chore(deps): update dependency eslint to v9.26.0 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
eslint (source)	9.25.1 → 9.26.0

GitHub Vulnerability Alerts

CVE-2025-50537

Withdrawn Advisory

This advisory has been withdrawn because RuleTester is used for testing rules during development and results in a error rather than crashing the application.

Original Description

There is a Stack Overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a Stack Overflow.

---

Release Notes

eslint/eslint (eslint)

v9.26.0

Compare Source

Features

• e9754e7 feat: add reportGlobalThis to no-shadow-restricted-names (#​19670) (sethamus)
• 0fa2b7a feat: add suggestions for eqeqeq rule (#​19640) (Nitin Kumar)
• dcbdcc9 feat: Add MCP server (#​19592) (Nicholas C. Zakas)
• 2dfd83e feat: add ignoreDirectives option in no-unused-expressions (#​19645) (sethamus)

Bug Fixes

• 96e84de fix: check cache file existence before deletion (#​19648) (sethamus)
• d683aeb fix: don't crash on tests with circular references in RuleTester (#​19664) (Milos Djermanovic)
• 9736d5d fix: add namespace to Plugin.meta type (#​19661) (Milos Djermanovic)
• 17bae69 fix: update RuleTester.run() type (#​19634) (Nitin Kumar)

Documentation

• dd98d63 docs: Update README (GitHub Actions Bot)
• c25e858 docs: Update README (GitHub Actions Bot)
• b2397e9 docs: Update README (GitHub Actions Bot)
• addd0a6 docs: fix formatting of unordered lists in Markdown (#​19660) (Milos Djermanovic)
• a21b38d docs: Update README (GitHub Actions Bot)
• c0721a7 docs: fix double space in command (#​19657) (CamWass)

Chores

• 5b247c8 chore: upgrade to @eslint/js@9.26.0 (#​19681) (Francesco Trotta)
• d6fa4ac chore: package.json update for @​eslint/js release (Jenkins)
• 0958690 chore: disambiguate internal types LanguageOptions and Rule (#​19669) (Francesco Trotta)
• f1c858e chore: fix internal type references to Plugin and Rule (#​19665) (Francesco Trotta)
• 40dd299 refactor: One-shot ESQuery selector analysis (#​19652) (Nicholas C. Zakas)
• 1cfd702 chore: update dependency @​eslint/json to ^0.12.0 (#​19656) (renovate[bot])

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5338c1c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

unioc

npm i https://pkg.pr.new/iocjs/unioc@210

@unioc/adapter-midway

npm i https://pkg.pr.new/iocjs/unioc/@unioc/adapter-midway@210

@unioc/adapter-nestjs

npm i https://pkg.pr.new/iocjs/unioc/@unioc/adapter-nestjs@210

@unioc/commander

npm i https://pkg.pr.new/iocjs/unioc/@unioc/commander@210

create-unioc

npm i https://pkg.pr.new/iocjs/unioc/create-unioc@210

@unioc/core

npm i https://pkg.pr.new/iocjs/unioc/@unioc/core@210

@unioc/decorator

npm i https://pkg.pr.new/iocjs/unioc/@unioc/decorator@210

@unioc/meta

npm i https://pkg.pr.new/iocjs/unioc/@unioc/meta@210

@unioc/reflector

npm i https://pkg.pr.new/iocjs/unioc/@unioc/reflector@210

@unioc/shared

npm i https://pkg.pr.new/iocjs/unioc/@unioc/shared@210

@unioc/web

npm i https://pkg.pr.new/iocjs/unioc/@unioc/web@210

@unioc/web-bun

npm i https://pkg.pr.new/iocjs/unioc/@unioc/web-bun@210

@unioc/web-express

npm i https://pkg.pr.new/iocjs/unioc/@unioc/web-express@210

@unioc/web-koa

npm i https://pkg.pr.new/iocjs/unioc/@unioc/web-koa@210

commit: 5338c1c