[eslint config] [base] remove unneeded eslint version check#2503
[eslint config] [base] remove unneeded eslint version check#2503ljharb merged 1 commit intoairbnb:masterfrom
Conversation
ljharb
left a comment
ljharb
left a comment
There was a problem hiding this comment.
Thanks, the breaking change was unfortunate.
|
We should release this change as 15.0.1 to solve GHSA-c2qf-rxjj-qqgw |
|
That isn’t actually a vulnerability here, and we’re on v19 - we won’t be backporting anything to v15. |
|
@ljharb Sorry I was referring to the package https://www.npmjs.com/package/eslint-config-airbnb-base, not https://www.npmjs.com/package/eslint-config-airbnb, it hasn't a v19 release, right? |
|
aha, yes, you're correct :-) whenever the next version goes out of the base package, this will indeed be included. however, this isn't a real vulnerability, because we're passing a hardcoded string into semver.satisfies, AND because we're not using |
|
@ljharb Ok, no problem. I like fixing CVE alerts even if they are false positive so the CI doesn't block my releases. In the meanwhile I'll just load my package from master. |
|
I strongly discourage doing that; there's no guarantee everything will work. If your CI is blocking releases on false positive CVEs, i'd invite you to consider that it's not actually making your project more secure, but less. |
|
@ljharb Agree to disagree :) |
3 participants
As eslint < 7 is dropped in #2495 :)