Skip to content

[Snyk] Security upgrade eslint from 8.57.1 to 10.0.0#68

Open
snyk-io[bot] wants to merge 1 commit intomasterfrom
snyk-fix-a3df4217658e0b2182c9eb4a697a968f
Open

[Snyk] Security upgrade eslint from 8.57.1 to 10.0.0#68
snyk-io[bot] wants to merge 1 commit intomasterfrom
snyk-fix-a3df4217658e0b2182c9eb4a697a968f

Conversation

@snyk-io
Copy link

@snyk-io snyk-io bot commented Feb 13, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

  • payment-components/next-js/package.json
  • payment-components/next-js/pnpm-lock.yaml

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AJV-15274295		   685  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-io
fix: payment-components/next-js/package.json & payment-components/nex…
623b71b 
…t-js/pnpm-lock.yaml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-15274295
@snyk-io
Copy link
Author

snyk-io bot commented Feb 13, 2026

Merge Risk: High

This upgrade from ESLint v8 to v10 is a major transition with significant breaking changes, requiring a complete overhaul of your configuration.

Key Breaking Changes:

  • Mandatory Configuration Migration: The legacy configuration system using .eslintrc.* files is completely removed in v10.0.0. You must migrate your entire configuration to the new "flat config" format (eslint.config.js), which was introduced as the default in v9. This is a substantial change requiring a full rewrite of your ESLint setup.

  • Node.js Version Requirement: Support for older Node.js versions has been dropped. ESLint v10.0.0 requires Node.js v20.19.0 or newer. The upgrade to v9 had already required Node.js v18.18.0+.

  • Removed Rules and Formatters: The require-jsdoc and valid-jsdoc rules were removed in v9. Additionally, several formatters (including checkstyle, junit, compact) were removed, with only stylish, html, json, and json-with-meta remaining.

  • Configuration Discovery Change: v10 introduces a new configuration file lookup algorithm that searches for eslint.config.js starting from the directory of each linted file, which primarily affects monorepo setups.

Sources:

Recommendation: This is a high-effort upgrade that cannot be completed without significant manual intervention. Developers must rewrite the project's ESLint configuration from the legacy .eslintrc format to the new eslint.config.js flat config format before this upgrade can be merged.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@snyk-io
Copy link
Author

snyk-io bot commented Feb 13, 2026
edited
Loading

⚠️ Snyk checks are incomplete.

Status Scanner Critical High Medium Low Total (0)
⚠️ Open Source Security 0 0 0 0 See details
⚠️ Licenses 0 0 0 0 See details

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants