Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability: Insufficient Granularity of Access Control in JSDom #1158

Open
bennycode opened this issue Oct 12, 2022 · 0 comments
Open

Security Vulnerability: Insufficient Granularity of Access Control in JSDom #1158

bennycode opened this issue Oct 12, 2022 · 0 comments

Comments

@bennycode
Copy link

bennycode commented Oct 12, 2022
edited

Current Behavior

TSDX depends on Jest v27 (latest is v29) and this Jest version has a transitive dependency to jsdom v15.2.1 which has a security vulnerability (CVE-2021-20066).

Expected behavior

TSDX shipping without vulnerable dependencies (jsdom v16.5.0 and above).

Suggested solution(s)

Update Jest in tsdx.

Additional context

Dependency Chain:

  • tsdx#jest#jest-cli#jest-config#jest-environment-jsdom#jsdom

Your environment

  System:
    OS: Windows 10 10.0.19043
    CPU: (8) x64 Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
    Memory: 4.08 GB / 15.79 GB
  Binaries:
    Node: 18.7.0 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.19 - C:\dev\projects\southpolecarbon\dcs-compensate\node_modules\.bin\yarn.CMD
    npm: 8.15.0 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (106.0.1370.42)
    Internet Explorer: 11.0.19041.1566
  npmPackages:
    typescript: 4.8.3 => 4.8.3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bennycode