Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mem security warning #163

Closed
sturdynut opened this issue Oct 19, 2019 · 1 comment
Closed

mem security warning #163

sturdynut opened this issue Oct 19, 2019 · 1 comment

Comments

@sturdynut
Copy link

This is to bring the mem security warning to attention. After following the yarn.lock it appears that this mem dependency is coming from the version of yargs that eslint-find-rules is using.

Here's the chain of dependencies that lead to the insecure package.

eslint-find-rules → yargs (v8.0.1)
yargs (v8.0.1) → os-locale (v2.0.0)
os-locale (v2.0.0) → mem (v^1.1.0")

I've submitted a PR to upgrade their version of yargs to the latest which should remove mem as a dependency entirely.

We should be able to upgrade our version of eslint-find-rules once this is merged and a new version is released.
@randycoulman
Copy link
Contributor

eslint-find-rules is a dev-only dependency for this project, so not a huge issue for us, and certainly not an issue for our users. Thanks for bringing it up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@randycoulman @sturdynut