🚨 [security] Update eslint-config-prettier 8.3.0 → 10.1.8 (major)

[depfu]

---

Welcome to Depfu 👋

This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.

After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.

Let us know if you have any questions. Thanks so much for giving Depfu a try!

---

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ eslint-config-prettier (8.3.0 → 10.1.8) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ignore (indirect, 5.1.8 → 5.3.2) · Repo · Changelog

Release Notes

5.3.0

5.3.0

• MINOR export Options interface (#105)

An upgrade is safe for all dependents

---

It allows typing external methods which expect Options as a param, by importing the Options interface.

import {Options} from 'ignore'

5.2.4

• PATCH fixes normal single asterisk and normal consecutive asterisks defined in gitignore spec (#57)
• PATCH invalid trailing backslash will not throw unexpectedly

An upgrade is recommended for all dependents

---

The following rules could be not properly parsed with previous ignore versions

**foo
*bar
qu*ux
abc\   # `ignore` would throw if no whitespace after `\`

5.2.0

• PATCH support readonly arrays of typescript. (#70)
• MINOR bring backward compatibility with relative paths. (#75)

An upgrade is recommended for all dependents.

---

ignore().ignores('../foo/bar.js') // will throw

And the code below will not throw, however it is not recommended

ignore({
  allowRelativePaths: true
}).ignores('../foo/bar.js')

Recommend:

ignore().ignores('foo/bar.js')

5.1.9

• PATCH fixes ignorecase when internal cache is hit. (#74)

An upgrade is recommended for all dependents.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 55 commits:

• 5.3.2: fixes #130, fixes consequent escaped backslashes
• Merge pull request #128 from kaelzhang/dependabot/npm_and_yarn/rimraf-6.0.1
• dependabot.yml: ignore eslint
• Bump rimraf from 5.0.9 to 6.0.1
• dependabot: ignore tap
• Merge pull request #110 from kaelzhang/dependabot/npm_and_yarn/tmp-0.2.3
• Bump tmp from 0.2.1 to 0.2.3
• 5.3.1: #108: remove BOM before processing .gitignore rules
• 5.3.0: #105
• Merge pull request #105 from DamianGlowala/patch-1
• Update index.d.ts
• test: rollback tap for the breaking change
• Merge pull request #103 from kaelzhang/dependabot/npm_and_yarn/tap-18.5.3
• Bump tap from 16.3.9 to 18.5.3
• test/typescript: add more tests for interface Ignore
• chore: upgrade dev deps
• #94: upgrade mkdirp -> 3.0.0
• Merge pull request #93 from kaelzhang/dependabot/npm_and_yarn/rimraf-5.0.0
• Bump rimraf from 4.4.1 to 5.0.0
• Merge pull request #92 from kaelzhang/dependabot/npm_and_yarn/typescript-5.0.2
• Bump typescript from 4.9.5 to 5.0.2
• test: update git actions: since ignore are node-version-agnostic, so only test on node LTS
• test: since ignore are node-version-agnostic, so only test on node LTS
• chore: upgrade dev dependencies, fixes #85, fixes #89, fixes #86
• Create dependabot.yml
• 5.2.4: README: update github action badge
• test/coverage: do not force test coverage on windows since it is quite hard to ignore different lines for linux and windows
• test/coverage: remove the buggy "istanbul ignore next" (nyc @15.1.0)
• test: another test cases related to #57
• dev: upgrade dev dependencies
• test: remove timeout setting for git-check-ignore
• 5.2.3: fixes #57: fixes normal single / consecutive asterisks
• #57: test: support test.only
• #81: fixes windows test cases
• #81: fixes windows test cases
• 5.2.2: fixes #81: invalid single trailing backslash should not throw
• 5.2.1: fixes typo in the example of "backslash hash", related to #83
• #76: add test case
• 5.2.0: #70, #75: ts: adds more test cases for typescript
• #75: README.md: improves explanation of options.allowRelativePaths
• #75: main, README.md, test, ts: new options.allowRelativePaths to bring backward compatibility
• #70: test: improve ts cases
• Merge pull request #70 from nicojs/patch-1
• 5.1.9: fixes ignorecase with internal caching, related to #74
• #74 (chore): avoid assignment chaining
• chore: define KEY_IGNORE first
• Merge pull request #74 from forking-repos/tap-cache-fixes
• Fix case-insensitivity of internal cache
• Fix weird tap testing failures
• fix(types): allow for readonly arrays
• Merge pull request #66 from sanjaymsh/ppc64le
• Travis-ci: added ppc64le support
• Update nodejs.yml
• Update FUNDING.yml
• Create FUNDING.yml

↗️ minimatch (indirect, 3.0.4 → 3.1.2) · Repo · Changelog

Security Advisories 🚨

🚨 minimatch ReDoS vulnerability

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Commits

See the full diff on Github. The new version differs by 17 commits:

• 3.1.2
• fix: trim pattern
• 3.1.1
• fix: treat nocase:true as always having magic
• 3.1.0
• Add 'allowWindowsEscape' option
• add publishConfig for v3 publishes
• 3.0.6
• [fix] revert all breaking syntax changes
• document, expose, and test 'partial:true' option
• ci: tests and makework
• full test coverage, adding tests, deleting dead code
• Credit @yetingli for the regexp improvement
• 3.0.5
• Improve redos protection, add many tests
• Use master branch for travis badge
• update travis

🆕 @​eslint-community/eslint-utils (added, 4.7.0)

🆕 @​eslint-community/regexpp (added, 4.12.1)

🆕 @​eslint/config-array (added, 0.21.0)

🆕 @​eslint/config-helpers (added, 0.3.0)

🆕 @​eslint/core (added, 0.15.1)

🆕 @​eslint/eslintrc (added, 3.3.1)

🆕 @​eslint/js (added, 9.31.0)

🆕 @​eslint/object-schema (added, 2.1.6)

🆕 @​eslint/plugin-kit (added, 0.3.3)

🆕 @​humanfs/core (added, 0.19.1)

🆕 @​humanfs/node (added, 0.16.6)

🆕 @​humanwhocodes/module-importer (added, 1.0.1)

🆕 @​humanwhocodes/retry (added, 0.4.3)

🆕 @​types/estree (added, 1.0.8)

🆕 @​types/json-schema (added, 7.0.15)

🆕 acorn (added, 8.15.0)

🆕 acorn-jsx (added, 5.3.2)

🆕 ajv (added, 6.12.6)

🆕 ansi-styles (added, 4.3.0)

🆕 argparse (added, 2.0.1)

🆕 callsites (added, 3.1.0)

🆕 chalk (added, 4.1.2)

🆕 color-convert (added, 2.0.1)

🆕 color-name (added, 1.1.4)

🆕 cross-spawn (added, 7.0.6)

🆕 debug (added, 4.4.1)

🆕 deep-is (added, 0.1.4)

🆕 escape-string-regexp (added, 4.0.0)

🆕 eslint (added, 9.31.0)

🆕 eslint-scope (added, 8.4.0)

🆕 espree (added, 10.4.0)

🆕 esquery (added, 1.6.0)

🆕 esrecurse (added, 4.3.0)

🆕 estraverse (added, 5.3.0)

🆕 esutils (added, 2.0.3)

🆕 fast-deep-equal (added, 3.1.3)

🆕 fast-json-stable-stringify (added, 2.1.0)

🆕 fast-levenshtein (added, 2.0.6)

🆕 file-entry-cache (added, 8.0.0)

🆕 find-up (added, 5.0.0)

🆕 flat-cache (added, 4.0.1)

🆕 flatted (added, 3.3.3)

🆕 glob-parent (added, 6.0.2)

🆕 globals (added, 14.0.0)

🆕 has-flag (added, 4.0.0)

🆕 import-fresh (added, 3.3.1)

🆕 imurmurhash (added, 0.1.4)

🆕 is-extglob (added, 2.1.1)

🆕 is-glob (added, 4.0.3)

🆕 isexe (added, 2.0.0)

🆕 js-yaml (added, 4.1.0)

🆕 json-buffer (added, 3.0.1)

🆕 json-schema-traverse (added, 0.4.1)

🆕 json-stable-stringify-without-jsonify (added, 1.0.1)

🆕 keyv (added, 4.5.4)

🆕 levn (added, 0.4.1)

🆕 locate-path (added, 6.0.0)

🆕 lodash.merge (added, 4.6.2)

🆕 ms (added, 2.1.3)

🆕 natural-compare (added, 1.4.0)

🆕 optionator (added, 0.9.4)

🆕 p-limit (added, 3.1.0)

🆕 p-locate (added, 5.0.0)

🆕 parent-module (added, 1.0.1)

🆕 path-exists (added, 4.0.0)

🆕 path-key (added, 3.1.1)

🆕 prelude-ls (added, 1.2.1)

🆕 punycode (added, 2.3.1)

🆕 resolve-from (added, 4.0.0)

🆕 shebang-command (added, 2.0.0)

🆕 shebang-regex (added, 3.0.0)

🆕 strip-json-comments (added, 3.1.1)

🆕 supports-color (added, 7.2.0)

🆕 type-check (added, 0.4.0)

🆕 uri-js (added, 4.4.1)

🆕 which (added, 2.0.2)

🆕 word-wrap (added, 1.2.5)

🆕 yocto-queue (added, 0.1.0)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)