Bump @teambit/react.eslint-config-bit-react from 0.0.824 to 1.0.224

[dependabot]

Bumps @teambit/react.eslint-config-bit-react from 0.0.824 to 1.0.224.

Release notes

Sourced from @​teambit/react.eslint-config-bit-react's releases.

v1.0.0

Breaking changes between 1.0.0 and previous versions

These are the major changes coming to version 1.0.0 and how to adapt them to your workflow.

• Default registry for dependency resolution changed for teams using bit.cloud. Starting from version 1.0.0, dependencies will be resolved from node-registry.bit.cloud instead of node.bit.cloud. You will need to delete your lockfile for this to take effect. node.bit.cloud is still supported, but we recommend migrating to node-registry.bit.cloud.
• Remote builds turned "on" by default. This change comes to integrate your workspaces with RippleCI. We urge you to take a look at this flow.
  • If your automation flow uses bit tag --soft and bit tag --persist combo, it is still supported and you do not need to make any changes.
  • If you run your tag or snap fully from your local, you will need to add the --build flag to your syntax, or set bit config set force_local_build true for Bit's local config.

Please read more about these changes in Bit's announcement post for RippleCI on our blog.

Changes

• Set remote build to true to build on Ripple (#7859)
• Set new registry by default (node-registry.bit.cloud) (#7870)
• Skip validating any component issues for components marked to be deleted (#7896)
• Remove versions from lockfile of envs from the current workspace (#7888)
• update command to support multiple, comma-separated patterns (#7881)
• Removed teambit.workspace/variants from base workspace.jsonc template (#7879)
• Removed outdated video from tests blank state screen (#7893)

Performance

• Update pnpm to a newest version that leverages worker threads (#7875)

Bug Fixes

• Re-render bit start when component ID changes, to update according to the current workspace state (#7895)
• Prefer versions in .bitmap to be tags, if possible (#7891)
• Fix issues causing Yarn to fail when configured for bit install (#7887)
• Fix an issue where packages containing hard links failed to extract (#7882)
• Fix links in the component tree where namespace and name are identical (#7861)
• Fix an issue where forked components ported "rename" information from the original component (#7867)
• Improve examples in update's --help output (#7803)
• Fix links to docs from .bitmap (#7869)
• Fix cases where bit start was not open on default browser (#7899)
• Fix a case where previous env was set for a forked component (#7918)
• Fix an issue where generated package.json was in a broken state (#7919)
• Add more descriptive error when there is no scope available on tag (#7912)
• Improve error message when a component template was not found (#7886)
• Stop the checkout if some components failed (#7904)
• Fix issue where a Vue workspace failed to generate (#7894)

Internal

• Reduce the amount of paths ws-config write targets to write config files (#7865)
• Write to fs-cache gracefully (#7883)
• Preserve pnpm stack-trace when re-throwing errors from Bit (#7889)
• Allow passing metadata from the previous build to the deploy pipeline (#7874)

... (truncated)

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

@dependabot merge

[dependabot]

Sorry, only users with push access can use that command.

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[github-actions]

@dependabot merge

[codacy-production]

❌ Codacy found a critical Security issue: Insecure dependency [email protected] (CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function) (update to 0.0.3)

The issue identified by the Trivy linter is a security vulnerability in the trim package, version 0.0.1. This version is susceptible to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expressions used in its implementation. This can potentially be exploited by an attacker to cause the application to slow down or crash by providing specially crafted input data.

To fix this issue, you should update the trim package to a secure version, specifically 0.0.3, which addresses this vulnerability.

Here's the code suggestion to update the version:

Suggested change

	"node_modules/trim": {
	"version": "0.0.3",

---

This comment was generated by an experimental AI tool.