[eslint config] [base] remove unneeded eslint version check

[PaperStrike]

As eslint < 7 is dropped in #2495 :)

[ljharb]

Thanks, the breaking change was unfortunate.

[n-studio]

We should release this change as 15.0.1 to solve GHSA-c2qf-rxjj-qqgw

[ljharb]

That isn’t actually a vulnerability here, and we’re on v19 - we won’t be backporting anything to v15.

[n-studio]

@ljharb Sorry I was referring to the package https://www.npmjs.com/package/eslint-config-airbnb-base, not https://www.npmjs.com/package/eslint-config-airbnb, it hasn't a v19 release, right?

[ljharb]

aha, yes, you're correct :-) whenever the next version goes out of the base package, this will indeed be included. however, this isn't a real vulnerability, because we're passing a hardcoded string into semver.satisfies, AND because we're not using new Range. This (like almost every JS CVE) is a false positive.

[n-studio]

@ljharb Ok, no problem. I like fixing CVE alerts even if they are false positive so the CI doesn't block my releases. In the meanwhile I'll just load my package from master.

[ljharb]

I strongly discourage doing that; there's no guarantee everything will work.

If your CI is blocking releases on false positive CVEs, i'd invite you to consider that it's not actually making your project more secure, but less.

[n-studio]

@ljharb Agree to disagree :)