Hi! We're using this plugin as a part of our ESlint config, but there is a critical security issue thrown by npm audit that would require eslint-plugin-knex to update the eslint-remote-tester to the latest version to be fixed.
# npm audit report
simple-git <=3.15.1
Severity: critical
Command injection in simple-git - https://github.com/advisories/GHSA-3f95-r44v-8mrg
Remote code execution in simple-git - https://github.com/advisories/GHSA-9w5j-4mwv-2wj8
Command injection in simple-git - https://github.com/advisories/GHSA-28xr-mwxg-3qc8
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol - https://github.com/advisories/GHSA-9p95-fxvg-qgq2
fix available via `npm audit fix --force`
Will install [...]/eslint-config-[...]@4.1.0, which is a breaking change
node_modules/simple-git
eslint-remote-tester <=2.1.1
Depends on vulnerable versions of simple-git
node_modules/eslint-remote-tester
eslint-plugin-knex >=0.2.0
Depends on vulnerable versions of eslint-remote-tester
node_modules/eslint-plugin-knex
[...]/eslint-config-[...] >=4.1.1
Depends on vulnerable versions of eslint-plugin-knex
node_modules/[...]/eslint-config-[...]
Hi! We're using this plugin as a part of our ESlint config, but there is a critical security issue thrown by
npm audit
that would requireeslint-plugin-knex
to update theeslint-remote-tester
to the latest version to be fixed.