Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in old Mocha #2

Closed
ain opened this issue Jun 24, 2018 · 1 comment
Closed

Vulnerability in old Mocha #2

ain opened this issue Jun 24, 2018 · 1 comment

Comments

@ain
Copy link
Contributor

ain commented Jun 24, 2018 

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimatch                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > glob > minimatch                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/118                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
@doowb doowb closed this as completed in 4360644 Jun 24, 2018
doowb added a commit that referenced this issue Jun 24, 2018
@doowb
Merge pull request #3 from ain/upgrade-mocha
4e1f376 
Resolve #2, vulnerability in old Mocha version
@jonschlinkert
Copy link
Owner

Please don't create any more issues related to these. Create issues in the libraries that are causing the issues. Mocha should release a patch for older versions. We shouldn't need to bump deps to fix a security issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ain @jonschlinkert