Update dependency eslint-plugin-react-refresh to ^0.5.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
eslint-plugin-react-refresh	^0.4.19 → ^0.5.0

---

Release Notes

ArnaudBarre/eslint-plugin-react-refresh (eslint-plugin-react-refresh)

v0.5.0

Compare Source

Breaking changes

• The package now ships as ESM and requires ESLint 9 + node 20. Because legacy config doesn't support ESM, this requires to use flat config
• A new reactRefresh export is available and prefered over the default export. It's an object with two properties:
  • plugin: The plugin object with the rules
  • configs: An object containing configuration presets, each exposed as a function. These functions accept your custom options, merge them with sensible defaults for that config, and return the final config object.
• customHOCs option was renamed to extraHOCs
• Validation of HOCs calls is now more strict, you may need to add some HOCs to the extraHOCs option

Config example:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig(
  /* Main config */
  reactRefresh.configs.vite({ extraHOCs: ["someLibHOC"] }),
);

Config example without config:

import { defineConfig } from "eslint/config";
import { reactRefresh } from "eslint-plugin-react-refresh";

export default defineConfig({
  files: ["**/*.ts", "**/*.tsx"],
  plugins: {
    // other plugins
    "react-refresh": reactRefresh.plugin,
  },
  rules: {
    // other rules
    "react-refresh/only-export-components": [
      "warn",
      { extraHOCs: ["someLibHOC"] },
    ],
  },
});

Why

This version follows a revamp of the internal logic to better make the difference between random call expressions like export const Enum = Object.keys(Record) and actual React HOC calls like export const MemoComponent = memo(Component). (fixes #​93)

The rule now handles ternaries and patterns like export default customHOC(props)(Component) which makes it able to correctly support files like this one given this config:

{
  "react-refresh/only-export-components": [
    "warn",
    { "extraHOCs": ["createRootRouteWithContext"] }
  ]
}

[!NOTE]
Actually createRoute functions from TanStack Router are not React HOCs, they return route objects that fake to be a memoized component but are not. When only doing createRootRoute({ component: Foo }), HMR will work fine, but as soon as you add a prop to the options that is not a React component, HMR will not work. I would recommend to avoid adding any TanStack function to extraHOCs it you want to preserve good HMR in the long term. Bluesky thread.

Because I'm not 100% sure this new logic doesn't introduce any false positive, this is done in a major-like version. This also give me the occasion to remove the hardcoded connect from the rule. If you are using connect from react-redux, you should now add it to extraHOCs like this:

{
  "react-refresh/only-export-components": ["warn", { "extraHOCs": ["connect"] }]
}

v0.4.26

Compare Source

• Revert changes to fix #​93 (fixes #​95)

v0.4.25

Compare Source

• Report cases like export const ENUM = Object.keys(TABLE) as EnumType[]; (fixes #​93)
• Allow _ in component names (#​94)

v0.4.24

Compare Source

• Add "generateImageMetadata", "generateSitemaps" & "generateStaticParams" to allowExportNames in Next config

v0.4.23

Compare Source

• Add "metadata", "generateMetadata" & "generateViewport" to allowExportNames in Next config

v0.4.22

Compare Source

• Add "viewport" to allowExportNames in Next config (#​89)

v0.4.21

Compare Source

• Add Next config (fixes #​85)

This allows exports like fetchCache and revalidate which are used in Page or Layout components and don't trigger a full page reload.

import reactRefresh from "eslint-plugin-react-refresh";

export default [
  /* Main config */
  reactRefresh.configs.next,
];

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

This change is 

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[guardrails]

⚠️ We detected 3 security issues in this pull request:

Vulnerable Libraries (3)

Severity	Details
Low	pkg:npm/typescript-eslint@8.37.0 (t) upgrade to: > 8.37.0
Medium	pkg:npm/eslint@9.31.0 (t) upgrade to: > 9.31.0
N/A	pkg:npm/vite@7.0.5 (t) upgrade to: 7.1.11,7.0.8,6.4.1,5.4.21

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[openzeppelin-code]

Update dependency eslint-plugin-react-refresh to ^0.5.0

Generated at commit: 0a0ea03481e137e2f7938a0597fa2243c7c0a3df

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 0 0 0 0 0
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector