Skip to content

fix(deps): update eslint (minor) #990

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update eslint (minor) #990

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 27, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
eslint (source) >=9.38.0>=9.39.2 age confidence
eslint-plugin-react-refresh 0.4.260.5.0 age confidence

Release Notes

eslint/eslint (eslint)

v9.39.2

Compare Source

v9.39.1

Compare Source

v9.39.0

Compare Source

ArnaudBarre/eslint-plugin-react-refresh (eslint-plugin-react-refresh)

v0.5.0

Compare Source

Breaking changes
  • The package now ships as ESM and requires ESLint 9 + node 20. Because legacy config doesn't support ESM, this requires to use flat config
  • A new reactRefresh export is available and prefered over the default export. It's an object with two properties:
    • plugin: The plugin object with the rules
    • configs: An object containing configuration presets, each exposed as a function. These functions accept your custom options, merge them with sensible defaults for that config, and return the final config object.
  • customHOCs option was renamed to extraHOCs
  • Validation of HOCs calls is now more strict, you may need to add some HOCs to the extraHOCs option

Config example:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig(
  /* Main config */
  reactRefresh.configs.vite({ extraHOCs: ["someLibHOC"] }),
);

Config example without config:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig({
  files: ["**/*.ts", "**/*.tsx"],
  plugins: {
    // other plugins
    "react-refresh": reactRefresh.plugin,
  },
  rules: {
    // other rules
    "react-refresh/only-export-components": [
      "warn",
      { extraHOCs: ["someLibHOC"] },
    ],
  },
});
Why

This version follows a revamp of the internal logic to better make the difference between random call expressions like export const Enum = Object.keys(Record) and actual React HOC calls like export const MemoComponent = memo(Component). (fixes #​93)

The rule now handles ternaries and patterns like export default customHOC(props)(Component) which makes it able to correctly support files like this one given this config:

{
  "react-refresh/only-export-components": [
    "warn",
    { "extraHOCs": ["createRootRouteWithContext"] }
  ]
}

[!NOTE]
Actually createRoute functions from TanStack Router are not React HOCs, they return route objects that fake to be a memoized component but are not. When only doing createRootRoute({ component: Foo }), HMR will work fine, but as soon as you add a prop to the options that is not a React component, HMR will not work. I would recommend to avoid adding any TanStack function to extraHOCs it you want to preserve good HMR in the long term. Bluesky thread.

Because I'm not 100% sure this new logic doesn't introduce any false positive, this is done in a major-like version. This also give me the occasion to remove the hardcoded connect from the rule. If you are using connect from react-redux, you should now add it to extraHOCs like this:

{
  "react-refresh/only-export-components": ["warn", { "extraHOCs": ["connect"] }]
}

Configuration

📅 Schedule: Branch creation - "after 1am and before 5am every weekend" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the eslint label Dec 27, 2025
@renovate renovate bot requested a review from prisis as a code owner December 27, 2025 00:57
@renovate renovate bot added the eslint label Dec 27, 2025
@coderabbitai
Copy link

coderabbitai bot commented Dec 27, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 27, 2025
edited
Loading

Thank you for following the naming conventions! 🙏

@renovate renovate bot force-pushed the renovate/eslint branch from e9cc35d to fbd6eb4 Compare January 3, 2026 00:43
@renovate renovate bot changed the title fix(deps): update dependency eslint to >=9.39.2 fix(deps): update eslint (minor) Jan 3, 2026
@renovate renovate bot force-pushed the renovate/eslint branch 2 times, most recently from 1835405 to 82c6fe4 Compare January 17, 2026 00:27
@renovate renovate bot force-pushed the renovate/eslint branch 2 times, most recently from eae6d37 to 4c065da Compare January 24, 2026 01:17
@socket-security
Copy link

socket-security bot commented Jan 24, 2026
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@renovate renovate bot force-pushed the renovate/eslint branch 2 times, most recently from ab291c3 to 6969c61 Compare January 31, 2026 01:04
@renovate renovate bot changed the title fix(deps): update eslint (minor) fix(deps): update dependency eslint to >=9.39.2 Jan 31, 2026
@renovate
fix(deps): update eslint
c256152 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
@renovate renovate bot force-pushed the renovate/eslint branch from 6969c61 to c256152 Compare February 7, 2026 00:46
@renovate renovate bot changed the title fix(deps): update dependency eslint to >=9.39.2 fix(deps): update eslint (minor) Feb 7, 2026
@socket-security
Copy link

socket-security bot commented Feb 7, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedeslint-plugin-react-refresh@​0.5.010010010093100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisis prisis Awaiting requested review from prisis prisis is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

eslint package: eslint-config

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants