Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade jshint from 2.4.1 to 2.10.2 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade jshint from 2.4.1 to 2.10.2 #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade jshint from 2.4.1 to 2.10.2.

  • The recommended version is 34 versions ahead of your current version.
  • The recommended version was released 7 months ago, on 2019-03-13.

The recommended version fixes:

Severity Title Issue ID
Regular Expression Denial of Service (DoS) npm:minimatch:20160620
Insecure use of /tmp folder npm:cli:20160615
Release notes
  • Package name: jshint
    • 2.10.2 - 2019-03-13

      2.10.2 (2019-03-13)

      Bug Fixes

      • Allow built-in method names in classes (b0c224b)
      • Correct parsing of exported async fns (64b9dce)
      • Correct parsing of RegExp character sets (668c4a3)
      • Init block bindings in C-style for loop (404c9a0)
      • Require const intlzr in C-style for loop (307e9fc)
      • Track FutureReservedWords as idnts in ES5+ (d697ff4)
      • Warn on reassignment of async functions (14384d3)
    • 2.10.1 - 2019-02-05

      2.10.1 (2019-02-05)

      Bug Fixes

      • Do not add cls method names to env. record (036f085)
    • 2.10.0 - 2019-02-05

      2.10.0 (2019-02-05)

      This release introduces support for the three most recent editions of
      JavaScript: ES7, ES8, and ES9. Users can enable support for any one of these
      via the esversion linting option.

      Perhaps most notably, this includes "async functions." Since their
      standardization in ES2017, no feature has been more requested. We're happy to
      add support for this powerful new language feature. If the delay is any
      indication, extending JSHint's parser was no small task, and we were able to
      make many seemingly-unrelated corrections along the way.

      That progress is easiest to see in JSHint's performance on Test262 (the
      official test suite for the JavaScript programming language). Version 2.9.6
      passed 84% of those tests. Version 2.10.0 passes 96%. We're excited to push
      that number higher, especially considering that new language features and new
      tests are being added every day. If you're curious about what needs to be done,
      we maintain an "expectations file" describing every test JSHint is known to
      fail today.

      This release also includes brand-new parsing logic for classes. We thank Ethan
      Dorta and Alex Kritchevsky, the two first-time contributors who made this
      possible!

      Bug Fixes

      • Accept new RegExp flag introduced by ES6 (26b9e53)
      • Add global variables introduced in ES2017 (aded551)
      • Add globals for EventTarget interface (b78083a)
      • Add globals for WindowOrWorkerGlobalScope (e0aac94)
      • Allow YieldExpression as computed property (40dca82)
      • Correct implementation of spread/rest (bd0ae0d)
      • Correct invalid function invocation (cda02ae)
      • Correct parsing of let token (030d6b4)
      • Correct parsing of arrow function (8fa6e39)
      • Correct parsing of InExpression (06f54d0)
      • Disallow dups in non-simple parameter list (4a5a4a5)
      • Disallow fn declarations in stmt positions (a0e0305)
      • Disallow YieldExpression in gnrtr params (17ca4e4)
      • Enforce UniqueFormalParameters for methods (280d36b)
      • Honor globals config in JavaScript API (0278731)
      • Report invalid syntax as error (5ca8b1a)
      • Update parsing of object "rest" property (58967ea)

      Features

      • Enable object rest/spread via esversion (3fc9c19)
      • Enforce ES2016 restriction on USD (2c2025b)
      • Implement noreturnawait (70ab03d)
      • Implement regexpu option (962dced)
      • Implement ES2019 RegExp "dotall" (457d732)
      • Implement support for async iteration (1af5930)
      • Implement support for ES8 trailing commas (29cab1f)
      • Implement support for object spread/rest (35e1b17)
      • Introduce exponentiation operator (21b8731)
      • Introduce linting option leanswitch (1f008f2)
      • Introduce support for async functions (bc4ae9f)
    • 2.9.7 - 2018-12-07

      2.9.7 (2018-12-07)

      This release corrects a packaging issue. It is not expected to modify JSHint's behavior.

    • 2.9.6 - 2018-07-30

      2.9.6 (2018-07-30)

      Bug Fixes

      • Add missing global objects for browser env (badc7a4)
      • Add other Fetch spec globals (07bb596), closes #2582
      • Allow closing over immutable bindings (7091685)
      • Allow computed method names in obj literal (a5ff715)
      • Allow empty export and trailing comma (631327e), closes #2567
      • Avoid infinite loop on invalid for stmt (56a4379)
      • Consistently ignore dot-prefixed dirs (8d4317e)
      • Correct impl of built-in bindings (a11d631)
      • Correct interpretation of whitespace (dd06eea)
      • Correct location of reported error (1c434a3)
      • Correct location reported for W043 (1d04868)
      • Correct reporting of var name in list comprehensions (0ff6644)
      • Correct restriction on function name (55aa54e)
      • Correct spelling of Uint8ClampedArray (8df4a32)
      • Create block scope for switch statements (aa2be10)
      • Disallow default values in rest parameters (b420aed)
      • Do not create binding for illegal syntax (9fe8c94)
      • Do not warn about non-ambiguous linebreaks (ab3ab85)
      • Fix "is is" message typos (7993101)
      • Preserve functionality in "legacy" Node.js (2f6ac13)
      • recognize Jasmine global spyOnProperty (827237f), closes #3183
      • Relax restriction on asgnmnt to arguments (0a66710)
      • Remove warning W100 (ff71d3c)
      • Report error for duplicate arrow params (506c7d5)
      • Report error for redeclared generator fns (8896fa3)
      • Restrict "name" of strict mode functions (a554c89)
      • Restrict super usage to valid forms (8f3f880)
      • Restrict IdentifierNames in ES5 code (5995a9f)
      • Tolerate division following closing brace (3aa02db)
      • Tolerate RegExp as void operand (3f920b5)
      • Tolerate whitespace in inline directives (efeb0f8)

      Features

      • List outer scoped variables of W083 (d03662c), closes #3211
    • 2.9.5 - 2017-06-22

      2.9.5 (2017-06-22)

      Bug Fixes

      • Account for hoisting of importing bindings (bd36953)
      • Add onmessage to vars.worker (540ed85)
      • Added missing "Storage" browser variable (8cfe5ad)
      • Avoid crash when peeking past end of prog (c083866)
      • Avoid false positive (44d9e0b)
      • Close synthetic scope for labeled blocks (5f0f789)
      • Fail gracefully on invalid if syntax (#3103) (8c6ac87)
      • Honor "ignore" file when linting STDIN (d4f83a4)
      • Parse for-in/of head LHS as asnmt target (da52ad9)
      • Removed warning message W041 (#3115) (376fa62)
      • Throw W033 instead of E058 when the ; after a do-while stmt is missing (6907cd4)

      Features

    • 2.9.4 - 2016-10-20

      2.9.4 (2016-10-20)

      Bug Fixes

      • Allow RegExp literal as yield operand (#3011) (b646aea)
      • Allow W100 to be ignored during lookahead (a2b3881), closes #3013
      • Avoid crashing on invalid input (#3046) (bec152c)
      • Correct interpretation of ASI (#3045) (9803e11)
      • Do not duplicate reported warnings/errors (dc4a4fe)
      • Enforce TDZ within initializer of lexical declaration 8e9d406), closes #2637
      • Enforce TDZ within class heritage definition 8e9d406)
      • Enforce TDZ within for in/of head 8e9d406), closes #2693
      • Offset line no.s of errors from eval code (2a31c94)
      • Remove null value from errors array (#3049) (f7eb3d7)
      • Report error for offending token value (3b06d01)
    • 2.9.3 - 2016-08-18

      2.9.3 (2016-08-18)

      Bug Fixes

      • Add TypedArray globals for ES2015 (ee0acab)
      • Allow Expression within for-in head (56c95d0)
      • Avoid crash when peeking past end of prog (#2937) (330d429)
      • Correct behavior of singleGroups (#2951) (97fefb7)
      • Correct interpretation of ASI (#2977) (3ef7a03)
      • Correctly recognize asi after directives (039ee2e), closes #2714
      • Disallow Import declarations below top lvl (d800e44)
      • Support y RegExp flag in ES2015 code (#2999) (a801433)
      • Support semicolons within arrow fn params (#3003) (179a9d6)

      Features

      • Error for literals on rhs of instanceof (e3e745b), closes #2777
    • 2.9.2 - 2016-04-19

      2.9.2 (2016-04-19)

      This release contains a number of bug fixes. As always, we thank everyone who
      reported issues and submitted patches; those contributions are essential to the
      continuing improvement of the project. We hope you'll keep it up!

      Bug Fixes

      • (cli - extract) lines can end with "\r\n", not "\n\r" (93818f3), closes #2825
      • Account for implied closures (c3b4d63)
      • Add CompositionEvent to browser globals (56515cf)
      • Allow destructuring in setter parameter (97d0ac1)
      • Allow parentheses around object destructuring assignment. (7a0bd70), closes #2775
      • Allow regex inside template literal (5dd9c90), closes #2791
      • Allow regexp literal after 'instanceof' (caa30e6), closes #2773
      • Correct CLI's indentation offset logic (47daf76), closes #2778
      • Do not crash on invalid input (2e0026f)
      • Do not fail on valid configurations (2fb3c24)
      • Don't throw E056 for vars used in two functions (fd91d4a), closes #2838
      • Emit correct token value from "module" API (4a43fb9)
      • Expand forms accepted in dstr. assignment (8bbd537)
      • Improve binding power for tagged templates (9cf2ff0)
      • Improve reporting of "Bad assignment." (08df19e)
      • Make the 'freeze' option less strict (b76447c), closes #1600
      • Report "Bad assignment." in destructuring (fe559ed)
      • Report character position for camelcase errors (480252a), closes #2845
      • Reserve await keyword in ES6 module code (b1c8d5b)
    • 2.9.1 - 2016-01-14

      2.9.1 (2016-01-14)

      Following the revocation of version 2.9.0, we observed an extended "release
      candidate" phase where we encouraged users to vet JSHint for undesirable
      changes in behavior. During that time, we identified and resolved a number of
      such regressions. This release comprises all changes from the release candidate
      phase along with the improvements initially released as version 2.9.0. This
      release does not itself contain any changes to the codebase. If you are
      upgrading from version 2.8.0 or earlier, please refer to the
      previously-published release notes for details on bug fixes and features--these
      can be found in the project's CHANGELOG.md file and on the project's website.

    • 2.9.1-rc3 - 2016-01-13 
        </li>
  <li>
    <b>2.9.1-rc2</b> - <a href="">2015-12-22</a>
    
  </li>
  <li>
    <b>2.9.1-rc1</b> - <a href="">2015-11-12</a>
    
  </li>
  <li>
    <b>2.8.0</b> - <a href="">2015-05-31</a>
    
  </li>
  <li>
    <b>2.7.0</b> - <a href="">2015-04-11</a>
    
  </li>
  <li>
    <b>2.6.3</b> - <a href="">2015-02-28</a>
    
  </li>
  <li>
    <b>2.6.2</b> - <a href="">2015-02-28</a>
    
  </li>
  <li>
    <b>2.6.1</b> - <a href="">2015-02-27</a>
    
  </li>
  <li>
    <b>2.6.0</b> - <a href="">2015-01-21</a>
    
  </li>
  <li>
    <b>2.5.11</b> - <a href="">2014-12-18</a>
    
  </li>
  <li>
    <b>2.5.10</b> - <a href="">2014-11-06</a>
    
  </li>
  <li>
    <b>2.5.9</b> - <a href="">2014-11-06</a>
    
  </li>
  <li>
    <b>2.5.8</b> - <a href="">2014-10-29</a>
    
  </li>
  <li>
    <b>2.5.7</b> - <a href="">2014-10-28</a>
    
  </li>
  <li>
    <b>2.5.6</b> - <a href="">2014-09-21</a>
    
  </li>
  <li>
    <b>2.5.5</b> - <a href="">2014-08-24</a>
    
  </li>
  <li>
    <b>2.5.4</b> - <a href="">2014-08-18</a>
    
  </li>
  <li>
    <b>2.5.3</b> - <a href="">2014-08-08</a>
    
  </li>
  <li>
    <b>2.5.2</b> - <a href="">2014-07-05</a>
    
  </li>
  <li>
    <b>2.5.1</b> - <a href="">2014-05-16</a>
    
  </li>
  <li>
    <b>2.5.0</b> - <a href="">2014-04-02</a>
    
  </li>
  <li>
    <b>2.4.4</b> - <a href="">2014-02-21</a>
    
  </li>
  <li>
    <b>2.4.3</b> - <a href="">2014-01-26</a>
    
  </li>
  <li>
    <b>2.4.2</b> - <a href="">2014-01-21</a>
    
  </li>
  <li>
    <b>2.4.1</b> - <a href="">2014-01-03</a>
    
  </li>
</ul>
      • from [`jshint` GitHub Release Notes](https://github.com/jshint/jshint/releases)
------------

馃 View latest project report

馃洜 Adjust upgrade PR settings

馃敃 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@snyk-bot