chore(deps): update dependency eslint-plugin-security to v4

[descope]

This PR contains the following updates:

Package	Type	Update	Change	Pending	OpenSSF
eslint-plugin-security	devDependencies	major	1.7.1 → 4.0.0	4.0.1

---

Release Notes

eslint-community/eslint-plugin-security (eslint-plugin-security)

v4.0.0

Compare Source

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)
• switch the recommended config to flat (#​118)

Features

• add config recommended-legacy (#​132) (13d3f2f)
• Add meta object documentation for all rules (#​79) (fb1d9ef)
• detect-bidi-characters rule (#​95) (4294d29)
• detect-non-literal-fs-filename: change to track non-top-level require() as well (#​105) (d3b1543)
• extend detect non literal fs filename (#​92) (08ba476)
• improve detect-child-process rule (#​108) (64ae529)
• non-literal-require: support template literals (#​81) (208019b)
• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146) (df1b606)
• switch the recommended config to flat (#​118) (e20a366)

Bug Fixes

• Add ESLint 10 compatibility for context.sourceCode API change (#​186) (7f9ee77)
• add name to recommended flat config (#​161) (aa1c8c5)
• Avoid crash when exec() is passed no arguments (7f97815), closes #​82 #​23
• Avoid TypeError when exec stub is used with no arguments (#​97) (9c18f16)
• detect-child-process: false positive for destructuring with exec (#​102) (657921a)
• detect-child-process: false positives for destructuring spawn (#​103) (fdfe37d)
• Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)
• Ensure everything works with ESLint v9 (#​145) (ac50ab4)
• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#​109) (56102b5)
• generate provenance statement for release (#​168) (eb3ee9c)
• Incorrect method name in detect-buffer-noassert. (313c0c6), closes #​63 #​80
• release-please config (#​189) (2443d10)

3.0.1 (2024-06-14)

Bug Fixes

• add name to recommended flat config (#​161) (aa1c8c5)

3.0.1 (2024-06-13)

Bug Fixes

• add name to recommended flat config (#​161) (aa1c8c5)

v3.0.1

Compare Source

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)
• switch the recommended config to flat (#​118)

Features

• add config recommended-legacy (#​132) (13d3f2f)
• Add meta object documentation for all rules (#​79) (fb1d9ef)
• detect-bidi-characters rule (#​95) (4294d29)
• detect-non-literal-fs-filename: change to track non-top-level require() as well (#​105) (d3b1543)
• extend detect non literal fs filename (#​92) (08ba476)
• improve detect-child-process rule (#​108) (64ae529)
• non-literal-require: support template literals (#​81) (208019b)
• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146) (df1b606)
• switch the recommended config to flat (#​118) (e20a366)

Bug Fixes

• Add ESLint 10 compatibility for context.sourceCode API change (#​186) (7f9ee77)
• add name to recommended flat config (#​161) (aa1c8c5)
• Avoid crash when exec() is passed no arguments (7f97815), closes #​82 #​23
• Avoid TypeError when exec stub is used with no arguments (#​97) (9c18f16)
• detect-child-process: false positive for destructuring with exec (#​102) (657921a)
• detect-child-process: false positives for destructuring spawn (#​103) (fdfe37d)
• Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)
• Ensure everything works with ESLint v9 (#​145) (ac50ab4)
• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#​109) (56102b5)
• generate provenance statement for release (#​168) (eb3ee9c)
• Incorrect method name in detect-buffer-noassert. (313c0c6), closes #​63 #​80
• release-please config (#​189) (2443d10)

3.0.1 (2024-06-14)

Bug Fixes

• add name to recommended flat config (#​161) (aa1c8c5)

3.0.1 (2024-06-13)

Bug Fixes

• add name to recommended flat config (#​161) (aa1c8c5)

v3.0.0

Compare Source

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)
• switch the recommended config to flat (#​118)

Features

• add config recommended-legacy (#​132) (13d3f2f)
• Add meta object documentation for all rules (#​79) (fb1d9ef)
• detect-bidi-characters rule (#​95) (4294d29)
• detect-non-literal-fs-filename: change to track non-top-level require() as well (#​105) (d3b1543)
• extend detect non literal fs filename (#​92) (08ba476)
• improve detect-child-process rule (#​108) (64ae529)
• non-literal-require: support template literals (#​81) (208019b)
• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146) (df1b606)
• switch the recommended config to flat (#​118) (e20a366)

Bug Fixes

• Add ESLint 10 compatibility for context.sourceCode API change (#​186) (7f9ee77)
• add name to recommended flat config (#​161) (aa1c8c5)
• Avoid crash when exec() is passed no arguments (7f97815), closes #​82 #​23
• Avoid TypeError when exec stub is used with no arguments (#​97) (9c18f16)
• detect-child-process: false positive for destructuring with exec (#​102) (657921a)
• detect-child-process: false positives for destructuring spawn (#​103) (fdfe37d)
• Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)
• Ensure everything works with ESLint v9 (#​145) (ac50ab4)
• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#​109) (56102b5)
• generate provenance statement for release (#​168) (eb3ee9c)
• Incorrect method name in detect-buffer-noassert. (313c0c6), closes #​63 #​80
• release-please config (#​189) (2443d10)

3.0.1 (2024-06-14)

Bug Fixes

• add name to recommended flat config (#​161) (aa1c8c5)

3.0.1 (2024-06-13)

Bug Fixes

• add name to recommended flat config (#​161) (aa1c8c5)

v2.1.1

Compare Source

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)

Features

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146) (df1b606)

Bug Fixes

• Ensure everything works with ESLint v9 (#​145) (ac50ab4)

2.1.1 (2024-02-14)

Bug Fixes

• Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)

v2.1.0

Compare Source

⚠ BREAKING CHANGES

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146)

Features

• requires node ^18.18.0 || ^20.9.0 || >=21.1.0 (#​146) (df1b606)

Bug Fixes

• Ensure everything works with ESLint v9 (#​145) (ac50ab4)

2.1.1 (2024-02-14)

Bug Fixes

• Ensure empty eval() doesn't crash detect-eval-with-expression (#​139) (8a7c7db)

v2.0.0

Compare Source

⚠ BREAKING CHANGES

• switch the recommended config to flat (#​118)

Features

• switch the recommended config to flat (#​118) (e20a366)

1.7.1 (2023-02-02)

Bug Fixes

• false positives for static expressions in detect-non-literal-fs-filename, detect-child-process, detect-non-literal-regexp, and detect-non-literal-require (#​109) (56102b5)

---

Configuration

📅 Schedule: (in timezone Asia/Jerusalem)

• Branch creation
  • "after 10pm every weekday,every weekend,before 5am every weekday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[vercel]

Your Vercel team Allen Zhou is not permitted to deploy from this git repository. Contact an administrator to add github organization descope as a Protected Git Scope in Allen Zhou on Vercel. Once added, commit again to see your changes.

Learn more: https://vercel.com/docs/security/protected-git-scopes