[Snyk] Security upgrade eslint from 8.42.0 to 10.0.0

[mnk-blr]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• playground/app/package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	170

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[mnk-blr]

⛔ Snyk checks have failed. 20 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (20)
⛔	Open Source Security	2	18	0	0	20 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-actions]

File	Coverage
All files	88%	✅
src/main/custom-chart-context.ts	86%	✅
src/main/logger.ts	88%	✅
src/main/post-message-event-bridge.ts	77%	✅
src/react/use-custom-chart-context.tsx	86%	✅
src/react/mocks/custom-chart-context-mock.ts	96%	✅
src/utils/chart-config.ts	82%	✅
src/utils/date-formatting.ts	82%	✅
src/utils/formatting-util.ts	89%	✅
src/utils/conditional-formatting/conditional-formatting.ts	92%	✅
src/utils/globalize-Initializer/globalize-utils.ts	95%	✅
src/utils/number-formatting/number-formatting-utils.ts	98%	✅
src/utils/number-formatting/number-formatting.ts	90%	✅

Minimum allowed coverage is 0%

Generated by 🐒 cobertura-action against 5acc738

[claude]

🚨 Critical Compatibility Issue

This ESLint v10 upgrade is incompatible with the current TypeScript ESLint plugins:

• @typescript-eslint/eslint-plugin: ^5.59.0 (line 21)
• @typescript-eslint/parser: ^5.59.0 (line 22)

Problem: ESLint v10 requires @typescript-eslint/* packages v6+ for compatibility. This version mismatch will cause plugin loading failures and parsing errors.

Required fix: Update these packages to compatible versions:

"@typescript-eslint/eslint-plugin": "^6.0.0",
"@typescript-eslint/parser": "^6.0.0"

Additionally, verify that eslint-plugin-react-hooks: ^4.6.0 and eslint-plugin-react-refresh: ^0.3.4 support ESLint v10.

[claude]

PR Review Summary

This PR addresses a High Severity (170 score) ReDoS vulnerability in minimatch by upgrading ESLint from 8.38.0 to 10.0.0. While the security fix is important, this PR is NOT mergeable in its current state due to critical compatibility issues.

🚨 Critical Issues (Blocking)

1. TypeScript ESLint Plugin Incompatibility

   • Current: @typescript-eslint/eslint-plugin: ^5.59.0, @typescript-eslint/parser: ^5.59.0
   • ESLint v10 requires these packages to be v6+ for compatibility
   • Impact: Will cause plugin loading failures and parsing errors

2. Failed pnpm-lock.yaml Update

   • Snyk warning indicates the lock file could not be updated
   • Manual intervention required before merging

⚠️ Additional Compatibility Concerns

• eslint-plugin-react-hooks: ^4.6.0 and eslint-plugin-react-refresh: ^0.3.4 may not support ESLint v10
• No CI validation for the playground app's build/lint process
• Version inconsistency with main SDK (uses ESLint ^8.56.0)

✅ Recommended Actions Before Merge

1. Update TypeScript ESLint packages to v6+ (compatible with ESLint v10):

   "@typescript-eslint/eslint-plugin": "^6.0.0",
   "@typescript-eslint/parser": "^6.0.0"

2. Update pnpm-lock.yaml manually after dependency updates

3. Test the playground app to ensure it builds and lints successfully:

   cd playground/app
   pnpm install
   pnpm run lint
   pnpm run build

4. Verify ESLint plugin compatibility with v10

📊 Review Results

• Security Impact: ✅ Fixes high-severity ReDoS vulnerability
• Compatibility: ❌ Breaks TypeScript ESLint integration
• Testing: ⚠️ No automated validation for playground app
• Documentation: ✅ No updates needed

Verdict: 🔴 NOT READY TO MERGE - Requires dependency compatibility fixes first.