There are high severity security vulnerabilities in two of ESLint's dependencies:
- acorn
- minimist
The releases 1.8.3 and lower of svjsl (JSLib-npm) are vulnerable, but only if installed in a developer environment. A patch has been released (v1.8.4) which fixes these vulnerabilities.
Edit:
Apparently not only dependent repositories of svjsl got this security advisory, but anyone who uses the packages acorn and minimist. To those people: You don't need to install my package, just make sure to follow the advisories here and here.
Identifiers:
- CVE-2020-7598
- SNYK-JS-ACORN-559469 (doesn't have a CVE identifier)
There are high severity security vulnerabilities in two of ESLint's dependencies:
- acorn
- minimist
The releases 1.8.3 and lower of svjsl (JSLib-npm) are vulnerable, but only if installed in a developer environment. A patch has been released (v1.8.4) which fixes these vulnerabilities.
Edit:
Apparently not only dependent repositories of
svjslgot this security advisory, but anyone who uses the packagesacornandminimist. To those people: You don't need to install my package, just make sure to follow the advisories here and here.Identifiers: