Skip to content

chore(deps-dev): bump eslint-plugin-security from 1.7.1 to 4.0.0#349

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/eslint-plugin-security-4.0.0
Closed

chore(deps-dev): bump eslint-plugin-security from 1.7.1 to 4.0.0#349
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/eslint-plugin-security-4.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps eslint-plugin-security from 1.7.1 to 4.0.0.

Release notes

Sourced from eslint-plugin-security's releases.

eslint-plugin-security: v4.0.0

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
  • switch the recommended config to flat (#118)

Features

  • add config recommended-legacy (#132) (13d3f2f)
  • Add meta object documentation for all rules (#79) (fb1d9ef)
  • detect-bidi-characters rule (#95) (4294d29)
  • detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
  • extend detect non literal fs filename (#92) (08ba476)
  • improve detect-child-process rule (#108) (64ae529)
  • non-literal-require: support template literals (#81) (208019b)
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
  • switch the recommended config to flat (#118) (e20a366)

Bug Fixes

  • Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
  • add name to recommended flat config (#161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
  • Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
  • generate provenance statement for release (#168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
  • release-please config (#189) (2443d10)
Changelog

Sourced from eslint-plugin-security's changelog.

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
  • switch the recommended config to flat (#118)

Features

  • add config recommended-legacy (#132) (13d3f2f)
  • Add meta object documentation for all rules (#79) (fb1d9ef)
  • detect-bidi-characters rule (#95) (4294d29)
  • detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
  • extend detect non literal fs filename (#92) (08ba476)
  • improve detect-child-process rule (#108) (64ae529)
  • non-literal-require: support template literals (#81) (208019b)
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
  • switch the recommended config to flat (#118) (e20a366)

Bug Fixes

  • Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
  • add name to recommended flat config (#161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
  • Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
  • generate provenance statement for release (#168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
  • release-please config (#189) (2443d10)

3.0.1 (2024-06-14)

Bug Fixes

3.0.1 (2024-06-13)

Bug Fixes

... (truncated)

Commits
  • 4b734af chore: release 4.0.0 🚀 (#192)
  • 2443d10 fix: release-please config (#189)
  • ee73862 chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#187)
  • ca182d1 chore(deps): bump serialize-javascript and mocha (#184)
  • 7f9ee77 fix: Add ESLint 10 compatibility for context.sourceCode API change (#186)
  • 99032c3 ci: trusted publishing (#180)
  • 5e096f2 ci(ci): add node 24 to test matrix (#176)
  • e060aeb ci: migrate to manifest config (#173)
  • fc0af81 chore(.eslint-doc-generatorrc): add missing 'use strict' directive (#170)
  • f6a29ef chore(package): explicitly declare js module type (#171)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-security since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump eslint-plugin-security from 1.7.1 to 4.0.0
74427dc 
Bumps [eslint-plugin-security](https://github.com/eslint-community/eslint-plugin-security) from 1.7.1 to 4.0.0.
- [Release notes](https://github.com/eslint-community/eslint-plugin-security/releases)
- [Changelog](https://github.com/eslint-community/eslint-plugin-security/blob/main/CHANGELOG.md)
- [Commits](eslint-community/eslint-plugin-security@v1.7.1...eslint-plugin-security-v4.0.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-security
  dependency-version: 4.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 1, 2026
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
the-codegen-project Ready Ready Preview, Comment Apr 1, 2026 4:44pm
the-codegen-project-mcp Ready Ready Preview, Comment Apr 1, 2026 4:44pm

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 1, 2026
@netlify
Copy link
Copy Markdown

netlify bot commented Apr 1, 2026
edited
Loading

Deploy Preview for the-codegen-project canceled.

Name Link
🔨 Latest commit 74427dc
🔍 Latest deploy log https://app.netlify.com/projects/the-codegen-project/deploys/69cd4ad89099e10008683db9

jonaslagoni added a commit that referenced this pull request Apr 7, 2026
@jonaslagoni @claude
chore(deps): consolidate Dependabot dependency upgrades
34c083c 
Upgrade the following dependencies:
- @oclif/plugin-autocomplete: 3.0.16 → 3.2.45 (minor)
- @typescript-eslint/eslint-plugin: 6.7.5 → 8.58.0 (major)
- @typescript-eslint/parser: 6.7.5 → 8.58.0 (major)
- eslint-plugin-jest: 27.2.1 → 29.15.1 (major)
- eslint-plugin-unused-imports: 3.0.0 → 4.4.1 (major)
- eslint-plugin-security: 1.7.1 → 4.0.0 (major)
- zod-to-json-schema: 3.23.0 → 3.25.2 (minor)

Skipped:
- zod: 3.25.76 → 4.3.6 (public API exports zod schemas that consumers depend on)

ESLint config updated:
- Use security/recommended-legacy for ESLint 8 compatibility

Ref #349
Ref #350
Ref #351
Ref #352

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@jonaslagoni jonaslagoni mentioned this pull request Apr 7, 2026
Merged
7 tasks
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 7, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/eslint-plugin-security-4.0.0 branch April 7, 2026 14:33
@jonaslagoni
Copy link
Copy Markdown
Contributor

jonaslagoni commented Apr 7, 2026

🎉 This issue has been resolved in version 0.70.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonaslagoni jonaslagoni Awaiting requested review from jonaslagoni jonaslagoni is a code owner

@ALagoni97 ALagoni97 Awaiting requested review from ALagoni97 ALagoni97 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jonaslagoni