[Snyk] Upgrade eslint from 5.1.0 to 5.16.0

[snyk-bot]

Snyk has created this PR to upgrade eslint from 5.1.0 to 5.16.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 22 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2019-03-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-174183	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-173692	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution SNYK-JS-ESLINTUTILS-460220	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Timing Attack SNYK-JS-ELLIPTIC-511941	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MERGE-72553	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: eslint

• 5.16.0 - 2019-03-30
  
  • dfef227 Build: gensite passes rulesMeta to formatter rendering (#11567) (Kevin Partington)
  • c06d38c Fix: Allow HTML formatter to handle no meta data (#11566) (Ilya Volodin)
  • 87a5c03 Docs: func-style: clarify when allowArrowFunctions is used (#11548) (Oliver Joseph Ash)
  • bc3e427 Update: pass rule meta to formatters RFC 10 (#11551) (Chris Meyer)
  • b452f27 Chore: Update README to pull in reviewer data (#11506) (Nicholas C. Zakas)
  • afe3d25 Upgrade: Bump js-yaml dependency to fix Denial of Service vulnerability (#11550) (Vernon de Goede)
  • 4fe7eb7 Chore: use nyc instead of istanbul (#11532) (Toru Nagashima)
  • f16af43 Chore: fix formatters/table test (#11534) (Toru Nagashima)
  • 78358a8 Docs: fix duplicate punctuation in CLI docs (#11528) (Teddy Katz)
• 5.15.3 - 2019-03-18
  
  • 71adc66 Fix: avoid moving comments in implicit-arrow-linebreak (fixes #11521) (#11522) (Teddy Katz)
  • 1f715a2 Chore: make test-case-property-ordering reasonable (#11511) (Toru Nagashima)
• 5.15.2 - 2019-03-15
  
  • 29dbca7 Fix: implicit-arrow-linebreak adds extra characters (fixes #11268) (#11407) (Mark de Dios)
  • 5d2083f Upgrade: [email protected] (#11513) (Teddy Katz)
  • a5dae7c Fix: Empty glob pattern incorrectly expands to "/**" (#11476) (Ben Chauvette)
  • 448e8da Chore: improve crash reporting (fixes #11304) (#11463) (Alex Zherdev)
  • 0f56dc6 Chore: make config validator params more consistent (#11435) (薛定谔的猫)
  • d6c1122 Docs: Add working groups to maintainer guide (#11400) (Nicholas C. Zakas)
  • 5fdb4d3 Build: compile deps to ES5 when generating browser file (fixes #11504) (#11505) (Teddy Katz)
  • 06fa165 Build: update CI testing configuration (#11500) (Reece Dunham)
  • 956e883 Docs: Fix example in no-restricted-modules docs (#11454) (Paul O’Shannessy)
  • 2c7431d Docs: fix json schema example dead link (#11498) (kazuya kawaguchi)
  • e7266c2 Docs: Fix invalid JSON in "Specifying Parser Options" (#11492) (Mihira Jayasekera)
  • 6693161 Sponsors: Sync README with website (ESLint Jenkins)
  • 62fee4a Chore: eslint-config-eslint enable comma-dangle functions: "never" (#11434) (薛定谔的猫)
  • 34a5382 Build: copy bundled espree to website directory (#11478) (Pig Fang)
  • f078f9a Chore: use "file:" dependencies for internal rules/config (#11465) (Teddy Katz)
  • 0756128 Docs: Add visualstudio to formatter list (#11480) (Patrick Eriksson)
  • 44de9d7 Docs: Fix typo in func-name-matching rule docs (#11484) (Iulian Onofrei)
• 5.15.1 - 2019-03-05
  
  • fe1a892 Build: bundle espree (fixes eslint/website#546) (#11467) (薛定谔的猫)
  • 458053b Fix: avoid creating invalid regex in no-warning-comments (fixes #11471) (#11472) (Teddy Katz)
• 5.15.0 - 2019-03-02
  Read more
• 5.14.1 - 2019-02-18
  
  • 1d6e639 Fix: sort-keys throws Error at SpreadElement (fixes #11402) (#11403) (Krist Wongsuphasawat)
• 5.14.0 - 2019-02-15
  Read more
• 5.13.0 - 2019-02-01
  Read more
• 5.12.1 - 2019-01-18
  Read more
• 5.12.0 - 2019-01-04
  
  • 0d91e7d Update: Add sort-imports ignoreDeclarationSort (fixes #11019) (#11040) (Remco Haszing)
  • f92d6f0 Build: Add karma-chrome-launcher support (#11027) (薛定谔的猫)
  • 166853d Upgrade: [email protected] (#11220) (薛定谔的猫)
  • bfff77a Fix: no-param-reassign parameter in ternary operator (fixes #11236) (#11239) (周昊宇)
  • 258b654 Upgrade: require-uncached renamed to import-fresh (#11066) (薛定谔的猫)
• 5.11.1 - 2018-12-27
• 5.11.0 - 2018-12-23
• 5.10.0 - 2018-12-08
• 5.9.0 - 2018-11-09
• 5.8.0 - 2018-10-26
• 5.7.0 - 2018-10-12
• 5.6.1 - 2018-09-28
• 5.6.0 - 2018-09-15
• 5.5.0 - 2018-09-01
• 5.4.0 - 2018-08-18
• 5.3.0 - 2018-08-04
• 5.2.0 - 2018-07-21
• 5.1.0 - 2018-07-08

from eslint GitHub release notes

Commit messages

Package name: eslint

• ded2f94 5.16.0
• ea36e13 Build: changelog update for 5.16.0
• dfef227 Build: gensite passes rulesMeta to formatter rendering (#11567)
• c06d38c Fix: Allow HTML formatter to handle no meta data (#11566)
• 87a5c03 Docs: `func-style`: clarify when `allowArrowFunctions` is used (#11548)
• bc3e427 Update: pass rule meta to formatters RFC 10 (#11551)
• b452f27 Chore: Update README to pull in reviewer data (#11506)
• afe3d25 Upgrade: Bump js-yaml dependency to fix Denial of Service vulnerability (#11550)
• 4fe7eb7 Chore: use nyc instead of istanbul (#11532)
• f16af43 Chore: fix formatters/table test (#11534)
• 78358a8 Docs: fix duplicate punctuation in CLI docs (#11528)
• a6168f8 5.15.3
• cb57316 Build: changelog update for 5.15.3
• 71adc66 Fix: avoid moving comments in implicit-arrow-linebreak (fixes #11521) (#11522)
• 1f715a2 Chore: make test-case-property-ordering reasonable (#11511)
• f354770 5.15.2
• cada7a1 Build: changelog update for 5.15.2
• 29dbca7 Fix: implicit-arrow-linebreak adds extra characters (fixes #11268) (#11407)
• 5d2083f Upgrade: [email protected] (#11513)
• a5dae7c Fix: Empty glob pattern incorrectly expands to "/**" (#11476)
• 448e8da Chore: improve crash reporting (fixes #11304) (#11463)
• 0f56dc6 Chore: make config validator params more consistent (#11435)
• d6c1122 Docs: Add working groups to maintainer guide (#11400)
• 5fdb4d3 Build: compile deps to ES5 when generating browser file (fixes #11504) (#11505)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs