[UXPROD-2240] Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1 Created: 03/Sep/19  Updated: 17/Jun/20  Resolved: 20/Mar/20

Status: Closed
Project: UX Product
Components: None
Affects versions: None
Fix versions: Q1 2020

Type: New Feature Priority: P3
Reporter: Julian Ladisch Assignee: Ryan Berger
Resolution: Done Votes: 0
Labels: q1-2020-split, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Cloners
is cloned by UXPROD-2340 Remaining - Security update eslint to... Closed
Relates
relates to UIU-1446 Security update eslint to >= 6.2.1 or... Closed
relates to ERM-729 Security update eslint to >= 6.2.1 or... Closed
relates to STCOM-642 Security update eslint to >= 6.2.1 or... Closed
relates to STCON-93 Security update eslint to >= 6.2.1 or... Closed
relates to STCOR-412 Security update eslint to >= 6.2.1 or... Closed
relates to STRIPESFF-1 Security update eslint to >= 6.2.1 or... Closed
relates to STSMACOM-297 Security update eslint to >= 6.2.1 or... Closed
relates to UIAC-13 Security update eslint to >= 6.2.1 or... Closed
relates to UICAT-64 Security update eslint to >= 6.2.1 or... Closed
relates to UICHKIN-150 Security update eslint to >= 6.2.1 or... Closed
relates to UICHKOUT-586 Security update eslint to >= 6.2.1 or... Closed
relates to UICIRC-414 Security update eslint to >= 6.2.1 or... Closed
relates to UICR-17 Security update eslint to >= 6.2.1 or... Closed
relates to UID-20 Security update eslint to >= 6.2.1 or... Closed
relates to UIDATIMP-370 Security update eslint to >= 6.2.1 or... Closed
relates to UIDATIMP-376 Security update eslint to >= 6.2.1 or... Closed
relates to UIEH-818 Security update eslint to >= 6.2.1 or... Closed
relates to UIEUS-127 Security update eslint to >= 6.2.1 or... Closed
relates to UIF-174 Security update eslint to >= 6.2.1 or... Closed
relates to UIIN-940 Security update eslint to >= 6.2.1 or... Closed
relates to UIMPROF-41 Security update eslint to >= 6.2.1 or... Closed
relates to UINOTES-70 Security update eslint to >= 6.2.1 or... Closed
relates to UINV-112 Security update eslint to >= 6.2.1 or... Closed
relates to UIOR-499 Security update eslint to >= 6.2.1 or... Closed
relates to UIORGS-144 Security update eslint to >= 6.2.1 or... Closed
relates to UIPCITEM-6 Security update eslint to >= 6.2.1 or... Closed
relates to UIPFCONT-3 Security update eslint to >= 6.2.1 or... Closed
relates to UIPFI-7 Security update eslint to >= 6.2.1 or... Closed
relates to UIPFIMP-8 Security update eslint to >= 6.2.1 or... Closed
relates to UIPFINT-4 Security update eslint to >= 6.2.1 or... Closed
relates to UIPFO-7 Security update eslint to >= 6.2.1 or... Closed
relates to UIPFPOL-5 Security update eslint to >= 6.2.1 or... Closed
relates to UIPFU-24 Security update eslint to >= 6.2.1 or... Closed
relates to UIREC-40 Security update eslint to >= 6.2.1 or... Closed
relates to UIREQ-407 Security update eslint to >= 6.2.1 or... Closed
relates to UISP-13 Security update eslint to >= 6.2.1 or... Closed
relates to UITEN-72 Security update eslint to >= 6.2.1 or... Closed
relates to UITEST-73 Security update eslint to >= 6.2.1 or... Closed
Development Team: Stripes Force

 Description   

https://github.com/mysticatea/eslint-utils/security/advisories/GHSA-3gx7-xhv7-5mx3 says:

'getStaticValue' function can execute arbitrary code

This can be fixed by updating eslint to >= 6.2.1 or updating eslint-util to >= 1.4.1.

Some examples which eslint version currently is in use:
5.6.1 https://github.com/folio-org/platform-core/blob/master/package.json#L45
4.19.1 https://github.com/folio-org/platform-complete/blob/master/package.json#L62
5.12.0: https://github.com/folio-org/eslint-config-stripes/blob/master/package.json#L16
5.0.0: https://github.com/folio-org/stripes/blob/master/package.json#L34

This should be fixed even if FOLIO is not affected by this issue. Otherwise people get used to ignore the GitHub security warnings and miss relevant security issues.



 Comments   
Comment by Khalilah Gambrell [ 20/Mar/20 ]

Remaining repos will be tracked in another feature

Generated at Fri Feb 09 00:22:19 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.