Skip to content

[Snyk] Security upgrade eslint from 9.39.1 to 10.0.0#276

Open
rvu-snyk wants to merge 1 commit intomasterfrom
snyk-fix-19f229225df583953892cceffeedb603
Open

[Snyk] Security upgrade eslint from 9.39.1 to 10.0.0#276
rvu-snyk wants to merge 1 commit intomasterfrom
snyk-fix-19f229225df583953892cceffeedb603

Conversation

@rvu-snyk
Copy link

@rvu-snyk rvu-snyk commented Feb 13, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • packages/koa-access/package.json
  • packages/koa-access/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AJV-15274295		   803  

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: packages/koa-access/package.json & packages/koa-access/package-l…
5e20594 
…ock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-15274295
@rvu-snyk
Copy link
Author

rvu-snyk commented Feb 13, 2026

Merge Risk: High

This is a major version upgrade to ESLint v10, which introduces significant and mandatory breaking changes. Action is required to upgrade.

Key Breaking Changes:

  • Complete Removal of eslintrc: Support for the traditional .eslintrc.* configuration file format has been completely removed. All users must migrate to the eslint.config.js (flat config) format. .eslintignore files are also no longer supported and patterns must be moved into the flat config file.

  • Node.js Version Requirement: Support for Node.js versions older than v20.19.0 has been dropped. You must be on Node.js v20.19.0+, v22.13.0+, or v24+ to use ESLint v10.

  • New Config File Lookup: A new configuration file lookup algorithm is now the default, which searches for eslint.config.js starting from the directory of each linted file. This is particularly useful for monorepos but may change behavior for some projects.

  • JSX Reference Tracking: ESLint now properly tracks JSX element references, which may lead to new linting errors for unused imports or undefined components in JSX files.

Recommendation:
This upgrade requires a mandatory migration of your ESLint configuration from the legacy .eslintrc format to the modern eslint.config.js (flat config) format. You must also ensure your environment is running a supported version of Node.js.

Source: ESLint v10 Migration Guide

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rvu-snyk @snyk-bot