Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eslint-utils - critical security vulnerability #626

Open
samuelneff opened this issue Sep 9, 2019 · 0 comments
Open

eslint-utils - critical security vulnerability #626

samuelneff opened this issue Sep 9, 2019 · 0 comments

Comments

@samuelneff
Copy link
Contributor

Describe the bug
Cloned react-slingshot and ran npm i with Node 12 and NPM 6. It reported a critical security vulnerability.

To Reproduce
Steps to reproduce the behavior:

  1. Clone
  2. npm i
  3. npm audit

Expected behavior
Should not be any security vulnerabilities

Screenshots

/c/projects/react-slingshot (issue-625-period-404-fix)$ npm audit

                       === npm audit security report ===

# Run  npm update eslint-utils --depth 2  to resolve 1 vulnerability

  Critical        Arbitrary Code Execution
  Package         eslint-utils
  Dependency of   eslint [dev]
  Path            eslint > eslint-utils
  More info       https://npmjs.com/advisories/1118

found 1 critical severity vulnerability in 1771232 scanned packages
  run `npm audit fix` to fix 1 of them.

Desktop (please complete the following information):

  • OS: win10
  • Browser n.a.
  • Version n.a.

Additional context
master head is at 207d66ed689642a50d9891cea86d63d8429f79ad
Last commit in git log shows Aug 1.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@samuelneff