fix: update ESLint scanning workflow to use project's ESLint 10#162
Merged
HollowMan6 merged 2 commits intoFeb 27, 2026
Merged
Conversation
Co-authored-by: HollowMan6 <43995067+HollowMan6@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Update eslint dependency from 9.39.2 to 10.0.1
fix: update ESLint scanning workflow to use project's ESLint 10
Feb 27, 2026
HollowMan6
merged commit 9558851
into
dependabot/npm_and_yarn/main/eslint-10.0.1
1 check passed
There was a problem hiding this comment.
Pull request overview
Updates the dedicated ESLint SARIF scanning workflow to rely on the repository’s declared ESLint version (ESLint 10) rather than hardcoding an older ESLint install that conflicts with the project’s dependency set.
Changes:
- Replace
npm install eslint@^8.0.0withnpm installso the workflow uses the project’spackage.json/lockfile ESLint version. - Install
@microsoft/eslint-formatter-sarif@2.1.7with--legacy-peer-depsto bypass its outdated peer dependency range while still generating SARIF output.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| npm install eslint@^8.0.0 | ||
| npm install @microsoft/eslint-formatter-sarif@2.1.7 | ||
| npm install | ||
| npm install --legacy-peer-deps @microsoft/eslint-formatter-sarif@2.1.7 |
There was a problem hiding this comment.
Installing @microsoft/eslint-formatter-sarif as a separate npm install step will typically update package-lock.json/package.json in the runner workspace and can make the job less reproducible. Consider either (a) committing the formatter as a devDependency and using a single lockfile-driven install, or (b) installing it with flags that avoid saving/updating the lockfile (e.g., --no-save / --no-package-lock) so the workflow doesn’t mutate the checked-out repo during CI.
Suggested change
| npm install --legacy-peer-deps @microsoft/eslint-formatter-sarif@2.1.7 | |
| npm install --no-save --no-package-lock --legacy-peer-deps @microsoft/eslint-formatter-sarif@2.1.7 |
HollowMan6
added a commit
that referenced
this pull request
Feb 27, 2026
* chore(deps): bump eslint from 9.39.2 to 10.0.1 Bumps [eslint](https://github.com/eslint/eslint) from 9.39.2 to 10.0.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.39.2...v10.0.1) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: ESLint 10 CI lint failures (#161) * Initial plan * fix: update Node.js to 20 in CI, add @eslint/js dep, fix no-useless-assignment error Co-authored-by: HollowMan6 <43995067+HollowMan6@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: HollowMan6 <43995067+HollowMan6@users.noreply.github.com> * fix: update ESLint scanning workflow to use project's ESLint 10 (#162) * Initial plan * fix: update ESLint scanning workflow to use project's ESLint 10 Co-authored-by: HollowMan6 <43995067+HollowMan6@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: HollowMan6 <43995067+HollowMan6@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: HollowMan6 <43995067+HollowMan6@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Is your PR related to an issue? Please describe.
No.
Describe what problem you have solved or what feature you have added.
The
ESLint / Run eslint scanningCI job was failing because.github/workflows/eslint.ymlhardcodednpm install eslint@^8.0.0, which npm rejects with a peer dependency conflict against the project'spackage.jsonspecifying"eslint": "^10.0.2".npm install eslint@^8.0.0withnpm installto consume ESLint 10 from the project's ownpackage.json--legacy-peer-depswhen installing@microsoft/eslint-formatter-sarif@2.1.7, since it declares a peer dependency oneslint@^7||^8but works functionally with ESLint 10Additional context
No other changes needed. The Node.js lint workflow was already passing after the earlier ESLint 10 fixes in #161.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.