Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies with critical security flaws #2

Open
dmwelch opened this issue Apr 22, 2020 · 2 comments
Open

Update dependencies with critical security flaws #2

dmwelch opened this issue Apr 22, 2020 · 2 comments

Comments

@dmwelch
Copy link

dmwelch commented Apr 22, 2020

Hi @lgandecki, I was installing the package today and noticed that there is a critical alert from npm audit for create-jest-runner-with-skip:

│ Critical │ Command Injection │
│ Package │ growl │
│ Patched in │ >=1.10.2 │
│ Dependency of │ create-jest-runner-with-skip │
│ Path │ create-jest-runner-with-skip > mocha > growl │
│ More info │ https://npmjs.com/advisories/146

I noticed also the create-jest-runner-with-skip on NPM points to the repo for create-jest-runner. Would it be possible to use this as a replacement? I'd be happy to make a PR for said changes.

Cheers!
@lgandecki
Copy link
Member

Please give it a try and let me know how that works. I created that simple fork because it was missing.. a skip? :) I can't really remember.
I'd be happy to revisit this. Maybe things got a bit faster in the last two years (woow, time flies!)

@dmwelch
Copy link
Author

dmwelch commented Apr 27, 2020

#3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmwelch @lgandecki