[Snyk] Upgrade @typescript-eslint/parser from 3.7.0 to 3.10.1

[snyk-bot]

Snyk has created this PR to upgrade @typescript-eslint/parser from 3.7.0 to 3.10.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 35 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2020-08-25.

Release notes

Package name: @typescript-eslint/parser

• 3.10.1 - 2020-08-25
• 3.10.1-alpha.1 - 2020-08-25
• 3.10.1-alpha.0 - 2020-08-24
• 3.10.0 - 2020-08-24
• 3.9.2-alpha.10 - 2020-08-24
• 3.9.2-alpha.9 - 2020-08-24
• 3.9.2-alpha.8 - 2020-08-21
• 3.9.2-alpha.7 - 2020-08-21
• 3.9.2-alpha.5 - 2020-08-21
• 3.9.2-alpha.4 - 2020-08-20
• 3.9.2-alpha.3 - 2020-08-20
• 3.9.2-alpha.2 - 2020-08-19
• 3.9.2-alpha.1 - 2020-08-19
• 3.9.2-alpha.0 - 2020-08-17
• 3.9.1 - 2020-08-17
• 3.9.1-alpha.3 - 2020-08-14
• 3.9.1-alpha.2 - 2020-08-13
• 3.9.1-alpha.1 - 2020-08-12
• 3.9.1-alpha.0 - 2020-08-10
• 3.9.0 - 2020-08-10
• 3.8.1-alpha.4 - 2020-08-10
• 3.8.1-alpha.3 - 2020-08-10
• 3.8.1-alpha.2 - 2020-08-09
• 3.8.1-alpha.1 - 2020-08-09
• 3.8.1-alpha.0 - 2020-08-03
• 3.8.0 - 2020-08-03
• 3.7.2-alpha.3 - 2020-08-02
• 3.7.2-alpha.2 - 2020-08-02
• 3.7.2-alpha.1 - 2020-08-02
• 3.7.2-alpha.0 - 2020-07-27
• 3.7.1 - 2020-07-27
• 3.7.1-alpha.3 - 2020-07-27
• 3.7.1-alpha.2 - 2020-07-22
• 3.7.1-alpha.1 - 2020-07-21
• 3.7.1-alpha.0 - 2020-07-20
• 3.7.0 - 2020-07-20

from @typescript-eslint/parser GitHub release notes

Commit messages

Package name: @typescript-eslint/parser

• 43b1201 chore: publish v3.10.1
• d1f0887 fix(eslint-plugin): [no-unnecessary-condition] correct regression with unary negations (fix(validation): unnecessary constraint forcing root query type graphql/graphql-js#2422)
• 797a133 chore: update ISSUE_TEMPLATE.md
• 50f9c4a chore: publish v3.10.0
• 32fe2bb fix(eslint-plugin): [no-unnecessary-condition] better handling for unary negation (Change serialization for Int, Float and Boolean to work with objects graphql/graphql-js#2382)
• e6be621 feat(typescript-estree): update allowed TS version range (Add support for adding description to schema graphql/graphql-js#2419)
• a53f8c6 fix(eslint-plugin): [explicit-module-boundary-types] ignore all bodyless setters (validation: Export rules missing in <14.6.0 using legacy names graphql/graphql-js#2413)
• d468cfe docs(eslint-plugin): [no-non-null-asserted-optional-chain] fix formatting
• fd2070c docs(eslint-plugin): [no-non-null-asserted-optional-chain] correct docs for 3.9 functionality
• fde89d4 feat(eslint-plugin): add `no-implicit-any-catch` rule (tstypes: Synchronise TS typings for GraphQL* types graphql/graphql-js#2202)
• 3764248 fix(eslint-plugin): [explicit-module-boundary-types] ignore abstract setters (Schema: keep order of user provided types graphql/graphql-js#2410)
• b62331a fix(typescript-estree): ts.NamedTupleMember workaround for <TS4.0 (Make variableDefinitions not nullable graphql/graphql-js#2405)
• 44e4d9b docs: fix incorrect link to prettier package (FieldsOnCorrectTypeRule: improve type coverage graphql/graphql-js#2404)
• cab7c4d chore: fix typo in issue templates
• 6f397df chore: update issue templates (Update deps graphql/graphql-js#2397)
• b47a3c6 chore: publish v3.9.1
• daf649f docs(eslint-plugin): [type-annotation-spacing] typo (ESLint: enable 'no-unnecessary-type-arguments' check graphql/graphql-js#2392)
• 71c4c72 fix(eslint-plugin): [prefer-includes] don't auto fix when `test` method's argument type doesn't have an 'includes' method (buildClientSchema: small code refactoring graphql/graphql-js#2391)
• 8318c36 test(scope-manager): tweak fixture tests (Schema directives at field definitions are lost when a schema is parsed and printed graphql/graphql-js#2389)
• 092c969 fix(eslint-plugin): [no-unnecessary-condition] fix false positive with nullish coalescing (parser: Improve error message for description followed by extension definition graphql/graphql-js#2385)
• fb6a331 chore: publish v3.9.0
• 95e9541 chore(eslint-plugin-tslint): reduce files included in npm publish (ESLint: enable 'import/no-cycle' rule graphql/graphql-js#2381)
• e7528e6 feat(eslint-plugin): [no-unsafe-assignment/return] allow assigning any => unknown (Flow: enable 'sketchy-null-bool' lint rule graphql/graphql-js#2371)
• 30993cd docs: document additional allow options in no-empty-function (build: mjs files import other files using full paths with extensions graphql/graphql-js#2379)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[guardrails]

⚠️ We detected security issues in this pull request:
Mode: paranoid | Total findings: 29 | Considered vulnerability: 6

Insecure Use of Dangerous Function (7)

graphql-js/integrationTests/integration-test.js

Line 8 in a6e671a

const childProcess = require('child_process');

graphql-js/integrationTests/ts/test.js

Line 6 in a6e671a

const childProcess = require('child_process');

graphql-js/resources/benchmark-fork.js

Line 6 in a6e671a

const cp = require('child_process');

graphql-js/resources/benchmark-fork.js

Line 21 in a6e671a

const module = require(modulePath);

graphql-js/resources/benchmark.js

Line 63 in a6e671a

const babel = require(babelPath);

graphql-js/resources/utils.js

Line 8 in a6e671a

const childProcess = require('child_process');

graphql-js/resources/utils.js

Line 19 in a6e671a

const childProcessExec = util.promisify(childProcess.exec);

More info on how to fix Insecure Use of Dangerous Function in Javascript.

---

Insecure File Management (19)

graphql-js/integrationTests/integration-test.js

Line 21 in a6e671a

fs.rmdirSync(tmpDir, { recursive: true });

graphql-js/integrationTests/integration-test.js

Line 22 in a6e671a

fs.mkdirSync(tmpDir);

graphql-js/resources/benchmark.js

Line 40 in a6e671a

fs.mkdirSync(dir, { recursive: true });

graphql-js/resources/benchmark.js

Line 68 in a6e671a

fs.mkdirSync(path.dirname(destPath), { recursive: true });

graphql-js/resources/benchmark.js

Line 71 in a6e671a

fs.writeFileSync(destPath, cjs);

graphql-js/resources/build-deno.js

Line 21 in a6e671a

fs.mkdirSync(path.dirname(destPath), { recursive: true });

graphql-js/resources/build-deno.js

Line 25 in a6e671a

fs.writeFileSync(destPath, output);

graphql-js/resources/build-npm.js

Line 22 in a6e671a

fs.mkdirSync(path.dirname(destPath), { recursive: true });

graphql-js/resources/build-npm.js

Line 27 in a6e671a

fs.writeFileSync(destPath, cjs);

graphql-js/resources/build-npm.js

Line 30 in a6e671a

fs.writeFileSync(destPath.replace(/\.js$/, '.mjs'), mjs);

graphql-js/resources/check-cycles.js

Line 16 in a6e671a

const dot = fs.readFileSync(tmpFile, 'utf-8');

graphql-js/resources/eslint-internal-rules/no-dir-import.js

Line 28 in a6e671a

fs.existsSync(resolvedPath) &&

graphql-js/resources/eslint-internal-rules/no-dir-import.js

Line 29 in a6e671a

fs.statSync(resolvedPath).isDirectory()

graphql-js/resources/utils.js

Line 38 in a6e671a

if (fs.existsSync(dirPath)) {

graphql-js/resources/utils.js

Line 39 in a6e671a

for (const dirent of fs.readdirSync(dirPath, { withFileTypes: true })) {

graphql-js/resources/utils.js

Line 44 in a6e671a

fs.unlinkSync(fullPath);

graphql-js/resources/utils.js

Line 47 in a6e671a

fs.rmdirSync(dirPath);

graphql-js/resources/utils.js

Line 54 in a6e671a

for (const dirent of fs.readdirSync(dirPath, { withFileTypes: true })) {

graphql-js/resources/utils.js

Line 84 in a6e671a

const { size } = fs.lstatSync(path.join(dirPath, filepath));

More info on how to fix Insecure File Management in Javascript.

---

Insecure Use of Regular Expressions (2)

graphql-js/resources/gen-version.js

Line 9 in a6e671a

const versionMatch = /^(\d+)\.(\d+)\.(\d+)-?(.*)?$/.exec(version);

graphql-js/src/__tests__/version-test.js

Line 11 in a6e671a

expect(version).to.match(/^\d+\.\d+\.\d(-(alpha|beta|rc)\.\d+)?$/);

More info on how to fix Insecure Use of Regular Expressions in Javascript.

---

Hard-Coded Secrets (1)

graphql-js/src/execution/__tests__/resolve-test.js

Line 44 in a6e671a

_secret: 'secretValue',

More info on how to fix Hard-Coded Secrets in Javascript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.