tomoyuen
commented
4 years ago hcharts-demo@0.2.1
├─┬ @vue/cli-plugin-babel@4.1.2
│ └─┬ webpack@4.41.5
│ └── acorn@6.4.0
├─┬ @vue/cli-service@4.1.2
│ ├── acorn@6.4.0
│ └─┬ webpack-bundle-analyzer@3.6.0
│ └── acorn@6.4.0
└─┬ eslint-plugin-vue@6.1.2
└─┬ vue-eslint-parser@7.0.0
└─┬ espree@6.1.2
└── acorn@7.1.0 hcharts-demo@0.2.1
├─┬ @vue/cli-plugin-babel@4.1.2
│ ├─┬ @babel/core@7.7.7
│ │ └─┬ json5@2.1.1
│ │ └── minimist@1.2.0 deduped
│ └─┬ babel-loader@8.0.6
│ └─┬ loader-utils@1.2.3
│ └─┬ json5@1.0.1
│ └── minimist@1.2.0 deduped
└─┬ @vue/cli-service@4.1.2
├─┬ cli-highlight@2.1.4
│ └─┬ highlight.js@9.17.1
│ └─┬ handlebars@4.6.0
│ └─┬ optimist@0.6.1
│ └── minimist@0.0.10
├── minimist@1.2.0
└─┬ webpack-dev-server@3.10.1
└─┬ chokidar@2.1.8
└─┬ fsevents@1.2.9
└─┬ node-pre-gyp@0.12.0
├─┬ mkdirp@0.5.1
│ └── minimist@0.0.8
└─┬ rc@1.2.8
└── minimist@1.2.0
Upgrade minimist to version 1.2.2 or later. Upgrade acorn to version 5.7.4 or later.
GHSA-7fhm-mqm4-2wp7 moderate severity
There are high severity security vulnerabilities in two of ESLint's dependencies:
The releases 1.8.3 and lower of svjsl (JSLib-npm) are vulnerable, but only if installed in a developer environment. A patch has been released (v1.8.4) which fixes these vulnerabilities.
Edit: Apparently not only dependent repositories of svjsl got this security advisory, but anyone who uses the packages acorn and minimist. To those people: You don't need to install my package, just make sure to follow the advisories here and here.
Identifiers: CVE-2020-7598 SNYK-JS-ACORN-559469 (doesn't have a CVE identifier)