Npm audit js-yaml HIgh vulnerability #8338

ghost · 2019-04-17T10:44:46Z

High	Code Injection
Package	js-yaml
Dependency of	jest
Path	jest > jest-cli > @jest/core > @jest/reporters > istanbul-api > js-yaml
More info	https://npmjs.com/advisories/813

SimenB · 2019-04-17T11:34:04Z

Report it to istanbul, this is transitive for jest (but note that istanbul-api is gonna be deprecated (istanbuljs/istanbuljs#321))

coreyfarrell · 2019-04-22T17:04:28Z

Also note that istanbul-api depends on js-yaml ^3.13.0 which allows the non-vulnerable version to be installed so the issue is likely that your package-lock.json or yarn.lock needs to be regenerated.

ghost · 2019-04-23T01:17:12Z

Okay, thank you.

github-actions · 2021-05-12T00:06:04Z

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Please note this issue tracker is not a help forum. We recommend using StackOverflow or our discord channel for questions.

ghost added Bug Report Needs Repro Needs Triage labels Apr 17, 2019

SimenB closed this as completed Apr 17, 2019

jrhender mentioned this issue Jun 5, 2019

Fix vulnerabilities jrhender/Jinder#4

Open

manusa mentioned this issue Jun 20, 2019

Security alert: js-yaml manusa/isotope-mail#312

Closed

github-actions bot locked as resolved and limited conversation to collaborators May 12, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Npm audit js-yaml HIgh vulnerability #8338

Npm audit js-yaml HIgh vulnerability #8338

ghost commented Apr 17, 2019

SimenB commented Apr 17, 2019

coreyfarrell commented Apr 22, 2019

ghost commented Apr 23, 2019

github-actions bot commented May 12, 2021

Npm audit js-yaml HIgh vulnerability #8338

Npm audit js-yaml HIgh vulnerability #8338

Comments

ghost commented Apr 17, 2019

SimenB commented Apr 17, 2019

coreyfarrell commented Apr 22, 2019

ghost commented Apr 23, 2019

github-actions bot commented May 12, 2021