search

adriantoine / enzyme-to-json

Snapshot test your Enzyme wrappers
MIT License
947 stars 64 forks source link

Medium severity vulnerability found in lodash #127

Closed dep-deprecated closed 5 years ago

dep-deprecated commented 5 years ago

snyk reports a Regular Expression Denial of Service vulnerability on one of your dependencies, lodash 4.17.5.

✗ Medium severity vulnerability found in lodash
  Description: Regular Expression Denial of Service (ReDoS)
  Info: https://snyk.io/vuln/SNYK-JS-LODASH-73639
  Introduced through: snyk@1.89.0
  From: snyk@1.89.0 > lodash@4.17.5
  Remediation:
    Your dependencies are out of date, otherwise you would be using a newer version of lodash. 
    Try deleting node_modules, reinstalling and running `snyk test` again. If the problem persists, one of your dependencies may be bundling outdated modules.

and

Analyzing npm dependencies for package.json
Querying vulnerabilities database...
Tested 255 dependencies for known vulnerabilities, found 3 vulnerabilities, 23 vulnerable paths.

? 2 vulnerabilities introduced via enzyme-to-json@3.3.4
- info: https://snyk.io/package/npm/enzyme-to-json/3.3.4
  Remediation options
❯ Re-install enzyme-to-json@3.3.4 (triggers upgrade to lodash@4.17.11)

Thanks in advance!

VincentLanglet commented 5 years ago

Solved in the new release