npm vulnerability: `minimist` #8722

bsclifton · 2020-03-17T16:36:11Z

Description

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ jest [dev]                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ jest > @jest/core > jest-runner > jest-jasmine2 >            │
│               │ jest-runtime > @jest/transform > jest-haste-map > sane >     │
│               │ @cnakazawa/watch > minimist                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Steps to Reproduce

Have full setup of Brave
run npm run audit_deps from root
have a bad time


        Fix npm package vulnerabilities

Helps fix brave/brave-browser#8722 - Rebuild `package-lock.json` after deleting and running `npm i` - use `optional-dev-dependency` to avoid dev dependency introduced vulnerabilities - update parse-domain to use a fork (brave/parse-domain) which has fixed dependencies


        Introduce `npm-force-resolutions` dependency to help resolve npm audi…

…t vulnerabilities Helps to fix brave/brave-browser#8722


        Introduce `npm-force-resolutions` dependency to help resolve npm audi…

…t vulnerabilities Helps to fix brave/brave-browser#8722


        Introduce `npm-force-resolutions` dependency to help resolve npm audi…

…t vulnerabilities Helps to fix brave/brave-browser#8722


        Introduce `npm-force-resolutions` dependency to help resolve npm audi…

…t vulnerabilities Helps to fix #8722


        Adds npm-force-resolutions dependency

Partially resolves brave/brave-browser#8722


        Introduce `npm-force-resolutions` dependency to help resolve npm audi…

…t vulnerabilities Helps to fix brave/brave-browser#8722


        Introduce `npm-force-resolutions` dependency to help resolve npm audi…

…t vulnerabilities Helps to fix #8722


        Introduce `npm-force-resolutions` dependency to help resolve npm audi…

…t vulnerabilities Helps to fix brave/brave-browser#8722


        Introduce `npm-force-resolutions` dependency to help resolve npm audi…

…t vulnerabilities Helps to fix brave/brave-browser#8722


        Rebuild package-lock.json to fix npm audit errors

Fixes #8722

bsclifton · 2020-03-24T21:01:55Z

Should be completely resolved with brave/brave-core#5013 and #8788


        Update npm deps for 1.7

Fixes brave/brave-browser#8722 for 1.7


        Update npm deps for 1.7

Fixes #8722 for 1.7 (`brave-browser`)


        Update npm deps for 1.7

Fixes brave/brave-browser#8722 for 1.7 (`brave-core`)

bsclifton added the dev-concern label Mar 17, 2020

bsclifton added this to the 1.8.x - Nightly milestone Mar 17, 2020

This was referenced Mar 17, 2020

Fixed rewards settings page behaviour after reset rewards (uplift to 1.7.x) brave/brave-core#4965

Merged

Fixed rewards settings page behaviour after reset rewards (uplift to 1.5.x) brave/brave-core#4966

Merged

bsclifton closed this in 4fccad7 Mar 17, 2020

bsclifton mentioned this issue Mar 17, 2020

Resolve npm vulnerabilities (part 1 of 3) #8724

Merged

6 of 29 tasks complete

bsclifton reopened this Mar 17, 2020

bsclifton mentioned this issue Mar 18, 2020

WIP: Resolve npm vulnerabilities (part 3 of 3) #4977

Closed

8 of 32 tasks complete

bsclifton added a commit to brave/brave-core that referenced this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audi…

Loading status checks…

7bf2fdc

…t vulnerabilities Helps to fix brave/brave-browser#8722

bsclifton added a commit to brave/sync that referenced this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audi…

Loading status checks…

13e6b9c

…t vulnerabilities Helps to fix brave/brave-browser#8722

bsclifton added a commit to brave/sync that referenced this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audi…

Loading status checks…

372fe7d

…t vulnerabilities Helps to fix brave/brave-browser#8722

This was referenced Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audit vulnerabilities brave/sync#374

Merged

Introduce `npm-force-resolutions` dependency to help resolve npm audit vulnerabilities brave/sync#375

Merged

bsclifton added QA/No release-notes/exclude labels Mar 18, 2020

bsclifton added a commit that referenced this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audi…

Loading status checks…

54cb764

…t vulnerabilities Helps to fix #8722

bsclifton mentioned this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audit vulnerabilities #8735

Closed

2 of 29 tasks complete

bsclifton self-assigned this Mar 18, 2020

ryanml added a commit to brave/brave-core that referenced this issue Mar 18, 2020

Adds npm-force-resolutions dependency

6a0ddbf

Partially resolves brave/brave-browser#8722

bsclifton added a commit to brave/brave-core that referenced this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audi…

Loading status checks…

e0424d6

…t vulnerabilities Helps to fix brave/brave-browser#8722

bsclifton added a commit that referenced this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audi…

Loading status checks…

492815e

…t vulnerabilities Helps to fix #8722

bsclifton added a commit to brave/sync that referenced this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audi…

Loading status checks…

fac6066

…t vulnerabilities Helps to fix brave/brave-browser#8722

bsclifton added a commit to brave/sync that referenced this issue Mar 18, 2020

Introduce `npm-force-resolutions` dependency to help resolve npm audi…

Loading status checks…

fb336a7

…t vulnerabilities Helps to fix brave/brave-browser#8722

bsclifton added a commit that referenced this issue Mar 24, 2020

Rebuild package-lock.json to fix npm audit errors

Loading status checks…

938e733

Fixes #8722

bsclifton assigned cezaraugusto Mar 24, 2020

bsclifton closed this in #8788 Mar 24, 2020

bsclifton added a commit to brave/brave-core that referenced this issue Mar 31, 2020

Update npm deps for 1.7

78398b7

Fixes brave/brave-browser#8722 for 1.7

bsclifton added a commit that referenced this issue Mar 31, 2020

Update npm deps for 1.7

Loading status checks…

de15d61

Fixes #8722 for 1.7 (`brave-browser`)

bsclifton added a commit to brave/brave-core that referenced this issue Mar 31, 2020

Update npm deps for 1.7

Loading status checks…

ea2de73

Fixes brave/brave-browser#8722 for 1.7 (`brave-core`)

This was referenced Mar 31, 2020

Fix npm audit vulnerabilities for 1.7.x brave/brave-core#5115

Closed

Fix npm audit vulnerabilities for 1.7.x #8940

Closed

brave / brave-browser

npm vulnerability: `minimist` #8722

npm vulnerability: `minimist` #8722

bsclifton commented Mar 17, 2020

bsclifton commented Mar 24, 2020

brave / brave-browser

Join GitHub today

npm vulnerability: `minimist` #8722

npm vulnerability: `minimist` #8722

Comments

bsclifton commented Mar 17, 2020

Description

Steps to Reproduce

bsclifton commented Mar 24, 2020