Comments (8)
from eslint-loader.
I've publish a fork of https://www.npmjs.com/package/loader-fs-cache (repo https://github.com/viankakrisna/loader-fs-cache) to fix this issue here : https://www.npmjs.com/package/create-fs-cache (repo https://github.com/neokeld/create-fs-cache)
@webmaster128 has published a pull request to the original lib loader-fs-cache and i hope it will be merged soon by @viankakrisna
But if it is needed i will maintain my fork.
from eslint-loader.
Indeed it is also coming from standard-version,
|---------------|--------------------------------------------------------------|
| Low | Prototype Pollution |
|---------------|--------------------------------------------------------------|
| Package | minimist |
|---------------|--------------------------------------------------------------|
| Patched in | >=0.2.1 <1.0.0 || >=1.2.3 |
|---------------|--------------------------------------------------------------|
| Dependency of | standard-version [dev] |
|---------------|--------------------------------------------------------------|
| Path | standard-version > conventional-changelog > |
| | conventional-changelog-core > conventional-changelog-writer |
| | > handlebars > optimist > minimist |
|---------------|--------------------------------------------------------------|
| More info | https://npmjs.com/advisories/1179 |
|---------------|--------------------------------------------------------------|
There is an ongoing pull request on handlebars to fix this vuln : handlebars-lang/handlebars.js#1662
from eslint-loader.
Related to this issue in loader-fs-cache : viankakrisna/loader-fs-cache#5
from eslint-loader.
@viankakrisna has published a new version (1.0.3) of loader-fs-cache with the fix.
from eslint-loader.
I forked to see if this was an easy fix. Seems that the vulnerability is bubbling up from standard-version
.
I assume there's no direct action to be taken here.
from eslint-loader.
It loks like @neokeld committed a fix but I don't see any new release version.. I took the work time to revisit this again now that I saw it was 'fixed' but it doesn't seem to be.. I installed latest..
from eslint-loader.
@OZZlE I haven't launched yet
from eslint-loader.
Related Issues (20)
- Loader reporting syntax errors when dealing with typescript files HOT 10
- TypeError: CLIEngine is not a constructor HOT 1
- Different lint results between webpack and cli HOT 1
- How to now fail the build on error or warning HOT 2
- Combining eslint-loader + vue + typescript causes the build to fail on the first run, but work on the second run HOT 2
- Cannot read property 'range' of null HOT 3
- vscode integration
- exclude option not working. HOT 12
- Eslint-loader is not using .eslintrc.js configuration HOT 1
- failOnError option doesn't work with ts-loader and webpack-dev-server HOT 8
- CLIEngine has been deprecated HOT 1
- eslint-plugin-import fails to load properties with eslint-loader but works with stand alone eslint HOT 1
- Parsing error: Unexpected token .. HOT 1
- Cannot read property 'getFormatter' of undefined HOT 2
- Missing plugin referenced by .eslintrc file in ignored node_modules folder causes warning HOT 4
- Plugin "import" was conflicted HOT 2
- eslint-laoder failing the build even if the failOnError set to false HOT 2
- relative path is wrong when use eslint-loader in monorepo HOT 1
- Deprecate eslint-loader HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eslint-loader.