Acorn dependency has a vulnerability on version v7.1.0 #435

hugoluchessi · 2020-03-09T15:30:08Z

Problem

According to https://www.npmjs.com/advisories/1488, this version of acorn has a vulnerability.

Solution

Bump it to version v7.1.1.

… vulnerability (fixes eslint#435)

kaicataldo · 2020-03-09T19:58:56Z

Thanks for reporting this. While it’s not a bad idea to update the package.json, the current range in our package.json does support this. It also looks as though this is only an issue when Espree is used as a runtime dependency for a Node service, which I think is fairly infrequent.

eslint-deprecated bot added the triage label Mar 9, 2020

hugoluchessi mentioned this issue Mar 9, 2020

Upgrade: acorn to 7.1.1 #434

Merged

jmz527 pushed a commit to jmz527/espree that referenced this issue Mar 9, 2020

Upgrade: acorn to 7.1.1, fixes 'Regular Expression Denial of Service'…

9ebbf49

… vulnerability (fixes eslint#435)

jmz527 pushed a commit to jmz527/espree that referenced this issue Mar 9, 2020

Upgrade: acorn 7.1.1, Regex DOS vuln (fixes eslint#435)

0d8858b

kaicataldo added chore and removed triage labels Mar 9, 2020

nzakas closed this as completed in #434 Mar 9, 2020

nzakas pushed a commit that referenced this issue Mar 9, 2020

Upgrade: acorn 7.1.1, Regex DOS vuln (fixes #435) (#434)

d6d7480

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Acorn dependency has a vulnerability on version v7.1.0 #435

Acorn dependency has a vulnerability on version v7.1.0 #435

hugoluchessi commented Mar 9, 2020

kaicataldo commented Mar 9, 2020

Acorn dependency has a vulnerability on version v7.1.0 #435

Acorn dependency has a vulnerability on version v7.1.0 #435

Comments

hugoluchessi commented Mar 9, 2020

Problem

Solution

kaicataldo commented Mar 9, 2020