Potentially update `acorn` to match latest `webpack`

[dcousineau]

Issue description

I recently encountered webpack/webpack#8656 during an upgrade where, due to an NPM bug, the wrong version of acorn "wins" and breaks webpack. Running npm ls acorn shows the "winner" of the hoisting being webpack-bundle-analyzer (which I have in devDeps to make analyzing and testing easier).

The npm update acorn --depth 20 && npm dedupe solution does not work in this case, however manually installing via npm install --save-dev acorn@latest worked.

Since webpack-bundle-analyzer is used rarely (only when manually invoked) I may be moving forward by removing it from my package.json, which is probably best practice anyways. I simply wanted to file the issue to add more info/color if anyone else encounters this when they upgrade their webpack.

Technical info

• Webpack Bundle Analyzer version: 3.0.3
• Webpack version: 4.29.0
• Node.js version: 10.14.1
• npm/yarn version: npm 6.7.0
• OS: macOS 10.14.3

Debug info

Actual functionality of the tool is unaffected

[valscion]

So should we allow the acorn dependency to get the same version as webpack is using? Or should we bump it to the same version?

I.e. would this kind of change suffice, given everything would still work?

   ],
   "dependencies": {
-    "acorn": "^5.7.3",
+    "acorn": "^5.7.3 || ^6.0.5",
     "bfj": "^6.1.1",