Bump eslint-plugin-react-hooks from 6.0.0-rc.2 to 7.0.1

[dependabot]

Bumps eslint-plugin-react-hooks from 6.0.0-rc.2 to 7.0.1.

Changelog

Sourced from eslint-plugin-react-hooks's changelog.

7.0.1

• Disallowed passing inline useEffectEvent values as JSX props to guard against accidental propagation. (#34820 by @​jf-eirinha)
• Switch to export = so eslint-plugin-react-hooks emits correct types for consumers in Node16 ESM projects. (#34949 by @​karlhorky)
• Tightened the typing of configs.flat so the configs export is always defined. (#34950 by @​poteto)
• Fix named import runtime errors. (#34951, #34953 by @​karlhorky)

7.0.0

This release slims down presets to just 2 configurations (recommended and recommended-latest), and all compiler rules are enabled by default.

• Breaking: Removed recommended-latest-legacy and flat/recommended configs. The plugin now provides recommended (legacy and flat configs with all recommended rules), and recommended-latest (legacy and flat configs with all recommended rules plus new bleeding edge experimental compiler rules). (@​poteto in #34757)

6.1.1

Note: 6.1.0 accidentally allowed use of recommended without flat config, causing errors when used with ESLint v9's defineConfig() helper. This has been fixed in 6.1.1.

• Fix recommended config for flat config compatibility. The recommended config has been converted to flat config format. Non-flat config users should use recommended-legacy instead. (@​poteto in #34700)
• Add recommended-latest and recommended-latest-legacy configs that include React Compiler rules. (@​poteto in #34675)
• Remove unused NoUnusedOptOutDirectives rule. (@​poteto in #34703)
• Remove hermes-parser and dependency. (@​poteto in #34719)
• Remove @babel/plugin-proposal-private-methods dependency. (@​ArnaudBarre and @​josephsavona in #34715)
• Update for Zod v3/v4 compatibility. (@​kolian and @​josephsavona in #34717)

6.1.0

Note: Version 6.0.0 was mistakenly released and immediately deprecated and untagged on npm. This is the first official 6.x major release and includes breaking changes.

• Breaking: Require Node.js 18 or newer. (@​michaelfaith in #32458)
• Breaking: Flat config is now the default recommended preset. Legacy config moved to recommended-legacy. (@​michaelfaith in #32457)
• New Violations: Disallow calling use within try/catch blocks. (@​poteto in #34040)
• New Violations: Disallow calling useEffectEvent functions in arbitrary closures. (@​jbrown215 in #33544)
• Handle React.useEffect in addition to useEffect in rules-of-hooks. (@​Ayc0 in #34076)
• Added react-hooks settings config option that to accept additionalEffectHooks that are used across exhaustive-deps and rules-of-hooks rules. (@​jbrown215) in #34497

6.0.0

Accidentally released. See 6.1.0 for the actual changes.

5.2.0

• Support flat config (@​michaelfaith in #30774)
• Convert the plugin to TypeScript and provide package type declarations (@​michaelfaith in #32279, #32283, #32240, #32400 and @​poteto in #32420)
• Fix false positive error in components with do/while loops (@​tyxla in #31720)
• Detect issues in class properties (@​mjesun & @​ecraig12345 in #31823)

5.1.0

• Add support for do/while loops (@​tyxla in #28714)
• Fix error when callback argument is an identifier with an as expression (@​mskelton in #31119)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​eslint-plugin-react-hooks@​6.0.0-rc.2 ⏵ 7.0.1	+1		+1	+1

View full report

[ravicious]

Need to investigate if preserve-manual-memoization is still noisy after the update (#59134).

teleport/web/packages/build/eslint.config.mjs

Lines 153 to 164 in 2b86a9e

	// Enable recommended react-hooks rules as warnings.
	...Object.fromEntries(
	Object.entries(reactHooksPlugin.configs.recommended.rules).map(
	([ruleName]) => [ruleName, 'warn']
	)
	),
	// This rule is noisy, its message does not explain how to address the issue and in the
	// release candidate version it seems to report false positives. Turn it back on once those
	// concerns are addressed.
	// https://github.com/facebook/react/issues/34289
	// https://github.com/facebook/react/issues/34313
	'react-hooks/preserve-manual-memoization': 'off',

[ravicious]

preserve-manual-memoization is still noisy, so I'm not re-enabling it.

I check if it's noisy by turning it into a warning, restarting my LSP and then checking if it shows a big warning throughout this function:

teleport/web/packages/teleport/src/WorkloadIdentity/WorkloadIdentities.tsx

Lines 84 to 104 in eadc668

	const handleFetchNext = useCallback(() => {
	const search = new URLSearchParams(location.search);
	search.set('page', data?.next_page_token ?? '');
	history.replace(
	{
	pathname: location.pathname,
	search: search.toString(),
	},
	{
	prevPageTokens: [...prevPageTokens, pageToken],
	}
	);
	}, [
	data?.next_page_token,
	history,
	location.pathname,
	location.search,
	pageToken,
	prevPageTokens,
	]);

It seems that the problem is pageToken. React Compiler thinks it can be mutated later. I guess it's true but I don't see how it's different from other deps in this callback.

Someone made an issue about it: facebook/react#34924