Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade: espree@6.2.1 (fixes #13012) #13026

Merged
merged 1 commit into from Mar 17, 2020
Merged

Upgrade: espree@6.2.1 (fixes #13012) #13026

merged 1 commit into from Mar 17, 2020

Conversation

kaicataldo
Copy link
Member

Prerequisites checklist

  • I have read the contributing guidelines.
  • The team has reached consensus on the changes proposed in this pull request. If not, I understand that the evaluation process will begin with this pull request and won't be merged until the team has reached consensus.

What is the purpose of this pull request? (put an "X" next to an item)

[ ] Documentation update
[ ] Bug fix (template)
[ ] New rule (template)
[ ] Changes an existing rule (template)
[ ] Add autofixing to a rule
[ ] Add a CLI option
[ ] Add something to the core
[x] Other, please explain:

Dependency upgrade

What changes did you make? (Give an overview)

fixes #13012. This PR bumps Espree to v6.2.1 (which bumps the version of Acorn to include the security vulnerability fix).

Is there anything you'd like reviewers to focus on?

Nothing in particular.

@eslint-deprecated eslint-deprecated bot added the triage An ESLint team member will look at this issue soon label Mar 10, 2020
@kaicataldo kaicataldo added upgrade This change is related to a dependency upgrade and removed triage An ESLint team member will look at this issue soon labels Mar 10, 2020
@jsejcksn jsejcksn mentioned this pull request Mar 12, 2020
Closed
@pstaylor-patrick
Copy link

What's the plan for releasing this? This is causing a security vulnerability alert in our applications.

@kaicataldo
Copy link
Member Author

We are not currently planning to backport this to the 6.x release line.

As mentioned in the corresponding issue, the ranges we have set in package.json should allow for the newest version of Acorn to be used - you'll just have to update your lockfile.

@kaicataldo kaicataldo merged commit 95613d4 into master Mar 17, 2020
@kaicataldo kaicataldo deleted the espree@6.2.1 branch March 17, 2020 02:25
anikethsaha pushed a commit to anikethsaha/eslint that referenced this pull request Mar 23, 2020
@kaicataldo @anikethsaha
Upgrade: espree@6.2.1 (eslint#13026)
7255973
@eslint-deprecated eslint-deprecated bot locked and limited conversation to collaborators Sep 15, 2020
@eslint-deprecated eslint-deprecated bot added the archived due to age This issue has been archived; please open a new issue for any further discussion label Sep 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jsejcksn jsejcksn jsejcksn approved these changes

@mdjermanovic mdjermanovic mdjermanovic approved these changes

Assignees
No one assigned
Labels
archived due to age This issue has been archived; please open a new issue for any further discussion upgrade This change is related to a dependency upgrade
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Acorn is outdated with vulnerability
4 participants
@kaicataldo @pstaylor-patrick @jsejcksn @mdjermanovic