ljharb
commented
2 years ago Prototype pollution isn't really an attack vector when it's in your test framework - anyone who has the authority to write tests already can do far more dangerous things.
Open umeshshimpi opened 2 years ago
ljharb
commented
2 years ago Prototype pollution isn't really an attack vector when it's in your test framework - anyone who has the authority to write tests already can do far more dangerous things.
We are seeing vulnerability in jest-enzyme version 7.1.2 which is using unset-value@1.0.0 The fix for this is to upgrade unset-value to 2.0.1 https://security.snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 here's the dependency tree:
└─┬ jest-enzyme@7.1.2 └─┬ jest-environment-enzyme@7.1.2 └─┬ jest-environment-jsdom@24.9.0 └─┬ @jest/environment@24.9.0 └─┬ @jest/transform@24.9.0 └─┬ micromatch@3.1.10 └─┬ snapdragon@0.8.2 └─┬ base@0.11.2 └─┬ cache-base@1.0.1 └── unset-value@1.0.0Can you help with this please?