Skip to content
This repository has been archived by the owner on Oct 28, 2020. It is now read-only.

update acorn version to latest #115

Open
alexander-akait opened this issue Mar 11, 2020 · 5 comments
Open

update acorn version to latest #115

alexander-akait opened this issue Mar 11, 2020 · 5 comments

Comments

@alexander-akait
Copy link

Requested Update

update acorn version to latest 6 or 7

Why Is This Update Needed?

Vulnerabilities: Regular Expression Denial of Service

Reproduce:

  1. Just run npm audit.

Are There Examples Of This Requested Update Elsewhere?

Nothing
@apepper
Copy link

apepper commented Mar 12, 2020

This is the output, that audit currently gives, due to es-check requireing acorn 6.1.1:

npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ acorn                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.7.4 <6.0.0 || >=6.4.1 <7.0.0 || >=7.1.1                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ es-check                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ es-check > acorn                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1488                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 moderate severity vulnerability in 16696 scanned packages
  1 vulnerability requires manual review. See the full report for details.

@apepper apepper mentioned this issue Mar 12, 2020
Merged
@AviVahl
Copy link

AviVahl commented Apr 7, 2020

FYI @chmccc (current code owner?)

@akellbl4
Copy link

@chmccc @jongleberry anybody here?

@cssagogo
Copy link

Any update on this?

@ceisele-r
Copy link

Since #114 is now merged, could we please get an updated release?

@stevehobbsdev stevehobbsdev mentioned this issue Sep 11, 2020
Merged
4 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@apepper @cssagogo @akellbl4 @alexander-akait @AviVahl @ceisele-r