Skip to content

[Snyk] Upgrade eslint-plugin-react-refresh from 0.4.7 to 0.4.18 #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade eslint-plugin-react-refresh from 0.4.7 to 0.4.18 #24

wants to merge 1 commit into from

Conversation

AKJUS
Copy link
Owner

@AKJUS AKJUS commented Feb 17, 2025

snyk-top-banner

Snyk has created this PR to upgrade eslint-plugin-react-refresh from 0.4.7 to 0.4.18.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 11 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		 169 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085		 169 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-ROLLUP-8073097		 169 Proof of Concept
medium severity Information Exposure
SNYK-JS-VITE-8023174		 169 Proof of Concept
medium severity Origin Validation Error
SNYK-JS-VITE-8648411		 169 Proof of Concept
low severity Cross-site Scripting (XSS)
SNYK-JS-VITE-8022916		 169 Proof of Concept
Release notes
Package name: eslint-plugin-react-refresh
  • 0.4.18 - 2025-01-11

    ESM/CJS interop is the worse that happened to this ecosystem, this is all I have to say.

  • 0.4.17 - 2025-01-11
    • Fix detection of local components to not generate warning on for variable inside JSX files that follow React component naming (fixes #75)
    • Update types to not require extra unnecessary .default property access under TS node16 module resolution (fixes #70)
  • 0.4.16 - 2024-12-02

    Fix CJS/ESM interop issue. Sorry everyone for the trouble.

  • 0.4.15 - 2024-12-02

    Add support for custom HOCs (#60)

    By default, the rule only knows that memo & forwardRef function calls with return a React component. With this option, you can also allow extra function names like Mobx observer to make this code valid:

    const Foo = () => <></>;
export default observer(Foo);
    {
  "react-refresh/only-export-components": [
    "error",
    { "customHOCs": ["observer"] }
  ]
}

    Thanks @ HorusGoul!

    Add recommended config and simple types (#67)

    You can now add the recommended config to your ESLint config like this:

    import reactRefresh from "eslint-plugin-react-refresh";

    export default [
    /* Main config */
    reactRefresh.configs.recommended, // Or reactRefresh.configs.vite for Vite users
    ];

    To follow ESLint recommandations, the rule is added with the error severity.

    Some simple types ensure that people typecheking their config won't need @ ts-expect-error anymore.

    Bump ESLint peer dependency to 8.40

    This was actually done by mistake in the previous release when moving from a deprecated API to a new one.

    Given that ESLint 8 is officialy end-of-life and the only report (#56) didn't get likes, I'm going forward and documenting the expected minimum version from ESLin in the package JSON so that people can get warning from their package manager.

  • 0.4.14 - 2024-10-24
    • Warn if a context is exported alongside a component (fixes #53). Thanks @ IgorAufricht!
  • 0.4.13 - 2024-10-19
    • Support for react-redux connect (export default connect(mapStateToProps, mapDispatchToProps)(MyComponent)) (fixes #51)
    • Support for Arbitrary Module Identifiers syntax (fixes #52)
  • 0.4.12 - 2024-09-14
    • Support type assertion on default export (fixes #48)
    • Add default export to fix usage with jiti (fixes #50)
  • 0.4.11 - 2024-08-22
    • Ignore type exports (ex. export type foo = string;) (fixes #47)
  • 0.4.10 - 2024-08-20
    • Support function Foo() {}; export default React.memo(Foo) (#46) (thanks @ SukkaW!)
  • 0.4.9 - 2024-07-21
    • Support function Foo() {}; export default memo(Foo) (fixes #44) (thanks @ SukkaW!)
  • 0.4.8 - 2024-07-09
  • 0.4.7 - 2024-05-09
from eslint-plugin-react-refresh GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade eslint-plugin-react-refresh from 0.4.7 to 0.4.18
b03ba39 
Snyk has created this PR to upgrade eslint-plugin-react-refresh from 0.4.7 to 0.4.18.

See this package in npm:
eslint-plugin-react-refresh

See this project in Snyk:
https://app.snyk.io/org/akjus/project/9234b4a9-00ca-438b-93ef-21b5a775f1f1?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AKJUS @snyk-bot