Acorn is outdated with vulnerability
See original GitHub issueThe version of ESLint you are using. 6.8.0
The problem you want to solve. Regular Expression Denial of Service.
Your take on the correct solution to problem.
Update the package version of Acorn to 7.1.1 or later.
For now users can use the command:
npm update acorn --depth 3
Are you willing to submit a pull request to implement this change? Sure.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:23
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Regular Expression Denial of Service (ReDoS) in acorn | Snyk
acorn is a tiny, fast JavaScript parser written in JavaScript. Affected versions of this package are vulnerable to Regular Expression Denial of ...
Read more >Fixing security vulnerabilities in npm dependencies ... - ITNEXT
Today when I started working I had to deal with this error where acorn and minimist were being reported as security vulnerabilities.
Read more >Marlon C. Taylor on LinkedIn: Open-source Acorn takes a new ...
Open-source Acorn takes a new approach to deploy cloud-native apps on Kubernetes ... Every org has a few outdated #IT solutions that still...
Read more >Fixing security vulnerabilities in npm ... - DEV Community
Today when I started working I had to deal with this error where acorn and minimist were being reported as security vulnerabilities.
Read more >SID 310827488 - PubChem
Acorn PharmaTech Product List. External ID. ACN-036812. Source Category. Chemical Vendors. Legacy Depositors. Version. 1 OF 3. Revision History. Status. Old ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Actually is Espree which has an outdated reference to Acorn.
Espree PR https://github.com/eslint/espree/pull/434 to fix that.
We need this PR merged to release a new version to fix it here.
We are not planning to release this in the 6.x line. As mentioned above, this should be fixable by updating your lockfile. Huzzah for semver ranges 😄