[Snyk] Security upgrade eslint from 8.57.1 to 10.0.0

[mnk-blr]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	157

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[mnk-blr]

⛔ Snyk checks have failed. 18 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (18)
⛔	Open Source Security	2	16	0	0	18 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[claude]

🚨 Critical Issue: ESLint 10.0.0 requires Node.js ^20.19.0 || ^22.13.0 || >=24, but this package doesn't specify updated engine requirements.

Required Changes:

1. Add Node.js engine requirements to package.json:

"engines": {
  "node": "^20.19.0 || ^22.13.0 || >=24"
}

2. Update CI environment (.github/workflows) from Node 18.15.0 to Node 20+
3. Update project documentation to reflect new Node.js requirements

Without these changes, ESLint 10 will fail to run in any environment using Node < 20.19.0, breaking development workflows and CI pipelines.

[claude]

🚨 Critical Breaking Change: ESLint 10.0.0 upgrade requires multiple breaking changes to be addressed:

1. Node.js Version Incompatibility:
ESLint 10 requires Node.js ^20.19.0 || ^22.13.0 || >=24. Current CI uses Node 18.15.0.

2. TypeScript ESLint Plugin Incompatibility:
Current @typescript-eslint/* v5.x packages don't support ESLint 10. Requires v8.x.

3. ESLint Plugin Incompatibilities:
Multiple plugins need updates: eslint-config-airbnb-base, eslint-config-prettier, eslint-plugin-testing-library, etc.

Immediate Impact:

• ❌ CI pipeline will fail (Node.js version mismatch)
• ❌ npm run lint will fail in development
• ❌ All TypeScript files will fail linting
• ❌ Development workflows completely broken

Required Changes:

1. Update package.json engines field for Node 20+
2. Upgrade CI to Node 20+
3. Upgrade all incompatible ESLint plugins
4. Update documentation for new Node requirements

Security Fix vs. Breaking Changes: While fixing SNYK-JS-AJV-15274295 is important, this upgrade introduces significant breaking changes that need coordinated updates across the entire toolchain.

[claude]

🚨 PR Review Summary: ESLint 10.0.0 Security Upgrade

Security Context ✅

• Vulnerability Fixed: SNYK-JS-AJV-15274295 (Regular Expression Denial of Service - ReDoS)
• Severity: High (Score: 157)
• Security Impact: Important fix for production security

Critical Issues Found ❌

1. Node.js Version Incompatibility Crisis

• Current: CI uses Node.js 18.15.0
• Required: ESLint 10 needs Node.js ^20.19.0 || ^22.13.0 || >=24
• Impact: Complete CI pipeline failure

2. TypeScript ESLint Incompatibility

• Current: @typescript-eslint/* v5.59.5
• Required: v8.x+ for ESLint 10 support
• Impact: All TypeScript linting broken

3. Missing Engine Requirements

• package.json lacks Node.js engine specification
• Will break local development environments

4. Plugin Ecosystem Incompatibilities

• eslint-config-airbnb-base: 15.0.0 → needs 16.x
• eslint-config-prettier: ^6.9.0 → needs 9.x
• eslint-plugin-testing-library: needs compatibility check

Impact Assessment 📊

Immediate Breakage:

• ❌ CI pipeline (Node.js version)
• ❌ Development lint commands (npm run lint)
• ❌ Build gate (npm run ci)
• ❌ All TypeScript file linting

Workflow Disruption:

• Complete development workflow stoppage until dependencies updated
• All contributors need Node.js 20+ upgrade
• Potential eslintrc configuration updates needed

Recommendations 📋

Option 1: Comprehensive Upgrade (Recommended)

1. Upgrade CI to Node.js 20+
2. Update TypeScript ESLint packages to v8.x
3. Audit and upgrade all ESLint plugin dependencies
4. Add Node.js engines requirement to package.json
5. Update documentation for new Node.js requirements
6. Test entire development workflow

Option 2: Alternative Security Fix

• Consider upgrading to ESLint 8.57.2+ if available with security patch
• Less disruptive while still addressing vulnerability

Merge Recommendation ❌ DO NOT MERGE

Rationale:
While the security fix is important, this PR introduces significant breaking changes that will immediately break:

• CI/CD pipelines
• Local development environments
• All linting workflows

Required Before Merge:

• Address all Node.js and plugin compatibility issues
• Update CI environment
• Coordinate team-wide Node.js upgrades
• Update documentation and onboarding instructions

Priority Actions 🎯

1. Urgent: Update CI Node.js version in workflows
2. Critical: Upgrade TypeScript ESLint packages
3. Important: Add engine requirements to prevent environment issues
4. Necessary: Test complete development workflow

This security upgrade requires a coordinated effort to update the entire development toolchain. Consider creating a migration plan or splitting into multiple PRs to manage the complexity of this major version upgrade.