Comments (6)
Published version 2.1.0
.
from escodegen.
Note that at v2.0.0 this was still a regular dependency but on master
(7a48a21
) it's actually both a development dependency instead and at ^0.9.1
. So, assuming master
is stable, resolving this would be as easy as deploying the development head.
from escodegen.
@invaderb the fact that
^0.9.1
is used inpackage.json
means v0.9.1 or a higher patch version can be installed by users ofescodegen
- in this case both v0.9.2 and v0.9.3, the latter of which resolves the vulnerable dependency. So, it would resolve the problem for any users of the latest version ofescodegen
, even if they still have to manually update the transitive dependency on their end.The first comment on the issue you linked points this principle out as well.
@ericcornelissen, it would be great if this repository was synced with npm.
from escodegen.
This should be fixed automatically by:
Line 51 in 7a48a21
Especially since it's a development dependency at
master
branch
But this repository isn't synchronized with npm package, where it's still as "optionator": "^0.8.1"
.
@estools, @Constellation and @michaelficarra, please can you check it?
from escodegen.
@ericcornelissen 0.9.1 still has the vulnerability in it, and 0.9.2 had some sort of hiccup and a newer version was published to npm talked about in this thread here on eslint
eslint/eslint#17317
from escodegen.
@invaderb the fact that ^0.9.1
is used in package.json
means v0.9.1 or a higher patch version can be installed by users of escodegen
- in this case both v0.9.2 and v0.9.3, the latter of which resolves the vulnerable dependency. So, it would resolve the problem for any users of the latest version of escodegen
, even if they still have to manually update the transitive dependency on their end.
The first comment on the issue you linked points this principle out as well.
from escodegen.
Related Issues (20)
- Comment in arguments
- browser file in NPM HOT 4
- Comment gets stripped out
- Comment causes wrong indentation
- GBK chaodedracters are automatically encoded HOT 1
- Should be using the directive estree field
- Failes on Line & Block comments
- Support static class fields HOT 5
- Update Node versions in .travis.yml?
- Invalid code is generated with a MemberExpression against an ObjectExpression.
- Can you publish a new version to NPM that includes the latest nullish coalescing operator precedence ??
- Potential Security Vulnerability HOT 9
- Online demo doesn't return the emoji back HOT 3
- {format:{json:true}} option, generate json key without quotes
- Security issue with statement expression parser for identifiers HOT 2
- Update source-map as it's current version 0.6.1 is marked as EOL HOT 1
- `require` of _package.json_ complicates bundling
- CVE in 1.14.3 => optionator 0.8.x => word-wrap HOT 1
- word-wrap vulnerable to Regular Expression Denial of Service HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from escodegen.