Update typescript-eslint 8.56.1 → 8.57.0 (minor)

[depfu]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ typescript-eslint (8.56.1 → 8.57.0)

Sorry, we couldn't find anything useful about this release.

↗️ @​typescript-eslint/eslint-plugin (indirect, 8.56.1 → 8.57.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 21 commits:

• chore(release): publish 8.57.0
• chore(website): enable `fixedOverflowWidgets` in editor settings (#12115)
• docs(eslint-plugin): document no-unnecessary-condition limitation with object types (#12111)
• chore: use pnpm catalog (#12047)
• chore(deps): update dependency @eslint-community/eslint-plugin-eslint-comments to v4.7.0 (#12113)
• fix(eslint-plugin): [no-base-to-string] fix false positive for toString with overloads (#12089)
• test: correct snapshot
• fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpecifier` to prefer-promise-reject-errors (#12094)
• fix(typescript-estree): if the template literal is tagged and the text has an invalid escape, `cooked` will be `null` (#11355)
• chore: shard eslint-plugin tests (#12082)
• docs: minor grammar adjustment (#12112)
• fix(eslint-plugin): guard against negative paramIndex in no-useless-default-assignment (#12077)
• fix(eslint-plugin): handle statically analyzable computed keys in prefer-readonly (#12079)
• chore(deps): update dependency typedoc-plugin-markdown to v4.10.0 (#12060)
• chore(deps): update dependency eslint-plugin-perfectionist to v5.6.0 (#12054)
• fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• fix(typescript-estree): switch back to use `ts.getModifiers()` (#12034)
• chore(deps): update dependency @microsoft/api-extractor to v7.57.6 (#12087)
• docs: use `defineConfig` in "How to use" (#12108)
• feat(eslint-plugin): [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)
• chore: update vitest to 4.x (#12071)

↗️ @​typescript-eslint/parser (indirect, 8.56.1 → 8.57.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 21 commits:

• chore(release): publish 8.57.0
• chore(website): enable `fixedOverflowWidgets` in editor settings (#12115)
• docs(eslint-plugin): document no-unnecessary-condition limitation with object types (#12111)
• chore: use pnpm catalog (#12047)
• chore(deps): update dependency @eslint-community/eslint-plugin-eslint-comments to v4.7.0 (#12113)
• fix(eslint-plugin): [no-base-to-string] fix false positive for toString with overloads (#12089)
• test: correct snapshot
• fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpecifier` to prefer-promise-reject-errors (#12094)
• fix(typescript-estree): if the template literal is tagged and the text has an invalid escape, `cooked` will be `null` (#11355)
• chore: shard eslint-plugin tests (#12082)
• docs: minor grammar adjustment (#12112)
• fix(eslint-plugin): guard against negative paramIndex in no-useless-default-assignment (#12077)
• fix(eslint-plugin): handle statically analyzable computed keys in prefer-readonly (#12079)
• chore(deps): update dependency typedoc-plugin-markdown to v4.10.0 (#12060)
• chore(deps): update dependency eslint-plugin-perfectionist to v5.6.0 (#12054)
• fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• fix(typescript-estree): switch back to use `ts.getModifiers()` (#12034)
• chore(deps): update dependency @microsoft/api-extractor to v7.57.6 (#12087)
• docs: use `defineConfig` in "How to use" (#12108)
• feat(eslint-plugin): [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)
• chore: update vitest to 4.x (#12071)

↗️ @​typescript-eslint/scope-manager (indirect, 8.56.1 → 8.57.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 21 commits:

• chore(release): publish 8.57.0
• chore(website): enable `fixedOverflowWidgets` in editor settings (#12115)
• docs(eslint-plugin): document no-unnecessary-condition limitation with object types (#12111)
• chore: use pnpm catalog (#12047)
• chore(deps): update dependency @eslint-community/eslint-plugin-eslint-comments to v4.7.0 (#12113)
• fix(eslint-plugin): [no-base-to-string] fix false positive for toString with overloads (#12089)
• test: correct snapshot
• fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpecifier` to prefer-promise-reject-errors (#12094)
• fix(typescript-estree): if the template literal is tagged and the text has an invalid escape, `cooked` will be `null` (#11355)
• chore: shard eslint-plugin tests (#12082)
• docs: minor grammar adjustment (#12112)
• fix(eslint-plugin): guard against negative paramIndex in no-useless-default-assignment (#12077)
• fix(eslint-plugin): handle statically analyzable computed keys in prefer-readonly (#12079)
• chore(deps): update dependency typedoc-plugin-markdown to v4.10.0 (#12060)
• chore(deps): update dependency eslint-plugin-perfectionist to v5.6.0 (#12054)
• fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• fix(typescript-estree): switch back to use `ts.getModifiers()` (#12034)
• chore(deps): update dependency @microsoft/api-extractor to v7.57.6 (#12087)
• docs: use `defineConfig` in "How to use" (#12108)
• feat(eslint-plugin): [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)
• chore: update vitest to 4.x (#12071)

↗️ @​typescript-eslint/types (indirect, 8.56.1 → 8.57.0) · Repo · Changelog

Release Notes

8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [strict-void-return] false positives with overloads (#12055)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• typescript-estree: switch back to use ts.getModifiers() (#12034)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

• Brad Zacher @bradzacher
• Brian Schlenker @bschlenk
• Evyatar Daud @StyleShit
• fisker Cheung @fisker
• James Henry @JamesHenry
• Josh Goldberg
• Kirk Waiblinger @kirkwaiblinger
• Moses Odutusin @thebolarin
• Newton Yuan @NewtonYuan
• SungHyun627 @SungHyun627
• Younsang Na @nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 21 commits:

• chore(release): publish 8.57.0
• chore(website): enable `fixedOverflowWidgets` in editor settings (#12115)
• docs(eslint-plugin): document no-unnecessary-condition limitation with object types (#12111)
• chore: use pnpm catalog (#12047)
• chore(deps): update dependency @eslint-community/eslint-plugin-eslint-comments to v4.7.0 (#12113)
• fix(eslint-plugin): [no-base-to-string] fix false positive for toString with overloads (#12089)
• test: correct snapshot
• fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpecifier` to prefer-promise-reject-errors (#12094)
• fix(typescript-estree): if the template literal is tagged and the text has an invalid escape, `cooked` will be `null` (#11355)
• chore: shard eslint-plugin tests (#12082)
• docs: minor grammar adjustment (#12112)
• fix(eslint-plugin): guard against negative paramIndex in no-useless-default-assignment (#12077)
• fix(eslint-plugin): handle statically analyzable computed keys in prefer-readonly (#12079)
• chore(deps): update dependency typedoc-plugin-markdown to v4.10.0 (#12060)
• chore(deps): update dependency eslint-plugin-perfectionist to v5.6.0 (#12054)
• fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• fix(typescript-estree): switch back to use `ts.getModifiers()` (#12034)
• chore(deps): update dependency @microsoft/api-extractor to v7.57.6 (#12087)
• docs: use `defineConfig` in "How to use" (#12108)
• feat(eslint-plugin): [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)
• chore: update vitest to 4.x (#12071)

↗️ @​typescript-eslint/typescript-estree (indirect, 8.56.1 → 8.57.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 21 commits:

• chore(release): publish 8.57.0
• chore(website): enable `fixedOverflowWidgets` in editor settings (#12115)
• docs(eslint-plugin): document no-unnecessary-condition limitation with object types (#12111)
• chore: use pnpm catalog (#12047)
• chore(deps): update dependency @eslint-community/eslint-plugin-eslint-comments to v4.7.0 (#12113)
• fix(eslint-plugin): [no-base-to-string] fix false positive for toString with overloads (#12089)
• test: correct snapshot
• fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpecifier` to prefer-promise-reject-errors (#12094)
• fix(typescript-estree): if the template literal is tagged and the text has an invalid escape, `cooked` will be `null` (#11355)
• chore: shard eslint-plugin tests (#12082)
• docs: minor grammar adjustment (#12112)
• fix(eslint-plugin): guard against negative paramIndex in no-useless-default-assignment (#12077)
• fix(eslint-plugin): handle statically analyzable computed keys in prefer-readonly (#12079)
• chore(deps): update dependency typedoc-plugin-markdown to v4.10.0 (#12060)
• chore(deps): update dependency eslint-plugin-perfectionist to v5.6.0 (#12054)
• fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• fix(typescript-estree): switch back to use `ts.getModifiers()` (#12034)
• chore(deps): update dependency @microsoft/api-extractor to v7.57.6 (#12087)
• docs: use `defineConfig` in "How to use" (#12108)
• feat(eslint-plugin): [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)
• chore: update vitest to 4.x (#12071)

↗️ @​typescript-eslint/utils (indirect, 8.56.1 → 8.57.0) · Repo · Changelog

Release Notes

8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [strict-void-return] false positives with overloads (#12055)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• typescript-estree: switch back to use ts.getModifiers() (#12034)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

• Brad Zacher @bradzacher
• Brian Schlenker @bschlenk
• Evyatar Daud @StyleShit
• fisker Cheung @fisker
• James Henry @JamesHenry
• Josh Goldberg
• Kirk Waiblinger @kirkwaiblinger
• Moses Odutusin @thebolarin
• Newton Yuan @NewtonYuan
• SungHyun627 @SungHyun627
• Younsang Na @nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 21 commits:

• chore(release): publish 8.57.0
• chore(website): enable `fixedOverflowWidgets` in editor settings (#12115)
• docs(eslint-plugin): document no-unnecessary-condition limitation with object types (#12111)
• chore: use pnpm catalog (#12047)
• chore(deps): update dependency @eslint-community/eslint-plugin-eslint-comments to v4.7.0 (#12113)
• fix(eslint-plugin): [no-base-to-string] fix false positive for toString with overloads (#12089)
• test: correct snapshot
• fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpecifier` to prefer-promise-reject-errors (#12094)
• fix(typescript-estree): if the template literal is tagged and the text has an invalid escape, `cooked` will be `null` (#11355)
• chore: shard eslint-plugin tests (#12082)
• docs: minor grammar adjustment (#12112)
• fix(eslint-plugin): guard against negative paramIndex in no-useless-default-assignment (#12077)
• fix(eslint-plugin): handle statically analyzable computed keys in prefer-readonly (#12079)
• chore(deps): update dependency typedoc-plugin-markdown to v4.10.0 (#12060)
• chore(deps): update dependency eslint-plugin-perfectionist to v5.6.0 (#12054)
• fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• fix(typescript-estree): switch back to use `ts.getModifiers()` (#12034)
• chore(deps): update dependency @microsoft/api-extractor to v7.57.6 (#12087)
• docs: use `defineConfig` in "How to use" (#12108)
• feat(eslint-plugin): [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)
• chore: update vitest to 4.x (#12071)

↗️ @​typescript-eslint/visitor-keys (indirect, 8.56.1 → 8.57.0) · Repo · Changelog

Release Notes

8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

🩹 Fixes

• eslint-plugin: [strict-void-return] false positives with overloads (#12055)
• eslint-plugin: handle statically analyzable computed keys in prefer-readonly (#12079)
• eslint-plugin: guard against negative paramIndex in no-useless-default-assignment (#12077)
• eslint-plugin: [prefer-promise-reject-errors] add allow TypeOrValueSpecifier to prefer-promise-reject-errors (#12094)
• eslint-plugin: [no-base-to-string] fix false positive for toString with overloads (#12089)
• typescript-estree: switch back to use ts.getModifiers() (#12034)
• typescript-estree: if the template literal is tagged and the text has an invalid escape, cooked will be null (#11355)

❤️ Thank You

• Brad Zacher @bradzacher
• Brian Schlenker @bschlenk
• Evyatar Daud @StyleShit
• fisker Cheung @fisker
• James Henry @JamesHenry
• Josh Goldberg
• Kirk Waiblinger @kirkwaiblinger
• Moses Odutusin @thebolarin
• Newton Yuan @NewtonYuan
• SungHyun627 @SungHyun627
• Younsang Na @nayounsang

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 21 commits:

• chore(release): publish 8.57.0
• chore(website): enable `fixedOverflowWidgets` in editor settings (#12115)
• docs(eslint-plugin): document no-unnecessary-condition limitation with object types (#12111)
• chore: use pnpm catalog (#12047)
• chore(deps): update dependency @eslint-community/eslint-plugin-eslint-comments to v4.7.0 (#12113)
• fix(eslint-plugin): [no-base-to-string] fix false positive for toString with overloads (#12089)
• test: correct snapshot
• fix(eslint-plugin): [prefer-promise-reject-errors] add allow `TypeOrValueSpecifier` to prefer-promise-reject-errors (#12094)
• fix(typescript-estree): if the template literal is tagged and the text has an invalid escape, `cooked` will be `null` (#11355)
• chore: shard eslint-plugin tests (#12082)
• docs: minor grammar adjustment (#12112)
• fix(eslint-plugin): guard against negative paramIndex in no-useless-default-assignment (#12077)
• fix(eslint-plugin): handle statically analyzable computed keys in prefer-readonly (#12079)
• chore(deps): update dependency typedoc-plugin-markdown to v4.10.0 (#12060)
• chore(deps): update dependency eslint-plugin-perfectionist to v5.6.0 (#12054)
• fix(eslint-plugin): [strict-void-return] false positives with overloads (#12055)
• fix(typescript-estree): switch back to use `ts.getModifiers()` (#12034)
• chore(deps): update dependency @microsoft/api-extractor to v7.57.6 (#12087)
• docs: use `defineConfig` in "How to use" (#12108)
• feat(eslint-plugin): [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)
• chore: update vitest to 4.x (#12071)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[code-genius-code-coverage]

The files' contents are under analysis for test generation.

[github-actions]

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs

2026-03-10T18:40:54Z INF scanning for exposed secrets...
6:40PM INF 470 commits scanned.
2026-03-10T18:40:54Z INF scan completed in 324ms
2026-03-10T18:40:54Z INF no leaks found

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	typescript-eslint@​8.56.1 ⏵ 8.57.0

View full report

[deepsource-io]

DeepSource Code Review

We reviewed changes in 83522ef...106ede9 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade

Security   Reliability   Complexity   Hygiene   Coverage

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
Test coverage		Mar 10, 2026 6:40p.m.	Review ↗
Secrets		Mar 10, 2026 6:40p.m.	Review ↗
JavaScript		Mar 10, 2026 6:40p.m.	Review ↗

Code Coverage Summary

Language	Line Coverage (Overall)
Aggregate	93.8%
Javascript	93.8%

➟ Additional coverage metrics may have been reported. See full coverage report ↗

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Embedded URLs or IPs: npm @typescript-eslint/eslint-plugin URLs: https://typescript-eslint.io/users/configs#base, https://typescript-eslint.io/users/configs/#eslint-recommended, https://eslint.org/docs/latest/rules/no-new-symbol, https://github.com/typescript-eslint/typescript-eslint/pull/8895, https://github.com/typescript-eslint/typescript-eslint/issues/5468, https://github.com/typescript-eslint/typescript-eslint/issues/7527, https://gist.github.com/mathiasbynens/6334847, Fruit.Apple, https://github.com/typescript-eslint/typescript-eslint/issues/5439, https://typescript-eslint.io/rules/no-empty-object-type, https://github.com/typescript-eslint/typescript-eslint/pull/8977, https://eslint.org/docs/latest/rules/no-loss-of-precision, https://github.com/typescript-eslint/typescript-eslint/pull/8832, https://typescript-eslint.io/rules/consistent-type-definitions, https://github.com/typescript-eslint/typescript-eslint/pull/6229, https://github.com/ajafff/tsutils/blob/49d0d31050b44b81e918eae4fbaf1dfe7b7286af/util/type.ts#L95-L125, https://github.com/microsoft/TypeScript/issues/48077, https://typescript-eslint.io/rules/no-require-imports, https://github.com/typescript-eslint/typescript-eslint/pull/8334, obf.foo, https://github.com/microsoft/TypeScript/pull/56908, this.foo, https://typescript-eslint.io/rules/ban-ts-comment, https://github.com/typescript-eslint/typescript-eslint/pull/9081, foo.bar.baz.buzz, https://github.com/typescript-eslint/typescript-eslint/issues/11559, https://github.com/typescript-eslint/typescript-eslint/issues/4975, https://perfectionist.dev, https://perfectionist.dev/rules/sort-intersection-types, https://perfectionist.dev/rules/sort-union-types, https://github.com/typescript-eslint/typescript-eslint/pull/9253, https://typescript-eslint.io/rules/, https://github.com/typescript-eslint/typescript-eslint/pull/8952#discussion_r1576543310, https://github.com/microsoft/TypeScript/issues/31294, https://github.com/eslint/eslint/blob/3a4eaf921543b1cd5d1df4ea9dec02fab396af2a/lib/rules/utils/ast-utils.js#L1043-L1132, https://github.com/eslint/eslint/blob/3a4eaf921543b1cd5d1df4ea9dec02fab396af2a/lib/rules/utils/ast-utils.js#L1026-L1041 Location: Package overview From: package-lock.json → npm/typescript-eslint@8.57.0 → npm/@typescript-eslint/eslint-plugin@8.57.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm @typescript-eslint/scope-manager with es2017.date, es2020.date URLs: es2017.date, es2020.date Location: Package overview From: package-lock.json → npm/typescript-eslint@8.57.0 → npm/@typescript-eslint/scope-manager@8.57.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/scope-manager@8.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm @typescript-eslint/typescript-estree URLs: https://github.com/typescript-eslint/typescript-eslint/issues/6289, https://tseslint.com/allowdefaultproject-glob-too-wide, https://github.com/typescript-eslint/typescript-eslint/issues/new/choose., https://tseslint.com/are-project-references-supported, https://tseslint.com/none-of-those-tsconfigs-include-this-file, https://github.com/typescript-eslint/typescript-eslint/issues/7896, https://github.com/typescript-eslint/typescript-eslint/issues/6469, https://tseslint.com/key-property-deprecated., this.foo, https://github.com/typescript-eslint/typescript-eslint/pull/6615#discussion_r1136489935, https://github.com/typescript-eslint/typescript-eslint/issues/101. Location: Package overview From: package-lock.json → npm/typescript-eslint@8.57.0 → npm/@typescript-eslint/typescript-estree@8.57.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/typescript-estree@8.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm @typescript-eslint/utils URLs: https://eslint-community.github.io/eslint-utils/api/ast-utils.html#getstringifconstant, https://eslint-community.github.io/eslint-utils/api/ast-utils.html#hassideeffect, https://github.com/eslint/espree, https://eslint.org/docs/developer-guide/working-with-rules#messageids, https://tseslint.com/typed-linting, http://json-schema.org/schema#, http://json-schema.org/hyper-schema#, http://json-schema.org/draft-04/schema#, http://json-schema.org/draft-04/hyper-schema#, http://json-schema.org/draft-03/schema#, http://json-schema.org/draft-03/hyper-schema#, https://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.3, https://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.2, https://json-schema.org/understanding-json-schema/reference/array.html, https://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.6, https://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.5, https://json-schema.org/understanding-json-schema/reference/string.html, https://json-schema.org/understanding-json-schema/reference/numeric.html, https://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.19, https://json-schema.org/understanding-json-schema/reference/boolean.html, https://json-schema.org/understanding-json-schema/reference/null.html Location: Package overview From: package-lock.json → npm/typescript-eslint@8.57.0 → npm/@typescript-eslint/utils@8.57.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/utils@8.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm typescript-eslint URLs: https://github.com/eslint/rewrite/blob/82d07fd0e8e06780b552a41f8bcbe2a4f8741d42/packages/config-helpers/src/define-config.js#L448-L450, https://typescript-eslint.io/users/configs#base, https://typescript-eslint.io/users/configs#disable-type-checked, https://typescript-eslint.io/users/configs#all, https://typescript-eslint.io/users/configs/#eslint-recommended, https://typescript-eslint.io/users/configs#recommended, https://typescript-eslint.io/users/configs#recommended-type-checked, https://typescript-eslint.io/users/configs#recommended-type-checked-only, https://typescript-eslint.io/users/configs#strict, https://typescript-eslint.io/users/configs#strict-type-checked, https://typescript-eslint.io/users/configs#strict-type-checked-only, https://typescript-eslint.io/users/configs#stylistic, https://typescript-eslint.io/users/configs#stylistic-type-checked, https://typescript-eslint.io/users/configs#stylistic-type-checked-only Location: Package overview From: package-lock.json → npm/typescript-eslint@8.57.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript-eslint@8.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[guibranco]

Automatically approved by gstraccini[bot]

[guibranco]

@depfu merge

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud