[Snyk] Security upgrade eslint from 7.32.0 to 9.0.0

[melvin-bot[bot]]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json

⚠️ Warning

``` Failed to update the package-lock.json, please update manually before merging. ```

#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **631/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.2 | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (#18275)
• 7c957f2 chore: package.json update for @ eslint/js release
• d73a33c chore: ignore `/docs/v8.x` in link checker (#18274)
• d54a412 feat: Add --inspect-config CLI flag (#18270)
• e151050 docs: update get-started to the new `@ eslint/create-config` (#18217)
• 610c148 fix: Support `using` declarations in no-lone-blocks (#18269)
• 44a81c6 chore: upgrade knip (#18272)
• 94178ad docs: mention about `name` field in flat config (#18252)
• 1765c24 docs: add Troubleshooting page (#18181)
• e80b60c chore: remove code for testing version selectors (#18266)
• 96607d0 docs: version selectors synchronization (#18260)
• e508800 fix: rule tester ignore irrelevant test case properties (#18235)
• a129acb fix: flat config name on ignores object (#18258)
• 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (#17662)
• 651ec91 docs: remove `/* eslint-env */` comments from rule examples (#18249)
• 950c4f1 docs: Update README
• 3e9fcea feat: Show config names in error messages (#18256)
• b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (#18232)
• 12f5746 docs: add info about dot files and dir in flat config (#18239)
• b93f408 docs: update shared settings example (#18251)
• 26384d3 docs: fix `ecmaVersion` in one example, add checks (#18241)
• 7747097 docs: Update PR review process (#18233)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/expensify/project/a75415c0-01a0-4906-abb8-070d86e05d58?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/expensify/project/a75415c0-01a0-4906-abb8-070d86e05d58?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"50d5b311-0cd5-4939-94f1-3291856d1f9b","prPublicId":"50d5b311-0cd5-4939-94f1-3291856d1f9b","dependencies":[{"name":"eslint","from":"7.32.0","to":"9.0.0"}],"packageManager":"npm","projectPublicId":"a75415c0-01a0-4906-abb8-070d86e05d58","projectUrl":"https://app.snyk.io/org/expensify/project/a75415c0-01a0-4906-abb8-070d86e05d58?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-INFLIGHT-6095116"],"upgrade":["SNYK-JS-INFLIGHT-6095116"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[631],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0158664ed8275eb152
• Upwork Job ID: 1776674682896359424
• Last Price Increase: 2024-04-06

[melvin-bot[bot]]

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.

[melvin-bot[bot]]

Job added to Upwork: https://www.upwork.com/jobs/~0158664ed8275eb152

[melvin-bot[bot]]

Triggered auto assignment to Contributor Plus for review of internal employee PR - @rushatgabhane (Internal)

[rushatgabhane]

This is a dev dependency. Not worth upgrading it for a security issue that doesn't have a fix, and is local only. https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

[rushatgabhane]

asking for feedback on slack https://expensify.slack.com/archives/C01GTK53T8Q/p1716280081090499

[rushatgabhane]

issue can be closed. refer the discussion above

[melvin-bot[bot]]

This issue has not been updated in over 15 days. eroding to Monthly issue.

P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do!

[melvin-bot[bot]]

@melvin-bot[bot], this Monthly task hasn't been acted upon in 6 weeks; closing.

If you disagree, feel encouraged to reopen it -- but pick your least important issue to close instead.