chore(deps-dev): bump eslint from 8.57.1 to 9.8.0#5727
chore(deps-dev): bump eslint from 8.57.1 to 9.8.0#5727dependabot[bot] wants to merge 1 commit intounstablefrom
Conversation
Bumps [eslint](https://github.com/eslint/eslint) from 8.57.1 to 9.8.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/v9.8.0/CHANGELOG.md) - [Commits](eslint/eslint@v8.57.1...v9.8.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 9.8.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
rtibblesbot
left a comment
There was a problem hiding this comment.
Dependency Update Review
Package: eslint 8.57.1 → 9.8.0
Semver risk: Major (crosses major version boundary)
Dependency type: devDependency
CI status: Passing — but ESLint linting was not exercised (see below)
Changelog Analysis
Sources consulted:
- ESLint v9 migration guide
- PR body release notes (v9.0.0 through v9.8.0)
Breaking changes (ESLint 9.0.0):
- Flat config (
eslint.config.js) is now the default. The legacy.eslintrc.*format is deprecated. Projects must either migrate to flat config or setESLINT_USE_FLAT_CONFIG=false. - Node.js v18.18.0+ required (was v12+)
eslint:recommendedupdated — 4 rules added, 4 removed- Removed rules:
require-jsdoc,valid-jsdoc - Several built-in formatters removed
- Rule behavior changes:
no-unused-varsnow checks caught errors by default (caughtErrors: "all"),no-useless-computed-keyflags class members,no-implicit-coercionreports unary negation - Plugin API: removed
contextmethods, function-style rules no longer supported,meta.schemarequired
Compatibility Assessment
- Project uses legacy config:
.eslintrc.js(CommonJS, extendskolibri-format/.eslintrc). Noeslint.config.jsexists.ESLINT_USE_FLAT_CONFIG=falseis not set anywhere in the project. - CI did not exercise ESLint: The linting pre-commit hook (
.pre-commit-config.yamlline 25) only triggers on.js|.vue|.scss|.cssfiles. This PR changes onlypackage.jsonandpnpm-lock.yaml, so ESLint was never invoked. - Plugin compatibility unknown:
kolibri-format@1.0.1andeslint-plugin-kolibri@0.18.0compatibility with ESLint 9 is unverified. - Peer dependency changes: Lockfile resolved all existing eslint plugins against
eslint@9.8.0without errors, which is a positive signal. - Code changes required: Likely yes — at minimum, config format migration or
ESLINT_USE_FLAT_CONFIG=falsesetting.
Recommendation
REQUEST_CHANGES — This major version bump requires verification that ESLint actually works against the project's JS/Vue files. The CI linting hook was not triggered because no source files changed. Before merging, run pnpm run lint-frontend locally to confirm compatibility with the legacy .eslintrc.js config, or migrate to flat config (eslint.config.js).
@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly
How was this generated?
Reviewed the pull request diff checking for:
- Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
- Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
- Architecture: duplicated concerns, minimal interfaces, composition over inheritance
- Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
- Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
- Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
- Checked CI status and linked issue acceptance criteria
- For UI changes: inspected screenshots for layout, visual completeness, and consistency
| "circular-dependency-plugin": "^5.2.0", | ||
| "css-loader": "7.1.2", | ||
| "eslint": "^8.57.0", | ||
| "eslint": "^9.8.0", |
There was a problem hiding this comment.
blocking: ESLint 8→9 is a major version bump that changes the default config system from .eslintrc.* to flat config (eslint.config.js). This project uses .eslintrc.js (legacy format), which ESLint 9 deprecates and does not load by default.
CI passed, but the ESLint pre-commit hook only runs on .js/.vue/.scss/.css files — since this PR changes only .json and .yaml files, ESLint was never actually invoked against the codebase.
Before merging, please:
- Run
pnpm run lint-frontendlocally to confirm ESLint 9 works with the current.eslintrc.jssetup - Verify that
kolibri-format@1.0.1andeslint-plugin-kolibri@0.18.0are compatible with ESLint 9 - If linting fails, either migrate to flat config or set
ESLINT_USE_FLAT_CONFIG=falsein the lint scripts
Bumps eslint from 8.57.1 to 9.8.0.
Release notes
Sourced from eslint's releases.
... (truncated)
Changelog
Sourced from eslint's changelog.
... (truncated)
Commits
63881dc9.8.0de36d1dBuild: changelog update for 9.8.0deee448chore: upgrade to@eslint/js@9.8.0(#18720)4aaf2b3chore: package.json update for@eslint/jsrelease2570051chore: package.json revert@eslint/jsversion to 9.7.0 (#18719)d73b203chore: package.json update for@eslint/jsrelease8e1a627chore: update dependency@eslint/coreto ^0.2.0 (#18700)13d0bd3feat: Add and use SourceCode#getLoc/getRange (#18703)282df1adocs: Add system theme option (#18617)ab0ff27fix: Throw error when invalid flags passed (#18705)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)