[Snyk] Upgrade eslint-plugin-prettier from 3.4.0 to 5.4.1 #776

snyk-io · 2025-06-22T15:28:35Z

Snyk has created this PR to upgrade eslint-plugin-prettier from 3.4.0 to 5.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 24 versions ahead of your current version.
The recommended version was released 23 days ago.

Release notes

Package name: eslint-plugin-prettier

5.4.1 - 2025-05-30
Patch Changes
- #740 c21521f Thanks @ JounQin! - fix(deps): bump synckit to v0.11.7 to fix potential TypeError: Cannot read properties of undefined (reading 'message') error
Full Changelog: v5.4.0...v5.4.1
5.4.0 - 2025-05-05
Minor Changes
- #736 59a0cae Thanks @ yashtech00! - refactor: migrate worker.js to worker.mjs
5.3.1 - 2025-05-04
Patch Changes
- #734 dcf2c80 Thanks @ JounQin! - ci: enable NPM_CONFIG_PROVENANCE env
Full Changelog: v5.3.0...v5.3.1
5.3.0 - 2025-05-04
Minor Changes
- #674 6fe0c90 Thanks @ irsooti! - feat(types): prefer Config over FlatConfig when they're equal
New Contributors
- @ irsooti made their first contribution in #674
- @ yashtech00 made their first contribution in #729
Full Changelog: v5.2.6...v5.3.0
5.2.6 - 2025-04-02
Patch Changes
- #723 1451176 Thanks @ renovate! - fix(deps): bump synckit to v0.11.0
Full Changelog: v5.2.5...v5.2.6
5.2.5 - 2025-03-25
Patch Changes
- #721 4f5513d Thanks @ JounQin! - fix: clarify correct eslint-config-prettier peer range
Full Changelog: v5.2.4...v5.2.5
5.2.4 - 2025-03-24
Patch Changes
- #715 b8cfe56 Thanks @ JounQin! - chore: hourcekeeping, bump all (dev) deps
Full Changelog: v5.2.3...v5.2.4
5.2.3 - 2025-01-19
Patch Changes
- #703 9c6141f Thanks @ BPScott! - Add name field to recommended flat config
Full Changelog: v5.2.2...v5.2.3
5.2.2 - 2025-01-15
Patch Changes
- #700 aa5b59f Thanks @ ntnyq! - fix: report node when loc not found
What's Changed
- docs(README): fixes legacy ESlint configs link by @ 2KAbhishek in #686
- fix: report node when loc not found by @ ntnyq in #700
New Contributors
- @ 2KAbhishek made their first contribution in #686
- @ ntnyq made their first contribution in #700
Full Changelog: v5.2.1...v5.2.2
5.2.1 - 2024-07-17
Patch Changes
- #668 ac036cc Thanks @ OrlovAlexei! - build(deps): Bump synckit from 0.8.6 to 0.9.1
New Contributors
- @ Logicer16 made their first contribution in #652
- @ OrlovAlexei made their first contribution in #668
Full Changelog: v5.1.3...v5.2.1
5.1.3 - 2024-01-10
5.1.2 - 2023-12-24
5.1.1 - 2023-12-21
5.1.0 - 2023-12-19
5.0.1 - 2023-10-11
5.0.0 - 2023-07-11
5.0.0-alpha.2 - 2023-07-06
5.0.0-alpha.1 - 2023-03-10
5.0.0-alpha.0 - 2022-09-02
4.2.1 - 2022-06-30
4.2.0 - 2022-06-30
4.1.0 - 2022-06-27
4.0.0 - 2021-08-30
3.4.1 - 2021-08-20
3.4.0 - 2021-04-15

from eslint-plugin-prettier GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Build:

Bump eslint-plugin-prettier from 3.4.0 to 5.4.1

Snyk has created this PR to upgrade eslint-plugin-prettier from 3.4.0 to 5.4.1. See this package in npm: eslint-plugin-prettier See this project in Snyk: https://app.snyk.io/org/dargon789/project/d522020c-9d84-4495-aa10-33310bcfd03f?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

vercel · 2025-06-22T15:28:36Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
hardhat-project-uz7z	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 22, 2025 3:29pm

codesandbox · 2025-06-22T15:28:39Z

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

sourcery-ai · 2025-06-22T15:28:40Z

Reviewer's Guide

This PR upgrades the eslint-plugin-prettier dependency from v3.4.0 to v5.4.1 in the hardhat-network-helpers package by updating version references and regenerating lock data to bring in the latest fix and keep dependencies current.

File-Level Changes

Change	Details	Files
Bump eslint-plugin-prettier to latest major version	Updated version string from 3.4.0 to 5.4.1 Reran install to update lockfile entries	`packages/hardhat-network-helpers/package.json`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

github-actions · 2025-06-22T15:28:47Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

npm/eslint-plugin-prettier

5.4.1

🟢 6.3

Details

Check	Score	Reason
Code-Review	🟢 3	Found 5/15 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	24 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

Scanned Files

packages/hardhat-network-helpers/package.json

socket-security · 2025-06-22T15:29:59Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	lodash.memoize@4.1.2
	lodash.clonedeep@4.5.0
	get-port@5.1.1
	io-ts@1.10.4
	lodash@4.17.21
	keccak@3.0.4
	glob@7.2.0
	hardhat-gas-reporter@1.0.10
	hardhat@2.22.19
	immutable@4.3.7
	jest-diff@29.7.0
	some-lib@1.2.3

View full report

socket-security · 2025-06-22T15:30:01Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		`glob@7.2.0` has a License Policy Violation. License: CC-BY-SA-4.0 (package/LICENSE) From: pnpm-lock.yaml → `npm/glob@7.2.0` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/glob@7.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`highlightjs-solidity@2.0.6` has a License Policy Violation. License: WTFPL (package/LICENSE) From: pnpm-lock.yaml → `npm/@nomiclabs/truffle-contract@4.5.10` → `npm/highlightjs-solidity@2.0.6` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/highlightjs-solidity@2.0.6`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`har-validator@5.1.5` is Deprecated. Reason: this library is no longer supported From: pnpm-lock.yaml → `npm/har-validator@5.1.5` ℹ Read more on: This package \| This alert \| What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/har-validator@5.1.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`inflight@1.0.6` is Deprecated. Reason: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. From: pnpm-lock.yaml → `npm/glob@7.2.0` → `npm/inflight@1.0.6` ℹ Read more on: This package \| This alert \| What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/inflight@1.0.6`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		`lodash.get@4.4.2` is Deprecated. Reason: This package is deprecated. Use the optional chaining (?.) operator instead. From: pnpm-lock.yaml → `npm/lodash.get@4.4.2` ℹ Read more on: This package \| This alert \| What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/lodash.get@4.4.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

vercel bot deployed to Preview June 22, 2025 15:29 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade eslint-plugin-prettier from 3.4.0 to 5.4.1 #776

[Snyk] Upgrade eslint-plugin-prettier from 3.4.0 to 5.4.1 #776

Uh oh!

Patch Changes

Minor Changes

Patch Changes

Minor Changes

New Contributors

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

What's Changed

New Contributors

Patch Changes

New Contributors

Uh oh!

Uh oh!

Uh oh!

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

[Snyk] Upgrade eslint-plugin-prettier from 3.4.0 to 5.4.1 #776

Are you sure you want to change the base?

[Snyk] Upgrade eslint-plugin-prettier from 3.4.0 to 5.4.1 #776

Uh oh!

Conversation

Uh oh!

Snyk has created this PR to upgrade eslint-plugin-prettier from 3.4.0 to 5.4.1.

Patch Changes

Minor Changes

Patch Changes

Minor Changes

New Contributors

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

What's Changed

New Contributors

Patch Changes

New Contributors

Summary by Sourcery

Uh oh!

Uh oh!

Uh oh!

Review or Edit in CodeSandbox

Uh oh!

Uh oh!

Reviewer's Guide

File-Level Changes

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Uh oh!

Uh oh!