Update eslint dependency

[ethikz]

Bug report

Vuepress is using a version of eslint that has been compromised. "eslint": "4.19.1" requires "eslint-scope": "^3.7.1", and the versions with issues are 3.7.2, 3.7.3.

TLDR; eslint-scope: 3.7.2, 3.7.3 This version contained apparently malicious code that attempted to steal npm login tokens

Version

0.12.0

Steps to reproduce

As reported, a way to fix it is to pin the version to eslint-scope: 3.7.1 but since eslint: 4.19.1 doesn't have it pinned in that version that isn't achievable.

You can view the actual bug report eslint/eslint-scope#39.

What is expected?

An update to a version of eslint where they updated eslint-scope which is https://github.com/eslint/eslint/releases/tag/v5.0.0

What is actually happening?

Using Vuepress on Gitlab and having an exclude pattern on a privately hosted Gitlab causes npm to fail to install packages.

Other relevant information

• Your OS: OSX 10.12.6
• Node.js version: v8.10.0
• Browser version: N/A
• Is this a global or local install? Both
• Which package manager did you use for the install? NPM

[ethikz]

https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes

Apparently 3.7.2 has been unpublished and 3.7.3 has the code from 3.7.1 so this is a non-issue

My apologies