Fix CVE-2020-7598 #4917
Comments
Quick reference: GHSA-7fhm-mqm4-2wp7
Is it? There aren't any security vulnerabilities posted to TSLint right now. https://github.com/palantir/tslint/security/advisories If there are, accepting PRs to fix for them. Until then, I don't believe there's any action that needs to be taken? (we don't depend on |
@JoshuaKGoldberg that is weird. TSLint has |
It's possible that only devDependency versions are affected. Or, GitHub is still processing the alert, and we haven't gotten it yet 😄 |
It looks like EDIT: It actually looks like the latest version (1.0.0+) of |
FYI:
|
Excellent, thanks for the additional info folks! Accepting PRs to bump to a version of |
Note that mkdirp 1.0.0 requires The right solution is probably to update mkdirp to 0.5.3 first and make a minor version bump. You might consider a major version cump to update to mkdirp 1.x, but you'd need to move engine to |
That is... quite far back, and probably no longer true in practice 😬. Amusing. Per https://www.npmjs.com/package/mkdirp#platform-support:
We can take a dependency on the unofficial v8 support decision, for those same reasons. |
I just opened a PR before seeing this. I can switch to 1.x and increase node version if you think that's preferable. |
0.5.3 works too! So long as minimist is updated. |
@adidahiya are you going to release a new version with the fix for this? |
If you delete your lockfile and minimist + mkdirp in |
just released 6.1.1 |
🤖 Beep boop! 👉 TSLint is deprecated 👈 and you should switch to typescript-eslint! 🤖 🔒 This issue is being locked to prevent further unnecessary discussions. Thank you! 👋 |
TSLint is also affected just like ESLint (eslint/eslint#13050).
The text was updated successfully, but these errors were encountered: