Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Security Vulnerability: Insufficient Granularity of Access Control in JSDom #1158

Open
bennycode opened this issue Oct 12, 2022 · 0 comments
Open

Security Vulnerability: Insufficient Granularity of Access Control in JSDom #1158

bennycode opened this issue Oct 12, 2022 · 0 comments

Comments

@bennycode
Copy link

bennycode commented Oct 12, 2022
edited
Loading

Current Behavior

TSDX depends on Jest v27 (latest is v29) and this Jest version has a transitive dependency to jsdom v15.2.1 which has a security vulnerability (CVE-2021-20066).

Expected behavior

TSDX shipping without vulnerable dependencies (jsdom v16.5.0 and above).

Suggested solution(s)

Update Jest in tsdx.

Additional context

Dependency Chain:

  • tsdx#jest#jest-cli#jest-config#jest-environment-jsdom#jsdom

Your environment

  System:
    OS: Windows 10 10.0.19043
    CPU: (8) x64 Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
    Memory: 4.08 GB / 15.79 GB
  Binaries:
    Node: 18.7.0 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.19 - C:\dev\projects\southpolecarbon\dcs-compensate\node_modules\.bin\yarn.CMD
    npm: 8.15.0 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (106.0.1370.42)
    Internet Explorer: 11.0.19041.1566
  npmPackages:
    typescript: 4.8.3 => 4.8.3
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bennycode