Skip to content

[Snyk] Upgrade acorn-walk from 8.3.4 to 8.3.5#960

Merged
cderv merged 1 commit intomainfrom
snyk-upgrade-6858cf5bd3af761cea102d0f9729185f
May 4, 2026
Merged

[Snyk] Upgrade acorn-walk from 8.3.4 to 8.3.5#960
cderv merged 1 commit intomainfrom
snyk-upgrade-6858cf5bd3af761cea102d0f9729185f

Conversation

@posit-snyk-bot
Copy link
Copy Markdown
Contributor

@posit-snyk-bot posit-snyk-bot commented May 2, 2026

snyk-top-banner

Snyk has created this PR to upgrade acorn-walk from 8.3.4 to 8.3.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released 2 months ago.

Breaking Change Risk

Merge Risk: Low

Notice: This assessment is enhanced by AI.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade acorn-walk from 8.3.4 to 8.3.5
9a52ed9 
Snyk has created this PR to upgrade acorn-walk from 8.3.4 to 8.3.5.

See this package in yarn:
acorn-walk

See this project in Snyk:
https://app.snyk.io/org/open-source-6kz/project/2ab59d9f-9196-46e2-9fce-cf08a13824db?utm_source=github&utm_medium=referral&page=upgrade-pr
@posit-snyk-bot
Copy link
Copy Markdown
Contributor Author

posit-snyk-bot commented May 2, 2026

Merge Risk: Low

This is a patch upgrade from version 8.3.4 to 8.3.5. The changes consist of non-breaking bug fixes and added support for a new syntax feature.

Changes in 8.3.5:

  • Improves error messages for missing walker functions.
  • Enhances TypeScript types for callbacks.
  • Adds support for import attributes syntax.

These changes are backward-compatible and should not require any developer action.

Source: Package Changelog

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@posit-snyk-bot
Copy link
Copy Markdown
Contributor Author

posit-snyk-bot commented May 2, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@cderv
Copy link
Copy Markdown
Member

cderv commented May 4, 2026

@cscheid is this ok to update deps on this part of the codebase ? I think so, but I prefer to confirm.

@cscheid
Copy link
Copy Markdown
Member

cscheid commented May 4, 2026

IIRC we use acorn to walk OJS code blocks to detect resource files, so this has a limited blast radius should it go wrong. So I agree with you, looks ok.

@cderv cderv merged commit 4a517a9 into main May 4, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@posit-snyk-bot @cderv @cscheid @snyk-bot