Bump flatted and eslint in /Tools/WebKitBot

[dependabot]

Bumps flatted to 3.4.2 and updates ancestor dependency eslint. These dependencies need to be updated together.

Updates flatted from 2.0.2 to 3.4.2

Commits

• 3bf0909 3.4.2
• 885ddcc fix CWE-1321
• 0bdba70 added flatted-view to the benchmark
• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• Additional commits viewable in compare view

Updates eslint from 7.3.1 to 7.32.0

Changelog

Sourced from eslint's changelog.

v7.32.0 - July 30, 2021

• 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#14841) (Bryan Mishkin)
• faecf56 Update: change reporting location for curly rule (refs #12334) (#14766) (Nitin Kumar)
• d7dc07a Fix: ignore lines with empty elements (fixes #12756) (#14837) (Soufiane Boutahlil)
• 1bfbefd New: Exit on fatal error (fixes #13711) (#14730) (Antonios Katopodis)
• ed007c8 Chore: Simplify internal no-invalid-meta rule (#14842) (Bryan Mishkin)
• d53d906 Docs: Prepare data for website to indicate rules with suggestions (#14830) (Bryan Mishkin)
• d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#14805) (Brett Zamir)
• 8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#14823) (Bryan Mishkin)
• f9c164f Docs: New syntax issue template (#14826) (Nicholas C. Zakas)
• eba0c45 Chore: assertions on reporting loc in unicode-bom (refs #12334) (#14809) (Nitin Kumar)
• ed945bd Docs: fix multiple broken links (#14833) (Sam Chen)
• 60df44c Chore: use actions/setup-node@v2 (#14816) (Nitin Kumar)
• 6641d88 Docs: Update README team and sponsors (ESLint Jenkins)

v7.31.0 - July 17, 2021

• efdbb12 Upgrade: @​eslint/eslintrc to v0.4.3 (#14808) (Brandon Mills)
• a96b05f Update: add end location to report in consistent-return (refs #12334) (#14798) (Nitin Kumar)
• e0e8e30 Docs: update BUG_REPORT template (#14787) (Nitin Kumar)
• 39115c8 Docs: provide more context to no-eq-null (#14801) (gfyoung)
• 9a3c73c Docs: fix a broken link (#14790) (Sam Chen)
• ddffa8a Update: Indicating the operator in question (#14764) (Paul Smith)
• bba714c Update: Clarifying what changes need to be made in no-mixed-operators (#14765) (Paul Smith)
• b0d22e3 Docs: Mention benefit of providing meta.docs.url (#14774) (Bryan Mishkin)
• 000cc79 Sponsors: Sync README with website (ESLint Jenkins)
• a6a7438 Chore: pin fs-teardown@0.1.1 (#14771) (Milos Djermanovic)

v7.30.0 - July 2, 2021

• 5f74642 Chore: don't check Program.start in SourceCode#getComments (refs #14744) (#14748) (Milos Djermanovic)
• 19a871a Docs: Suggest linting plugins for ESLint plugin developers (#14754) (Bryan Mishkin)
• aa87329 Docs: fix broken links (#14756) (Sam Chen)
• 278813a Docs: fix and add more examples for new-cap rule (fixes #12874) (#14725) (Nitin Kumar)
• ed1da5d Update: ecmaVersion allows "latest" (#14720) (薛定谔的猫)
• 104c0b5 Update: improve use-isnan rule to detect Number.NaN (fixes #14715) (#14718) (Nitin Kumar)
• b08170b Update: Implement FlatConfigArray (refs #13481) (#14321) (Nicholas C. Zakas)
• f113cdd Chore: upgrade eslint-plugin-eslint-plugin (#14738) (薛定谔的猫)
• 1b8997a Docs: Fix getRulesMetaForResults link syntax (#14723) (Brandon Mills)
• aada733 Docs: fix two broken links (#14726) (Sam Chen)
• 8972529 Docs: Update README team and sponsors (ESLint Jenkins)

v7.29.0 - June 18, 2021

• bfbfe5c New: Add only to RuleTester (refs eslint/rfcs#73) (#14677) (Brandon Mills)
• c2cd7b4 New: Add ESLint#getRulesMetaForResults() (refs #13654) (#14716) (Nicholas C. Zakas)
• eea7e0d Chore: remove duplicate code (#14719) (Nitin Kumar)
• 6a1c7a0 Fix: allow fallthrough comment inside block (fixes #14701) (#14702) (Kevin Gibbons)
• a47e5e3 Docs: Add Mega-Linter to the list of integrations (#14707) (Nicolas Vuillamy)

... (truncated)

Commits

• 83cc8a6 7.32.0
• f10218d Build: changelog update for 7.32.0
• 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#14841)
• faecf56 Update: change reporting location for curly rule (refs #12334) (#14766)
• d7dc07a Fix: ignore lines with empty elements (fixes #12756) (#14837)
• 1bfbefd New: Exit on fatal error (fixes #13711) (#14730)
• ed007c8 Chore: Simplify internal no-invalid-meta rule (#14842)
• d53d906 Docs: Prepare data for website to indicate rules with suggestions (#14830)
• d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#14805)
• 8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#14823)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[semgrep-code-squarespace]

High severity vulnerability introduced by a package you're using:
Line 5875 lists a dependency (tmpl) with a known High severity vulnerability. Fixing requires upgrading or replacing the dependency.

ℹ️ Why this matters

tmpl versions before 1.0.5 are vulnerable to Uncontrolled Resource Consumption when formatting a string.

References: GHSA, CVE

To resolve this comment:
Upgrade this dependency to at least version 1.0.5 at Tools/WebKitBot/package-lock.json.

💬 Ignore this finding

To ignore this, reply with:

• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons

_{You can view more details on this finding in the Semgrep AppSec Platform here.}

[semgrep-code-squarespace]

Critical severity vulnerability may affect your project—review required:
Line 426 lists a dependency (@babel/traverse) with a known Critical severity vulnerability.

ℹ️ Why this matters

Affected versions of @babel/traverse and babel-traverse are vulnerable to Incomplete List of Disallowed Inputs / Incorrect Comparison. Compiling untrusted code with Babel using plugins that invoke the internal path.evaluate() or path.evaluateTruthy() methods (for example @babel/plugin-transform-runtime, @babel/preset-env with useBuiltIns, or any polyfill‐provider plugin) allows a maliciously crafted AST to execute arbitrary code on the build machine during compilation.

References: GHSA, CVE

To resolve this comment:
Check if you use Babel to compile untrusted JavaScript.

• If you're affected, upgrade this dependency to at least version 7.23.2 at Tools/WebKitBot/package-lock.json.
• If you're not affected, comment /fp we don't use this [condition]

💬 Ignore this finding

To ignore this, reply with:

• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons

_{You can view more details on this finding in the Semgrep AppSec Platform here.}