search

less / less.js

Less. The dynamic stylesheet language.
http://lesscss.org
Apache License 2.0
17.02k stars 3.41k forks source link

Acorn has security vulnerability #3496

Closed limitedmage closed 4 years ago

limitedmage commented 4 years ago

When installing LESS via NPM, it seems to install version 6.3.0 of Acorn inside node_modules/less/packages/less/node_modules/acorn which has a security vulnerability: https://www.npmjs.com/advisories/1488

This is tripping our internal security checks. Is there a way to fix it? This doesn't seem to be installed via normal NPM dependency chain and does not show up in npm list or npm audit.

Sukesh-Gundoji commented 4 years ago

Even we are facing the exact same issue. Please do let us know how we can fix it.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.