Skip to content

[Snyk] Upgrade jshint from 2.8.0 to 2.13.6#112

Open
snyk-sa-branch wants to merge 1 commit into
mainfrom
snyk-upgrade-4d7f149402e72b0f0188e802eb02d8fc
Open

[Snyk] Upgrade jshint from 2.8.0 to 2.13.6#112
snyk-sa-branch wants to merge 1 commit into
mainfrom
snyk-upgrade-4d7f149402e72b0f0188e802eb02d8fc

Conversation

@snyk-sa-branch

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to upgrade jshint from 2.8.0 to 2.13.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 26 versions ahead of your current version.

  • The recommended version was released 4 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PICOMATCH-15765511
40 No Known Exploit
high severity Improper Privilege Management
SNYK-JS-SHELLJS-2332187
40 Proof of Concept
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-WS-17344547
40 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574
40 Proof of Concept
high severity Prototype Pollution
SNYK-JS-Y18N-1021887
40 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AJV-15274295
40 Proof of Concept
high severity Infinite loop
SNYK-JS-BRACEEXPANSION-15789759
40 No Known Exploit
high severity Infinite loop
SNYK-JS-BRACEEXPANSION-15789759
40 No Known Exploit
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727
40 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230
40 Proof of Concept
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922
40 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085
40 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
40 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-PICOMATCH-15765513
40 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
40 Proof of Concept
medium severity Incorrect Control Flow Scoping
SNYK-JS-TOOTALLNATEONCE-15250612
40 Proof of Concept
medium severity Use of Uninitialized Resource
SNYK-JS-WS-16722635
40 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BABELHELPERS-9397697
40 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-DIFF-14917201
40 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973
40 Proof of Concept
low severity Insecure use of /tmp folder
npm:cli:20160615
40 No Known Exploit
low severity Directory Traversal
SNYK-JS-BABELCORE-17342497
40 No Known Exploit
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
40 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073
40 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073
40 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
40 Proof of Concept

Breaking Change Risk

Merge Risk: Medium

Notice: This assessment is enhanced by AI.

Release notes
Package name: jshint
  • 2.13.6 - 2022-11-11

    2.13.6 (2022-11-11)

    Bug Fixes

    • Allow initializing const bindings to undef (fedaf6f)
    • Correct error message (03b1a06)
  • 2.13.5 - 2022-07-08

    2.13.5 (2022-07-08)

    Bug Fixes

    • Tolerate late definition of async function (#3618) (5c256a2)
  • 2.13.4 - 2022-01-24

    2.13.4 (2022-01-24)

    Bug Fixes

  • 2.13.3 - 2022-01-05

    2.13.3 (2022-01-05)

    Bug Fixes

    • Recognize ES2020 globals (b1426f1)
  • 2.13.2 - 2021-12-27

    2.13.2 (2021-12-27)

    Bug Fixes

    • Add missing well-known globals (#3582) (cc1adf6)
    • add URL for node in src/vars.js (#3570) (ca06e6a)
    • change escape-sequence handler for double quotes (") (#3566) (75e48b7)
    • Limit "Too many Errors" (E043) to errors only (#3562) (4a681b9)
    • Tolerate keyword in object shorthand (057b1c6)
    • Tolerate unterminated nullish coalescing (ecae54a)
  • 2.13.1 - 2021-08-10

    2.13.1 (2021-08-10)

    Bug Fixes

    • Allow invoking result of optional chaining (71ec395)
    • Allow optional chaining call as satement (11dc0a6)
    • Tolerate dangling NewExpression (7c890aa)
  • 2.13.0 - 2021-05-30

    2.13.0 (2021-05-30)

    Bug Fixes

    • Allow comma expression in MemberExpression (f05c8d1)
    • Consider all exported bindings "used" (90228b7)
    • Correct interpretation of ImportSpecifier (72a8102)
    • Correct location for error (e831188)
    • Correct location reported for directive (ee6aa68)
    • Detect duplicate exported bindings (916c230)
    • Don't warn when Function() is used without 'new'. (#3531) (c13c5cc)
    • Don't warn when RegExp() is used without 'new'. (#3529) (c18a6e4)
    • Enforce restrictions on new operand (c2719eb)
    • Graduate BigInt support to esversion: 11 (553f816)
    • Improve declaration parsing (a9bdc93)
    • Report early reference with warning (2c1a5f8)
    • Support RegExp Unicode property escapes (e7fa785)

    Features

    • Add support for "export * as ns from" (c46f464)
    • Add support for import.meta (73d7e0d)
    • Add support for dynamic import (6bfcaed)
    • Add support for optional chaining (b125dbe)
    • Implement support for nullish coalescing (f50b14d)
  • 2.12.0 - 2020-08-03

    2.12.0 (2020-08-02)

    Features

  • 2.11.2 - 2020-07-30

    2.11.2 (2020-07-30)

    Bug Fixes

    • Allow "rest" operator in param dstrctrng (c45d1b2)
    • Disallow invalid numeric literals (b02a025)
    • Disallow leading zeros in BigInts (3b2c8cf)
    • Improve numeric literal warnings/errors (370e159)
    • Limit positions for class declarations (0f0acd8)
    • maxcomplexity doesn't take into account && (047d5af), closes #840
    • Update Lodash to latest 4.17.19 (#3494) (17d8f5a)
  • 2.11.1 - 2020-05-14
  • 2.11.0 - 2020-01-13
  • 2.11.0-rc1 - 2019-12-11
  • 2.10.3 - 2019-11-05
  • 2.10.2 - 2019-03-13
  • 2.10.1 - 2019-02-05
  • 2.10.0 - 2019-02-05
  • 2.9.7 - 2018-12-07
  • 2.9.6 - 2018-07-30
  • 2.9.5 - 2017-06-22
  • 2.9.4 - 2016-10-20
  • 2.9.3 - 2016-08-18
  • 2.9.2 - 2016-04-19
  • 2.9.1 - 2016-01-14
  • 2.9.1-rc3 - 2016-01-13
  • 2.9.1-rc2 - 2015-12-22
  • 2.9.1-rc1 - 2015-11-12
  • 2.8.0 - 2015-05-31
from jshint GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-sa-branch

Copy link
Copy Markdown
Author

Merge Risk: Medium

This upgrade spans multiple minor versions, introducing support for a wide range of modern JavaScript features (ES7 through ES11) and significant internal refactoring. While no APIs were explicitly removed, the new parsing capabilities can lead to new warnings and stricter validation, which may break builds that enforce a zero-warning policy.

Key Changes:

  • ES7-ES9 Support (v2.10.0): Added support for async functions and new parsing logic for classes.
  • ES2019/ES2020 Support (v2.11.0, v2.13.0): Introduced support for BigInt, optional chaining (?.), nullish coalescing (??), dynamic import(), and import.meta.
  • Behavioral Changes: The introduction of new parsing logic and numerous bug fixes between versions may alter how existing code is evaluated, potentially flagging new warnings. The release notes for v2.9.1 mention a focus on vetting "undesirable changes in behavior."

Recommendation:
After upgrading, run JSHint across your codebase to check for new warnings. You may need to update your .jshintrc configuration file or fix newly reported linting issues.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants