[Snyk] Upgrade eslint-plugin-import from 2.22.1 to 2.23.4

[snyk-bot]

Snyk has created this PR to upgrade eslint-plugin-import from 2.22.1 to 2.23.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2021-05-29.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: eslint-plugin-import

• 2.23.4 - 2021-05-29
  

  v2.23.4

• 2.23.3 - 2021-05-21
  

  v2.23.3

• 2.23.2 - 2021-05-15
  

  v2.23.2

• 2.23.1 - 2021-05-15
  

  v2.23.1

• 2.23.0 - 2021-05-14
  

  https://github.com/benmosher/eslint-plugin-import/blob/v2.23.0/CHANGELOG.md#2230---2021-05-13

• 2.22.1 - 2020-09-27
  

  https://github.com/benmosher/eslint-plugin-import/blob/v2.22.1/CHANGELOG.md#2221---2020-09-27

from eslint-plugin-import GitHub release notes

Commit messages

Package name: eslint-plugin-import

• 998c300 Bump to v2.23.4
• ec10721 [meta] fix changelog entries
• da8d584 [Fix] `no-extraneous-dependencies`: fix package name algorithm
• 81b9d24 [Fix] `no-import-module-exports`: Don't crash if packages have no entrypoint
• 20c373c Bump to v2.23.3
• 0a08b6a [Tests] `order` add passing test to close starWarsIntrospection-test __schema.types confusion graphql/graphql-js#2081
• b39770d [Fix] `order`: restore default behavior unless `type` is in groups
• 72b9c3d [Fix] `no-cycle`: fix false negative when file imports a type after importing a value in Flow
• 30bba6a [Fix] `no-cycle`: ignore imports where imported file only imports types of importing file
• 3cf913d [meta] sort and uniquify usernames in changelog
• ddb2132 [Fix] `no-restricted-paths`: fix false positive matches
• bc99b86 [Docs] Add `no-relative-packages` to list of to the list of rules
• a332f20 Bump to v2.23.2
• 5af181f [meta] add `safe-publish-latest`; use `prepublishOnly` script for npm 7+
• 8431b46 Bump to v2.23.1
• 83f3c3e [Fix] `order`: fix alphabetical sorting
• 8213543 [Tests] add missing fixture from d903477f4e31be71e016f8af56cbe2a8d4f11c9c
• d903477 [Fix] ExportMap: do not crash when tsconfig lacks `.compilerOptions`
• dd0e8cb [meta] correct Remove 'invariant' calls from 'stripIgnoredCharacters' tests graphql/graphql-js#2065 -> #2056
• 8d7ec17 [Fix] `newline-after-import`: fix crash with `export {}` syntax
• e9e755d Bump to v2.23.0
• 7b264c0 [resolvers/webpack] v0.13.1
• aa37904 [deps] update `eslint-module-utils`
• 6417cfd utils: v2.6.1

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
73057d50-d15f-11eb-87db-957d44f2b735

[guardrails]

⚠️ We detected 5 security issues in this pull request:

Mode: paranoid | Total findings: 5 | Considered vulnerability: 5

Vulnerable Libraries (5)

Severity	Details
Medium	browserslist@4.16.1 upgrade to >4.16.4
Medium	glob-parent@5.1.1 upgrade to >=5.1.2
Medium	hosted-git-info@2.8.8 upgrade to `>=2.8.9
High	lodash@4.17.20 upgrade to >=4.17.21
High	y18n@4.0.0 upgrade to >=5.0.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.