Vulnerability in minimist, need to upgrade to latest version #4921

jlcard · 2020-04-02T16:14:23Z

tslint.5.17.0 (https://www.nuget.org/packages/tslint/5.17.0) includes minimist module version 0.0.8 which has a vulnerability.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7598
Can you please release a new version of tslint with upgraded minimist to latest version (1.2.5) (https://www.npmjs.com/package/minimist)

JoshuaKGoldberg · 2020-04-02T16:23:18Z

Oh, that's right, we never did resolve #1017. I can do this soon for the 6.X line.

jlcard · 2020-04-02T16:29:33Z

Once fixed, can you please publish to https://www.nuget.org/ too?

JoshuaKGoldberg · 2020-04-03T03:10:00Z

To be clear @jlcard this was actually fixed in #4917. You're just looking at an old version of TSLint. 6.1.1 is the current.

This issue is exclusively for publishing a new version to nuget.org.

JoshuaKGoldberg · 2020-04-03T03:30:39Z

All right, 6.1.1 is published on the NuGet Gallery: https://www.nuget.org/packages/tslint/

It's also correctly noted there as deprecated. We should all switch to typescript-eslint per #4534. Cheers!

JoshuaKGoldberg · 2020-09-15T19:32:17Z

🤖 Beep boop! 👉 TSLint is deprecated 👈 and you should switch to typescript-eslint! 🤖

🔒 This issue is being locked to prevent further unnecessary discussions. Thank you! 👋

JoshuaKGoldberg self-assigned this Apr 2, 2020

JoshuaKGoldberg added security Status: Accepting PRs labels Apr 2, 2020

JoshuaKGoldberg closed this as completed Apr 3, 2020

palantir locked and limited conversation to collaborators Sep 15, 2020

Provide feedback