[ESCONF-3] Fix `eslint-config-stripes` security vulnerability reported in minimist < 1.2.2 Created: 24/Mar/20 Updated: 19/Oct/20 Resolved: 26/Jun/20 |
|
| Status: | Closed |
| Project: | eslint-config-stripes |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P3 |
| Reporter: | Peter Murray | Assignee: | Ryan Berger |
| Resolution: | Done | Votes: | 0 |
| Labels: | security, ui-only | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | stripes-force 91, stripes-force 88 | ||||||||
| Development Team: | Stripes Force | ||||||||
| Description |
RemediationUpgrade minimist to version 1.2.2 or later. For example:
minimist@^1.2.2:
version "1.2.2"
Always verify the validity and compatibility of suggestions with your codebase. DetailsGHSA-7fhm-mqm4-2wp7moderate severity *Vulnerable versions:* < 1.2.2 *Patched version:* 1.2.2 There are high severity security vulnerabilities in two of ESLints dependencies: The releases 1.8.3 and lower of svjsl (JSLib-npm) are vulnerable, but only if installed in a developer environment. A patch has been released (v1.8.4) which fixes these vulnerabilities. Identifiers:
|
| Comments |
| Comment by Peter Murray [ 25/Mar/20 ] |
|
Khalilah Gambrell: Could you work this into Stripes Force sprint planning, please? |
| Comment by Khalilah Gambrell [ 25/Mar/20 ] |
|
Peter Murray - will do. |
| Comment by Ryan Berger [ 26/Jun/20 ] |
|
Merged resolution into `platform-core` and `platform-complete` snapshot branches. |