🚨 [security] Update eslint-config-prettier 8.10.0 → 10.1.8 (major)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ eslint-config-prettier (8.10.0 → 10.1.8) · Repo · Changelog

Security Advisories 🚨

🚨 eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

🚨 eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

🚨 eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

Release Notes

10.1.8

republish latest version

Full Changelog: v10.1.5...v10.1.8

10.1.5

Patch Changes

• #332 60fef02 Thanks @JounQin! - chore: add funding field into package.json

Full Changelog: v10.1.4...v10.1.5

10.1.4

Patch Changes

• #328 94b4799 Thanks @silvenon! - fix(cli): do not crash on no rules configured

Full Changelog: v10.1.3...v10.1.4

10.1.3

Patch Changes

• #325 4e95a1d Thanks @pilikan! - fix: this package is commonjs, align its types correctly

New Contributors

• @pilikan made their first contribution in #325

Full Changelog: v10.1.2...v10.1.3

10.1.2

Patch Changes

• #321 a8768bf Thanks @Fdawgs! - chore(package): add homepage for some 3rd-party registry - see #321 for more details

10.1.1

Patch Changes

• #309 eb56a5e Thanks @JounQin! - fix: separate the /flat entry for compatibility

  For flat config users, the previous "eslint-config-prettier" entry still works, but "eslint-config-prettier/flat" adds a new name property for config-inspector, we just can't add it for the default entry for compatibility.

  See also #308

  // before
  import eslintConfigPrettier from "eslint-config-prettier";
  // after
  
  import eslintConfigPrettier from "eslint-config-prettier/flat";

10.1.0

Minor Changes

• #306 56e2e34 Thanks @JounQin! - feat: migrate to exports field

10.0.3

Patch Changes

• #294 8dbbd6d Thanks @FloEdelmann! - feat: add name to config

• #280 cba5737 Thanks @zanminkian! - feat: add declaration file

New Contributors

• @zanminkian made their first contribution in #280
• @FloEdelmann made their first contribution in #294

Full Changelog: v10.0.2...v10.0.3

10.0.2

Patch Changes

• #299 e750edc Thanks @Fdawgs! - chore(package): explicitly declare js module type

10.0.1

eslint-config-prettier

10.0.1

What's Changed

• chore: migrate to changeset for automatically releasing by @JounQin in #278
• add support for @stylistic/eslint-plugin by @abrahamguo in #272

New Contributors

• @JounQin made their first contribution in #278
• @abrahamguo made their first contribution in #272

Full Changelog: v9.1.0...v10.0.1

9.1.0 (from changelog)

• Added: unicorn/template-indent, (as a special rule). Thanks to Gürgün Dayıoğlu (@gurgunday)!
• Changed: All the formatting rules that were deprecated in ESLint 8.53.0 are now excluded if you set the ESLINT_CONFIG_PRETTIER_NO_DEPRECATED environment variable.

9.0.0 (from changelog)

• Added: The CLI helper tool now works with eslint.config.js (flat config). Just like ESLint itself, the CLI tool automatically first tries eslint.config.js and then eslintrc, and you can force which one to use by setting the ESLINT_USE_FLAT_CONFIG environment variable. Note that the config of eslint-config-prettier has always been compatible with eslint.config.js (flat config) – it was just the CLI tool that needed updating. On top of that, the docs have been updated to mention how to use both eslint.config.js (flat config) and eslintrc, and the tests now test both config systems.
• Changed: unicode-bom is no longer turned off. Prettier preserves the BOM if you have one, and does not add one if missing. It was wrong of eslint-config-prettier to disable that rule. If you get ESLint errors after upgrading, either add "unicode-bom": "off" to your config to disable it again, or run ESLint with --fix to fix all files according to the rule (add or remove BOM). Thanks to Nicolas Stepien (@nstepien)!

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 53 commits:

• fix: release a new latest version
• chore: release eslint-config-prettier (#333)
• chore: add `funding` field into `package.json` (#332)
• chore: release eslint-config-prettier (#329)
• chore(deps): update all dependencies (#330)
• fix(cli): do not crash on no rules configured (#328)
• chore: release eslint-config-prettier (#326)
• fix: this package is `commonjs`, align its types correctly (#325)
• chore: release eslint-config-prettier (#322)
• chore(package): add homepage url (#321)
• chore(deps): update yarn to v4.8.1 (#320)
• chore: ignore `eslint-find-rules` for ESLint 8 compatibility
• chore: housekeeping, upgrade all (dev) dependencies (#319)
• chore: add renovate preset
• chore: release eslint-config-prettier (#310)
• chore: use flat entry for flat config verification
• fix: separate the `/flat` entry for compatibility (#309)
• chore: release eslint-config-prettier (#307)
• feat: migrate to exports field (#306)
• chore: release eslint-config-prettier (#304)
• chore: add missing @stylistic/eslint-plugin-plus
• ci: testing, migrate to yarn v4 (#305)
• feat: add name to config (#294)
• feat: add declaration file (#280)
• docs: add more installation commands, with shell code blocks (#303)
• chore: release eslint-config-prettier (#301)
• chore(package): explicitly declare js module type (#299)
• ci: bump github actions (#300)
• chore: add FUNDING.yml
• fix: add main field
• chore: change release folders
• chore: release eslint-config-prettier (#296)
• feat: add support for `@stylistic/eslint-plugin` (#272)
• chore: migrate to changeset for automatically releasing (#278)
• Remove unused eslint-disable-next-line comment
• eslint-config-prettier v9.1.0
• Merge pull request #271 from prettier/deprecated
• Update tests to handle newly deprecated rules
• Move rules deprecated in ESLint 8.53.0 to the deprecated section
• Use specialRule constant
• Group deprecated and removed rules by version
• Roll back to ESLint 8.52.0 for now
• Update Prettier
• Update npm packages
• turn off `unicorn/template-indent` (#269)
• Merge pull request #270 from prettier/fix-ecma-version
• Make test case work in ES2018
• Remove unnecessary internal ESLint config options
• Only use @babel/parser for react and flow
• Bump @babel/traverse from 7.16.8 to 7.23.2 (#267)
• eslint-config-prettier v9.0.0
• Do not disable unicode-bom (#250)
• Flat config: CLI, tests, docs (#261)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)