Bump eslint-plugin-jsonc from 2.21.0 to 3.0.1

[dependabot]

Bumps eslint-plugin-jsonc from 2.21.0 to 3.0.1.

Release notes

Sourced from eslint-plugin-jsonc's releases.

v3.0.1

Patch Changes

• #484 8bef6fc Thanks @​ota-meshi! - update @ota-meshi/ast-token-store to v0.3.0

v3.0.0

Major Changes

• #471 d30112b Thanks @​copilot-swe-agent! - Add ESLint language plugin support. The plugin now exports a languages object that provides language implementations for json, jsonc, json5, and x. The shared configurations (base, recommended-with-json, etc.) now use the jsonc-based language implementation by default (via language: "jsonc/x" in ESLint flat config) and have been updated to use the new language plugin approach instead of the parser approach.

• #468 8c87c6c Thanks @​copilot-swe-agent! - Drop support for legacy config. The plugin now exports flat configs as the main configuration format. The previous flat/* namespace is kept for backward compatibility.

• #465 62b2127 Thanks @​copilot-swe-agent! - Drop support for older ESLint versions. The new minimum supported version is ESLint 9.38.0 or later.

• #460 cc949e3 Thanks @​copilot-swe-agent! - Drop support for older Node.js versions. The new minimum supported versions are: ^20.19.0 || ^22.13.0 || >=24

• #469 ee27486 Thanks @​copilot-swe-agent! - Convert to ESM-only package. The plugin now uses tsdown for bundling and is distributed as pure ESM. The package no longer supports CommonJS require() syntax. Users need to use import statements or dynamic import() to load the plugin.

• #466 29e47c4 Thanks @​renovate! - Update dependency jsonc-eslint-parser to v3

• #473 0f6d480 Thanks @​ota-meshi! - feat: include "no-irregular-whitespace" rule in recommended configs

• #477 75304cf Thanks @​ota-meshi! - Removed re-export from jsonc-eslint-parser

Minor Changes

• #474 90c0d61 Thanks @​ota-meshi! - fix: replace espree with jsonc-eslint-parser for tokenization

• #476 633b7d1 Thanks @​ota-meshi! - The JSONCSourceCode, JSONCToken, and JSONCComment types are now provided. Using these types, you can define a RuleContext type that is useful for creating JSON rules.

  e.g.

  import type * as core from "@eslint/core";
  export type RuleContext<RuleOptions extends unknown[] = unknown[]> =
    core.RuleContext<{
      LangOptions: JSONCLanguageOptions;
      Code: JSONCSourceCode;
      RuleOptions: RuleOptions;
      Node: JSONCNodeOrToken;
      MessageIds: string;
    }>;

v2.21.1

Patch Changes

• #447 a8e405a Thanks @​ota-meshi! - fix: compatibility with ESLint v10

Changelog

Sourced from eslint-plugin-jsonc's changelog.

3.0.1

Patch Changes

• #484 8bef6fc Thanks @​ota-meshi! - update @ota-meshi/ast-token-store to v0.3.0

3.0.0

Major Changes

• #471 d30112b Thanks @​copilot-swe-agent! - Add ESLint language plugin support. The plugin now exports a languages object that provides language implementations for json, jsonc, json5, and x. The shared configurations (base, recommended-with-json, etc.) now use the jsonc-based language implementation by default (via language: "jsonc/x" in ESLint flat config) and have been updated to use the new language plugin approach instead of the parser approach.

• #468 8c87c6c Thanks @​copilot-swe-agent! - Drop support for legacy config. The plugin now exports flat configs as the main configuration format. The previous flat/* namespace is kept for backward compatibility.

• #465 62b2127 Thanks @​copilot-swe-agent! - Drop support for older ESLint versions. The new minimum supported version is ESLint 9.38.0 or later.

• #460 cc949e3 Thanks @​copilot-swe-agent! - Drop support for older Node.js versions. The new minimum supported versions are: ^20.19.0 || ^22.13.0 || >=24

• #469 ee27486 Thanks @​copilot-swe-agent! - Convert to ESM-only package. The plugin now uses tsdown for bundling and is distributed as pure ESM. The package no longer supports CommonJS require() syntax. Users need to use import statements or dynamic import() to load the plugin.

• #466 29e47c4 Thanks @​renovate! - Update dependency jsonc-eslint-parser to v3

• #473 0f6d480 Thanks @​ota-meshi! - feat: include "no-irregular-whitespace" rule in recommended configs

• #477 75304cf Thanks @​ota-meshi! - Removed re-export from jsonc-eslint-parser

Minor Changes

• #474 90c0d61 Thanks @​ota-meshi! - fix: replace espree with jsonc-eslint-parser for tokenization

• #476 633b7d1 Thanks @​ota-meshi! - The JSONCSourceCode, JSONCToken, and JSONCComment types are now provided. Using these types, you can define a RuleContext type that is useful for creating JSON rules.

  e.g.

  import type * as core from "@eslint/core";
  export type RuleContext<RuleOptions extends unknown[] = unknown[]> =
    core.RuleContext<{
      LangOptions: JSONCLanguageOptions;
      Code: JSONCSourceCode;
      RuleOptions: RuleOptions;
      Node: JSONCNodeOrToken;
      MessageIds: string;
    }>;

2.21.1

Patch Changes

... (truncated)

Commits

• 16447f1 chore: release eslint-plugin-jsonc (#486)
• 8bef6fc update @ota-meshi/ast-token-store to v0.3.0 (#484)
• 64a85fc chore(deps): update dependency eslint-plugin-node-dependencies to v2 (#481)
• e7034f8 docs: update configuration references in rule documentation to use `configs["...
• 893621b chore(deps): update dependency eslint-plugin-jsonc to v3 (#478)
• 813e326 chore: fix broken link in docs
• ead4b7c chore: release eslint-plugin-jsonc (#467)
• 75304cf Removed re-export from jsonc-eslint-parser (#477)
• 633b7d1 feat: improve type definitions (#476)
• 5a6cd2a feat: language options have been split into 4 (#475)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[guibranco]

Automatically approved by gstraccini[bot]

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eslint-plugin-jsonc@​2.21.0 ⏵ 3.0.1	+1			+5

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Embedded URLs or IPs: npm @eslint/core URLs: https://eslint.org/docs/latest/use/configure/language-options#specifying-parser-options, meta.name, https://eslint.org/docs/latest/use/configure/language-options-deprecated#specifying-parser-options, https://eslint.org/docs/latest/use/configure/, https://eslint.org/docs/latest/use/configure/language-options-deprecated#specifying-environments, https://eslint.org/docs/latest/use/configure/configuration-files-deprecated#extending-configuration-files, https://eslint.org/docs/latest/use/configure/language-options-deprecated#specifying-globals, https://eslint.org/docs/latest/use/configure/rules-deprecated#disabling-inline-comments, https://eslint.org/docs/latest/use/configure/configuration-files-deprecated#how-do-overrides-work, https://eslint.org/docs/latest/extend/custom-parsers, https://eslint.org/docs/latest/use/configure/parser-deprecated, https://eslint.org/docs/latest/use/configure/plugins-deprecated#configure-plugins, https://eslint.org/docs/latest/use/configure/plugins-deprecated#specify-a-processor, https://eslint.org/docs/latest/use/configure/rules-deprecated#report-unused-eslint-disable-comments, https://eslint.org/docs/latest/use/configure/configuration-files-deprecated#adding-shared-settings, https://eslint.org/docs/latest/use/configure/ignore-deprecated#ignorepatterns-in-config-files, https://eslint.org/docs/latest/use/configure/configuration-files-deprecated#using-configuration-files Location: Package overview From: package-lock.json → npm/eslint-plugin-jsonc@3.0.1 → npm/@eslint/core@1.1.0 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@eslint/core@1.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Embedded URLs or IPs: npm eslint-plugin-jsonc URLs: https://ota-meshi.github.io/eslint-plugin-jsonc/rules/, https://github.com/eslint/eslint/issues/15660, http://www.ecma-international.org/ecma-262/5.1/#sec-7.3 Location: Package overview From: package-lock.json → npm/eslint-plugin-jsonc@3.0.1 ℹ Read more on: This package | This alert | What are URL strings? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jsonc@3.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report