es-check icon indicating copy to clipboard operation
es-check copied to clipboard

Published 20 hours ago verified publisher icon dollarshaveclub

update acorn version to latest

Open alexander-akait opened this issue 4 years ago • 5 comments

Requested Update

update acorn version to latest 6 or 7

Why Is This Update Needed?

Vulnerabilities: Regular Expression Denial of Service

Reproduce:

  1. Just run npm audit.

Are There Examples Of This Requested Update Elsewhere?

Nothing

alexander-akait avatar Mar 11 '20 18:03 alexander-akait

This is the output, that audit currently gives, due to es-check requireing acorn 6.1.1:

npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ acorn                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.7.4 <6.0.0 || >=6.4.1 <7.0.0 || >=7.1.1                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ es-check                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ es-check > acorn                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1488                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 moderate severity vulnerability in 16696 scanned packages
  1 vulnerability requires manual review. See the full report for details.

apepper avatar Mar 12 '20 14:03 apepper

FYI @chmccc (current code owner?)

AviVahl avatar Apr 07 '20 10:04 AviVahl

@chmccc @jongleberry anybody here?

akellbl4 avatar Apr 25 '20 11:04 akellbl4

Any update on this?

cssagogo avatar Jun 27 '20 00:06 cssagogo

Since #114 is now merged, could we please get an updated release?

ceisele-r avatar Sep 04 '20 05:09 ceisele-r