chore(deps): update dependency eslint to ^6.8.0

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
eslint (source)	^6.1.0 → ^6.8.0

---

Release Notes

eslint/eslint (eslint)

v6.8.0

Compare Source

• c5c7086 Fix: ignore aligning single line in key-spacing (fixes #​11414) (#​12652) (YeonJuan)
• 9986d9e Chore: add object option test cases in yield-star-spacing (#​12679) (YeonJuan)
• 1713d07 New: Add no-error-on-unmatched-pattern flag (fixes #​10587) (#​12377) (ncraley)
• 5c25a26 Update: autofix bug in lines-between-class-members (fixes #​12391) (#​12632) (YeonJuan)
• 4b3cc5c Chore: enable prefer-regex-literals in eslint codebase (#​12268) (薛定谔的猫)
• 05faebb Update: improve suggestion testing experience (#​12602) (Brad Zacher)
• 05f7dd5 Update: Add suggestions for no-unsafe-negation (fixes #​12591) (#​12609) (Milos Djermanovic)
• d3e43f1 Docs: Update no-multi-assign explanation (#​12615) (Yuping Zuo)
• 272e4db Fix: no-multiple-empty-lines: Adjust reported loc (#​12594) (Tobias Bieniek)
• a258039 Fix: no-restricted-imports schema allows multiple paths/patterns objects (#​12639) (Milos Djermanovic)
• 51f9620 Fix: improve report location for array-bracket-spacing (#​12653) (Milos Djermanovic)
• 45364af Fix: prefer-numeric-literals doesn't check types of literal arguments (#​12655) (Milos Djermanovic)
• e3c570e Docs: Add example for expression option (#​12694) (Arnaud Barré)
• 6b774ef Docs: Add spacing in comments for no-console rule (#​12696) (Nikki Nikkhoui)
• 7171fca Chore: refactor regex in config comment parser (#​12662) (Milos Djermanovic)
• 1600648 Update: Allow $schema in config (#​12612) (Yordis Prieto)
• acc0e47 Update: support .eslintrc.cjs (refs eslint/rfcs#43) (#​12321) (Evan Plaice)
• 49c1658 Chore: remove bundling of ESLint during release (#​12676) (Kai Cataldo)
• 257f3d6 Chore: complete to move to GitHub Actions (#​12625) (Toru Nagashima)
• ab912f0 Docs: 1tbs with allowSingleLine edge cases (refs #​12284) (#​12314) (Ari Kardasis)
• dd1c30e Sponsors: Sync README with website (ESLint Jenkins)
• a230f84 Update: include node version in cache (#​12582) (Eric Wang)
• 8b65f17 Chore: remove references to parser demo (#​12644) (Kai Cataldo)
• e9cef99 Docs: wrap {{}} in raw liquid tags to prevent interpolation (#​12643) (Kai Cataldo)
• e707453 Docs: Fix configuration example in no-restricted-imports (fixes #​11717) (#​12638) (Milos Djermanovic)
• 19194ce Chore: Add tests to cover default object options in comma-dangle (#​12627) (YeonJuan)
• 6e36d12 Update: do not recommend require-atomic-updates (refs #​11899) (#​12599) (Kai Cataldo)

v6.7.2

Compare Source

• bc435a9 Fix: isSpaceBetweenTokens() recognizes spaces in JSXText (fixes #​12614) (#​12616) (Toru Nagashima)
• 4928d51 Fix: don't ignore the entry directory (fixes #​12604) (#​12607) (Toru Nagashima)
• b41677a Docs: Clarify suggestion's data in Working with Rules (refs #​12606) (#​12617) (Milos Djermanovic)
• ea16de4 Fix: Support tagged template literal generics in no-unexpected-multiline (#​11698) (Brad Zacher)
• fa6415d Sponsors: Sync README with website (ESLint Jenkins)
• e1e158b Sponsors: Sync README with website (ESLint Jenkins)

v6.7.1

Compare Source

• dd1e9f4 Fix: revert changes to key-spacing due to regression (#​12598) (Kai Cataldo)
• c644b54 Docs: Update README team and sponsors (ESLint Jenkins)

v6.7.0

Compare Source

• 312a88f New: Add grouped-accessor-pairs rule (fixes #​12277) (#​12331) (Milos Djermanovic)
• 5c68f5f Update: Add 'lexicalBindings' to no-implicit-globals and change messages (#​11996) (Milos Djermanovic)
• 6eaad96 New: Add suggestions API (#​12384) (Will Douglas)
• b336fbe Fix: indent rule with JSX spread props (#​12581) (Nathan Woltman)
• 97c745d Update: Report assignment expression location in no-cond-assign (#​12465) (Milos Djermanovic)
• 0f01f3d Update: Check member expressions with this in operator-assignment (#​12495) (Milos Djermanovic)
• 62c7038 Fix: invalid token checking in computed-property-spacing (fixes #​12198) (#​12533) (YeonJuan)
• 4f8a1ee Update: Add enforceForClassMembers option to no-useless-computed-key (#​12110) (ark120202)
• 1a2eb99 New: new rule no-constructor-return (fixes #​12481) (#​12529) (Pig Fang)
• ca3b2a6 New: ignorePatterns in config files (refs eslint/rfcs#22) (#​12274) (Toru Nagashima)
• 60204a3 Docs: Added another Textmate 2 bundle. (#​12580) (Ryan Fitzer)
• 62623f9 Fix: preserve whitespace in multiline-comment-style (fixes #​12312) (#​12316) (Kai Cataldo)
• 17a8849 New: Add no-dupe-else-if rule (fixes #​12469) (#​12504) (Milos Djermanovic)
• 41a78fd Update: improve location for semi and comma-dangle (#​12380) (Chiawen Chen)
• 0a480f8 Docs: Change "Code Conventions" link in pull-requests.md (#​12401) (Denis Sikuler)
• fed20bb Fix: require-await crash on global await (#​12571) (Brad Zacher)
• b8030fc Update: deprecate personal config (fixes #​11914, refs eslint/rfcs#32) (#​12426) (Toru Nagashima)
• 40c8c32 Fix: improve report location for object-curly-spacing (#​12563) (Milos Djermanovic)
• 1110045 Fix: ignore marker-only comments in spaced-comment (fixes #​12036) (#​12558) (Milos Djermanovic)
• 6503cb8 Update: Fix uglified object align in key-spacing (fixes #​11414) (#​12472) (YeonJuan)
• 40791af Docs: clarify ignoreDestructuring option in the camelcase rule (#​12553) (Milos Djermanovic)
• 07d398d Chore: Add GitHub organization to Sponsor button (#​12562) (Brandon Mills)
• a477707 Chore: Format style guide links so they can be clicked (#​12189) (Ivan V)
• 0f7edef Update: add react plugin config for eslint init (#​12446) (Ibrahim Rouis)
• 448ff1e Update: Report '\08' and '\09' in no-octal-escape (fixes #​12080) (#​12526) (Milos Djermanovic)
• 45aa6a3 New: Add no-setter-return rule (fixes #​12285) (#​12346) (Milos Djermanovic)
• 0afb518 Fix: invalid autofix in function-call-argument-newline (fixes #​12454) (#​12539) (YeonJuan)
• 90305e0 Update: Depcrecate isSpaceBetweenTokens() (#​12519) (Kai Cataldo)
• 41b1e43 New: add option for camelcase (fixes #​12527) (#​12528) (Pig Fang)
• f49f1e0 Upgrade: upgrade optionator to avoid license issue (fixes #​11536) (#​12537) (Pig Fang)
• 0286b57 Docs: Clean up Getting Started Guide (#​12544) (Nicholas C. Zakas)
• 575a98d Chore: Add funding field to package.json (#​12543) (Nicholas C. Zakas)
• 9e29e18 Fix: sourceCode#isSpaceBetweenTokens() checks non-adjacent tokens (#​12491) (Kai Cataldo)
• 5868550 Docs: add notice about function keyword in keyword-spacing (#​12524) (Pig Fang)
• bb556d5 Fix: curly multi reports single lexical declarations (fixes #​11908) (#​12513) (Milos Djermanovic)
• ac60621 Fix: unexpected autofix in prefer-const (fixes #​12514) (#​12521) (YeonJuan)
• 990065e Update: curly multi-or-nest flagging semis on next line (fixes #​12370) (#​12378) (cherryblossom000)
• 084a8a6 Fix: no-cond-assign with always option reports switch case clauses (#​12470) (Milos Djermanovic)
• 7e41355 Update: improve report location for space-infix-ops (#​12324) (Chiawen Chen)
• 94ff921 Update: Add capIsConstructor option to no-invalid-this (fixes #​12271) (#​12308) (Milos Djermanovic)
• de65de6 New: Add prefer-exponentiation-operator rule (fixes #​10482) (#​12360) (Milos Djermanovic)
• c78f4a7 Update: Allow JSX exception in no-inline-comments (fixes #​11270) (#​12388) (Milos Djermanovic)
• e17fb90 New: allowAfterThisConstructor for no-underscore-dangle (fixes #​11488) (#​11489) (sripberger)
• 287ca56 Build: update CI for Node.js 13 (#​12496) (Toru Nagashima)
• 98e1d50 Upgrade: globals to v12.1.0 (#​12296) (Tony Brix)
• 8ac71a3 Sponsors: Sync README with website (ESLint Jenkins)
• 4e142ea Docs: Update README team and sponsors (ESLint Jenkins)

v6.6.0

Compare Source

• 39dfe08 Update: false positives in function-call-argument-newline (fixes #​12123) (#​12280) (Scott O'Hara)
• 4d84210 Update: improve report location for no-trailing-spaces (fixes #​12315) (#​12477) (Milos Djermanovic)
• c6a7745 Update: no-trailing-spaces false negatives after comments (fixes #​12479) (#​12480) (Milos Djermanovic)
• 0bffe95 Fix: no-misleading-character-class crash on invalid regex (fixes #​12169) (#​12347) (Milos Djermanovic)
• c6a9a3b Update: Add enforceForIndexOf option to use-isnan (fixes #​12207) (#​12379) (Milos Djermanovic)
• 364877b Update: measure plugin loading time and output in debug message (#​12395) (Victor Homyakov)
• 1744fab Fix: operator-assignment removes and duplicates comments (#​12485) (Milos Djermanovic)
• 52ca11a Fix: operator-assignment invalid autofix with adjacent tokens (#​12483) (Milos Djermanovic)
• 0f6d0dc Fix: CLIEngine#addPlugin reset lastConfigArrays (fixes #​12425) (#​12468) (Toru Nagashima)
• 923a8cb Chore: Fix lint failure in JSDoc comment (#​12489) (Brandon Mills)
• aac3be4 Update: Add ignored prop regex no-param-reassign (#​11275) (Luke Bennett)
• e5382d6 Chore: Remove unused parameter in dot-location (#​12464) (Milos Djermanovic)
• 49faefb Fix: no-obj-calls false positive (fixes #​12437) (#​12467) (Toru Nagashima)
• b3dbd96 Fix: problematic installation issue (fixes #​11018) (#​12309) (Toru Nagashima)
• cd7c29b Sponsors: Sync README with website (ESLint Jenkins)
• 8233873 Docs: Add note about Node.js requiring SSL support (fixes #​11413) (#​12475) (Nicholas C. Zakas)
• 89e8aaf Fix: improve report location for no-tabs (#​12471) (Milos Djermanovic)
• 7dffe48 Update: Enable function string option in comma-dangle (fixes #​12058) (#​12462) (YeonJuan)
• e15e1f9 Docs: fix doc for no-unneeded-ternary rule (fixes #​12098) (#​12410) (Sam Rae)
• b1dc58f Sponsors: Sync README with website (ESLint Jenkins)
• 61749c9 Chore: Provide debug log for parser errors (#​12474) (Brad Zacher)
• 7c8bbe0 Update: enforceForOrderingRelations no-unsafe-negation (fixes #​12163) (#​12414) (Sam Rae)
• 349ed67 Update: improve report location for no-mixed-operators (#​12328) (Chiawen Chen)
• a102eaa Fix: prefer-numeric-literals invalid autofix with adjacent tokens (#​12387) (Milos Djermanovic)
• 6e7c18d Update: enforceForNewInMemberExpressions no-extra-parens (fixes #​12428) (#​12436) (Milos Djermanovic)
• 51fbbd7 Fix: array-bracket-newline consistent error with comments (fixes #​12416) (#​12441) (Milos Djermanovic)
• e657d4c Fix: report full dot location in dot-location (#​12452) (Milos Djermanovic)
• 2d6e345 Update: make isSpaceBetweenTokens() ignore newline in comments (#​12407) (YeonJuan)
• 84f71de Update: remove default overrides in keyword-spacing (fixes #​12369) (#​12411) (YeonJuan)
• 18a0b0e Update: improve report location for no-space-in-parens (#​12364) (Chiawen Chen)
• d61c8a5 Update: improve report location for no-multi-spaces (#​12329) (Chiawen Chen)
• 561093f Upgrade: bump inquirer to ^7.0.0 (#​12440) (Joe Graham)
• fb633b2 Chore: Add a script for testing with more control (#​12444) (Eric Wang)
• 012ec51 Sponsors: Sync README with website (ESLint Jenkins)
• 874fe16 New: pass cwd from cli engine (#​12389) (Eric Wang)
• b962775 Update: no-self-assign should detect member expression with this (#​12279) (Tibor Blenessy)
• 02977f2 Docs: Clarify eslint:recommended semver policy (#​12429) (Kevin Partington)
• 97045ae Docs: Fixes object type for rules in "Use a Plugin" (#​12409) (Daisy Develops)
• 24ca088 Docs: Fix typo in v6 migration guide (#​12412) (Benjamim Sonntag)
• b094008 Chore: update version parameter name (#​12402) (Toru Nagashima)
• e5637ba Chore: enable jsdoc/require-description (#​12365) (Kai Cataldo)
• d31f337 Sponsors: Sync README with website (ESLint Jenkins)
• 7ffb22f Chore: Clean up inline directive parsing (#​12375) (Jordan Eldredge)
• 84467c0 Docs: fix wrong max-depth example (fixes #​11991) (#​12358) (Gabriel R Sezefredo)
• 3642342 Docs: Fix minor formatting/grammar errors (#​12371) (cherryblossom000)
• c47fa0d Docs: Fix missing word in sentence (#​12361) (Dan Boulet)
• 8108f49 Chore: enable additional eslint-plugin-jsdoc rules (#​12336) (Kai Cataldo)
• b718d2e Chore: update issue template with --eslint-fix flag (#​12352) (James George)
• 20ba14d Sponsors: Sync README with website (ESLint Jenkins)
• 566a947 Sponsors: Sync README with website (ESLint Jenkins)
• 070cbd0 Sponsors: Sync README with website (ESLint Jenkins)

v6.5.1

Compare Source

• 0d3d7d9 Docs: fix typo in no-magic-numbers (#​12345) (Josiah Rooney)
• 447ac87 Fix: no-useless-rename handles ExperimentalRestProperty (fixes #​12335) (#​12339) (Kai Cataldo)
• b6ff73c Sponsors: Sync README with website (ESLint Jenkins)

v6.5.0

Compare Source

• 73596cb Update: Add enforceForSwitchCase option to use-isnan (#​12106) (Milos Djermanovic)
• d592a24 Fix: exclude \u000d so new line won't convert to text (fixes #​12027) (#​12031) (zamboney)
• e85d27a Fix: no-regex-spaces false positives and invalid autofix (fixes #​12226) (#​12231) (Milos Djermanovic)
• b349bf7 Fix: prefer-named-capture-group incorrect locations (fixes #​12233) (#​12247) (Milos Djermanovic)
• 7dc1ea9 Fix: no-useless-return autofix removes comments (#​12292) (Milos Djermanovic)
• 0e68677 Fix: no-extra-bind autofix removes comments (#​12293) (Milos Djermanovic)
• 6ad7e86 Fix: no-extra-label autofix removes comments (#​12298) (Milos Djermanovic)
• acec201 Fix: no-undef-init autofix removes comments (#​12299) (Milos Djermanovic)
• d89390b Fix: use async reading of stdin in bin/eslint.js (fixes #​12212) (#​12230) (Barrie Treloar)
• 334ca7c Update: no-useless-rename also reports default values (fixes #​12301) (#​12322) (Kai Cataldo)
• 41bfe91 Update: Fix handling of chained new expressions in new-parens (#​12303) (Milos Djermanovic)
• 160b7c4 Chore: add autofix npm script (#​12330) (Kai Cataldo)
• 04b6adb Chore: enable eslint-plugin-jsdoc (refs #​11146) (#​12332) (Kai Cataldo)
• 9b86167 Docs: Add new ES environments to Configuring ESLint (#​12289) (Milos Djermanovic)
• c9aeab2 Docs: Add supported ECMAScript version to README (#​12290) (Milos Djermanovic)
• 8316e7b Fix: no-useless-rename autofix removes comments (#​12300) (Milos Djermanovic)
• 29c12f1 Chore: cache results in runtime-info (#​12320) (Kai Cataldo)
• f5537b2 Fix: prefer-numeric-literals autofix removes comments (#​12313) (Milos Djermanovic)
• 11ae6fc Update: Fix call, new and member expressions in no-extra-parens (#​12302) (Milos Djermanovic)
• a7894eb New: add --env-info flag to CLI (#​12270) (Kai Cataldo)
• 61392ff Sponsors: Sync README with website (ESLint Jenkins)
• 2c6bf8e Docs: English fix (#​12306) (Daniel Nixon)
• 6f11877 Sponsors: Sync README with website (ESLint Jenkins)
• 2e202ca Docs: fix links in array-callback-return (#​12288) (Milos Djermanovic)
• e39c631 Docs: add example for CLIEngine#executeOnText 3rd arg (#​12286) (Kai Cataldo)
• d4f9a16 Update: add support for JSXFragments in indent rule (fixes #​12208) (#​12210) (Kai Cataldo)
• c6af95f Sponsors: Sync README with website (ESLint Jenkins)
• 8cadd52 Sponsors: Sync README with website (ESLint Jenkins)
• f9fc695 Chore: enable default-param-last (#​12244) (薛定谔的猫)
• 9984c3e Docs: Update README team and sponsors (ESLint Jenkins)

v6.4.0

Compare Source

• e915fff Docs: Improve examples and clarify default option (#​12067) (Yuping Zuo)
• 540296f Update: enforceForClassMembers option to accessor-pairs (fixes #​12063) (#​12192) (Milos Djermanovic)
• d3c2334 Update: flag nested block with declaration as error (#​12193) (David Waller)
• b2498d2 Update: Fix handling of property names in no-self-assign (#​12105) (Milos Djermanovic)
• 1ee61b0 Update: enforceForClassMembers computed-property-spacing (fixes #​12049) (#​12214) (Milos Djermanovic)
• 520c922 Docs: Added naming convention details to plugin usage (#​12202) (Henrique Barcelos)
• f826eab Fix: Allow line comment exception in object-curly-spacing (fixes #​11902) (#​12216) (Milos Djermanovic)
• db2a29b Update: indentation of comment followed by semicolon (fixes #​12232) (#​12243) (Kai Cataldo)
• ae17d1c Fix: no-sequences is reporting incorrect locations (#​12241) (Milos Djermanovic)
• 365331a Fix: object-shorthand providing invalid fixes for typescript (#​12260) (Brad Zacher)
• 1c921c6 New: add no-import-assign (fixes #​12237) (#​12252) (Toru Nagashima)
• 3be04fd New: Add prefer-regex-literals rule (fixes #​12238) (#​12254) (Milos Djermanovic)
• 37c0fde Update: Report global Atomics calls in no-obj-calls (fixes #​12234) (#​12258) (Milos Djermanovic)
• 985c9e5 Fix: space-before-function-paren autofix removes comments (fixes #​12259) (#​12264) (Milos Djermanovic)
• 01da7d0 Fix: eqeqeq rule reports incorrect locations (#​12265) (Milos Djermanovic)
• 319e4d8 Docs: adding finally example (#​12256) (Jens Melgaard)
• d52328f Docs: fix no-sequences with examples (#​12239) (Milos Djermanovic)
• a41fdc0 Fix: Remove autofixer for no-unsafe-negation (#​12157) (Milos Djermanovic)
• e38f5fd Update: fix no-octal-escape false negatives after \0 (#​12079) (Milos Djermanovic)
• 9418fbe Sponsors: Sync README with website (ESLint Jenkins)
• acc5ec5 Sponsors: Sync README with website (ESLint Jenkins)
• 460c5ad Sponsors: Sync README with website (ESLint Jenkins)
• 0313441 New: add rule default-param-last (fixes #​11361) (#​12188) (Chiawen Chen)
• 7621f5d Update: add more specific linting messages to space-in-parens (#​11121) (Che Fisher)
• 21eb904 Fix: basePath of OverrideTester (fixes #​12032) (#​12205) (Toru Nagashima)
• 86e5e65 Sponsors: Sync README with website (ESLint Jenkins)
• 2b1a13f Fix: no-extra-boolean-cast reports wrong negation node (fixes #​11324) (#​12197) (Milos Djermanovic)
• ba8c2aa Sponsors: Sync README with website (ESLint Jenkins)
• a0a9746 Docs: Fix link in no-irregular-whitespace.md (#​12196) (Timo Tijhof)
• e10eeba Fix: quotes autofix produces syntax error with octal escape sequences (#​12118) (Milos Djermanovic)

v6.3.0

Compare Source

• 0acdefb Chore: refactor code (#​12113) (James George)
• 52e2cf5 New: reportUnusedDisableDirectives in config (refs eslint/rfcs#22) (#​12151) (Toru Nagashima)
• 020f952 Update: enforceForSequenceExpressions to no-extra-parens (fixes #​11916) (#​12142) (Milos Djermanovic)
• aab1b84 Fix: reset to the default color (#​12174) (Ricardo Gobbo de Souza)
• 4009d39 Fix: yoda rule produces invalid autofix with preceding yield (#​12166) (Milos Djermanovic)
• febb660 Fix: no-extra-boolean-cast invalid autofix with yield before negation (#​12164) (Milos Djermanovic)
• 4c0b70b New: support TypeScript at config initializer (fixes #​11789) (#​12172) (Pig Fang)
• 94e39d9 Chore: use GitHub Actions (#​12144) (Toru Nagashima)
• e88f305 Chore: support es2020 in fuzz (#​12180) (薛定谔的猫)
• 00d2c5b Docs: corrected class extension example (#​12176) (Marius M)
• 31e5428 Chore: Fix wrong error object keys in test files (#​12162) (Milos Djermanovic)
• 197f443 Fix: func-name-matching crash on descriptor-like arguments (#​12100) (Milos Djermanovic)
• 644ce33 Fix: no-self-assign false positive with rest and spread in array (#​12099) (Milos Djermanovic)
• a81d263 Fix: fix message of function-paren-newline (#​12136) (Pig Fang)
• 77f8ed1 Chore: update blogpost template (#​12154) (Toru Nagashima)
• [`6abc7

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 133368b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eslint@​6.1.0 ⏵ 6.8.0			+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: Handlebars.js has JavaScript Injection via AST Type Confusion CVE: GHSA-2w6w-674q-4c4q Handlebars.js has JavaScript Injection via AST Type Confusion (CRITICAL) Affected versions: >= 4.0.0 < 4.7.9 Patched version: 4.7.9 From: ? → npm/jest@24.8.0 → npm/handlebars@4.1.2 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/handlebars@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Prototype Pollution in npm handlebars CVE: GHSA-w457-6q6x-cgp9 Prototype Pollution in handlebars (CRITICAL) Affected versions: >= 4.0.0 < 4.3.0; < 3.0.8 Patched version: 4.3.0 From: ? → npm/jest@24.8.0 → npm/handlebars@4.1.2 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/handlebars@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Prototype Pollution in npm handlebars CVE: GHSA-765h-qjxv-5f44 Prototype Pollution in handlebars (CRITICAL) Affected versions: < 4.7.7 Patched version: 4.7.7 From: ? → npm/jest@24.8.0 → npm/handlebars@4.1.2 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/handlebars@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Remote code execution in npm handlebars when compiling templates CVE: GHSA-f2jv-r9rf-7988 Remote code execution in handlebars when compiling templates (CRITICAL) Affected versions: < 4.7.7 Patched version: 4.7.7 From: ? → npm/jest@24.8.0 → npm/handlebars@4.1.2 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/handlebars@4.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: npm json-schema is vulnerable to Prototype Pollution CVE: GHSA-896r-f27r-55mw json-schema is vulnerable to Prototype Pollution (CRITICAL) Affected versions: < 0.4.0 Patched version: 0.4.0 From: ? → npm/json-schema@0.2.3 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/json-schema@0.2.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report