Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please bump mkdirp to fix mkdirp@0.5.1 vulnerability #1768

Closed
e2tha-e opened this issue Mar 13, 2020 · 3 comments · Fixed by #1771
Closed

Please bump mkdirp to fix mkdirp@0.5.1 vulnerability #1768

e2tha-e opened this issue Mar 13, 2020 · 3 comments · Fixed by #1771
Milestone
v1.11.0

Comments

@e2tha-e
Copy link
Contributor

e2tha-e commented Mar 13, 2020

Vulnerability: https://app.snyk.io/test/npm/js-beautify/1.10.3
Also affects older js-beautify versions that depend on mkdirp@0.5.1

Thanks!
@e2tha-e
Copy link
Contributor Author

e2tha-e commented Mar 14, 2020
edited

Can be fixed by this pr:
#1750

@shahar-h
Copy link

mkdirp 0.5.3 was released with an upgrade to minimist:
isaacs/node-mkdirp#7

@e2tha-e
Copy link
Contributor Author

e2tha-e commented Mar 17, 2020

Excellent! js-beautify will now depend on mkdirp@0.5.3, which is remedied of the vulnerability. Nonetheless, it might be worth bumping mkdirp to the latest major version, since mkdirp@0.5.3 is a deprecated version.

Otherwise, the mkdirp vulnerability is no longer an issue. I'll leave it to the js-beautify maintainers to decide whether to proceed further and whether to close this issue.

@bitwiseman bitwiseman mentioned this issue Mar 18, 2020
Merged
6 tasks
@bitwiseman bitwiseman added this to the v1.10.x milestone Apr 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.11.0
Development

Successfully merging a pull request may close this issue.

Greenkeeper/mkdirp 1.0.3 beautifier/js-beautify
3 participants
@bitwiseman @e2tha-e @shahar-h