bcoe
commented
4 years ago 👋 @hugoluchessi could you try running @protobufjs@6.8.9, I believe it should have this patched already.
Open hugoluchessi opened 4 years ago
bcoe
commented
4 years ago 👋 @hugoluchessi could you try running @protobufjs@6.8.9, I believe it should have this patched already.
protobuf.js version: 6.8.6
According to https://www.npmjs.com/advisories/1488, this version of acorn, which is a dependency for Espree, has a vulnerability on versions prior to 5.7.4, 6.4.1, 7.1.1.
Espree has just release version 6.2.1 which fixes this issue.
Outcome: npm audit outputs an error message regarding moderate issues.