[Snyk] Upgrade eslint-plugin-import from 2.27.5 to 2.32.0

[Dargon789]

Snyk has created this PR to upgrade eslint-plugin-import from 2.27.5 to 2.32.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.

• The recommended version was released 3 months ago.

Release notes

Package name: eslint-plugin-import

• 2.32.0 - 2025-06-20
  

  Added

  • add enforce-node-protocol-usage rule and import/node-version setting (#3024, thanks @ GoldStrikeArch and @ sevenc-nanashi)
  • add TypeScript types (#3097, thanks @ G-Rath)
  • extensions: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks @ Xunnamius)
  • order: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks @ Xunnamius)
  • order: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks @ Xunnamius)
  • order: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks @ Xunnamius)

  Fixed

  • no-unused-modules: provide more meaningful error message when no .eslintrc is present (#3116, thanks @ michaelfaith)
  • configs: added missing name attribute for eslint config inspector (#3151, thanks @ NishargShah)
  • order: ensure arcane imports do not cause undefined behavior (#3128, thanks @ Xunnamius)
  • order: resolve undefined property access issue when using named ordering (#3166, thanks @ Xunnamius)
  • enforce-node-protocol-usage: avoid a crash with some TS code (#3173, thanks @ ljharb)
  • order: codify invariants from docs into config schema (#3152, thanks @ Xunnamius)

  Changed

  • [Docs] extensions, order: improve documentation (#3106, thanks @ Xunnamius)
  • [Docs] add flat config guide for using tseslint.config() (#3125, thanks @ lnuvy)
  • [Docs] add missing comma (#3122, thanks @ RyanGst)
  • [readme] Update flatConfig example to include typescript config (#3138, thanks @ intellix)
  • [Refactor] order: remove unnecessary negative check (#3167, thanks @ JounQin)
  • [Docs] no-unused-modules: add missing double quote (#3191, thanks @ albertpastrana)
  • [Docs] no-restricted-paths: clarify wording and fix errors (#3172, thanks @ greim)
• 2.31.0 - 2024-10-03
  

  Added

  • support eslint v9 (#2996, thanks @ G-Rath @ michaelfaith)
  • order: allow validating named imports (#3043, thanks @ manuth)
  • extensions: add the checkTypeImports option (#2817, thanks @ phryneas)

  Fixed

  • ExportMap / flat config: include languageOptions in context (#3052, thanks @ michaelfaith)
  • no-named-as-default: Allow using an identifier if the export is both a named and a default export (#3032, thanks @ akwodkiewicz)
  • export: False positive for exported overloaded functions in TS (#3065, thanks @ liuxingbaoyu)
  • exportMap: export map cache is tainted by unreliable parse results (#3062, thanks @ michaelfaith)
  • exportMap: improve cacheKey when using flat config (#3072, thanks @ michaelfaith)
  • adjust "is source type module" checks for flat config (#2996, thanks @ G-Rath)

  Changed

  • [Docs] no-relative-packages: fix typo (#3066, thanks @ joshuaobrien)
  • [Performance] no-cycle: dont scc for each linted file (#3068, thanks @ soryy708)
  • [Docs] no-cycle: add disableScc to docs (#3070, thanks @ soryy708)
  • [Tests] use re-exported RuleTester (#3071, thanks @ G-Rath)
  • [Docs] no-restricted-paths: fix grammar (#3073, thanks @ unbeauvoyage)
  • [Tests] no-default-export, no-named-export: add test case (thanks @ G-Rath)
• 2.30.0 - 2024-09-03
  

  Added

  • dynamic-import-chunkname: add allowEmpty option to allow empty leading comments (#2942, thanks [@ JiangWeixian])
  • dynamic-import-chunkname: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode (#3004, thanks @ amsardesai)
  • no-unused-modules: Add ignoreUnusedTypeExports option (#3011, thanks @ silverwind)
  • add support for Flat Config (#3018, thanks @ michaelfaith)

  Fixed

  • no-extraneous-dependencies: allow wrong path (#3012, thanks @ chabb)
  • no-cycle: use scc algorithm to optimize (#2998, thanks @ soryy708)
  • no-duplicates: Removing duplicates breaks in TypeScript (#3033, thanks @ yesl-kim)
  • newline-after-import: fix considerComments option when require (#2952, thanks @ developer-bandi)
  • order: do not compare first path segment for relative paths (#2682) (#2885, thanks @ mihkeleidast)

  Changed

  • [Docs] no-extraneous-dependencies: Make glob pattern description more explicit (#2944, thanks @ mulztob)
  • no-unused-modules: add console message to help debug #2866
  • [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap (#2982, thanks @ soryy708)
  • [Refactor] ExportMap: separate ExportMap instance from its builder logic (#2985, thanks @ soryy708)
  • [Docs] order: Add a quick note on how unbound imports and --fix (#2640, thanks @ minervabot)
  • [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) (#2987, thanks @ joeyguerra)
  • [actions] migrate OSX tests to GHA (ljharb#37, thanks @ aks-)
  • [Refactor] exportMapBuilder: avoid hoisting (#2989, thanks @ soryy708)
  • [Refactor] ExportMap: extract "builder" logic to separate files (#2991, thanks @ soryy708)
  • [Docs] order: update the description of the pathGroupsExcludedImportTypes option (#3036, thanks @ liby)
  • [readme] Clarify how to install the plugin (#2993, thanks @ jwbth)
• 2.29.1 - 2023-12-14
• 2.29.0 - 2023-10-23
• 2.28.1 - 2023-08-18
• 2.28.0 - 2023-07-28
• 2.27.5 - 2023-01-16

from eslint-plugin-import GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 4 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/dargon789s-projects?upgradeToPro=build-rate-limit

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request automates the upgrade of the eslint-plugin-import dependency to its latest stable version. This update ensures the project benefits from the newest linting rules, bug fixes, and performance enhancements, contributing to a more robust and maintainable codebase.

Highlights

• Dependency Upgrade: Upgraded the eslint-plugin-import dependency from version 2.27.5 to 2.32.0.
• New Features and Enhancements: Introduces a new enforce-node-protocol-usage rule, adds TypeScript types, and enhances existing rules like extensions and order with new options for improved import management and sorting.
• ESLint v9 and Flat Config Support: Includes support for ESLint v9 and the new Flat Config format, improving compatibility with modern ESLint setups.
• Bug Fixes and Performance Improvements: Addresses several bug fixes across various rules (e.g., no-unused-modules, no-named-as-default, export) and includes performance optimizations for rules like no-cycle.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/eslint-plugin-import	2.32.0	🟢 6.1	Details Check Score Reason Code-Review 🟢 6 Found 19/30 approved changesets -- score normalized to 6 Maintained 🟢 10 6 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• packages/hardhat-truffle5/package.json

[gemini-code-assist]

Code Review

This pull request upgrades eslint-plugin-import for the hardhat-truffle5 package. While this is a beneficial update, I've identified an inconsistency. The same dependency exists in the hardhat-web3 package but is not being updated, which could lead to issues. My review comment provides details on this and recommends updating the dependency across all relevant packages in the monorepo for consistency.

[gemini-code-assist]

While updating this dependency is a good step, I've noticed that another package in this monorepo, hardhat-web3, also depends on eslint-plugin-import but is not being updated in this PR (it remains on version 2.27.5 in packages/hardhat-web3/package.json). To maintain consistency and avoid potential issues arising from different versions of the same dependency within the project, it would be best to update it in all packages simultaneously.