Skip to content

Update [email protected] to [email protected] because of dependency vulnerability #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
szaboge opened this issue Mar 12, 2020 · 3 comments
Closed

Update [email protected] to [email protected] because of dependency vulnerability #61

szaboge opened this issue Mar 12, 2020 · 3 comments

Comments

@szaboge
Copy link

szaboge commented Mar 12, 2020

Need to update mkdirp dependency, because of 0.5.1 version's dependency affected prototype pollution.

snyk detected the vulnerability.

Issues with no direct upgrade or patch:
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/SNYK-JS-MINIMIST-559764] in [email protected]
    introduced by [email protected] > [email protected] > [email protected] and 6 other path(s)
  This issue was fixed in versions: 1.2.2

https://snyk.io/vuln/SNYK-JS-MINIMIST-559764

Please upgrade mkdirp to 1.0.3, what no use minimists.
@szaboge
Copy link
Author

szaboge commented Mar 12, 2020
edited
Loading 

    - codeceptjs-resemblehelper > canvas > node-pre-gyp > rc > minimist
    - codeceptjs-resemblehelper > resemblejs > canvas > node-pre-gyp > rc > minimist
    - node-pre-gyp > rc > minimist
    - mkdirp > minimist
    - codeceptjs-resemblehelper > mkdirp > minimist
    - node-pre-gyp > mkdirp > minimist
    - node-pre-gyp > tar > mkdirp > minimist
    - codeceptjs-resemblehelper > canvas > node-pre-gyp > mkdirp > minimist
    - codeceptjs-resemblehelper > canvas > node-pre-gyp > tar > mkdirp > minimist
    - codeceptjs-resemblehelper > resemblejs > canvas > node-pre-gyp > mkdirp > minimist
    - codeceptjs-resemblehelper > resemblejs > canvas > node-pre-gyp > tar > mkdirp > minimist```

Update canvas and resemblejs too.

@puneet0191
Copy link
Member

@szaboge Thanks a lot, will update it.

@puneet0191 puneet0191 mentioned this issue Apr 26, 2020
Merged
@puneet0191
Copy link
Member

Should be fixed, please try latest version, report back if you find any issues, thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@puneet0191 @szaboge