search

jaredpalmer / tsdx

Zero-config CLI for TypeScript package development
https://tsdx.io
MIT License
11.2k stars 505 forks source link

Security Vulnerability: Insufficient Granularity of Access Control in JSDom #1158

Open bennycode opened 1 year ago

bennycode commented 1 year ago

Current Behavior

TSDX depends on Jest v27 (latest is v29) and this Jest version has a transitive dependency to jsdom v15.2.1 which has a security vulnerability (CVE-2021-20066).

Expected behavior

TSDX shipping without vulnerable dependencies (jsdom v16.5.0 and above).

Suggested solution(s)

Update Jest in tsdx.

Additional context

Dependency Chain:

Your environment

  System:
    OS: Windows 10 10.0.19043
    CPU: (8) x64 Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
    Memory: 4.08 GB / 15.79 GB
  Binaries:
    Node: 18.7.0 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.19 - C:\dev\projects\southpolecarbon\dcs-compensate\node_modules\.bin\yarn.CMD
    npm: 8.15.0 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (106.0.1370.42)
    Internet Explorer: 11.0.19041.1566
  npmPackages:
    typescript: 4.8.3 => 4.8.3