777	140	Proof of Concept
	Relative Path Traversal SNYK-JS-VITE-12558116	140	Proof of Concept

Release notes

Package name: eslint

• 9.36.0 - 2025-09-19
  

  Features

  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)

  Bug Fixes

  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)

  Documentation

  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 91f97c5 docs: Update README (GitHub Actions Bot)

  Chores

  • 12411e8 chore: upgrade @ eslint/js@9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @ eslint/js release (Jenkins)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
• 9.35.0 - 2025-09-05
  

  Features

  • 42761fa feat: implement suggestions for no-empty-function (#20057) (jaymarvelz)
  • 102f444 feat: implement suggestions for no-empty-static-block (#20056) (jaymarvelz)
  • e51ffff feat: add preserve-caught-error rule (#19913) (Amnish Singh Arora)

  Bug Fixes

  • 10e7ae2 fix: update uncloneable options error message (#20059) (soda-sorcery)
  • bfa4601 fix: ignore empty switch statements with comments in no-empty rule (#20045) (jaymarvelz)
  • dfd11de fix: add before and after to test case types (#20049) (Francesco Trotta)
  • dabbe95 fix: correct types for no-restricted-imports rule (#20034) (Milos Djermanovic)
  • ea789c7 fix: no-loss-of-precision false positive with uppercase exponent (#20032) (sethamus)

  Documentation

  • d265515 docs: improve phrasing - "if" → "even if" from getting-started section (#20074) (jjangga0214)
  • a355a0e docs: invert comparison logic for example in no-var doc page (#20064) (OTonGitHub)
  • 5082fc2 docs: Update README (GitHub Actions Bot)
  • 99cfd7e docs: add missing "the" in rule deprecation docs (#20050) (Josh Goldberg ✨)
  • 6ad8973 docs: update --no-ignore and --ignore-pattern documentation (#20036) (Francesco Trotta)
  • 8033b19 docs: add documentation for --no-config-lookup (#20033) (Francesco Trotta)

  Chores

  • da87f2f chore: upgrade @ eslint/js@9.35.0 (#20077) (Milos Djermanovic)
  • af2a087 chore: package.json update for @ eslint/js release (Jenkins)
  • 7055764 test: remove tests/lib/eslint/eslint.config.js (#20065) (Milos Djermanovic)
  • 84ffb96 chore: update @ eslint-community/eslint-utils (#20069) (Francesco Trotta)
  • d5ef939 refactor: remove deprecated context.parserOptions usage across rules (#20060) (sethamus)
  • 1b3881d chore: remove redundant word (#20058) (pxwanglu)
• 9.34.0 - 2025-08-22
  

  Features

  • 0bb777a feat: multithread linting (#19794) (Francesco Trotta)
  • 43a5f9e feat: add eslint-plugin-regexp to eslint-config-eslint base config (#19951) (Pixel998)

  Bug Fixes

  • 9b89903 fix: default value of accessor-pairs option in rule.d.ts file (#20024) (Tanuj Kanti)
  • 6c07420 fix: fix spurious failure in neostandard integration test (#20023) (Kirk Waiblinger)
  • 676f4ac fix: allow scientific notation with trailing zeros matching exponent (#20002) (Sweta Tanwar)

  Documentation

  • 0b4a590 docs: make rulesdir deprecation clearer (#20018) (Domenico Gemoli)
  • 327c672 docs: Update README (GitHub Actions Bot)
  • bf26229 docs: Fix typo in core-concepts/index.md (#20009) (Tobias Hernstig)
  • 2309327 docs: fix typo in the "Configuring Rules" section (#20001) (ghazi-git)
  • 2b87e21 docs: [no-else-return] clarify sample code. (#19991) (Yuki Takada (Yukinosuke Takada))
  • c36570c docs: Update README (GitHub Actions Bot)

  Chores

  • f19ad94 chore: upgrade to @ eslint/js@9.34.0 (#20030) (Francesco Trotta)
  • b48fa20 chore: package.json update for @ eslint/js release (Jenkins)
  • 4bce8a2 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 0c9999c refactor: prefer default options in grouped-accessor-pairs (#20028) (루밀LuMir)
  • d503f19 ci: fix stale.yml (#20010) (루밀LuMir)
  • e2dc67d ci: centralize stale.yml (#19994) (루밀LuMir)
  • 7093cb8 ci: bump actions/checkout from 4 to 5 (#20005) (dependabot[bot])
• 9.33.0 - 2025-08-08
  

  Features

  • e07820e feat: add global object access detection to no-restricted-globals (#19939) (sethamus)
  • 90b050e feat: support explicit resource management in one-var (#19941) (Sweta Tanwar)

  Bug Fixes

  • 732433c fix: allow any type for meta.docs.recommended in custom rules (#19995) (Francesco Trotta)
  • e8a6914 fix: Fixed potential bug in check-emfile-handling.js (#19975) (諏訪原慶斗)

  Documentation

  • 34f0723 docs: playground button for TypeScript code example (#19671) (Tanuj Kanti)
  • dc942a4 docs: Update README (GitHub Actions Bot)
  • 5a4b6f7 docs: Update no-multi-assign.md (#19979) (Yuki Takada (Yukinosuke Takada))
  • 247e156 docs: add missing let declarations in no-plusplus (#19980) (Yuki Takada (Yukinosuke Takada))
  • 0d17242 docs: Update README (GitHub Actions Bot)
  • fa20b9d docs: Clarify when to open an issue for a PR (#19974) (Nicholas C. Zakas)

  Build Related

  • 27fa865 build: use ESLint class to generate formatter examples (#19972) (Milos Djermanovic)

  Chores

  • 4258046 chore: update dependency @ eslint/js to v9.33.0 (#19998) (renovate[bot])
  • ad28371 chore: package.json update for @ eslint/js release (Jenkins)
  • 06a22f1 test: resolve flakiness in --mcp flag test (#19993) (Pixel998)
  • 54920ed test: switch to Linter.Config in ESLintRules type tests (#19977) (Francesco Trotta)
• 9.32.0 - 2025-07-25
  

  Features

  • 1245000 feat: support explicit resource management in core rules (#19828) (fnx)
  • 0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)

  Bug Fixes

  • 960fd40 fix: Upgrade @ eslint/js (#19971) (Nicholas C. Zakas)
  • bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)
  • d498887 fix: bump @ eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)
  • f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)
  • 7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)
  • 3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

  Documentation

  • 86e7426 docs: Update README (GitHub Actions Bot)

  Chores

  • 50de1ce chore: package.json update for @ eslint/js release (Jenkins)
  • 74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)
  • 2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)
  • b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)
  • f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)
  • e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)
  • e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)
  • 2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)
  • c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)
• 9.31.0 - 2025-07-11
  

  Features

  • 35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)
  • a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)
  • 4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)
  • 5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)
  • bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)

  Bug Fixes

  • 07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)
  • 28cc7ab fix: Remove incorrect RuleContext types (#19910) (Nicholas C. Zakas)

  Documentation

  • 664cb44 docs: Update README (GitHub Actions Bot)
  • 40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914) (MaoShizhong)
  • 5a0069d docs: Update README (GitHub Actions Bot)
  • fef04b5 docs: Update working on issues info (#19902) (Nicholas C. Zakas)

  Chores

  • 3ddd454 chore: upgrade to @ eslint/js@9.31.0 (#19935) (Francesco Trotta)
  • d5054e5 chore: package.json update for @ eslint/js release (Jenkins)
  • 0f4a378 chore: update eslint (#19933) (renovate[bot])
  • 76c2340 chore: bump mocha to v11 (#19917) (루밀LuMir)
• 9.30.1 - 2025-07-01
  

  Bug Fixes

  • e91bb87 fix: allow separate default and named type imports (#19899) (xbinaryx)

  Documentation

  • ab7c625 docs: Update README (GitHub Actions Bot)
  • dae1e5b docs: update jsdoc's link (#19896) (JamesVanWaza)

  Chores

  • b035f74 chore: upgrade to @ eslint/js@9.30.1 (#19906) (Francesco Trotta)