Open serhiyzablotskiy opened 5 years ago
I spent a little time looking into this today.
Jumping to jest-environment-jsdom
23 doesn't quite work because they rolled back braces here:
https://github.com/facebook/jest/pull/6661
So I tried jumping to version 24.x here: https://github.com/tgaff/enzyme-matchers/tree/fix_braces_security_warning
Hi. I have an issue with dependencies of jest-environment-enzyme. In the latest version 7.0.1 there is dependency from jest-environment-jsdom@^22.4.1. And this version of jest-environment-jsdom is deeply dependent from the
braces
package. Here is reported vulnerability inbraces
package in versions earlier then v2.3.1 https://www.npmjs.com/advisories/786. But jest-environment-jsdom@^22.4. refers to [braces] version before 2.3.1. Here is my dependencies tree: https://cl.ly/37ce31a3e08c.This issue is fixed in jest-environment-jsdom v23.4.0 and higher.
Can you use jest-environment-jsdom v23.4.0 and higher?