AtomLinter / linter-eslint

ESLint plugin for Atom Linter
https://atom.io/packages/linter-eslint
584 stars 141 forks source link

chore(deps): update dependency acorn to 5.7.4 [security] #1385

Closed renovate[bot] closed 3 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change
acorn 5.7.3 -> 5.7.4

GitHub Vulnerability Alerts

GHSA-6chw-6frg-f759

Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /[x-\ud800]/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes untrusted input and passes it directly to acorn, attackers may leverage the vulnerability leading to Denial of Service.


Renovate configuration

:date: Schedule: "" (UTC).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by WhiteSource Renovate. View repository job log here.