jest-environment-enzyme has vulnerability in dependencies

[serhiyzablotskiy]

Hi. I have an issue with dependencies of jest-environment-enzyme.
In the latest version 7.0.1 there is dependency from jest-environment-jsdom@^22.4.1.
And this version of jest-environment-jsdom is deeply dependent from the braces package.
Here is reported vulnerability in braces package in versions earlier then v2.3.1 https://www.npmjs.com/advisories/786.
But jest-environment-jsdom@^22.4. refers to [braces] version before 2.3.1.
Here is my dependencies tree:
https://cl.ly/37ce31a3e08c.

This issue is fixed in jest-environment-jsdom v23.4.0 and higher.

Can you use jest-environment-jsdom v23.4.0 and higher?

[tgaff]

I spent a little time looking into this today.
Jumping to jest-environment-jsdom 23 doesn't quite work because they rolled back braces here:
jestjs/jest#6661

So I tried jumping to version 24.x here: https://github.com/tgaff/enzyme-matchers/tree/fix_braces_security_warning