ESLint v6.2.1 released
by Kai Cataldo - 20 August 2019We just pushed ESLint v6.2.1, which is a patch release upgrade of ESLint. This release fixes several bugs found in the previous release.
This release includes a security fix in the eslint-utils
package, which is a dependency of ESLint. The security issue affects users that run ESLint on untrusted source code (e.g. servers that lint the user's project as a service). By taking advantage of a bug in a certain piece of analysis, a user could supply malicious source text that causes arbitrary code to be executed in the linting process.
- This issue affects versions of
eslint-utils
between v1.2.0 and v1.4.0. - ESLint versions between v5.3.0 and v6.2.0 are potentially vulnerable (their allowed dependencies include vulnerable
eslint-utils
versions). However, these versions of ESLint can still be used safely if theeslint-utils
dependency is updated to the latest version (e.g. by updatingeslint-utils
in a lockfile, or purgingnode_modules
and reinstalling). - ESLint v6.2.1 is not vulnerable to the issue.
Documentation
4aeeeed
Docs: update docs for ecmaVersion 2020 (#12120) (silverwind)6886148
Docs: Add duplicate keys limitation to accessor-pairs (#12124) (Milos Djermanovic)