feat: migrate from ESLint v8 to ESLint v9 flat config

[fengmk2]

• Upgrade eslint from ^8.23.1 to ^9.39.4
• Upgrade eslint-config-egg from ^12.0.0 to ^14.1.0
• Add @eslint/compat, @eslint/eslintrc, @eslint/js, globals
• Replace .eslintrc and .eslintignore with eslint.config.mjs (flat config)
• Use FlatCompat + fixupConfigRules for legacy eslint-config-egg compatibility
• Add node: prefix to all built-in module requires (eslint-config-egg v14)
• Replace unused catch variables with empty catch clauses (ESLint v9)
• Remove duplicate eslint config comment in lib/egg.js

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a0913139-2e69-45b6-ace7-7f8792d7c8b0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch eslint-v9

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly modernizes the project's linting infrastructure by upgrading ESLint to its latest major version (v9) and migrating to its new flat configuration system. This change streamlines the ESLint setup, improves maintainability, and ensures compatibility with current best practices. Additionally, it standardizes Node.js built-in module imports with the node: prefix and refines error handling by simplifying unused catch clauses, contributing to a cleaner and more robust codebase.

Highlights

• ESLint Upgrade to v9 and Flat Config Migration: The project has been upgraded from ESLint v8 to v9, adopting the new flat configuration system. This involved removing old configuration files (.eslintrc, .eslintignore) and introducing a new eslint.config.mjs file.
• Dependency Updates: Key ESLint-related dependencies, including eslint and eslint-config-egg, have been updated to their latest major versions. New packages like @eslint/compat, @eslint/eslintrc, @eslint/js, and globals were added to support the flat configuration.
• Node.js Built-in Module Prefixes: All require() calls for Node.js built-in modules (e.g., path, fs, url, assert, http, util, perf_hooks, worker_threads, events, querystring, inspector, child_process, net, dns) have been updated to use the node: prefix for explicit identification and future compatibility.
• Simplified Catch Clauses: Unused catch variables in try...catch blocks have been replaced with empty catch clauses (catch { ... }), aligning with modern JavaScript practices and ESLint v9 recommendations.
• ESLint Configuration Compatibility: The new eslint.config.mjs utilizes @eslint/compat and FlatCompat with fixupConfigRules to ensure seamless integration and compatibility with the existing eslint-config-egg rules.

Changelog

• .eslintignore
  • Removed the legacy ESLint ignore file.
• .eslintrc
  • Removed the legacy ESLint configuration file.
• app/extend/context.js
  • Updated perf_hooks import to use the node: prefix.
• app/extend/helper.js
  • Updated url import to use the node: prefix.
• app/extend/request.js
  • Updated querystring import to use the node: prefix.
• app/middleware/meta.js
  • Updated perf_hooks import to use the node: prefix.
• app/middleware/site_file.js
  • Updated path import to use the node: prefix.
• config/config.default.js
  • Updated fs and path imports to use the node: prefix.
• eslint.config.mjs
  • Added new ESLint flat configuration file, including ignore patterns and eslint-config-egg compatibility.
• lib/agent.js
  • Updated path import to use the node: prefix.
• lib/application.js
  • Updated path, fs, and http imports to use the node: prefix.
• lib/core/base_hook_class.js
  • Updated assert import to use the node: prefix.
• lib/core/fetch_factory.js
  • Updated util import to use the node: prefix.
• lib/core/httpclient_next.js
  • Updated util import to use the node: prefix.
• lib/core/messenger/ipc.js
  • Updated util, worker_threads, and events imports to use the node: prefix.
• lib/core/messenger/local.js
  • Updated util and events imports to use the node: prefix.
• lib/core/singleton.js
  • Updated assert import to use the node: prefix.
  • Replaced catch (err) with catch for unused catch variables.
• lib/core/utils.js
  • Updated util and url imports to use the node: prefix.
  • Replaced catch (err) with catch for unused catch variables.
• lib/egg.js
  • Updated perf_hooks, path, fs, http, and inspector imports to use the node: prefix.
  • Replaced catch (_) and catch (e) with catch for unused catch variables.
  • Removed eslint no-empty-function: off comment.
• lib/start.js
  • Updated path import to use the node: prefix.
  • Replaced catch (_) with catch for unused catch variables.
• package.json
  • Updated eslint and eslint-config-egg dependencies.
  • Added @eslint/compat, @eslint/eslintrc, @eslint/js, and globals dependencies.
• test/agent.test.js
  • Updated assert and path imports to use the node: prefix.
• test/app/extend/agent.test.js
  • Updated assert import to use the node: prefix.
• test/app/extend/application.test.js
  • Updated assert, fs, and path imports to use the node: prefix.
• test/app/extend/context.test.js
  • Updated fs, path, and assert imports to use the node: prefix.
• test/app/extend/request.test.js
  • Updated assert import to use the node: prefix.
• test/app/extend/response.test.js
  • Updated assert import to use the node: prefix.
• test/app/middleware/body_parser.test.js
  • Updated assert and querystring imports to use the node: prefix.
• test/app/middleware/meta.test.js
  • Updated assert and fs/promises imports to use the node: prefix.
• test/app/middleware/site_file.test.js
  • Updated assert import to use the node: prefix.
• test/asyncSupport.test.js
  • Updated assert import to use the node: prefix.
• test/bench/server.js
  • Updated http and path imports to use the node: prefix.
• test/index.test.js
  • Updated assert import to use the node: prefix.
• test/lib/agent.test.js
  • Updated assert, fs, path, and child_process imports to use the node: prefix.
• test/lib/application.test.js
  • Updated assert, fs, and path imports to use the node: prefix.
• test/lib/cluster/app_worker.test.js
  • Updated net and assert imports to use the node: prefix.
• test/lib/cluster/cluster-client-error.test.js
  • Updated fs/promises, path, and assert imports to use the node: prefix.
• test/lib/cluster/cluster-client.test.js
  • Updated assert import to use the node: prefix.
• test/lib/cluster/master.test.js
  • Replaced catch (_) with catch for unused catch variables in multiple instances.
• test/lib/core/config/config.cookies.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/config/config.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/context_httpclient.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/context_httpclient_timeout.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/context_performance_starttime.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/cookies.test.js
  • Updated assert, fs, and path imports to use the node: prefix.
• test/lib/core/dns_resolver.test.js
  • Updated dns and assert imports to use the node: prefix.
• test/lib/core/dnscache_httpclient.test.js
  • Updated assert, dns, and url imports to use the node: prefix.
• test/lib/core/fetch_tracer.test.js
  • Updated http import to use the node: prefix.
• test/lib/core/httpclient_tracer_demo.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/loader/config_loader.test.js
  • Updated assert and path imports to use the node: prefix.
• test/lib/core/loader/load_app.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/loader/load_boot.test.js
  • Updated assert, path, and fs/promises imports to use the node: prefix.
• test/lib/core/loader/load_plugin.test.js
  • Updated path, fs, and assert imports to use the node: prefix.
• test/lib/core/messenger/ipc.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/messenger/local.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/router.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/singleton.test.js
  • Updated assert import to use the node: prefix.
• test/lib/core/utils.test.js
  • Updated assert import to use the node: prefix.
  • Replaced catch (err) with catch for unused catch variables.
• test/lib/core/view.test.js
  • Updated assert and path imports to use the node: prefix.
• test/lib/egg.test.js
  • Updated assert, path, and fs imports to use the node: prefix.
• test/lib/plugins/depd.test.js
  • Updated assert import to use the node: prefix.
• test/lib/plugins/development.test.js
  • Updated fs and path imports to use the node: prefix.
• test/lib/plugins/logrotator.test.js
  • Updated assert and fs imports to use the node: prefix.
• test/lib/plugins/multipart.test.js
  • Updated assert import to use the node: prefix.
• test/lib/plugins/schedule.test.js
  • Updated assert, path, and fs imports to use the node: prefix.
• test/lib/plugins/session.test.js
  • Updated assert import to use the node: prefix.
• test/lib/plugins/watcher.test.js
  • Updated assert and fs imports to use the node: prefix.
• test/lib/start.test.js
  • Updated assert and path imports to use the node: prefix.
• test/ts/index.test.js
  • Updated assert and path imports to use the node: prefix.
• test/utils.js
  • Updated fs, fs/promises, path, and http imports to use the node: prefix.

Activity

• No specific pull request activity (comments, reviews, etc.) was provided in the context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	supertest@​6.3.4
	koa-is-json@​1.0.0
	humanize-ms@​1.2.1
	node-libs-browser@​2.2.1
	koa-static@​5.0.0
	spy@​1.0.0
	react@​16.14.0
	onelogger@​1.0.1
	graceful@​1.1.0
	sendmessage@​2.0.0
	jsdoc@​3.6.11
	on-finished@​2.4.1
	is-type-of@​2.2.0
	koa-bodyparser@​4.4.1
	ts-node@​10.9.2
	koa-override@​3.0.0
	node-forge@​1.3.3
	pedding@​1.1.0
	ylru@​1.4.0
	utility@​2.5.0
	tsd@​0.28.1
	sdk-base@​3.6.0 ⏵ 4.2.1			+1
	react-router@​5.3.4
	eslint-config-egg@​12.3.1 ⏵ 14.1.0	+2			-1
	globals@​13.24.0 ⏵ 16.5.0			+1
	ms@​2.1.3
	umi@​3.5.43
	urllib@​4.9.0
	eslint@​8.57.1 ⏵ 9.39.4	+1		+1	+47
	urllib@​2.44.0
	typescript@​5.9.3
	react-dom@​16.14.0
	@​eslint/​eslintrc@​2.1.4 ⏵ 3.3.5	+1
	prettier@​2.8.8
See 2 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: Prototype Pollution in npm immer CVE: GHSA-33f9-j839-rf8h Prototype Pollution in immer (CRITICAL) Affected versions: >= 7.0.0 < 9.0.6 Patched version: 9.0.6 From: ? → npm/@umijs/preset-react@2.1.7 → npm/immer@8.0.4 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/immer@8.0.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Potential typosquat: npm slash2 as a typo of slash Did you mean: slash2 From: ? → npm/dumi@1.1.54 → npm/dumi-theme-egg@1.2.4 → npm/slash2@2.0.0 ℹ Read more on: This package | This alert | What is a typosquat? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/slash2@2.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[cloudflare-workers-and-pages]

Deploying egg with    Cloudflare Pages

Latest commit:	645c824
Status:	🚫  Build failed.

View logs

[cloudflare-workers-and-pages]

Deploying egg-v3 with    Cloudflare Pages

Latest commit:	645c824
Status:	🚫  Build failed.

View logs

[gemini-code-assist]

Code Review

This pull request migrates the project from ESLint v8 to the new ESLint v9 with its flat configuration. The changes include updating dependencies, replacing .eslintrc with eslint.config.mjs, adding the node: prefix to all built-in module imports, and removing unused variables in catch blocks. The migration is well-executed and follows modern best practices. However, I've found a critical issue with the versions of the new ESLint-related dependencies in package.json, which appear to be invalid and will likely break the build. Please correct these versions to published, stable ones.

[gemini-code-assist]

The versions for several new ESLint-related dependencies appear to be incorrect as they do not correspond to any published versions on npm. This will likely cause the npm install command to fail.

Please verify the versions for @eslint/compat, @eslint/eslintrc, @eslint/js, eslint, and globals and update them to valid, published versions from the npm registry.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.39%. Comparing base (fdfe958) to head (645c824).
⚠️ Report is 1 commits behind head on 3.x.

Additional details and impacted files

@@            Coverage Diff             @@
##              3.x    #5825      +/-   ##
==========================================
- Coverage   99.39%   99.39%   -0.01%     
==========================================
  Files          36       36              
  Lines        3825     3824       -1     
  Branches      585      585              
==========================================
- Hits         3802     3801       -1     
  Misses         23       23              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.