Skip to content

Bump eslint-plugin-security from 2.1.1 to 4.0.0#31

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-plugin-security-4.0.0
Open

Bump eslint-plugin-security from 2.1.1 to 4.0.0#31
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-plugin-security-4.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026
edited
Loading

Bumps eslint-plugin-security from 2.1.1 to 4.0.0.

Release notes

Sourced from eslint-plugin-security's releases.

eslint-plugin-security: v4.0.0

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
  • switch the recommended config to flat (#118)

Features

  • add config recommended-legacy (#132) (13d3f2f)
  • Add meta object documentation for all rules (#79) (fb1d9ef)
  • detect-bidi-characters rule (#95) (4294d29)
  • detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
  • extend detect non literal fs filename (#92) (08ba476)
  • improve detect-child-process rule (#108) (64ae529)
  • non-literal-require: support template literals (#81) (208019b)
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
  • switch the recommended config to flat (#118) (e20a366)

Bug Fixes

  • Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
  • add name to recommended flat config (#161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
  • Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
  • generate provenance statement for release (#168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
  • release-please config (#189) (2443d10)
Changelog

Sourced from eslint-plugin-security's changelog.

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
  • switch the recommended config to flat (#118)

Features

  • add config recommended-legacy (#132) (13d3f2f)
  • Add meta object documentation for all rules (#79) (fb1d9ef)
  • detect-bidi-characters rule (#95) (4294d29)
  • detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
  • extend detect non literal fs filename (#92) (08ba476)
  • improve detect-child-process rule (#108) (64ae529)
  • non-literal-require: support template literals (#81) (208019b)
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
  • switch the recommended config to flat (#118) (e20a366)

Bug Fixes

  • Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
  • add name to recommended flat config (#161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
  • Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
  • generate provenance statement for release (#168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
  • release-please config (#189) (2443d10)

3.0.1 (2024-06-14)

Bug Fixes

3.0.1 (2024-06-13)

Bug Fixes

... (truncated)

Commits
  • 4b734af chore: release 4.0.0 🚀 (#192)
  • 2443d10 fix: release-please config (#189)
  • ee73862 chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#187)
  • ca182d1 chore(deps): bump serialize-javascript and mocha (#184)
  • 7f9ee77 fix: Add ESLint 10 compatibility for context.sourceCode API change (#186)
  • 99032c3 ci: trusted publishing (#180)
  • 5e096f2 ci(ci): add node 24 to test matrix (#176)
  • e060aeb ci: migrate to manifest config (#173)
  • fc0af81 chore(.eslint-doc-generatorrc): add missing 'use strict' directive (#170)
  • f6a29ef chore(package): explicitly declare js module type (#171)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-plugin-security since your current version.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 17, 2026

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from cjcsecurity as a code owner April 17, 2026 21:58
@dependabot
Bump eslint-plugin-security from 2.1.1 to 4.0.0
a347705 
Bumps [eslint-plugin-security](https://github.com/eslint-community/eslint-plugin-security) from 2.1.1 to 4.0.0.
- [Release notes](https://github.com/eslint-community/eslint-plugin-security/releases)
- [Changelog](https://github.com/eslint-community/eslint-plugin-security/blob/main/CHANGELOG.md)
- [Commits](eslint-community/eslint-plugin-security@v2.1.1...eslint-plugin-security-v4.0.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-security
  dependency-version: 4.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-plugin-security-4.0.0 branch from 5502d3e to a347705 Compare May 5, 2026 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cjcsecurity cjcsecurity Awaiting requested review from cjcsecurity cjcsecurity is a code owner

Assignees

@cjcsecurity cjcsecurity

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cjcsecurity