Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jest-enzyme: vulnerability related to unset-value #369

Open
umeshshimpi opened this issue Apr 28, 2022 · 1 comment
Open

jest-enzyme: vulnerability related to unset-value #369

umeshshimpi opened this issue Apr 28, 2022 · 1 comment

Comments

@umeshshimpi
Copy link

We are seeing vulnerability in jest-enzyme version 7.1.2 which is using unset-value@1.0.0
The fix for this is to upgrade unset-value to 2.0.1
https://security.snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
here's the dependency tree:
└─┬ jest-enzyme@7.1.2 └─┬ jest-environment-enzyme@7.1.2 └─┬ jest-environment-jsdom@24.9.0 └─┬ @jest/environment@24.9.0 └─┬ @jest/transform@24.9.0 └─┬ micromatch@3.1.10 └─┬ snapdragon@0.8.2 └─┬ base@0.11.2 └─┬ cache-base@1.0.1 └── unset-value@1.0.0

Can you help with this please?
@ljharb
Copy link
Member

ljharb commented Apr 28, 2022

Prototype pollution isn't really an attack vector when it's in your test framework - anyone who has the authority to write tests already can do far more dangerous things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ljharb @umeshshimpi