Bump eslint-plugin-react-hooks from 7.0.1 to 7.1.1

[dependabot]

Bumps eslint-plugin-react-hooks from 7.0.1 to 7.1.1.

Release notes

Sourced from eslint-plugin-react-hooks's releases.

eslint-plugin-react-hooks@7.1.1 (April 17, 2026)

Note: 7.1.0 accidentally removed the component-hook-factories rule, causing errors for users who referenced it in their ESLint config. This is now fixed.

• Add deprecated no-op component-hook-factories rule for backwards compatibility. (@​mofeiZ in #36307)

eslint-plugin-react-hooks@7.1.0 (April 16, 2026)

This release adds ESLint v10 support, improves performance by skipping compilation for non-React files, and includes compiler lint improvements including better set-state-in-effect detection, improved ref validation, and more helpful error reporting.

• Add ESLint v10 support. (@​nicolo-ribaudo in #35720)
• Skip compilation for non-React files to improve performance. (@​josephsavona in #35589)
• Fix exhaustive deps bug with Flow type casting. (@​jorge-cab in #35691)
• Fix useEffectEvent checks in component syntax. (@​jbrown215 in #35041)
• Improved set-state-in-effect validation with fewer false negatives. (@​jorge-cab in #35134, @​josephsavona in #35147, @​jackpope in #35214, @​chesnokov-tony in #35419, @​jsleitor in #36107)
• Improved ref validation for non-mutating functions and event handler props. (@​josephsavona in #35893, @​kolvian in #35062)
• Compiler now reports all errors instead of stopping at the first. (@​josephsavona in #35873–#35884)
• Improved source locations and error display in compiler diagnostics. (@​nathanmarks in #35348, @​josephsavona in #34963)

Changelog

Sourced from eslint-plugin-react-hooks's changelog.

7.1.1

Note: 7.1.0 accidentally removed the component-hook-factories rule, causing errors for users who referenced it in their ESLint config. This is now fixed.

• Add deprecated no-op component-hook-factories rule for backwards compatibility. (@​mofeiZ in #36307)

7.1.0

This release adds ESLint v10 support, improves performance by skipping compilation for non-React files, and includes compiler lint improvements including better set-state-in-effect detection, improved ref validation, and more helpful error reporting.

• Add ESLint v10 support. (@​nicolo-ribaudo in #35720)
• Skip compilation for non-React files to improve performance. (@​josephsavona in #35589)
• Fix exhaustive deps bug with Flow type casting. (@​jorge-cab in #35691)
• Fix useEffectEvent checks in component syntax. (@​jbrown215 in #35041)
• Improved set-state-in-effect validation with fewer false negatives. (@​jorge-cab in #35134, @​josephsavona in #35147, @​jackpope in #35214, @​chesnokov-tony in #35419, @​jsleitor in #36107)
• Improved ref validation for non-mutating functions and event handler props. (@​josephsavona in #35893, @​kolvian in #35062)
• Compiler now reports all errors instead of stopping at the first. (@​josephsavona in #35873–#35884)
• Improved source locations and error display in compiler diagnostics. (@​nathanmarks in #35348, @​josephsavona in #34963)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/eslint-plugin-react-hooks	7.1.1	🟢 6.6	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 2 SAST tool is not run on all commits -- score normalized to 2

Scanned Files

• package-lock.json