You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The lisk-desktop application uses electron version 17.2.0 which reached end of life in August 2022, as can be seen in electron's versions timeline. At the time of this writing the latest electron version is 25.0.0. By running an old electron version, lisk-desktop is also running an old Chromium version. The latest version of chromium is M114, but lisk-desktop uses version M98, a version released in February 2022 that contains several known vulnerabilities (1-days). Besides lisk-desktop the desktop application also contains several other vulnerable dependencies. Running npm audit yields 20 high, 109 moderate and 3 low severity vulnerabilities. We did not assess if these vulnerabilities impact lisk-desktop.
There are other dependencies that are outdated as well.
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
jsdom <=16.4.0
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
This vulnerability comes from the latest version of jest-enzyme.
![image](https://user-images.githubusercontent.com/8784876/201142072-8e9ece89-5af4-4e0a-b2a5-ee3f11955b63.png)
Description
The lisk-desktop application uses electron version 17.2.0 which reached end of life in August 2022, as can be seen in electron's versions timeline. At the time of this writing the latest electron version is 25.0.0. By running an old electron version, lisk-desktop is also running an old Chromium version. The latest version of chromium is M114, but lisk-desktop uses version M98, a version released in February 2022 that contains several known vulnerabilities (1-days). Besides lisk-desktop the desktop application also contains several other vulnerable dependencies. Running npm audit yields 20 high, 109 moderate and 3 low severity vulnerabilities. We did not assess if these vulnerabilities impact lisk-desktop.
There are other dependencies that are outdated as well.
Acceptance Criteria
Upgrade to [email protected]
Upgrade to [email protected]
Upgrade to [email protected]
The text was updated successfully, but these errors were encountered: