Reported shelljs vulnerability through eslint@3.19.0 - use eslint@4.7.2 instead

[bjedrzejewski]

I work in a high security environment and I wanted to use your library. Unfortunately it relies on eslint@3.19.0 that has a known shelljs vulnerability as reported here:

https://snyk.io/test/npm/standard?tab=issues

The good news is that the later version (4.7.2) of eslint does not have that vulnerability:

https://snyk.io/test/npm/eslint

Hopefully this is something that can be changed for this project.

[tschoffelen]

Yes, I have the same problem, with us not really being able to use standard until it changes this dependency due to company policy surrounding insecure dependencies.

Any chance this dependency update will happen anytime soon? Cheers.

Details here: https://www.bithound.io/github/standard/standard/master/dependencies/npm#filter-insecure-dep

[Flet]

Hi folks!

A beta of the 11.0.0 version of standard has been released, which upgrades eslint to its latest version, which should resolve this issue.

Could you give it a try? npm install standard@beta

[feross]

🗣 Standard 11 is released! Run npm install standard@latest --save-dev to update to the latest version. This will also update the version in package.json ✨

Changelog: https://github.com/standard/standard/blob/master/CHANGELOG.md#1100---2018-02-18