chore(deps): update dependency eslint-plugin-security to v4 #27

Merged

t.behrendt merged 1 commits from renovate/eslint-plugin-security-4.x into main 2026-03-15 22:19:30 +01:00

Conversation 1 Commits 1 Files Changed 2 +3 -3

renovate-bot commented 2026-02-27 18:47:14 +01:00

Collaborator

Copy Link

This PR contains the following updates:

Package	Change	Age	Confidence
eslint-plugin-security	3.0.1 → 4.0.0

---

Release Notes

eslint-community/eslint-plugin-security (eslint-plugin-security)

v4.0.0

Compare Source

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)
• switch the recommended config to flat (#​118)

Features

• add config recommended-legacy (#​132) (13d3f2f)
• Add meta object documentation for all rules (#​79) (fb1d9ef)
• detect-bidi-characters rule (#​95) (4294d29)
• detect-non-literal-fs-filename: change to track non-top-level require() as well (#​105) (d3b1543)
• extend detect non literal fs filename (#​92) (08ba476)
• improve detect-child-process rule (#​108) (64ae529)
• non-literal-require: support template literals (#​81) (208019b)
• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146) (df1b606)
• switch the recommended config to flat (#​118) (e20a366)

Bug Fixes

• Add ESLint 10 compatibility for context.sourceCode API change (#​186) (7f9ee77)
• add name to recommended flat config (#​161) (aa1c8c5)
• Avoid crash when exec() is passed no arguments (7f97815), closes #​82 #​23
• Avoid TypeError when exec stub is used with no arguments (#​97) (9c18f16)
• detect-child-process: false positive for destructuring with exec (#​102) (657921a)
• detect-child-process: false positives for destructuring spawn (#​103) (fdfe37d)
• Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)
• Ensure everything works with ESLint v9 (#​145) (ac50ab4)
• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#​109) (56102b5)
• generate provenance statement for release (#​168) (eb3ee9c)
• Incorrect method name in detect-buffer-noassert. (313c0c6), closes #​63 #​80
• release-please config (#​189) (2443d10)

3.0.1 (2024-06-14)

Bug Fixes

• add name to recommended flat config (#​161) (aa1c8c5)

3.0.1 (2024-06-13)

Bug Fixes

• add name to recommended flat config (#​161) (aa1c8c5)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [eslint-plugin-security](https://github.com/eslint-community/eslint-plugin-security) | [`3.0.1` → `4.0.0`](https://renovatebot.com/diffs/npm/eslint-plugin-security/3.0.1/4.0.0) |  |  | --- ### Release Notes <details> <summary>eslint-community/eslint-plugin-security (eslint-plugin-security)</summary> ### [`v4.0.0`](https://github.com/eslint-community/eslint-plugin-security/blob/HEAD/CHANGELOG.md#400-2026-02-19) [Compare Source](https://github.com/eslint-community/eslint-plugin-security/compare/v3.0.1...eslint-plugin-security-v4.0.0) ##### ⚠ BREAKING CHANGES - requires node ^18.18.0 || ^20.9.0 || >=21.1.0 ([#&#8203;146](https://github.com/eslint-community/eslint-plugin-security/issues/146)) - switch the recommended config to flat ([#&#8203;118](https://github.com/eslint-community/eslint-plugin-security/issues/118)) ##### Features - add config recommended-legacy ([#&#8203;132](https://github.com/eslint-community/eslint-plugin-security/issues/132)) ([13d3f2f](https://github.com/eslint-community/eslint-plugin-security/commit/13d3f2fc6ba327c894959db30462f3fda0272f0c)) - Add meta object documentation for all rules ([#&#8203;79](https://github.com/eslint-community/eslint-plugin-security/issues/79)) ([fb1d9ef](https://github.com/eslint-community/eslint-plugin-security/commit/fb1d9ef56e0cf2705b9e413b483261df394c45e1)) - detect-bidi-characters rule ([#&#8203;95](https://github.com/eslint-community/eslint-plugin-security/issues/95)) ([4294d29](https://github.com/eslint-community/eslint-plugin-security/commit/4294d29cca8af5c627de759919add6dd698644ba)) - **detect-non-literal-fs-filename:** change to track non-top-level `require()` as well ([#&#8203;105](https://github.com/eslint-community/eslint-plugin-security/issues/105)) ([d3b1543](https://github.com/eslint-community/eslint-plugin-security/commit/d3b15435b45b9ac2ee5f0d3249f590e32369d7d2)) - extend detect non literal fs filename ([#&#8203;92](https://github.com/eslint-community/eslint-plugin-security/issues/92)) ([08ba476](https://github.com/eslint-community/eslint-plugin-security/commit/08ba4764a83761f6f44cb28940923f1d25f88581)) - improve detect-child-process rule ([#&#8203;108](https://github.com/eslint-community/eslint-plugin-security/issues/108)) ([64ae529](https://github.com/eslint-community/eslint-plugin-security/commit/64ae52944a86f9d9daee769acd63ebbdfc5b6631)) - **non-literal-require:** support template literals ([#&#8203;81](https://github.com/eslint-community/eslint-plugin-security/issues/81)) ([208019b](https://github.com/eslint-community/eslint-plugin-security/commit/208019bad4f70a142ab1f0ea7238c37cb70d1a5a)) - requires node ^18.18.0 || ^20.9.0 || >=21.1.0 ([#&#8203;146](https://github.com/eslint-community/eslint-plugin-security/issues/146)) ([df1b606](https://github.com/eslint-community/eslint-plugin-security/commit/df1b6063c1224e1163dfdc37c96b64bb52d816bb)) - switch the recommended config to flat ([#&#8203;118](https://github.com/eslint-community/eslint-plugin-security/issues/118)) ([e20a366](https://github.com/eslint-community/eslint-plugin-security/commit/e20a3664c2f638466286ae9a97515722fc98f97c)) ##### Bug Fixes - Add ESLint 10 compatibility for context.sourceCode API change ([#&#8203;186](https://github.com/eslint-community/eslint-plugin-security/issues/186)) ([7f9ee77](https://github.com/eslint-community/eslint-plugin-security/commit/7f9ee77677744f7029c545d714d57f0966b3387e)) - add name to recommended flat config ([#&#8203;161](https://github.com/eslint-community/eslint-plugin-security/issues/161)) ([aa1c8c5](https://github.com/eslint-community/eslint-plugin-security/commit/aa1c8c57a2df4ce64a202808c5642a41b47d4519)) - Avoid crash when exec() is passed no arguments ([7f97815](https://github.com/eslint-community/eslint-plugin-security/commit/7f97815accf6bcd87de73c32a967946b1b3b0530)), closes [#&#8203;82](https://github.com/eslint-community/eslint-plugin-security/issues/82) [#&#8203;23](https://github.com/eslint-community/eslint-plugin-security/issues/23) - Avoid TypeError when exec stub is used with no arguments ([#&#8203;97](https://github.com/eslint-community/eslint-plugin-security/issues/97)) ([9c18f16](https://github.com/eslint-community/eslint-plugin-security/commit/9c18f16187719b58cc5dfde9860344bad823db28)) - **detect-child-process:** false positive for destructuring with `exec` ([#&#8203;102](https://github.com/eslint-community/eslint-plugin-security/issues/102)) ([657921a](https://github.com/eslint-community/eslint-plugin-security/commit/657921a93f6f73c0de6113e497b22e7cf079f520)) - **detect-child-process:** false positives for destructuring `spawn` ([#&#8203;103](https://github.com/eslint-community/eslint-plugin-security/issues/103)) ([fdfe37d](https://github.com/eslint-community/eslint-plugin-security/commit/fdfe37d667367e5fd228c26573a1791c81a044d2)) - Ensure empty eval() doesn't crash detect-eval-with-expression ([#&#8203;139](https://github.com/eslint-community/eslint-plugin-security/issues/139)) ([8a7c7db](https://github.com/eslint-community/eslint-plugin-security/commit/8a7c7db1e2b49e2831d510b8dc1db235dee0edf0)) - Ensure everything works with ESLint v9 ([#&#8203;145](https://github.com/eslint-community/eslint-plugin-security/issues/145)) ([ac50ab4](https://github.com/eslint-community/eslint-plugin-security/commit/ac50ab481ed63d7262513186136ca1429d3b8290)) - false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require ([#&#8203;109](https://github.com/eslint-community/eslint-plugin-security/issues/109)) ([56102b5](https://github.com/eslint-community/eslint-plugin-security/commit/56102b50aed4bd632dd668770eb37de58788110b)) - generate provenance statement for release ([#&#8203;168](https://github.com/eslint-community/eslint-plugin-security/issues/168)) ([eb3ee9c](https://github.com/eslint-community/eslint-plugin-security/commit/eb3ee9c38cfd51e13c7a4061f5794db7347c90e5)) - Incorrect method name in detect-buffer-noassert. ([313c0c6](https://github.com/eslint-community/eslint-plugin-security/commit/313c0c693f48aa85d0c9b65a46f6c620cd10f907)), closes [#&#8203;63](https://github.com/eslint-community/eslint-plugin-security/issues/63) [#&#8203;80](https://github.com/eslint-community/eslint-plugin-security/issues/80) - release-please config ([#&#8203;189](https://github.com/eslint-community/eslint-plugin-security/issues/189)) ([2443d10](https://github.com/eslint-community/eslint-plugin-security/commit/2443d10c428724757fac230384ff0692bbd50485)) ##### [3.0.1](https://www.github.com/eslint-community/eslint-plugin-security/compare/v3.0.0...v3.0.1) (2024-06-14) ##### Bug Fixes - add name to recommended flat config ([#&#8203;161](https://www.github.com/eslint-community/eslint-plugin-security/issues/161)) ([aa1c8c5](https://www.github.com/eslint-community/eslint-plugin-security/commit/aa1c8c57a2df4ce64a202808c5642a41b47d4519)) ##### [3.0.1](https://www.github.com/eslint-community/eslint-plugin-security/compare/v3.0.0...v3.0.1) (2024-06-13) ##### Bug Fixes - add name to recommended flat config ([#&#8203;161](https://www.github.com/eslint-community/eslint-plugin-security/issues/161)) ([aa1c8c5](https://www.github.com/eslint-community/eslint-plugin-security/commit/aa1c8c57a2df4ce64a202808c5642a41b47d4519)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

renovate-bot added 1 commit 2026-02-27 18:47:14 +01:00

chore(deps): update dependency eslint-plugin-security to v4 b741df66d0

t.behrendt approved these changes 2026-03-15 22:19:28 +01:00

t.behrendt merged commit 091cee0d43 into main 2026-03-15 22:19:30 +01:00

t.behrendt deleted branch renovate/eslint-plugin-security-4.x 2026-03-15 22:19:30 +01:00

t.behrendt referenced this issue from a commit 2026-03-15 22:19:30 +01:00

chore(deps): update dependency eslint-plugin-security to v4 (#27)

Sign in to join this conversation.

Reviewers

No Reviewers

t.behrendt

Labels

No items

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

renovate-bot t.behrendt

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: t.behrendt/outline-mcp#27