Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

jest-environment-enzyme has vulnerability in dependencies #295

Open
serhiyzablotskiy opened this issue Feb 20, 2019 · 1 comment
Open

jest-environment-enzyme has vulnerability in dependencies #295

serhiyzablotskiy opened this issue Feb 20, 2019 · 1 comment

Comments

@serhiyzablotskiy
Copy link

Hi. I have an issue with dependencies of jest-environment-enzyme.
In the latest version 7.0.1 there is dependency from jest-environment-jsdom@^22.4.1.
And this version of jest-environment-jsdom is deeply dependent from the braces package.
Here is reported vulnerability in braces package in versions earlier then v2.3.1 https://www.npmjs.com/advisories/786.
But jest-environment-jsdom@^22.4. refers to [braces] version before 2.3.1.
Here is my dependencies tree:
https://cl.ly/37ce31a3e08c.

This issue is fixed in jest-environment-jsdom v23.4.0 and higher.

Can you use jest-environment-jsdom v23.4.0 and higher?

@tgaff
Copy link
Contributor

tgaff commented Feb 20, 2019

I spent a little time looking into this today.
Jumping to jest-environment-jsdom 23 doesn't quite work because they rolled back braces here:
jestjs/jest#6661

So I tried jumping to version 24.x here: https://github.com/tgaff/enzyme-matchers/tree/fix_braces_security_warning

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants