Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade ESLint and Jest for dependencies vulnerabilities #73

Closed
louistiti opened this issue Apr 3, 2019 · 3 comments
Closed

Upgrade ESLint and Jest for dependencies vulnerabilities #73

louistiti opened this issue Apr 3, 2019 · 3 comments
Labels
improvement Indicates improvements without being features.
Milestone
1.0.0-beta.2

Comments

@louistiti
Copy link
Member

Expected Behavior

No vulnerabilities caused by js-yaml.

Actual Behavior

js-yaml is having a DoS vulnerability.

Proposal

Upgrade ESLint and Jest.
@louistiti louistiti added the improvement Indicates improvements without being features. label Apr 3, 2019
@louistiti louistiti added this to the 1.0.0-beta.2 milestone Apr 3, 2019
@louistiti
Copy link
Member Author

⬆️ [1.0.0-beta.2] ESLint and Jest for dependencies vulnerabilities

@louistiti
Copy link
Member Author

louistiti commented Apr 4, 2019
edited

ESLint has been upgraded via 26b58db.

IstanbulJS bumped the js-yaml version but now we are waiting for Jest to upgrade their Istanbul API to the latest version as they are using the 2.1.1 currently.

@louistiti
Copy link
Member Author

I updated the npm lock file (package-lock.json) in 26d0d61. It is now fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement Indicates improvements without being features.
Projects
None yet
Milestone
1.0.0-beta.2
Development

No branches or pull requests
1 participant
@louistiti