-
Notifications
You must be signed in to change notification settings - Fork 632
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update chokidar to current version #1260
Comments
@fdintino Please look into the issue. The chokidar has been upgraded to 3.x versions. |
@eklingen I have seen you raised a PR for the same. Can you please escalate it to get it merged sooner? |
Hello, I haven't seen any activity for the same. |
It appears snyk have now published this with a POC https://app.snyk.io/test/npm/nunjucks/3.2.0 |
I will update this today. |
Linking PR #1254 |
there is again a security issue with snyk and chokidar |
chokidar is a peer dependency, it is not lock end user from manually update their chokidar dependency |
The chokidar is an optional dependency yet it is on 2.* version which involves vulnerability of kind-of package as follows :
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Please upgrade the version to the latest.
The text was updated successfully, but these errors were encountered: