Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential security vulnerability: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) #37

Closed
walro opened this issue Mar 16, 2020 · 1 comment · Fixed by #38
Closed

Potential security vulnerability: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) #37

walro opened this issue Mar 16, 2020 · 1 comment · Fixed by #38
Labels
security

Comments

@walro
Copy link
Contributor

walro commented Mar 16, 2020

See GHSA-7fhm-mqm4-2wp7

For us it's due to the use of minimist which is a dependency of mkdirp which is a dependency of mocha

Mocha will likely soon remove mkdirp, see mochajs/mocha#4200
@walro walro added the security label Mar 16, 2020
@walro
Copy link
Contributor Author

walro commented Mar 20, 2020

Mocha released 7.1.1 which also fixes this by updating mkdirp.

walro added a commit that referenced this issue Mar 20, 2020
@walro
Update to Mocha 7.1.1
c10f9f7 
Usage of mocha.opts has been deprecated, spec is also already the standard reporter.

Close #37
@walro walro mentioned this issue Mar 20, 2020
Merged
@walro walro closed this as completed in #38 Mar 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update to Mocha 7.1.1 twingly/twingly-search-api-node
1 participant
@walro