Published under Release Notes

ESLint v6.2.1 released

We just pushed ESLint v6.2.1, which is a patch release upgrade of ESLint. This release fixes several bugs found in the previous release.

This release includes a security fix in the eslint-utils package, which is a dependency of ESLint. The security issue affects users that run ESLint on untrusted source code (e.g. servers that lint the user’s project as a service). By taking advantage of a bug in a certain piece of analysis, a user could supply malicious source text that causes arbitrary code to be executed in the linting process.

  • This issue affects versions of eslint-utils between v1.2.0 and v1.4.0.
  • ESLint versions between v5.3.0 and v6.2.0 are potentially vulnerable (their allowed dependencies include vulnerable eslint-utils versions). However, these versions of ESLint can still be used safely if the eslint-utils dependency is updated to the latest version (e.g. by updating eslint-utils in a lockfile, or purging node_modules and reinstalling).
  • ESLint v6.2.1 is not vulnerable to the issue.

文档

🌐 Documentation

Dependency Upgrades

Kai Cataldo
ESLint Alumnus

💻 🎺 🎮 ⌨️ 🐕 • he/him

来自博客

最新的 ESLint 新闻、案例研究、教程和资源。

查看所有帖子
ESLint v10.3.0 发布
Release Notes 1 min read

ESLint v10.3.0 发布

我们刚刚发布了 ESLint v10.3.0,这是 ESLint 的一次小版本升级。此版本添加了一些新功能,并修复了上一版本中发现的几个错误。

Milos Djermanovic
ESLint v10.2.1 发布
Release Notes 1 min read

ESLint v10.2.1 发布

我们刚刚发布了 ESLint v10.2.1,这是 ESLint 的一个补丁版本升级。本次发布修复了上一版本中发现的几个错误。

Francesco Trotta
ESLint v10.2.0 发布
Release Notes 2 min read

ESLint v10.2.0 发布

我们刚刚发布了 ESLint v10.2.0,这是 ESLint 的一次小版本升级。此版本添加了一些新功能,并修复了上一版本中发现的几个错误。

Francesco Trotta