Update rimraf (CWE-772) #506

w3nl · 2023-12-06T10:20:00Z

Version: 20.10.0
Platform: Linux tux 6.5.0-14-generic #14-Ubuntu SMP PREEMPT_DYNAMIC Tue Nov 14 14:59:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 23.10)

Rimraf is outdated, and because C8 use an old version, we receive vulnerability issues.
Inflight has a CWE issue, that is an indirect dependency of this package.

rimraf@3.0.2 › glob@7.2.3 › inflight@1.0.6

https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
https://cwe.mitre.org/data/definitions/772.html

In rimraf 4 this is already solved, by removing glob as a dependency:
https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md

The text was updated successfully, but these errors were encountered:

bcoe · 2024-01-02T21:17:53Z

@w3nl let's just drop Node 12 support and pick a minimum engine that supports fs.rm.

bcoe · 2024-01-02T21:19:16Z

@w3nl want to update your CL accordingly, I can merge after.

w3nl · 2024-01-03T07:51:32Z

@bcoe
fs.rm is added in Node 14.14.0
https://nodejs.org/api/fs.html#fsrmpath-options-callback

w3nl changed the title ~~Update rimraf~~ Update rimraf (CWE-772) Dec 6, 2023

w3nl mentioned this issue Dec 18, 2023

fix(deps): update dependency rimraf to v5 - autoclosed #464

Closed

1 task

w3nl mentioned this issue Jan 3, 2024

chore(deps): Remove rimraf #509

Merged

bcoe closed this as completed in #509 Jan 3, 2024

morganney mentioned this issue May 26, 2024

test-exclude pulling in vulnerability from inflight. #529

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update rimraf (CWE-772) #506

Update rimraf (CWE-772) #506

w3nl commented Dec 6, 2023 •

edited

Loading

bcoe commented Jan 2, 2024

bcoe commented Jan 2, 2024

w3nl commented Jan 3, 2024

Update rimraf (CWE-772) #506

Update rimraf (CWE-772) #506

Comments

w3nl commented Dec 6, 2023 • edited Loading

bcoe commented Jan 2, 2024

bcoe commented Jan 2, 2024

w3nl commented Jan 3, 2024

w3nl commented Dec 6, 2023 •

edited

Loading