Skip to content

Bump eslint-plugin-security from 3.0.1 to 4.0.1#64

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-plugin-security-4.0.1
Open

Bump eslint-plugin-security from 3.0.1 to 4.0.1#64
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/eslint-plugin-security-4.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps eslint-plugin-security from 3.0.1 to 4.0.1.

Release notes

Sourced from eslint-plugin-security's releases.

eslint-plugin-security: v4.0.1

4.0.1 (2026-06-12)

Bug Fixes

  • treat import.meta.dirname and import.meta.filename as static (#200) (74c97bb)

eslint-plugin-security: v4.0.0

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
  • switch the recommended config to flat (#118)

Features

  • add config recommended-legacy (#132) (13d3f2f)
  • Add meta object documentation for all rules (#79) (fb1d9ef)
  • detect-bidi-characters rule (#95) (4294d29)
  • detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
  • extend detect non literal fs filename (#92) (08ba476)
  • improve detect-child-process rule (#108) (64ae529)
  • non-literal-require: support template literals (#81) (208019b)
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
  • switch the recommended config to flat (#118) (e20a366)

Bug Fixes

  • Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
  • add name to recommended flat config (#161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
  • Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
  • generate provenance statement for release (#168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
  • release-please config (#189) (2443d10)
Changelog

Sourced from eslint-plugin-security's changelog.

4.0.1 (2026-06-12)

Bug Fixes

  • treat import.meta.dirname and import.meta.filename as static (#200) (74c97bb)

4.0.0 (2026-02-19)

⚠ BREAKING CHANGES

  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146)
  • switch the recommended config to flat (#118)

Features

  • add config recommended-legacy (#132) (13d3f2f)
  • Add meta object documentation for all rules (#79) (fb1d9ef)
  • detect-bidi-characters rule (#95) (4294d29)
  • detect-non-literal-fs-filename: change to track non-top-level require() as well (#105) (d3b1543)
  • extend detect non literal fs filename (#92) (08ba476)
  • improve detect-child-process rule (#108) (64ae529)
  • non-literal-require: support template literals (#81) (208019b)
  • requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#146) (df1b606)
  • switch the recommended config to flat (#118) (e20a366)

Bug Fixes

  • Add ESLint 10 compatibility for context.sourceCode API change (#186) (7f9ee77)
  • add name to recommended flat config (#161) (aa1c8c5)
  • Avoid crash when exec() is passed no arguments (7f97815), closes #82 #23
  • Avoid TypeError when exec stub is used with no arguments (#97) (9c18f16)
  • detect-child-process: false positive for destructuring with exec (#102) (657921a)
  • detect-child-process: false positives for destructuring spawn (#103) (fdfe37d)
  • Ensure empty eval() doesn't crash detect-eval-with-expression (#139) (8a7c7db)
  • Ensure everything works with ESLint v9 (#145) (ac50ab4)
  • false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#109) (56102b5)
  • generate provenance statement for release (#168) (eb3ee9c)
  • Incorrect method name in detect-buffer-noassert. (313c0c6), closes #63 #80
  • release-please config (#189) (2443d10)
Commits
  • cb8645c chore: release 4.0.1 🚀 (#204)
  • 74c97bb fix: treat import.meta.dirname and import.meta.filename as static (#200)
  • 0b45f82 chore(deps-dev): bump shell-quote from 1.7.4 to 1.8.4 (#202)
  • 954149a chore(deps-dev): bump handlebars from 4.7.7 to 4.7.9 (#198)
  • d5012b6 chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 (#197)
  • b53d8b4 chore(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#196)
  • 7876750 chore(deps): bump minimatch (#194)
  • 4b734af chore: release 4.0.0 🚀 (#192)
  • 2443d10 fix: release-please config (#189)
  • ee73862 chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#187)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-plugin-security since your current version.


@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-plugin-security-4.0.1 branch 2 times, most recently from c17876b to 1c566d0 Compare June 22, 2026 17:49
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-plugin-security-4.0.1 branch 2 times, most recently from 63d4e84 to 48065b7 Compare July 6, 2026 17:49
Bumps [eslint-plugin-security](https://github.com/eslint-community/eslint-plugin-security) from 3.0.1 to 4.0.1.
- [Release notes](https://github.com/eslint-community/eslint-plugin-security/releases)
- [Changelog](https://github.com/eslint-community/eslint-plugin-security/blob/main/CHANGELOG.md)
- [Commits](eslint-community/eslint-plugin-security@v3.0.1...eslint-plugin-security-v4.0.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-security
  dependency-version: 4.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/eslint-plugin-security-4.0.1 branch from 48065b7 to fada084 Compare July 13, 2026 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants