[Snyk] Security upgrade eslint from 8.57.0 to 9.0.0

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 127, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 231 commits.

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (Editor: Fix move to trash redirect save race conditions. WordPress/gutenberg#18275)
• 7c957f2 chore: package.json update for @ eslint/js release
• d73a33c chore: ignore `/docs/v8.x` in link checker ("Copy permalink" button only works when padding area is clicked WordPress/gutenberg#18274)
• d54a412 feat: Add --inspect-config CLI flag (Blocks: Add initial API for Block Variations (formerly Patterns) WordPress/gutenberg#18270)
• e151050 docs: update get-started to the new `@ eslint/create-config` (Column Block: Toolbar positioning for wide and full images inconsistent WordPress/gutenberg#18217)
• 610c148 fix: Support `using` declarations in no-lone-blocks ("Move to Trash" with metaboxes prompts about unsaved changes, 500 server error WordPress/gutenberg#18269)
• 44a81c6 chore: upgrade knip (has_block doesn't return true when a block is inside a reusable block WordPress/gutenberg#18272)
• 94178ad docs: mention about `name` field in flat config (How can i use get_categories inside transition_post_status action? WordPress/gutenberg#18252)
• 1765c24 docs: add Troubleshooting page (Radio buttons broken layout within the meta boxes area WordPress/gutenberg#18181)
• e80b60c chore: remove code for testing version selectors ([RNMobile] Cleanup the v1.16.0 release by undoing squash WordPress/gutenberg#18266)
• 96607d0 docs: version selectors synchronization (Limit of Next Page (Page Break) block to root level only WordPress/gutenberg#18260)
• e508800 fix: rule tester ignore irrelevant test case properties (Polish datetime popover. WordPress/gutenberg#18235)
• a129acb fix: flat config name on ignores object (User mention autocompletion fails if avatar_urls array is not set WordPress/gutenberg#18258)
• 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (Small changes to Git Workflow docs WordPress/gutenberg#17662)
• 651ec91 docs: remove `/* eslint-env */` comments from rule examples (Alignment looks off in the pre-publish panel WordPress/gutenberg#18249)
• 950c4f1 docs: Update README
• 3e9fcea feat: Show config names in error messages (Fix/mobile 1510 low res image uploads WordPress/gutenberg#18256)
• b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (Heading block "encountered an error" since 6.8.0 WordPress/gutenberg#18232)
• 12f5746 docs: add info about dot files and dir in flat config (Preserve selection when switching block editor tabs WordPress/gutenberg#18239)
• b93f408 docs: update shared settings example (Block shortcuts change order after inserting multiple of same type WordPress/gutenberg#18251)
• 26384d3 docs: fix `ecmaVersion` in one example, add checks (Full Site Editing: Add experimental SiteDescription block WordPress/gutenberg#18241)
• 7747097 docs: Update PR review process (Update the copy of the Experiments page WordPress/gutenberg#18233)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Apr 6, 2024 7:31am
gutenberg-wd9x	❌ Failed (Inspect)			Apr 6, 2024 7:31am

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

[github-actions]

Warning: Type of PR label mismatch

To merge this PR, it requires exactly 1 label indicating the type of PR. Other labels are optional and not being checked here.

• Type-related labels to choose from: [Type] Automated Testing, [Type] Breaking Change, [Type] Bug, [Type] Build Tooling, [Type] Code Quality, [Type] Copy, [Type] Developer Documentation, [Type] Enhancement, [Type] Experimental, [Type] Feature, [Type] New API, [Type] Task, [Type] Technical Prototype, [Type] Performance, [Type] Project Management, [Type] Regression, [Type] Security, [Type] WP Core Ticket, Backport from WordPress Core.
• Labels found: Extra Small.

Read more about Type labels in Gutenberg. Don't worry if you don't have the required permissions to add labels; the PR reviewer should be able to help with the task.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@actions/core@1.9.1	environment, filesystem Transitive: network	+2	260 kB	thboop
npm/@actions/github@5.0.0	environment, filesystem Transitive: network	+13	4.49 MB	thboop
npm/@ariakit/react@0.3.12	None	+5	3.57 MB	ariakit-bot
npm/@ariakit/test@0.3.7	None	+1	1.46 MB	ariakit-bot
npm/@axe-core/puppeteer@4.0.0	None	0	44.4 kB	npmdeque
npm/@babel/core@7.16.0	environment, filesystem, unsafe	+32	8.06 MB	nicolo-ribaudo
npm/@babel/eslint-parser@7.16.0	unsafe	+1	127 kB	nicolo-ribaudo
npm/@babel/plugin-proposal-export-namespace-from@7.18.9	None	+2	18.8 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-jsx@7.16.0	None	+1	14.6 kB	nicolo-ribaudo
npm/@babel/plugin-transform-runtime@7.16.0	unsafe Transitive: environment	+5	2.57 MB	nicolo-ribaudo
npm/@babel/runtime-corejs3@7.16.0	None	0	216 kB	nicolo-ribaudo
npm/@babel/traverse@7.16.0	Transitive: environment	+18	5.56 MB	nicolo-ribaudo
npm/@emotion/babel-plugin@11.3.0	environment	+7	2.78 MB	emotion-release-bot
npm/@emotion/cache@11.7.1	environment	+3	151 kB	emotion-release-bot
npm/@emotion/css@11.7.1	environment	+10	3.2 MB	emotion-release-bot
npm/@emotion/jest@11.7.1	environment	+2	144 kB	emotion-release-bot
npm/@emotion/native@11.0.0	environment	+3	212 kB	emotion-release-bot
npm/@emotion/react@11.7.1	environment	+2	587 kB	emotion-release-bot
npm/@emotion/serialize@1.1.2	environment	+1	65.6 kB	emotion-release-bot
npm/@emotion/styled@11.6.0	environment	+1	227 kB	emotion-release-bot
npm/@emotion/utils@1.2.1	environment	0	18.3 kB	emotion-release-bot
npm/@geometricpanda/storybook-addon-badges@2.0.1	Transitive: environment, eval, filesystem, network, unsafe	+48	10.1 MB	geometricpandadev
npm/@octokit/request-error@2.1.0	None	0	21.9 kB	octokitbot
npm/@octokit/rest@16.26.0	Transitive: network	+6	2.81 MB	octokitbot
npm/@octokit/types@6.34.0	None	+1	1.76 MB	octokitbot
npm/@octokit/webhooks-types@5.6.0	None	0	162 kB	octokitbot
npm/@octokit/webhooks@7.1.0	None	0	210 kB	octokitbot
npm/@playwright/test@1.39.0	None	0	25.3 kB	aslushnikov
npm/@pmmmwh/react-refresh-webpack-plugin@0.5.11	environment, filesystem Transitive: network	+2	441 kB	pmmmwh
npm/@react-native-clipboard/clipboard@1.11.2	None	0	176 kB	naturalclar
npm/@react-native-community/blur@4.2.0	None	0	300 kB	titozzz
npm/@react-native-masked-view/masked-view@0.2.9	None	0	58.2 kB	naturalclar
npm/@react-native/gradle-plugin@0.72.11	None	0	155 kB	react-native-bot
npm/@react-navigation/core@5.12.0	environment	0	971 kB	satya164
npm/@react-navigation/native@6.0.14	environment	+3	1.49 MB	satya164
npm/@react-navigation/routers@5.4.9	None	0	237 kB	satya164
npm/@react-navigation/stack@6.3.5	Transitive: environment	+1	1.14 MB	satya164
npm/@react-spring/web@9.5.5	environment	+5	448 kB	tdfka_rick
npm/@storybook/addon-a11y@7.2.2	Transitive: environment, eval, network	+42	8.7 MB	shilman
npm/@storybook/addon-actions@7.2.2	Transitive: environment, eval, network	+39	8.51 MB	shilman
npm/@storybook/addon-controls@7.2.2	Transitive: environment, eval, filesystem, network, unsafe	+48	10 MB	shilman
npm/@storybook/addon-docs@7.2.2	Transitive: environment, eval, filesystem, network, unsafe	+79	23.5 MB	shilman
npm/@storybook/addon-toolbars@7.2.2	Transitive: environment, eval, network	+39	8.49 MB	shilman
npm/@storybook/addon-viewport@7.2.2	Transitive: environment, eval, network	+39	8.5 MB	shilman
npm/@storybook/react-webpack5@7.2.2	Transitive: environment, eval, filesystem, network, shell, unsafe	+122	21.3 MB	shilman
npm/@storybook/react@7.2.2	Transitive: environment, filesystem, network, unsafe	+16	3.94 MB	shilman
npm/@storybook/source-loader@7.2.2	filesystem	+3	351 kB	shilman

🚮 Removed packages: npm/@docusaurus/core@2.4.1, npm/@docusaurus/module-type-aliases@2.4.1, npm/@docusaurus/preset-classic@2.4.1, npm/@mdx-js/react@1.6.22, npm/clsx@1.2.1, npm/docusaurus-lunr-search@2.4.1, npm/prism-react-renderer@1.3.5, npm/react-dom@17.0.2, npm/react@17.0.2

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Environment variable access	npm/puppeteer-core@2.1.1	Env Vars: PUPPETEER_PRODUCT Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Environment variable access	npm/puppeteer-core@2.1.1	Env Vars: npm_config_puppeteer_product Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Filesystem access	npm/puppeteer-core@2.1.1	Module: fs Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Environment variable access	npm/puppeteer-core@2.1.1	Env Vars: npm_package_config_puppeteer_product Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Network access	npm/puppeteer-core@2.1.1	Module: http Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Network access	npm/puppeteer-core@2.1.1	Module: https Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Network access	npm/puppeteer-core@2.1.1	Module: https-proxy-agent Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Uses eval	npm/puppeteer-core@2.1.1	Eval Type: Function Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Uses eval	npm/puppeteer-core@2.1.1	Eval Type: Function Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Uses eval	npm/puppeteer-core@2.1.1	Eval Type: Function Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Uses eval	npm/puppeteer-core@2.1.1	Eval Type: Function Location: Package overview	orphan: npm/puppeteer-core@2.1.1
New author	npm/puppeteer-core@2.1.1	New Author: hanselfmu Previous Author: mathias	orphan: npm/puppeteer-core@2.1.1
Network access	npm/puppeteer-core@2.1.1	Module: globalThis["fetch"] Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Shell access	npm/puppeteer-core@2.1.1	Module: child_process Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Environment variable access	npm/puppeteer-core@2.1.1	Env Vars: Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Environment variable access	npm/puppeteer-core@2.1.1	Env Vars: PUPPETEER_EXECUTABLE_PATH Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Environment variable access	npm/puppeteer-core@2.1.1	Env Vars: npm_config_puppeteer_executable_path Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Environment variable access	npm/puppeteer-core@2.1.1	Env Vars: npm_package_config_puppeteer_executable_path Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Environment variable access	npm/puppeteer-core@2.1.1	Env Vars: PUPPETEER_CHROMIUM_REVISION Location: Package overview	orphan: npm/puppeteer-core@2.1.1
Dynamic require	npm/prettier@2.8.8	Location: Package overview	orphan: npm/prettier@2.8.8
High entropy strings	npm/prettier@2.8.8	Location: Package overview	orphan: npm/prettier@2.8.8
High entropy strings	npm/prettier@2.8.8	Location: Package overview	orphan: npm/prettier@2.8.8
Environment variable access	npm/prettier@2.8.8	Env Vars: Location: Package overview	orphan: npm/prettier@2.8.8
Debug access	npm/prettier@2.8.8	Module: module Location: Package overview	orphan: npm/prettier@2.8.8
Filesystem access	npm/prettier@2.8.8	Module: fs Location: Package overview	orphan: npm/prettier@2.8.8
Environment variable access	npm/prettier@2.8.8	Env Vars: TERM Location: Package overview	orphan: npm/prettier@2.8.8
Environment variable access	npm/util@0.12.5	Env Vars: NODE_DEBUG Location: Package overview	orphan: npm/util@0.12.5
Unmaintained	npm/doctrine@3.0.0	Last Publish: 11/10/2018, 2:38:01 AM	package-lock.json package.json
New author	npm/convert-source-map@2.0.0	New Author: phated Previous Author: thlorenz	package-lock.json package.json
Environment variable access	npm/execa@1.0.0	Env Vars: comspec Location: Package overview	orphan: npm/execa@1.0.0
Filesystem access	npm/write-file-atomic@4.0.2	Module: fs Location: Package overview	package-lock.json package.json
New author	npm/validate-npm-package-name@3.0.0	New Author: chrisdickinson Previous Author: zkat	orphan: npm/validate-npm-package-name@3.0.0
Environment variable access	npm/ws@8.13.0	Env Vars: WS_NO_UTF_8_VALIDATE Location: Package overview	orphan: npm/ws@8.13.0
Environment variable access	npm/ws@8.13.0	Env Vars: WS_NO_BUFFER_UTIL Location: Package overview	orphan: npm/ws@8.13.0
Network access	npm/ws@8.13.0	Module: net Location: Package overview	orphan: npm/ws@8.13.0
Network access	npm/ws@8.13.0	Module: tls Location: Package overview	orphan: npm/ws@8.13.0
Network access	npm/ws@8.13.0	Module: https Location: Package overview	orphan: npm/ws@8.13.0
Network access	npm/ws@8.13.0	Module: http Location: Package overview	orphan: npm/ws@8.13.0
Filesystem access	npm/@kwsites/file-exists@1.1.1	Module: fs Location: Package overview	orphan: npm/@kwsites/file-exists@1.1.1
Filesystem access	npm/yargs@17.7.2	Module: fs Location: Package overview	orphan: npm/yargs@17.7.2
Environment variable access	npm/yargs@17.7.2	Env Vars: t Location: Package overview	orphan: npm/yargs@17.7.2
Dynamic require	npm/yargs@17.7.2	Location: Package overview	orphan: npm/yargs@17.7.2
Environment variable access	npm/yargs@17.7.2	Env Vars: Location: Package overview	orphan: npm/yargs@17.7.2
Environment variable access	npm/yargs@17.7.2	Env Vars: YARGS_MIN_NODE_VERSION Location: Package overview	orphan: npm/yargs@17.7.2
Dynamic require	npm/yargs@17.7.2	Location: Package overview	orphan: npm/yargs@17.7.2
Environment variable access	npm/yargs@17.7.2	Env Vars: key Location: Package overview	orphan: npm/yargs@17.7.2
Filesystem access	npm/yargs@17.7.2	Module: fs Location: Package overview	orphan: npm/yargs@17.7.2
Minified code	npm/yargs@17.7.2	Confidence: 1.00 Location: Package overview	orphan: npm/yargs@17.7.2
Dynamic require	npm/yargs@17.7.2	Location: Package overview	orphan: npm/yargs@17.7.2
Filesystem access	npm/y18n@5.0.8	Module: fs Location: Package overview	orphan: npm/y18n@5.0.8
Environment variable access	npm/yargs-parser@21.1.1	Env Vars: Location: Package overview	orphan: npm/yargs-parser@21.1.1
Dynamic require	npm/yargs-parser@21.1.1	Location: Package overview	orphan: npm/yargs-parser@21.1.1
Environment variable access	npm/yargs-parser@21.1.1	Env Vars: YARGS_MIN_NODE_VERSION Location: Package overview	orphan: npm/yargs-parser@21.1.1
Filesystem access	npm/yargs-parser@21.1.1	Module: fs Location: Package overview	orphan: npm/yargs-parser@21.1.1
Filesystem access	npm/tmp@0.2.1	Module: fs Location: Package overview	orphan: npm/tmp@0.2.1
Filesystem access	npm/source-map@0.7.4	Module: fs Location: Package overview	package-lock.json package.json packages/scripts/package.json
New author	npm/source-map@0.7.4	New Author: eemeli Previous Author: loganfsmyth	package-lock.json package.json packages/scripts/package.json
Network access	npm/source-map@0.7.4	Module: globalThis["fetch"] Location: Package overview	package-lock.json package.json packages/scripts/package.json
Environment variable access	npm/watchpack@2.4.0	Env Vars: WATCHPACK_RECURSIVE_WATCHER_LOGGING Location: Package overview	orphan: npm/watchpack@2.4.0
Filesystem access	npm/watchpack@2.4.0	Module: fs Location: Package overview	orphan: npm/watchpack@2.4.0
Environment variable access	npm/watchpack@2.4.0	Env Vars: WATCHPACK_WATCHER_LIMIT Location: Package overview	orphan: npm/watchpack@2.4.0
Environment variable access	npm/watchpack@2.4.0	Env Vars: WATCHPACK_POLLING Location: Package overview	orphan: npm/watchpack@2.4.0
Shell access	npm/@aw-web-design/x-default-browser@1.4.126	Module: child_process Location: Package overview	orphan: npm/@aw-web-design/x-default-browser@1.4.126
Deprecated	npm/@babel/plugin-proposal-export-namespace-from@7.18.9	Reason: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-export-namespace-from instead.	package-lock.json package.json
Environment variable access