-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please update acorn to 6.4.1, or 7.1.1 to resolve vulnerability in acorn #375
Comments
This is fixed on master branch. Commit: 8a22ecc Just need to be tagged. |
That commit was over a year ago, what's the reason no new version has been tagged since then? |
Looks like there was no release as this was primarily linting changes. Also this is neither mine or @phated 's full time job. If you guys see issues please make PR's. Even with @phated 's changes it appears acorn is still under 7.1.1 and needs to be fixed in
|
This module has acorn in its dependencies as well: https://github.com/gulp-sourcemaps/gulp-sourcemaps/blob/master/package.json#L26 |
As you can see this is going to be more difficult than just bumping. 6.X branch of acorn still has not resolved the issues. gulp-sourcemaps is trying to support node 6.X - 10.X. To get things working correctly acorn is going to need to patch 6.X . @phated , should we drop acorn or drop 6.X support for node ? |
We'll be targeting 6.4.1 as it should work with Node 6. |
This comment has been minimized.
This comment has been minimized.
That's not my battle but gulp-sourcemaps has always supported many older versions of node. It is only within the year where we cut out 4, 0.12, and 0.10 . ask @phated |
If you leave users stranded on old versions of your software because you can't be bothered to support a few older versions of the runtime, then you are a bad maintainer. |
@nmccready Please let us know once the new build reaches npm so we can pull it proper. |
It seems to be "fixable" now buy running |
The PR was merged but no release has been published to NPM yet? |
I am in the same situation but npm audit fix did not resolve it. |
See advisory from npm: https://www.npmjs.com/advisories/1488
@nmccready
The text was updated successfully, but these errors were encountered: