-
Notifications
You must be signed in to change notification settings - Fork 532
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerability in eslint < 4.18.2 #1288
Comments
Isn't eslint a dev dependency? Why is that appearing in the dep tree when installing sass-lint in other projects? |
@anthonydillon It is in develop, so it seems, but not in the latest stable release: https://github.com/sasstools/sass-lint/blob/v1.13.1/package.json#L32 |
@Jelle-S thanks, is there a plan to do a release soon? |
I have no idea, since I'm not a maintainer of this project ;) Tagging the most active contributors: |
|
Hey guys, will it be possible to get the lib updated? Thank you :) |
@srowhani @DanPurdy Can we get one of you to take a look at this? I think, if there's no breaking changes, backporting the latest Additionally, given what I see occurred with v1.13.0, can we open another issue to actually indicate who the current maintainers of this repo are in the README? |
hi all unfortunately eslint in v1 is a dependency due to sass-lint directly using its formatters. A major update for them 'could' be a major update for sass-lint and iirc there were issues around it when tested but it has been a while... Unfortunately this project has been pretty much dead for 2 years (since October 2017) bar the unfortunate broken release, the work in the develop branch is as yet unfinished v2 which removes this need for eslint but its not near a ready state to be released and there's as yet no plans to finish it i'm afraid. |
This would explain #1324 |
Came here due to GitHub's security alert on |
Security vulnerability warning from Github today. This would be a major update to sass-lint's dependencies. I'm not sure how the repo owner would like to proceed.
The text was updated successfully, but these errors were encountered: