search

kulshekhar / ts-jest

A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript.
https://kulshekhar.github.io/ts-jest
MIT License
6.89k stars 448 forks source link

[Feature]: Bump JEST to 29.7.0 #4373

Closed alexHerrmio closed 2 weeks ago

alexHerrmio commented 3 weeks ago

🚀 Feature Proposal

Update JEST version because your version (29.0.0) uses and older version of micromatch which uses braces 3.0.2 which has an CVE-2024-4068

Motivation

We don't like vulnerabilities :)

Example

No response

ahnpnl commented 3 weeks ago

We use ^29.0.0 which should include all versions of 29.x.x right?

The workaround is you can reinstall ts-jest which will automatically update your lock file to use Jest 29.7.0, of course you need to install Jest 29.7.0 too.

We would like to keep peer dependency like current way. One way we can solve this issue is releasing a patch version which forces everyone to update. The result would be everyone would have the fix for braces as well.

alexHerrmio commented 3 weeks ago

Totally understandable that you want to keep your max compatibility however I'd be very happy if there was a patch for everyone to ensure stability for all of your users :) Btw thank you for that quick response!

alexHerrmio commented 2 weeks ago

Thanks alot! :)