[Snyk] Upgrade eslint-plugin-prettier from 4.2.1 to 5.5.4

[hashim21223445]

Snyk has created this PR to upgrade eslint-plugin-prettier from 4.2.1 to 5.5.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 26 versions ahead of your current version.

• The recommended version was released 4 months ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	57	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	57	Proof of Concept

Release notes

Package name: eslint-plugin-prettier

• 5.5.4 - 2025-08-06
  

  Patch Changes

  • #755 723f7a8 Thanks @ kbrilla! - fix: add 'oxc', 'oxc-ts' and 'hermes' parsers to parserBlocklist

  • #751 cf52b30 Thanks @ andreww2012! - fix: disallow extra properties in rule options

• 5.5.3 - 2025-07-18
  

  republish the latest version

  Full Changelog: v5.5.2...v5.5.3

• 5.5.2 - 2025-07-18
  

  republish the latest version

  Full Changelog: v5.5.1...v5.5.2

• 5.5.1 - 2025-06-25
  

  Patch Changes

  • #748 bfd1e95 Thanks @ JounQin! - fix: use prettierRcOptions directly for prettier 3.6+

  Full Changelog: v5.5.0...v5.5.1

• 5.5.0 - 2025-06-17
  

  Minor Changes

  • #743 92f2c9c Thanks @ dotcarmen! - feat: support non-js languages like css for @ eslint/css and json for @ eslint/json

  New Contributors

  • @ dotcarmen made their first contribution in #743

  Full Changelog: v5.4.1...v5.5.0

• 5.4.1 - 2025-05-30
  

  Patch Changes

  • #740 c21521f Thanks @ JounQin! - fix(deps): bump synckit to v0.11.7 to fix potential TypeError: Cannot read properties of undefined (reading 'message') error

  Full Changelog: v5.4.0...v5.4.1

• 5.4.0 - 2025-05-05
  

  Minor Changes

  • #736 59a0cae Thanks @ yashtech00! - refactor: migrate worker.js to worker.mjs
• 5.3.1 - 2025-05-04
  

  Patch Changes

  • #734 dcf2c80 Thanks @ JounQin! - ci: enable NPM_CONFIG_PROVENANCE env

  Full Changelog: v5.3.0...v5.3.1

• 5.3.0 - 2025-05-04
• 5.2.6 - 2025-04-02
• 5.2.5 - 2025-03-25
• 5.2.4 - 2025-03-24
• 5.2.3 - 2025-01-19
• 5.2.2 - 2025-01-15
• 5.2.1 - 2024-07-17
• 5.1.3 - 2024-01-10
• 5.1.2 - 2023-12-24
• 5.1.1 - 2023-12-21
• 5.1.0 - 2023-12-19
• 5.0.1 - 2023-10-11
• 5.0.0 - 2023-07-11
• 5.0.0-alpha.2 - 2023-07-06
• 5.0.0-alpha.1 - 2023-03-10
• 5.0.0-alpha.0 - 2022-09-02
• 4.2.5 - 2025-07-18
  

  republish the v4 version

  Full Changelog: v4.2.4...v4.2.5

• 4.2.4 - 2025-07-18
  

  republish the v4 version

  Full Changelog: v4.2.1...v4.2.4

• 4.2.1 - 2022-06-30

from eslint-plugin-prettier GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	0% smaller

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[gemini-code-assist]

Summary of Changes

Hello @hashim21223445, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the eslint-plugin-prettier development dependency to its latest stable version, 5.5.4. The primary motivation is to patch several critical security vulnerabilities, specifically Regular Expression Denial of Service (ReDoS) issues. As this involves a major version bump, it may introduce breaking changes, and careful review of the updated release notes is recommended to ensure compatibility and leverage new features such as extended language support and improved parser handling.

Highlights

• Dependency Upgrade: Upgraded the eslint-plugin-prettier development dependency from version "4.2.1" to "5.5.4". This is a major version upgrade, spanning 26 versions and released approximately 4 months ago.
• Security Fixes: This upgrade addresses multiple Regular Expression Denial of Service (ReDoS) vulnerabilities, including several high-severity issues (SNYK-JS-CROSSSPAWN-8303230, SNYK-JS-SEMVER-3247795) and low-severity issues (SNYK-JS-BRACEEXPANSION-9789073, npm:debug:20170905).
• New Features and Improvements: The new versions introduce support for non-JavaScript languages (like CSS and JSON) in ESLint, add 'oxc', 'oxc-ts', and 'hermes' parsers to the parserBlocklist, and enforce stricter rule option validation by disallowing extra properties.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This PR upgrades eslint-plugin-prettier from v4.2.1 to v5.5.4, a major version bump intended to fix several security vulnerabilities. My review highlights the potential for breaking changes, which is common with major version updates of linting tools. The security improvements are valuable, but it's important to be aware of the potential impact on the build process.

[gemini-code-assist]

Upgrading eslint-plugin-prettier across a major version (v4 to v5) introduces a risk of breaking changes. Linting rules may have been added, removed, or their behavior altered, which could cause the npm run lint command to fail. While this upgrade is important for security, it's worth noting this potential impact on the CI build.