chore(deps): migrate to ESLint 9 with flat config

[sfanahata]

Summary

• Migrate from ESLint 8 to ESLint 9.26.0
• Convert legacy .eslintrc.js to flat config (eslint.config.js)
• Update TypeScript ESLint to v8, eslint-config-next to v16
• Fix code issues flagged by stricter rules in new versions
• Add pnpm override for minimatch to resolve security vulnerabilities

Security Impact

This PR resolves all 3 remaining high-severity Dependabot alerts by adding a pnpm override for minimatch@^9.0.0:

• https://github.com/getsentry/sentry-docs/security/dependabot/250 (minimatch ReDoS - High)
• https://github.com/getsentry/sentry-docs/security/dependabot/252 (minimatch ReDoS - High)
• https://github.com/getsentry/sentry-docs/security/dependabot/254 (minimatch ReDoS - High)

Changes

Dependencies

Package	Before	After
eslint	^8	^9.26.0
@typescript-eslint/eslint-plugin	6.21.0	^8.32.1
@typescript-eslint/parser	6.21.0	^8.32.1
eslint-config-next	15.0.3	^16.0.0
@eslint/js	-	^9.26.0 (new)
@eslint/eslintrc	-	^3.3.1 (new)
globals	-	^16.2.0 (new)

pnpm Overrides

• minimatch: ^9.0.0 - Forces all transitive dependencies to use non-vulnerable minimatch v9

Configuration

• Deleted: .eslintrc.js, .eslintignore
• Added: eslint.config.js (flat config format)
• Uses FlatCompat to wrap eslint-config-sentry-docs (still in legacy format)
• Uses @next/eslint-plugin-next directly to avoid plugin conflicts with sentry-docs config

Code Fixes

• Replace catch (e) with catch where error is unused (cleaner syntax)
• Remove deprecated /* eslint-env node */ comments (not supported in flat config)
• Fix {} type usage → Record<string, unknown> or unknown
• Remove unused eslint-disable comments
• Convert runtime array to string union type for Scenario (type-only usage)
• Add proper TypeScript interface for PlatformData

Rules Overrides

Since eslint-config-sentry-docs hasn't been updated for ESLint 9 yet, we override:

• Disable deprecated @typescript-eslint/ban-types → replaced with:
  • @typescript-eslint/no-empty-object-type
  • @typescript-eslint/no-unsafe-function-type
  • @typescript-eslint/no-wrapper-object-types
• Disable no-lookahead-lookbehind-regexp (plugin schema incompatible with ESLint 9)

Testing

• pnpm lint:eslint - passes (only pre-existing warnings)
• pnpm lint:ts - passes
• pnpm test:ci - all 149 tests pass

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
develop-docs	Ready	Preview, Comment	Mar 24, 2026 9:34pm
sentry-docs	Ready	Preview, Comment	Mar 24, 2026 9:34pm

[cursor]

Transitive dependency required directly may break under strict resolution

Medium Severity

eslint.config.js directly requires @next/eslint-plugin-next, but this package is not a direct devDependency — it's only installed transitively through eslint-config-next. Meanwhile, eslint-config-next itself is no longer referenced anywhere in the ESLint config (the old .eslintrc.js used plugin:@next/next/recommended; the new config uses nextPlugin directly). This creates a fragile setup: if someone removes the seemingly-unused eslint-config-next from package.json, eslint.config.js will fail at require time. The globals package is similarly an unused direct dependency. Adding @next/eslint-plugin-next as a direct devDependency and removing eslint-config-next and globals would clarify the actual dependency graph.

Additional Locations (1)

• package.json#L150-L151

 

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}