You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
builder uses mocha@5.2.0 which uses mkdirp@0.5.1 which uses minimist@0.0.8. When I uploaded my newly buidler'd repo to GitHub, I received this complaint about a critical security vulnerability.
Discovered this during the Hack Money hackathon.
builder uses mocha@5.2.0 which uses mkdirp@0.5.1 which uses minimist@0.0.8. When I uploaded my newly buidler'd repo to GitHub, I received this complaint about a critical security vulnerability.
Details here: GHSA-vh95-rmgr-6w4m
Perhaps this could be fixed by updating to mocha@7.1.2, which updates mkdirp to v.0.5.5?
Looks like mkdirp is getting the boot from mocha@8.0.0 (they discuss the vulnerability here): mochajs/mocha#4199
The text was updated successfully, but these errors were encountered: