[Snyk] Upgrade eslint-plugin-react from 7.20.5 to 7.35.0

[scatools-demo]

Snyk has created this PR to upgrade eslint-plugin-react from 7.20.5 to 7.35.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 53 versions ahead of your current version.

• The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	738	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	738	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	738	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	738	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	738	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	738	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	738	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	738	No Known Exploit
	Cross-site Scripting SNYK-JS-SEND-7926862	738	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	738	No Known Exploit

Release notes

Package name: eslint-plugin-react

• 7.35.0 - 2024-07-20
  

  Added

  • support eslint v9 (#3759 @ mdjermanovic)
  • export flat configs from plugin root and fix flat config crash (#3694 @ bradzacher @ mdjermanovic)
  • add jsx-props-no-spread-multi (#3724 @ SimonSchick)
  • forbid-component-props: add propNamePattern to allow / disallow prop name patterns (#3774 @ akulsr0)
  • jsx-handler-names: support ignoring component names (#3772 @ akulsr0)
  • version settings: Allow react defaultVersion to be configurable (#3771 @ onlywei)
  • jsx-closing-tag-location: add line-aligned option (#3777 @ kimtaejin3)
  • no-danger: add customComponentNames option (#3748 @ akulsr0)

  Fixed

  • no-invalid-html-attribute: substitute placeholders in suggestion messages (#3759 @ mdjermanovic)
  • sort-prop-types: single line type ending without semicolon (#3784 @ akulsr0)
  • require-default-props: report when required props have default value (#3785 @ akulsr0)

  Refactors

  • variableUtil: Avoid creating a single flat variable scope for each lookup (#3782 @ DanielRosenwasser)
• 7.34.4 - 2024-07-13
  

  Fixed

  • prop-types: fix className missing in prop validation false negative (#3749 @ akulsr0)
  • sort-prop-types: Check for undefined before accessing node.typeAnnotation.typeAnnotation (#3779 @ tylerlaprade)
• 7.34.3 - 2024-06-18
  

  Fixed

  • prop-types: null-check rootNode before calling getScope (#3762 @ crnhrv)
  • boolean-prop-naming: avoid a crash with a spread prop (#3733 @ ljharb)
  • jsx-boolean-value: assumeUndefinedIsFalse with never must not allow explicit true value (#3757 @ 6uliver)
  • no-object-type-as-default-prop: enable rule for components with many parameters (#3768 @ JulienR1)
  • jsx-key: incorrect behavior for checkKeyMustBeforeSpread with map callbacks (#3769 @ akulsr0)
• 7.34.2 - 2024-05-28
  

  Fixed

  • boolean-prop-naming: avoid a crash with a non-TSTypeReference type (#3718 @ developer-bandi)
  • jsx-no-leaked-render: invalid report if left side is boolean (#3746 @ akulsr0)
  • jsx-closing-bracket-location: message shows {{details}} when there are no details (#3759 @ mdjermanovic)
  • no-invalid-html-attribute: ensure error messages are correct (#3759 @ mdjermanovic, @ ljharb)

  Changed

  • [Refactor] create various eslint utils to fix eslint deprecations (#3759 @ mdjermanovic, @ ljharb)
• 7.34.1 - 2024-03-15
  

  Fixed

  • jsx-no-leaked-render: prevent wrongly adding parens (#3700 @ developer-bandi)
  • boolean-prop-naming: detect TS interfaces (#3701 @ developer-bandi)
  • boolean-prop-naming: literalType error fix (#3704 @ developer-bandi)
  • boolean-prop-naming: allow TSIntersectionType (#3705 @ developer-bandi)
  • no-unknown-property: support popover, popovertarget, popovertargetaction attributes (#3707 @ ljharb)
  • no-unknown-property: only match data-* attributes containing - (#3713 @ silverwind)
  • checked-requires-onchange-or-readonly: correct options that were behaving opposite (#3715 @ jaesoekjjang)

  Changed

  • boolean-prop-naming: improve error message (@ ljharb)
• 7.34.0 - 2024-03-04
  

  Added

  • sort-prop-types: give errors on TS types (#3615 @ akulsr0)
  • no-invalid-html-attribute: add support for apple-touch-startup-image rel attributes in link tags (#3638 @ thomashockaday)
  • no-unknown-property: add requireDataLowercase option (#3645 @ HermanBilous)
  • no-unknown-property: add displaystyle on <math> (#3652 @ lounsbrough)
  • prefer-read-only-props, prop-types, component detection: allow components to be async functions (#3654 @ pnodet)
  • no-unknown-property: support onResize on audio/video tags (#3662 @ caesar1030)
  • jsx-wrap-multilines: add never option to prohibit wrapping parens on multiline JSX (#3668 @ reedws)
  • jsx-filename-extension: add ignoreFilesWithoutCode option to allow empty files (#3674 @ burtek)
  • jsx-boolean-value: add assumeUndefinedIsFalse option (#3675 @ developer-bandi)
  • linkAttribute setting, jsx-no-target-blank: support multiple properties (#3673 @ burtek)
  • jsx-no-script-url: add includeFromSettings option to support linkAttributes setting (#3673 @ burtek)
  • jsx-one-expression-per-line: add non-jsx option to allow non-JSX children in one line (#3677 @ burtek)
  • add checked-requires-onchange-or-readonly rule (#3680 @ jaesoekjjang)

  Fixed

  • jsx-no-leaked-render: preserve RHS parens for multiline jsx elements while fixing (#3623 @ akulsr0)
  • jsx-key: detect conditional returns (#3630 @ yialo)
  • jsx-newline: prevent a crash when allowMultilines (#3633 @ ljharb)
  • no-unknown-property: use a better regex to avoid a crash (#3666 @ ljharb @ SCH227)
  • prop-types: handle nested forwardRef + memo (#3679 @ developer-bandi)
  • no-unknown-property: add fetchPriority (#3697 @ SevereCloud)
  • forbid-elements: prevent a crash on createElement() (#3632 @ ljharb)

  Changed

  • jsx-boolean-value: make error messages clearer (#3691 @ developer-bandi)
  • [Refactor] propTypes: extract type params to var (#3634 @ HenryBrown0)
  • [Refactor] boolean-prop-naming: invert if statement (#3634 @ HenryBrown0)
  • [Refactor] function-component-definition: exit early if no type params (#3634 @ HenryBrown0)
  • [Refactor] jsx-props-no-multi-spaces: extract type parameters to var (#3634 @ HenryBrown0)
  • [Docs] jsx-key: fix correct example (#3656 @ developer-bandi)
  • [Tests] jsx-wrap-multilines: passing tests (#3545 @ burtek)
  • [Docs] iframe-missing-sandbox: fix link to iframe attribute on mdn (#3690 @ nnmrts)
  • [Docs] hook-use-state: fix an undefined variable (#3626 @ chentsulin)
• 7.33.2 - 2023-08-16
  

  Fixed

  • no-deprecated: prevent false positive on commonjs import (#3614 @ akulsr0)
  • no-unsafe: report on the method instead of the entire component (@ ljharb)
  • no-deprecated: report on the destructured property instead of the entire variable declarator (@ ljharb)
  • no-deprecated: report on the imported specifier instead of the entire import statement (@ ljharb)
  • no-invalid-html-attribute: report more granularly (@ ljharb)
• 7.33.1 - 2023-07-29
  

  Fixed

  • require-default-props: fix config schema (#3605 @ controversial)
  • jsx-curly-brace-presence: Revert #3538 due to issues with intended string type casting usage (#3611 @ taozhou-glean)
  • sort-prop-types: ensure sort-prop-types respects noSortAlphabetically (#3610 @ caesar1030)
• 7.33.0 - 2023-07-20
  

  Added

  • display-name: add checkContextObjects option (#3529 @ JulesBlm)
  • jsx-first-prop-new-line: add multiprop option (#3533 @ haydncomley)
  • no-deprecated: add React 18 deprecations (#3548 @ sergei-startsev)
  • forbid-component-props: add disallowedFor option (#3417 @ jacketwpbb)

  Fixed

  • no-array-index-key: consider flatMap (#3530 @ k-yle)
  • jsx-curly-brace-presence: handle single and only expression template literals (#3538 @ taozhou-glean)
  • no-unknown-property: allow onLoad on source (@ ljharb)
  • jsx-first-prop-new-line: ensure autofix preserves generics in component name (#3546 @ ljharb)
  • no-unknown-property: allow fill prop on <symbol> (#3555 @ stefanprobst)
  • display-name, prop-types: when checking for a capitalized name, ignore underscores entirely (#3560 @ ljharb)
  • no-unused-state: avoid crashing on a class field function with destructured state (#3568 @ ljharb)
  • no-unused-prop-types: allow using spread with object expression in jsx (#3570 @ akulsr0)
  • Revert "destructuring-assignment: Handle destructuring of useContext in SFC" (#3583 #2797 @ 102)
  • prefer-read-only-props: add TS support (#3593 @ HenryBrown0)

  Changed

  • [Docs] jsx-newline, no-unsafe, static-property-placement: Fix code syntax highlighting (#3563 @ nbsp1221)
  • [readme] resore configuration URL (#3582 @ gokaygurcan)
  • [Docs] jsx-no-bind: reword performance rationale (#3581 @ gpoole)
  • [Docs] jsx-first-prop-new-line: add missing multiprop value (#3598 @ dzek69)
• 7.32.2 - 2023-01-29
  

  Fixed

  • configs: restore parserOptions in legacy configs ([#3523][] @ ljharb)
  • jsx-no-constructed-context-values, jsx-no-useless-fragment: add a rule schema (@ ljharb)
    ( no-unknown-property: add fill for <marker> (#3525 @ alexey-koran)
• 7.32.1 - 2023-01-16
• 7.32.0 - 2023-01-11
• 7.31.11 - 2022-11-18
• 7.31.10 - 2022-10-10
• 7.31.9 - 2022-10-09
• 7.31.8 - 2022-09-09
• 7.31.7 - 2022-09-05
• 7.31.6 - 2022-09-04
• 7.31.5 - 2022-09-04
• 7.31.4 - 2022-09-03
• 7.31.3 - 2022-09-03
• 7.31.2 - 2022-09-02
• 7.31.1 - 2022-08-26
• 7.31.0 - 2022-08-24
• 7.30.2 - 2022-08-24
• 7.30.1 - 2022-06-23
• 7.30.0 - 2022-05-18
• 7.29.4 - 2022-03-13
• 7.29.3 - 2022-03-03
• 7.29.2 - 2022-02-26
• 7.29.1 - 2022-02-25
• 7.29.0 - 2022-02-25
• 7.28.0 - 2021-12-22
• 7.27.1 - 2021-11-19
• 7.27.0 - 2021-11-10
• 7.26.1 - 2021-09-30
• 7.26.0 - 2021-09-21
• 7.25.3 - 2021-09-19
• 7.25.2 - 2021-09-16
• 7.25.1 - 2021-08-30
• 7.25.0 - 2021-08-29
• 7.24.0 - 2021-05-29
• 7.23.2 - 2021-04-08
• 7.23.1 - 2021-03-24
• 7.23.0 - 2021-03-23
• 7.22.0 - 2020-12-30
• 7.21.5 - 2020-10-20
• 7.21.4 - 2020-10-09
• 7.21.3 - 2020-10-02
• 7.21.2 - 2020-09-24
• 7.21.1 - 2020-09-23
• 7.21.0 - 2020-09-23
• 7.20.6 - 2020-08-12
• 7.20.5 - 2020-07-28

from eslint-plugin-react GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"eslint-plugin-react","from":"7.20.5","to":"7.35.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":696,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-567746","issue_id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability"...