Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security alert eslint-utils #932

Closed
NicoAiko opened this issue Sep 1, 2019 · 1 comment · Fixed by #916
Closed

Security alert eslint-utils #932

NicoAiko opened this issue Sep 1, 2019 · 1 comment · Fixed by #916
Labels
dependencies Issue about dependencies of the package has pr there is a PR raised to close this package: parser Issues related to @typescript-eslint/parser

Comments

@NicoAiko
Copy link

NicoAiko commented Sep 1, 2019

Dear repository contributors,

today I got an email by GitHub that one of my dependencies is vulnerable and thus should be updated.

I took a look and found out that @typescript-eslint/parser uses v1.3.1 of eslint-utils which has been found vulnerable.

Please update it to at least v1.4.1 as that version fixed the vulnerability.

Thanks!
@NicoAiko NicoAiko added package: parser Issues related to @typescript-eslint/parser triage Waiting for team members to take a look labels Sep 1, 2019
@bradzacher
Copy link
Member

bradzacher commented Sep 1, 2019
edited
Loading

We get the same security alerts on github.
See #916

I wouldn't be worried about it.
We are a dev-only package with a very small interface. This makes it very hard, if not impossible to "take advantage of" any security issues.

@bradzacher bradzacher added dependencies Issue about dependencies of the package has pr there is a PR raised to close this and removed triage Waiting for team members to take a look labels Sep 1, 2019
@kevinmarrec kevinmarrec mentioned this issue Sep 2, 2019
Merged
@bradzacher bradzacher mentioned this issue Sep 2, 2019
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
dependencies Issue about dependencies of the package has pr there is a PR raised to close this package: parser Issues related to @typescript-eslint/parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: support typescript 3.6 typescript-eslint/typescript-eslint
2 participants
@bradzacher @NicoAiko