Bump eslint from 10.2.0 to 10.4.0

[dependabot]

Bumps eslint from 10.2.0 to 10.4.0.

Release notes

Sourced from eslint's releases.

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

Chores

• 6616856 chore: upgrade knip to v6 (#20875) (Pixel998)
• d13b084 ci: ensure auto-created PRs run CI (#20860) (lumir)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)
• 24db8cb test: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)
• 2ef0549 chore: update ecosystem plugins (#20857) (github-actions[bot])
• a429791 ci: remove eslint-webpack-plugin types integration test (#20668) (Milos Djermanovic)
• 9e37386 chore: replace recast with range approach in code-sample-minimizer (#20682) (Copilot)
• 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#20845) (Francesco Trotta)
• 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#20716) (Pixel998)
• 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#20800) (xbinaryx)
• f1dfbc9 chore: update ecosystem plugins (#20836) (github-actions[bot])
• c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])
• 5b817d6 test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)
• 1c13ae3 test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)

... (truncated)

Commits

• 452c401 10.4.0
• b6417e8 Build: changelog update for 10.4.0
• 6616856 chore: upgrade knip to v6 (#20875)
• d13b084 ci: ensure auto-created PRs run CI (#20860)
• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862)
• 544c0c3 fix: escape code path DOT labels in debug output (#20866)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865)
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863)
• 9084664 docs: Update README
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[fossabot]

Needs Review

I recommend reviewing this upgrade before merging because the project's ESLint configuration is fundamentally incompatible with ESLint v10. The project uses a legacy .eslintrc.cjs configuration file (lines 1–58), which ESLint v10 completely removed support for — the flat config format (eslint.config.js) is now mandatory. ESLint v10 silently ignores .eslintrc.* files, meaning linting is effectively non-functional for this project in its current state. The upgrade itself (a patch-level bump within the v10 line) brings multiple security fixes for transitive dependencies including minimatch, ajv, js-yaml, and @​eslint/plugin-kit, and the Node.js version (v24, per .node-version) does satisfy ESLint v10's runtime requirements. However, before this upgrade can be truly useful, the project must migrate its configuration from .eslintrc.cjs to eslint.config.js flat config format. This is a developer-tooling-only dependency with no runtime impact, but the broken linting setup should be remediated as part of this upgrade.

Tip: Comment @​fossabot fix to attempt automatic fixes.

Fix Suggestions

We identified 6 fixable issues in this upgrade.

• Create a new eslint.config.js (or eslint.config.mjs) flat config file to replace the legacy .eslintrc.cjs. The new file should: (1) import @​eslint/js and use js.configs.recommended instead of extends: 'eslint:recommended', (2) import the globals package and replace the env block (jest: true, mongo: true, es2021: true, node: true) with the equivalent globals entries, (3) replicate any custom rules, parserOptions, and overrides from the existing .eslintrc.cjs. Concrete steps: read .eslintrc.cjs to extract all config keys, then generate the flat config equivalent. Example flat config skeleton:

import js from '@​eslint/js';
import globals from 'globals';

export default [
  js.configs.recommended,
  {
    languageOptions: {
      ecmaVersion: 2021,
      sourceType: 'commonjs', // or 'module' depending on project
      globals: {
        ...globals.node,
        ...globals.jest,
        // Add mongo globals if needed
      },
    },
    rules: {
      // Copy custom rules from .eslintrc.cjs here
    },
  },
];

Alternatively, run npx @​eslint/migrate-config .eslintrc.cjs to auto-generate the flat config, then review the output.
Run: npx @​eslint/migrate-config .eslintrc.cjs
Files: .eslintrc.cjs

• Install the globals package as a devDependency, which is required by ESLint flat config to replace the legacy env key. Run: npm install --save-dev globals OR manually add "globals": "^16.0.0" (or latest) to the devDependencies in package.json and run npm install.
  Run: npm install --save-dev globals
  Files: package.json
• Install @​eslint/js as a devDependency, which provides js.configs.recommended (the flat config replacement for extends: 'eslint:recommended'). Run: npm install --save-dev @​eslint/js OR manually add "@​eslint/js": "^10.0.0" to devDependencies in package.json and run npm install. Note: check if ESLint v10 already bundles this — if npx @​eslint/migrate-config output imports it, it is needed.
  Run: npm install --save-dev @​eslint/js
  Files: package.json
• After creating eslint.config.js (or eslint.config.mjs), delete or rename the legacy .eslintrc.cjs file so it does not cause confusion. Run: git rm .eslintrc.cjs OR manually delete the file. ESLint v10 silently ignores it, but leaving it in the repo is misleading.
  Run: git rm .eslintrc.cjs
  Files: .eslintrc.cjs
• Search all JS files for /* eslint-env */ inline comments (e.g., /* eslint-env node */, /* eslint-env jest */) and remove them, as ESLint v10 no longer supports this directive. Run: grep -rn 'eslint-env' --include='*.js' --include='*.cjs' --include='*.mjs' . to find occurrences, then delete those comment lines.
  Run: grep -rn 'eslint-env' --include='*.js' --include='*.cjs' --include='*.mjs' .
• After migration, run ESLint to verify the new flat config works and identify any new lint errors from the three rules newly enabled in eslint:recommended in ESLint v10: no-unassigned-vars, no-useless-assignment, and preserve-caught-error. Run: npx eslint . and fix any reported violations.
  Run: npx eslint .

AI Assistant Prompt

Copy prompt for AI assistant

# ESLint v10 Migration: Flat Config Migration for callbaq (PR #143)

This project upgraded ESLint to v10, which **removed support for legacy `.eslintrc.*` config files**. The project currently uses `.eslintrc.cjs`, which ESLint v10 silently ignores — meaning linting is completely non-functional. We need to migrate to the flat config format (`eslint.config.js`).

The upgrade also brings 42 security fixes (minimatch, ajv, js-yaml, lodash, @​eslint/plugin-kit, plus a catastrophic backtracking regex fix). CI passes, but only because linting is silently skipped.

## Step-by-step fixes needed:

### 1. Install required new dependencies

Run:
```bash
npm install --save-dev @​eslint/js globals
```

- `@​eslint/js` provides `js.configs.recommended` (replaces `extends: 'eslint:recommended'`)
- `globals` provides environment globals (replaces the legacy `env` key)

### 2. Create `eslint.config.mjs` (flat config) to replace `.eslintrc.cjs`

Read the existing `.eslintrc.cjs` file (lines 1–58) and translate it into flat config format. The existing config uses:
- `extends: 'eslint:recommended'`
- `env`: jest, mongo, es2021, node
- `parserOptions`: ecmaVersion 2021
- Custom `rules`: tab indentation, Unix linebreaks, semicolons, arrow function conventions, unused variables config, console restrictions
- Possibly `overrides` for specific file patterns

Create `eslint.config.mjs` with this structure:

```js
import js from '@​eslint/js';
import globals from 'globals';

export default [
  js.configs.recommended,
  {
    languageOptions: {
      ecmaVersion: 2021,
      sourceType: 'commonjs', // adjust if project uses ES modules
      globals: {
        ...globals.node,
        ...globals.jest,
        // MongoDB globals — add manually if needed:
        // db: 'readonly', connect: 'readonly', etc.
        // Check what globals.mongo provides, or replicate from .eslintrc.cjs
      },
    },
    rules: {
      // Copy ALL custom rules from .eslintrc.cjs exactly as-is.
      // Common ones expected in this project:
      // 'indent': ['error', 'tab'],
      // 'linebreak-style': ['error', 'unix'],
      // 'semi': ['error', 'always'],
      // 'no-unused-vars': ['error', { ... }],
      // 'no-console': 'warn',
      // 'arrow-body-style': [...],
      // ... etc.
    },
  },
];
```

**Alternative automated approach:** Run `npx @​eslint/migrate-config .eslintrc.cjs` to auto-generate the flat config, then review the output for correctness.

**Important for overrides:** If `.eslintrc.cjs` has an `overrides` array, each override becomes a separate config object in the flat config array, using the `files` property (glob patterns) instead of the override's `files`/`excludedFiles`.

### 3. Delete the legacy `.eslintrc.cjs`

After the new flat config is created and verified:
```bash
git rm .eslintrc.cjs
```
ESLint v10 silently ignores this file, so leaving it is misleading.

### 4. Remove any `/* eslint-env */` inline comments

ESLint v10 removed support for `/* eslint-env */` directive comments. Search the codebase:
```bash
grep -rn 'eslint-env' --include='*.js' --include='*.cjs' --include='*.mjs' .
```
Delete any matching comment lines found.

### 5. Run ESLint and fix new violations

ESLint v10's `eslint:recommended` adds three new rules:
- `no-unassigned-vars`
- `no-useless-assignment`  
- `preserve-caught-error`

Run:
```bash
npx eslint .
```

Fix any new violations, or if a rule is too noisy, set it to `'warn'` or `'off'` in the new config's `rules` section.

### 6. Verify CI scripts still reference the right config

Check `package.json` scripts (e.g., `"lint"` script) and any CI workflow files (`.github/workflows/`) to ensure they don't pass `--config .eslintrc.cjs` or similar flags that reference the old config. ESLint v10 auto-discovers `eslint.config.mjs` from the project root.

## Summary of files to modify:
| File | Action |
|------|--------|
| `package.json` | Add `@​eslint/js` and `globals` to devDependencies |
| `eslint.config.mjs` | **Create new** — flat config equivalent of `.eslintrc.cjs` |
| `.eslintrc.cjs` | **Delete** after migration |
| Any files with `/* eslint-env */` comments | Remove those comments |
| Source files with new lint violations | Fix or configure the 3 new recommended rules |

## Key gotchas:
- The `globals` package may not have a `mongo` preset — you may need to manually list MongoDB shell globals (e.g., `db`, `connect`, `rs`, `sh`) as `'readonly'` in the globals object
- If the project uses `sourceType: 'commonjs'`, make sure the flat config reflects that (default in flat config is `'module'`)
- The flat config file itself should use ESM syntax (hence `.mjs` extension), even if the project is CommonJS

What we checked

• ESLint is declared as a devDependency with ^10.2.0, confirming it is a patch-level upgrade within v10 with no runtime impact on application code. ^[1]
• The project uses the legacy .eslintrc.cjs configuration format. ESLint v10 completely removed support for all .eslintrc.* files and requires migration to eslint.config.js flat config format. ESLint v10 silently ignores this file, meaning no lint rules are being enforced. ^[2]
• The config uses "extends": "eslint:recommended" — a legacy config API key that is not valid in flat config format and must be rewritten as import js from '@​eslint/js'; js.configs.recommended in eslint.config.js. ^[3]
• The env key (e.g., "jest": true, "mongo": true) is a legacy config concept. In flat config, environments are replaced by globals from the globals package. This block requires rewriting as part of the migration. ^[4]
• The project specifies Node.js 24, which satisfies ESLint v10's minimum Node.js requirement (v20.19+, v22.13+, or v24+). No Node.js compatibility issues exist. ^[5]
• Official ESLint v10 migration guide confirms the legacy .eslintrc configuration format is completely removed. Projects must migrate to eslint.config.js. The /* eslint-env */ inline comments are also unsupported, and three new rules are enabled in eslint:recommended: no-unassigned-vars, no-useless-assignment, and preserve-caught-error. ^[6]
• Community migration guide confirms that ESLint v10 silently ignores .eslintrc.json (and by extension .eslintrc.cjs), causing the linting setup to appear to work but enforce no rules. ^[7]
• If eslint-plugin-react is ever added, note that versions v7.37.5 and earlier are explicitly incompatible with ESLint v10 due to the removal of the getFilename() API from RuleContext. Not a current blocker for this project, but relevant to future plugin adoption. ^[8]

Dependency Usage

eslint is used exclusively as a developer tooling dependency, configured via a dedicated .eslintrc.cjs configuration file rather than imported directly in source code. It enforces a comprehensive set of code quality and style rules across the project — including tab indentation, Unix line endings, semicolons, arrow function conventions, and restrictions on unused variables and console usage — targeting ES2020 Node.js/browser environments with Jest and MongoDB globals. This dependency supports code consistency and maintainability for developers but has no runtime presence or impact on application functionality.

• The project uses the legacy .eslintrc.cjs configuration format. ESLint v10 completely removed support for all .eslintrc.* files and requires migration to eslint.config.js flat config format. ESLint v10 silently ignores this file, meaning no lint rules are being enforced.
  

  callbaq/.eslintrc.cjs

  Line 1 in b3c8893

  module.exports = {

• The config uses "extends": "eslint:recommended" — a legacy config API key that is not valid in flat config format and must be rewritten as import js from '@​eslint/js'; js.configs.recommended in eslint.config.js.
  

  callbaq/.eslintrc.cjs

  Line 10 in b3c8893

  "extends": "eslint:recommended",

View 2 more usages

• The env key (e.g., "jest": true, "mongo": true) is a legacy config concept. In flat config, environments are replaced by globals from the globals package. This block requires rewriting as part of the migration.
  

  callbaq/.eslintrc.cjs

  Line 2 in b3c8893

  "env": {

• The project specifies Node.js 24, which satisfies ESLint v10's minimum Node.js requirement (v20.19+, v22.13+, or v24+). No Node.js compatibility issues exist.
  

  callbaq/.node-version

  Line 1 in b3c8893

  24

Changes

eslint was updated with 42 security fixes, including patches to its minimatch, ajv, js-yaml, lodash, and @​eslint/plugin-kit dependencies to address known vulnerabilities, plus a fix removing a catastrophic backtracking regex vulnerability in the core linter. This update also carries 591 breaking changes accumulated across multiple major releases, including removal of numerous deprecated rules and context methods, flat config migration requirements, dropped support for legacy Node.js versions, eslint:recommended rule set changes, and strict package exports enforcement.

• 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 53e9522 fix: strict removed formatters check (#20241) (ntnyq) (v10.2.0-10.2.1, changelog)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer) (v10.2.0-10.2.1, changelog)

View 22184 more changes

• 234d005 fix: minimatch security vulnerability patch for v9.x (#20549) (Andrej Beles) (v10.2.0-10.2.1, changelog)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#20538) (루밀LuMir) (v10.2.0-10.2.1, changelog)
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir) (v10.2.0-10.2.1, changelog)
• a463e7b chore: update dependency js-yaml to v4 [security] (#20319) (renovate[bot]) (v10.2.0-10.2.1, changelog)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 50a8efd docs: report a sec vulnerability page (#16808) (Ben Perlmutter) (v10.2.0-10.2.1, changelog)
• 8167aa7 chore: bump version of minimatch due to security issue PRISMA-2022-0039 (#15774) (Jan Opravil) (v10.2.0-10.2.1, changelog)
• 9250d16 Upgrade: Bump lodash to fix security issue (#13993) (Frederik Prijck) (v10.2.0-10.2.1, changelog)
• 0f1f5ed Docs: Add security policy link to README (#13403) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• 3396c3e Upgrade: karma@^4.0.1, drops Node 6 support, fixes vulnerability (#11570) (Kevin Partington) (v10.2.0-10.2.1, changelog)
• afe3d25 Upgrade: Bump js-yaml dependency to fix Denial of Service vulnerability (#11550) (Vernon de Goede) (v10.2.0-10.2.1, changelog)
• d3f3994 Docs: add information about reporting security issues (#10889) (Teddy Katz) (v10.2.0-10.2.1, changelog)
• f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis) (v10.2.0-10.2.1, changelog)
• Upgrade: Handlebars to >= 4.0.5 for security reasons (fixes #4642) (Jacques Favreau) (v10.2.0-10.2.1, changelog)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#20549) (Andrej Beles) (v10.2.1-10.3.0, changelog)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#20538) (루밀LuMir) (v10.2.1-10.3.0, changelog)
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir) (v10.2.1-10.3.0, changelog)
• a463e7b chore: update dependency js-yaml to v4 [security] (#20319) (renovate[bot]) (v10.2.1-10.3.0, changelog)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic) (v10.2.1-10.3.0, changelog)
• 50a8efd docs: report a sec vulnerability page (#16808) (Ben Perlmutter) (v10.2.1-10.3.0, changelog)
• 8167aa7 chore: bump version of minimatch due to security issue PRISMA-2022-0039 (#15774) (Jan Opravil) (v10.2.1-10.3.0, changelog)
• 9250d16 Upgrade: Bump lodash to fix security issue (#13993) (Frederik Prijck) (v10.2.1-10.3.0, changelog)
• 0f1f5ed Docs: Add security policy link to README (#13403) (Nicholas C. Zakas) (v10.2.1-10.3.0, changelog)
• 3396c3e Upgrade: karma@^4.0.1, drops Node 6 support, fixes vulnerability (#11570) (Kevin Partington) (v10.2.1-10.3.0, changelog)
• afe3d25 Upgrade: Bump js-yaml dependency to fix Denial of Service vulnerability (#11550) (Vernon de Goede) (v10.2.1-10.3.0, changelog)
• d3f3994 Docs: add information about reporting security issues (#10889) (Teddy Katz) (v10.2.1-10.3.0, changelog)
• f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis) (v10.2.1-10.3.0, changelog)
• Upgrade: Handlebars to >= 4.0.5 for security reasons (fixes #4642) (Jacques Favreau) (v10.2.1-10.3.0, changelog)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#20549) (Andrej Beles) (v10.3.0-10.4.0, changelog)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#20538) (루밀LuMir) (v10.3.0-10.4.0, changelog)
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir) (v10.3.0-10.4.0, changelog)
• a463e7b chore: update dependency js-yaml to v4 [security] (#20319) (renovate[bot]) (v10.3.0-10.4.0, changelog)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic) (v10.3.0-10.4.0, changelog)
• 50a8efd docs: report a sec vulnerability page (#16808) (Ben Perlmutter) (v10.3.0-10.4.0, changelog)
• 8167aa7 chore: bump version of minimatch due to security issue PRISMA-2022-0039 (#15774) (Jan Opravil) (v10.3.0-10.4.0, changelog)
• 9250d16 Upgrade: Bump lodash to fix security issue (#13993) (Frederik Prijck) (v10.3.0-10.4.0, changelog)
• 0f1f5ed Docs: Add security policy link to README (#13403) (Nicholas C. Zakas) (v10.3.0-10.4.0, changelog)
• 3396c3e Upgrade: karma@^4.0.1, drops Node 6 support, fixes vulnerability (#11570) (Kevin Partington) (v10.3.0-10.4.0, changelog)
• afe3d25 Upgrade: Bump js-yaml dependency to fix Denial of Service vulnerability (#11550) (Vernon de Goede) (v10.3.0-10.4.0, changelog)
• d3f3994 Docs: add information about reporting security issues (#10889) (Teddy Katz) (v10.3.0-10.4.0, changelog)
• f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis) (v10.3.0-10.4.0, changelog)
• Upgrade: Handlebars to >= 4.0.5 for security reasons (fixes #4642) (Jacques Favreau) (v10.3.0-10.4.0, changelog)
• 5687ce7 fix: correct mismatched removed rules (#19734) (루밀LuMir) (v10.2.0-10.2.1, changelog)
• 959d360 build: Support updates to previous major versions (#18871) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 113f51e docs: Mention package.json config support dropped (#18305) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• 7c78576 docs: Add more removed context methods to migrate to v9 guide (#17951) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 3a877d6 docs: Update removed CLI flags migration (#17939) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• 74794f5 chore: removed unused eslintrc modules (#17938) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• fffca5c docs: remove "Open in Playground" buttons for removed rules (#17791) (Francesco Trotta) (v10.2.0-10.2.1, changelog)
• becfdd3 docs: Make clear when rules are removed (#17728) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• ce4f5ff docs: Replace removed related rules with a valid rule (#16800) (Ville Saalo) (v10.2.0-10.2.1, changelog)
• c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 7cf96cf Breaking: Disallow reserved words in ES3 (fixes #15017) (#15046) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 305e14a Breaking: remove meta.docs.category in core rules (fixes #13398) (#14594) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 24c9f2a Breaking: Strict package exports (refs #13654) (#14706) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• 86d31a4 Breaking: disallow SourceCode#getComments() in RuleTester (refs #14744) (#14769) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 1d2213d Breaking: Fixable disable directives (fixes #11815) (#14617) (Josh Goldberg) (v10.2.0-10.2.1, changelog)
• 4a7aab7 Breaking: require meta for fixable rules (fixes #13349) (#14634) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• d6a761f Breaking: Require meta.hasSuggestions for rules with suggestions (#14573) (Bryan Mishkin) (v10.2.0-10.2.1, changelog)
• 6bd747b Breaking: support new regex d flag (fixes #14640) (#14653) (Yosuke Ota) (v10.2.0-10.2.1, changelog)
• 8b4f3ab Breaking: fix comma-dangle schema (fixes #13739) (#14030) (Joakim Nilsson) (v10.2.0-10.2.1, changelog)
• b953a4e Breaking: upgrade espree and support new class features (refs #14343) (#14591) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 8cce06c Breaking: add some rules to eslint:recommended (refs #14673) (#14691) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 86bb63b Breaking: Drop codeframe and table formatters (#14316) (Federico Brigante) (v10.2.0-10.2.1, changelog)
• f3cb320 Breaking: drop node v10/v13/v15 (fixes #14023) (#14592) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 4c841b8 Breaking: allow all directives in line comments (fixes #14575) (#14656) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• c29bd9f Chore: Add breaking/core change link to issue templates (#13344) (Kai Cataldo) (v10.2.0-10.2.1, changelog)
• 4ef6158 Breaking: espree@​7.0.0 (#13270) (Kai Cataldo) (v10.2.0-10.2.1, changelog)
• 78c8cda Breaking: RuleTester Improvements (refs Update: RuleTester Improvements eslint/rfcs#25) (#12955) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 185982d Breaking: improve plugin resolving (refs New: Plugin Loading Improvement eslint/rfcs#47) (#12922) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 48b122f Breaking: change relative paths with --config (refs New: Changing Base Path of overrides and ignorePatterns eslint/rfcs#37) (#12887) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 0de91f3 Docs: removed correct code from incorrect eg (#13060) (Anix) (v10.2.0-10.2.1, changelog)
• 4af06fc Breaking: Test with an unknown error property should fail in RuleTester (#12096) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• afa9aac Breaking: class default true computed-property-spacing (fixes #12812) (#12915) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 7d52151 Breaking: classes default true in accessor-pairs (fixes #12811) (#12919) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 78182e4 Breaking: Add new rules to eslint:recommended (fixes #12911) (#12920) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 6423e11 Breaking: check unnamed default export in func-names (fixes #12194) (#12195) (Chiawen Chen) (v10.2.0-10.2.1, changelog)
• 4293229 Breaking: use-isnan enforceForSwitchCase default true (fixes #12810) (#12913) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• cf38d0d Breaking: change default ignore pattern (refs New: Update Default Ignore Patterns eslint/rfcs#51) (#12888) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• bfe1dc4 Breaking: no-dupe-class-members checks some computed keys (fixes #12808) (#12837) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 95e0586 Fix: id-blacklist false positives on renamed imports (#12831) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• c2217c0 Breaking: make radix rule stricter (#12608) (fisker Cheung) (v10.2.0-10.2.1, changelog)
• 1aa021d Breaking: lint overrides files (fixes #10828, refs New: Configuring Additional Lint Targets with .eslintrc eslint/rfcs#20) (#12677) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• b50179d Breaking: Check assignment targets in no-extra-parens (#12490) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• d86a5bb Breaking: Check flatMap in array-callback-return (fixes #12235) (#12765) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• cf46df7 Breaking: description in directive comments (refs New: Description in directive comments eslint/rfcs#33) (#12699) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 7350589 Breaking: some rules recognize bigint literals (fixes #11803) (#12701) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 1118fce Breaking: runtime-deprecation on '~/.eslintrc' (refs Update: Deprecating Personal Config eslint/rfcs#32) (#12678) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 2c28fbb Breaking: drop Node.js 8 support (refs New: Drop supports for Node.js 8.x and 11.x eslint/rfcs#44) (#12700) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 20908a3 Docs: removed '>' prefix from docs/working-with-rules (#11818) (Alok Takshak) (v10.2.0-10.2.1, changelog)
• 2d32a9e Breaking: stricter rule config validating (fixes #9505) (#11742) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 6ae21a4 Breaking: fix config loading (fixes #11510, fixes #11559, fixes #11586) (#11546) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• adc6585 Docs: update status of breaking changes in migration guide (#11652) (Teddy Katz) (v10.2.0-10.2.1, changelog)
• 0fc8e62 Breaking: eslint:recommended changes (fixes #10768) (#11518) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 20364cc Breaking: make no-redeclare stricter (fixes #11370, fixes #11405) (#11509) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 9e49b56 Breaking: upgrade espree to 6.0.0-alpha.0 (fixes #9687) (#11610) (Teddy Katz) (v10.2.0-10.2.1, changelog)
• ef7801e Breaking: disallow invalid rule defaults in RuleTester (fixes #11473) (#11599) (Teddy Katz) (v10.2.0-10.2.1, changelog)

View 22087 more changes in the full analysis

References (8)

[1]: ESLint is declared as a devDependency with ^10.2.0, confirming it is a patch-level upgrade within v10 with no runtime impact on application code.

callbaq/package.json

Line 32 in b3c8893

"eslint": "^10.2.0",

[2]: The project uses the legacy .eslintrc.cjs configuration format. ESLint v10 completely removed support for all .eslintrc.* files and requires migration to eslint.config.js flat config format. ESLint v10 silently ignores this file, meaning no lint rules are being enforced.

callbaq/.eslintrc.cjs

Line 1 in b3c8893

module.exports = {

[3]: The config uses "extends": "eslint:recommended" — a legacy config API key that is not valid in flat config format and must be rewritten as import js from '@​eslint/js'; js.configs.recommended in eslint.config.js.

callbaq/.eslintrc.cjs

Line 10 in b3c8893

"extends": "eslint:recommended",

[4]: The env key (e.g., "jest": true, "mongo": true) is a legacy config concept. In flat config, environments are replaced by globals from the globals package. This block requires rewriting as part of the migration.

callbaq/.eslintrc.cjs

Line 2 in b3c8893

"env": {

[5]: The project specifies Node.js 24, which satisfies ESLint v10's minimum Node.js requirement (v20.19+, v22.13+, or v24+). No Node.js compatibility issues exist.

callbaq/.node-version

Line 1 in b3c8893

24

[6]: Official ESLint v10 migration guide confirms the legacy .eslintrc configuration format is completely removed. Projects must migrate to eslint.config.js. The /* eslint-env */ inline comments are also unsupported, and three new rules are enabled in eslint:recommended: no-unassigned-vars, no-useless-assignment, and preserve-caught-error. (source link)

[7]: Community migration guide confirms that ESLint v10 silently ignores .eslintrc.json (and by extension .eslintrc.cjs), causing the linting setup to appear to work but enforce no rules. (source link)

[8]: If eslint-plugin-react is ever added, note that versions v7.37.5 and earlier are explicitly incompatible with ESLint v10 due to the removal of the getFilename() API from RuleContext. Not a current blocker for this project, but relevant to future plugin adoption. (source link)

---

fossabot analyzed this PR using dependency research. View this analysis on the web