[Snyk] Security upgrade eslint from 9.39.4 to 10.0.0#73
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-17706650
|
This major upgrade to ESLint v10 introduces significant breaking changes, most notably the complete removal of the legacy Key Breaking Changes:
Recommendation: Source: ESLint v10.0.0 Release Notes, Migration Guide
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
| "@eslint/js": "catalog:devTools", | ||
| "@typescript/native-preview": "catalog:devTools", | ||
| "eslint": "catalog:devTools", | ||
| "eslint": "10.0.0", |
There was a problem hiding this comment.
WARNING: Hardcoding eslint to 10.0.0 breaks the workspace catalog convention
Every other package in this monorepo uses catalog:devTools, which currently resolves to ^9.39.2 in pnpm-workspace.yaml:25. After this change, the fastify package will run ESLint v10 while the shared @modelcontextprotocol/eslint-config and all other workspace packages still run v9. This breaks monorepo consistency and is especially risky with ESLint v10, which drops legacy config support, changes config lookup behavior, and makes eslint-env comments cause errors.
Reply with @kilocode-bot fix it to have Kilo Code address this issue.
Code Review SummaryStatus: 1 Issue Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Files Reviewed (1 file)
Fix these issues in Kilo Cloud Reviewed by step-3.7-flash-20260528 · Input: 111.8K · Output: 6.5K · Cached: 264.7K Review guidance: REVIEW.md from base branch |
Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.
Snyk changed the following file(s):
packages/middleware/fastify/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-BRACEEXPANSION-17706650
Breaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
This change is