Update dependency eslint-plugin-react to v7.37.5

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
eslint-plugin-react	7.30.0 → 7.37.5

---

Release Notes

jsx-eslint/eslint-plugin-react (eslint-plugin-react)

v7.37.5

Compare Source

Fixed

• [no-unknown-property]: allow shadow root attrs on <template> (#​3912 @​ljharb)
• [prop-types]: support ComponentPropsWithRef from a namespace import (#​3651 @​corydeppen)
• [jsx-no-constructed-context-values]: detect constructed context values in React 19 <Context> usage (#​3910 @​TildaDares)
• [no-unknown-property]: allow transform-origin on rect (#​3914 @​ljharb)

Changed

• [Docs] [button-has-type]: clean up phrasing (#​3909 @​hamirmahal)

v7.37.4

Compare Source

Fixed

• [no-unknown-property]: support onBeforeToggle, popoverTarget, popoverTargetAction attributes (#​3865 @​acusti)
• [types] fix types of flat configs (#​3874 @​ljharb)

v7.37.3

Compare Source

Fixed

• [no-danger]: avoid a crash on a nested component name (#​3833 @​ljharb)
• [Fix] types: correct generated type declaration (#​3840 @​ocavue)
• [no-unknown-property]: support precedence prop in react 19 (#​3829 @​acusti)
• [prop-types]: props missing in validation when using generic types from a namespace import (#​3859 @​rbondoc96)

Changed

• [Tests] [jsx-no-script-url]: Improve tests (#​3849 @​radu2147)
• [Docs] fix broken links: [default-props-match-prop-types], [jsx-boolean-value], [jsx-curly-brace-presence], [jsx-no-bind], [no-array-index-key], [no-is-mounted], [no-render-return-value], [require-default-props] (#​3841 @​bastiendmt)

v7.37.2

Compare Source

Fixed

• [destructuring-assignment]: fix false negative when using typeof props.a (#​3835 @​golopot)

Changed

• [Refactor] [destructuring-assignment]: use getParentStatelessComponent (#​3835 @​golopot)

v7.37.1

Compare Source

Fixed

• [meta] do not npmignore d.ts files (#​3836 @​ljharb)

Changed

• [readme] Fix shared settings link (#​3834 @​MgenGlder)

v7.37.0

Compare Source

Added

• add type generation (#​3830 @​voxpelli)
• [no-unescaped-entities]: add suggestions (#​3831 @​StyleShit)
• [forbid-component-props]: add allowedForPatterns/disallowedForPatterns options (#​3805 @​Efimenko)
• [no-unstable-nested-components]: add propNamePattern to support custom render prop naming conventions (#​3826 @​danreeves)

Changed

• [readme] flat config example for react 17+ (#​3824 @​GabenGar)

v7.36.1

Compare Source

Fixed

• [no-is-mounted]: fix logic in method name check (#​3821 @​Mathias-S)
• [jsx-no-literals]: Avoid crashing on valueless boolean props (#​3823 @​reosarevok)

v7.36.0

Compare Source

Added

• [no-string-refs]: allow this.refs in > 18.3.0 (#​3807 @​henryqdineen)
• [jsx-no-literals] Add elementOverrides option and the ability to ignore this rule on specific elements (#​3812 @​Pearce-Ropion)
• [forward-ref-uses-ref]: add rule for checking ref parameter is added ([#​3667][] @​NotWoods)

Fixed

• [function-component-definition], [boolean-prop-naming], [jsx-first-prop-new-line], [jsx-props-no-multi-spaces], propTypes: use type args (#​3629 @​HenryBrown0)
• JSX pragma: fail gracefully (#​3632 @​ljharb)
• [jsx-props-no-spreading]: add explicitSpread option to schema (#​3799 @​ljharb)

Changed

• [Tests] add @​typescript-eslint/parser v6 (#​3629 @​HenryBrown0)
• [Tests] add @​typescript-eslint/parser v7 and v8 (#​3629 @​hampustagerud)
• [Docs] [no-danger]: update broken link (#​3817 @​lucasrmendonca)
• [types] add jsdoc type annotations (#​3731 @​y-hsgw)
• [Tests] button-has-type: add test case with spread (#​3731 @​y-hsgw)

v7.35.2

Compare Source

Fixed

• [jsx-curly-brace-presence]: avoid autofixing attributes with double quotes to a double quoted attribute (#​3814 @​ljharb)

v7.35.1

Compare Source

Fixed

• [jsx-curly-brace-presence]: do not trigger on strings containing a quote character (#​3798 @​akulsr0)

v7.35.0

Compare Source

Added

• support eslint v9 (#​3759 @​mdjermanovic)
• export flat configs from plugin root and fix flat config crash (#​3694 @​bradzacher @​mdjermanovic)
• add [jsx-props-no-spread-multi] (#​3724 @​SimonSchick)
• [forbid-component-props]: add propNamePattern to allow / disallow prop name patterns (#​3774 @​akulsr0)
• [jsx-handler-names]: support ignoring component names (#​3772 @​akulsr0)
• version settings: Allow react defaultVersion to be configurable (#​3771 @​onlywei)
• [jsx-closing-tag-location]: add line-aligned option (#​3777 @​kimtaejin3)
• [no-danger]: add customComponentNames option (#​3748 @​akulsr0)

Fixed

• [no-invalid-html-attribute]: substitute placeholders in suggestion messages (#​3759 @​mdjermanovic)
• [sort-prop-types]: single line type ending without semicolon (#​3784 @​akulsr0)
• [require-default-props]: report when required props have default value (#​3785 @​akulsr0)

Changed

• [Refactor] variableUtil: Avoid creating a single flat variable scope for each lookup (#​3782 @​DanielRosenwasser)

v7.34.4

Compare Source

Fixed

• [prop-types]: fix className missing in prop validation false negative (#​3749 @​akulsr0)
• [sort-prop-types]: Check for undefined before accessing node.typeAnnotation.typeAnnotation (#​3779 @​tylerlaprade)

v7.34.3

Compare Source

Fixed

• [prop-types]: null-check rootNode before calling getScope (#​3762 @​crnhrv)
• [boolean-prop-naming]: avoid a crash with a spread prop (#​3733 @​ljharb)
• [jsx-boolean-value]: assumeUndefinedIsFalse with never must not allow explicit true value (#​3757 @​6uliver)
• [no-object-type-as-default-prop]: enable rule for components with many parameters (#​3768 @​JulienR1)
• [jsx-key]: incorrect behavior for checkKeyMustBeforeSpread with map callbacks (#​3769 @​akulsr0)

v7.34.2

Compare Source

Fixed

• [boolean-prop-naming]: avoid a crash with a non-TSTypeReference type (#​3718 @​developer-bandi)
• [jsx-no-leaked-render]: invalid report if left eside is boolean (#​3746 @​akulsr0)
• [jsx-closing-bracket-location]: message shows {{details}} when there are no details (#​3759 @​mdjermanovic)
• [no-invalid-html-attribute]: ensure error messages are correct (#​3759 @​mdjermanovic, @​ljharb)

Changed

• [Refactor] create various eslint utils to fix eslint deprecations (#​3759 @​mdjermanovic, @​ljharb)

v7.34.1

Compare Source

Fixed

• [jsx-no-leaked-render]: prevent wrongly adding parens (#​3700 @​developer-bandi)
• [boolean-prop-naming]: detect TS interfaces (#​3701 @​developer-bandi)
• [boolean-prop-naming]: literalType error fix (#​3704 @​developer-bandi)
• [boolean-prop-naming]: allow TSIntersectionType (#​3705 @​developer-bandi)
• [no-unknown-property]: support popover, popovertarget, popovertargetaction attributes (#​3707 @​ljharb)
• [no-unknown-property]: only match data-* attributes containing - (#​3713 @​silverwind)
• [checked-requires-onchange-or-readonly]: correct options that were behaving opposite (#​3715 @​jaesoekjjang)
• [boolean-prop-naming]: avoid a crash with a non-TSTypeReference type ([#​3718][] @​developer-bandi)

Changed

• [boolean-prop-naming]: improve error message (@​ljharb)

v7.34.0

Compare Source

Added

• [sort-prop-types]: give errors on TS types (#​3615 @​akulsr0)
• [no-invalid-html-attribute]: add support for apple-touch-startup-image rel attributes in link tags (#​3638 @​thomashockaday)
• [no-unknown-property]: add requireDataLowercase option (#​3645 @​HermanBilous)
• [no-unknown-property]: add displaystyle on <math> (#​3652 @​lounsbrough)
• [prefer-read-only-props], [prop-types], component detection: allow components to be async functions (#​3654 @​pnodet)
• [no-unknown-property]: support onResize on audio/video tags (#​3662 @​caesar1030)
• [jsx-wrap-multilines]: add never option to prohibit wrapping parens on multiline JSX (#​3668 @​reedws)
• [jsx-filename-extension]: add ignoreFilesWithoutCode option to allow empty files (#​3674 @​burtek)
• [jsx-boolean-value]: add assumeUndefinedIsFalse option (#​3675 @​developer-bandi)
• linkAttribute setting, [jsx-no-target-blank]: support multiple properties (#​3673 @​burtek)
• [jsx-no-script-url]: add includeFromSettings option to support linkAttributes setting (#​3673 @​burtek)
• [jsx-one-expression-per-line]: add non-jsx option to allow non-JSX children in one line (#​3677 @​burtek)
• add [checked-requires-onchange-or-readonly] rule (#​3680 @​jaesoekjjang)

Fixed

• [jsx-no-leaked-render]: preserve RHS parens for multiline jsx elements while fixing (#​3623 @​akulsr0)
• [jsx-key]: detect conditional returns (#​3630 @​yialo)
• [jsx-newline]: prevent a crash when allowMultilines (#​3633 @​ljharb)
• [no-unknown-property]: use a better regex to avoid a crash (#​3666 @​ljharb @​SCH227)
• [prop-types]: handle nested forwardRef + memo (#​3679 @​developer-bandi)
• [no-unknown-property]: add fetchPriority (#​3697 @​SevereCloud)
• [forbid-elements]: prevent a crash on createElement() (#​3632 @​ljharb)

Changed

• [jsx-boolean-value]: make error messages clearer (#​3691 @​developer-bandi)
• [Refactor] propTypes: extract type params to var (#​3634 @​HenryBrown0)
• [Refactor] [boolean-prop-naming]: invert if statement (#​3634 @​HenryBrown0)
• [Refactor] [function-component-definition]: exit early if no type params (#​3634 @​HenryBrown0)
• [Refactor] [jsx-props-no-multi-spaces]: extract type parameters to var (#​3634 @​HenryBrown0)
• [Docs] [jsx-key]: fix correct example (#​3656 @​developer-bandi)
• [Tests] jsx-wrap-multilines: passing tests (#​3545 @​burtek)
• [Docs] [iframe-missing-sandbox]: fix link to iframe attribute on mdn (#​3690 @​nnmrts)
• [Docs] [hook-use-state]: fix an undefined variable (#​3626 @​chentsulin)

v7.33.2

Compare Source

Fixed

• [no-deprecated]: prevent false positive on commonjs import (#​3614 @​akulsr0)
• [no-unsafe]: report on the method instead of the entire component (@​ljharb)
• [no-deprecated]: report on the destructured property instead of the entire variable declarator (@​ljharb)
• [no-deprecated]: report on the imported specifier instead of the entire import statement (@​ljharb)
• [no-invalid-html-attribute]: report more granularly (@​ljharb)

v7.33.1

Compare Source

Fixed

• [require-default-props]: fix config schema (#​3605 @​controversial)
• [jsx-curly-brace-presence]: Revert [#​3538][] due to issues with intended string type casting usage (#​3611 @​taozhou-glean)
• [sort-prop-types]: ensure sort-prop-types respects noSortAlphabetically (#​3610 @​caesar1030)

v7.33.0

Compare Source

Added

• [display-name]: add checkContextObjects option (#​3529 @​JulesBlm)
• [jsx-first-prop-new-line]: add multiprop option (#​3533 @​haydncomley)
• [no-deprecated]: add React 18 deprecations (#​3548 @​sergei-startsev)
• [forbid-component-props]: add disallowedFor option (#​3417 @​jacketwpbb)

Fixed

• [no-array-index-key]: consider flatMap (#​3530 @​k-yle)
• [jsx-curly-brace-presence]: handle single and only expression template literals (#​3538 @​taozhou-glean)
• [no-unknown-property]: allow onLoad on source (@​ljharb)
• [jsx-first-prop-new-line]: ensure autofix preserves generics in component name (#​3546 @​ljharb)
• [no-unknown-property]: allow fill prop on <symbol> (#​3555 @​stefanprobst)
• [display-name], [prop-types]: when checking for a capitalized name, ignore underscores entirely (#​3560 @​ljharb)
• [no-unused-state]: avoid crashing on a class field function with destructured state (#​3568 @​ljharb)
• [no-unused-prop-types]: allow using spread with object expression in jsx (#​3570 @​akulsr0)
• Revert "[destructuring-assignment]: Handle destructuring of useContext in SFC" (#​3583 [#​2797][] @​102)
• [prefer-read-only-props]: add TS support (#​3593 @​HenryBrown0)

Changed

• [Docs] [jsx-newline], [no-unsafe], [static-property-placement]: Fix code syntax highlighting (#​3563 @​nbsp1221)
• [readme] resore configuration URL (#​3582 @​gokaygurcan)
• [Docs] [jsx-no-bind]: reword performance rationale (#​3581 @​gpoole)

• [Docs] [jsx-first-prop-new-line]: add missing multiprop value (#​3598 @​dzek69)

v7.32.2

Compare Source

Fixed

• configs: restore parserOptions in legacy configs ([#​3523][] @​ljharb)
• [jsx-no-constructed-context-values], [jsx-no-useless-fragment]: add a rule schema (@​ljharb)
  ( [no-unknown-property]: add fill for <marker> (#​3525 @​alexey-koran)

v7.32.1

Compare Source

Fixed

• prevent circular dependency in index and "all" config (#​3519 @​ljharb)
• [destructuring-assignment]: do not force destructuring of optionally chained properties (#​3520 @​ljharb)

v7.32.0

Compare Source

Added

• support new config system (#​3429 @​jjangga0214)
• [hook-use-state]: add allowDestructuredState option (#​3449 @​ljharb)
• add [sort-default-props] and deprecate [jsx-sort-default-props] (#​1861 @​alexzherdev)
• add [no-object-type-as-default-prop] rule (#​2848 @​cyan33 @​fengkx)

Fixed

• configs: avoid legacy config system error (#​3461 @​ljharb)
• [sort-prop-types]: restore autofixing (#​3452, #​3471 @​ROSSROSALES)
• [no-unknown-property]: do not check fbs elements (#​3494 @​brianogilvie)
• [jsx-newline]: No newline between comments and jsx elements (#​3493 @​justmejulian)
• [jsx-no-leaked-render]: Don't report errors on empty strings if React >= v18 (#​3488 @​himanshu007-creator)
• [no-invalid-html-attribute]: convert autofix to suggestion (#​3474 @​himanshu007-creator @​ljharb)
• [jsx-no-leaked-render]: fix removing parentheses for conditionals (#​3502 @​akulsr0)
• [jsx-no-leaked-render]: invalid fixes in coerce mode (#​3511 @​akulsr0)
• [destructuring-assignment]: Handle destructuring of useContext in SFC (#​2797 @​Zinyon @​ljharb)

Changed

• [Docs] [jsx-no-leaked-render]: Remove mentions of empty strings for React 18 (#​3468 @​karlhorky)
• [Docs] update eslint-doc-generator to v1.0.0 (#​3499 @​bmish)
• [meta] add issue template (#​3483 @​ROSSROSALES)
• [Docs] Use emoji for jsx-runtime config and config file for eslint-doc-generator (#​3504 @​bmish)
• [Docs] [prefer-exact-props]: fix example flow syntax (#​3510 @​smackfu)
• [Perf] use anyOf instead of oneOf (@​ljharb @​remcohaszing)

v7.31.11

Compare Source

Fixed

• [jsx-no-target-blank]: allow ternaries with literals (#​3464 @​akulsr0)
• [no-unknown-property]: add inert attribute (#​3484 @​ljharb)
• [jsx-key]: detect keys in logical expression and conditional expression (#​3490 @​metreniuk)

Changed

• [Perf] component detection: improve performance by avoiding traversing parents unnecessarily (#​3459 @​golopot)
• [Docs] forbid-component-props: inclusive language w/ allowlist (#​3473 @​AndersDJohnson)
• [Docs] automate doc generation with eslint-doc-generator (#​3469 @​bmish)

v7.31.10

Compare Source

Fixed

• [no-unknown-property]: allow allowFullScreen on iframe (#​3455 @​almeidx)

v7.31.9

Compare Source

Fixed

• [no-unknown-property]: add dialog attributes (#​3436 @​ljharb)
• [no-arrow-function-lifecycle]: when converting from an arrow, remove the semi and wrapping parens (#​3337 @​ljharb)
• [jsx-key]: Ignore elements inside React.Children.toArray() (#​1591 @​silvenon)
• [jsx-no-constructed-context-values]: fix false positive for usage in non-components (#​3448 @​golopot)
• [static-property-placement]: warn on nonstatic expected-statics (#​2581 @​ljharb)
• [no-unknown-property]: properly tag-restrict case-insensitive attributes (@​ljharb)
• [no-unknown-property]: allow webkitDirectory on input, case-insensitive (#​3454 @​ljharb)

Changed

• [Docs] [no-unknown-property]: fix typo in link (#​3445 @​denkristoffer)
• [Perf] component detection: improve performance by optimizing getId (#​3451 @​golopot)
• [Docs] [no-unstable-nested-components]: Warn about memoized, nested components (#​3444 @​eps1lon)

v7.31.8

Compare Source

Fixed

• [no-unknown-property]: add viewBox on marker (#​3416 @​ljharb)
• [no-unknown-property]: add noModule on script (#​3414 @​ljharb)
• [no-unknown-property]: allow onLoad on <object> (#​3415 @​OleksiiKachan)
• [no-multi-comp]: do not detect a function property returning only null as a component (#​3412 @​ljharb)
• [no-unknown-property]: allow abbr on <th> and <td> (#​3419 @​OleksiiKachan)
• [no-unknown-property]: add viewBox for pattern, symbol, view (#​3424 @​MNBuyskih)
• [no-unknown-property]: add align on all the tags that support it (#​3425 @​ljharb)

Changed

• [meta] npmignore markdownlint config (#​3413 @​jorrit)

v7.31.7

Compare Source

Fixed

• [no-unknown-property]: avoid warning on fbt nodes entirely (#​3391 @​ljharb)
• [no-unknown-property]: add download property support for a and area (#​3394 @​HJain13)
• [no-unknown-property]: allow webkitAllowFullScreen and mozAllowFullScreen (#​3396 @​ljharb)
• [no-unknown-property]: controlsList, not controlList (#​3397 @​ljharb)
• [no-unknown-property]: add more capture event properties (#​3402 @​sjarva)
• [no-unknown-property]: Add more one word properties found in DefinitelyTyped's react/index.d.ts (#​3402 @​sjarva)
• [no-unknown-property]: Mark onLoad/onError as supported on iframes (#​3398 @​maiis, #​3406 @​akx)
• [no-unknown-property]: allow imageSrcSet and imageSizes attributes on <link> (#​3407 @​terrymun)
• [no-unknown-property]: add border; focusable on <svg> (#​3404 #​3404 @​ljharb)
• [no-unknown-property]: React lowercases data- attrs (#​3395 @​ljharb)
• [no-unknown-property]: add valign on table components (#​3389 @​ljharb)

v7.31.6

Compare Source

Fixed

• [no-unknown-property]: onError and onLoad both work on img and script (#​3388 @​ljharb)
• [no-unknown-property]: data-* attributes can have numbers (#​3390 @​sjarva)
• [no-unknown-property]: add more audio/video attributes (#​3390 @​sjarva)
• [no-unknown-property]: move allowfullscreen to case ignored attributes (#​3390 @​sjarva)
• [no-unknown-property]: fill works on line, mask, and use elements (#​3390 @​sjarva)
• [no-unknown-property]: add onMouseMoveCapture as valid react-specific attribute (#​3390 @​sjarva)
• [no-unknown-property]: make onLoad and onError be accepted on more elements (#​3390 @​sjarva)

Changed

• [Docs] [no-unknown-property]: add a mention about using ignores properties with libraries that add props (#​3390 @​sjarva)

v7.31.5

Compare Source

Fixed

• [no-unknown-property]: add properties onToggle, fill, as, and pointer events (#​3385 @​sjarva)
• [no-unknown-property]: add defaultChecked property (#​3385 @​sjarva)
• [no-unknown-property]: add touch and media event related properties (#​3385 @​sjarva)
• [no-unknown-property]: children is always an acceptable prop; iframes have scrolling; video has playsInline (#​3385 @​ljharb)

v7.31.4

Compare Source

Fixed

• [no-unknown-property]: support checked on inputs (#​3383 @​ljharb)

v7.31.3

Compare Source

Fixed

• [no-unknown-property]: add SVG and meta properties (#​3381 @​AhmadMayo)

v7.31.2

Compare Source

Fixed

• [jsx-key]: avoid a crash with optional chaining ([#​3371][] @​ljharb)
• [jsx-sort-props]: avoid a crash with spread props ([#​3376][] @​ljharb)
• [no-unknown-property]: properly recognize valid data- and aria- attributes ([#​3377][] [@​sjarva](

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: Exposure of Sensitive Information in npm eventsource CVE: GHSA-6h5x-7c5m-7cr7 Exposure of Sensitive Information in eventsource (CRITICAL) Affected versions: < 1.1.1; >= 2.0.0 < 2.0.2 Patched version: 1.1.1 From: web-client/package-lock.json → npm/eventsource@1.1.0 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eventsource@1.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Prototype pollution in webpack npm loader-utils CVE: GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils (CRITICAL) Affected versions: >= 2.0.0 < 2.0.3; < 1.4.1 Patched version: 1.4.1 From: web-client/package-lock.json → npm/babel-loader@8.2.5 → npm/html-webpack-plugin@4.5.2 → npm/loader-utils@1.4.0 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/loader-utils@1.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm damerau-levenshtein is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: web-client/package-lock.json → npm/eslint-plugin-jsx-a11y@6.5.1 → npm/damerau-levenshtein@1.0.7 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/damerau-levenshtein@1.0.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm es-abstract is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: auth/package-lock.json → npm/eslint-plugin-react@7.37.5 → npm/eslint-config-airbnb@18.2.1 → npm/eslint-plugin-import@2.26.0 → npm/eslint-config-airbnb-typescript@12.3.1 → npm/eslint-plugin-jsx-a11y@6.5.1 → npm/es-abstract@1.18.0-next.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.18.0-next.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm es-abstract is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: auth/package-lock.json → npm/eslint-plugin-react@7.37.5 → npm/eslint-config-airbnb@18.2.1 → npm/eslint-plugin-import@2.26.0 → npm/eslint-config-airbnb-typescript@12.3.1 → npm/eslint-plugin-jsx-a11y@6.5.1 → npm/es-abstract@1.18.0-next.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.18.0-next.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm eslint-plugin-jest is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: web-client/package-lock.json → npm/eslint-plugin-jest@24.7.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jest@24.7.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm eslint-plugin-react is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: web-client/package-lock.json → npm/eslint-plugin-react@7.37.5 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-react@7.37.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm is-bigint is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: auth/package-lock.json → npm/is-bigint@1.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/is-bigint@1.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm is-core-module is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: auth/package-lock.json → npm/@babel/core@7.18.0 → npm/@babel/preset-env@7.18.0 → npm/eslint-plugin-react@7.37.5 → npm/eslint-plugin-import@2.26.0 → npm/jest@26.6.3 → npm/@babel/plugin-transform-runtime@7.18.0 → npm/is-core-module@2.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/is-core-module@2.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm object.getownpropertydescriptors is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: web-client/package-lock.json → npm/object.getownpropertydescriptors@2.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/object.getownpropertydescriptors@2.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​babel/​preset-react@​7.17.12
	eslint-config-prettier@​6.15.0 ⏵ 7.2.0	+1		-28
	@​babel/​preset-typescript@​7.17.12
	@​types/​react-dom@​17.0.17
	@​babel/​plugin-transform-runtime@​7.18.0
	@​babel/​preset-env@​7.18.0
	@​types/​jest@​26.0.20 ⏵ 26.0.24			+1
	react@​17.0.2
	@​types/​react@​17.0.45
	@​babel/​runtime@​7.18.0
	@​babel/​core@​7.12.9 ⏵ 7.18.0			+1
	eslint-plugin-react@​7.37.5
	cypress@​6.9.1
	eslint-plugin-jsx-a11y@​6.5.1
	body-parser@​1.20.0 ⏵ 1.19.0	+1
	babel-loader@​8.2.5
	@​testing-library/​react@​11.2.7
	eslint-plugin-jest@​24.7.0
	html-webpack-plugin@​4.5.2
	react-dom@​17.0.2
	express@​4.18.1 ⏵ 4.17.1	+1
	eslint-plugin-react-hooks@​4.5.0

View full report