search

firsttris / vscode-jest-runner

Simple way to run or debug one or more tests from context menu, codelens or command plalette
https://marketplace.visualstudio.com/items?itemName=firsttris.vscode-jest-runner
MIT License
265 stars 124 forks source link

Vulnerability found in jest-editor-support #339

Closed Bruswei closed 8 months ago

Bruswei commented 10 months ago

Upon cloning the repository, I conducted a security check and identified a critical vulnerability linked to the repository. The specifics of the vulnerability are as follows:

Upgrade jest-editor-support@31.1.1 to jest-editor-support@31.1.2 to fix
  ✗ Incomplete List of Disallowed Inputs (new) [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462] in @babel/traverse@7.20.10
    introduced by jest-editor-support@31.1.1 > @babel/traverse@7.20.10 and 10 other path(s)

This information was obtained through the snyk test command execution.

While not every vulnerability may pose an immediate risk to Visual Studio Code extensions, the nature of this particular issue warrants a closer examination. Could we assess whether this critical vulnerability presents a tangible risk to our extension's security posture?

firsttris commented 10 months ago

thx for reporting, i think we can update jest-editor-support to the latest version

domsleee commented 8 months ago

Thanks, closed by #347 👍