Critical vulnerabilities in ts-mocha 10.0.,0

piotrwitek / ts-mocha

Mocha thin wrapper that allows running TypeScript tests with TypeScript runtime (ts-node) to get rid of compilation complexity

MIT License

189 stars 25 forks source link

Critical vulnerabilities in ts-mocha 10.0.,0 #90

Open epretha opened 2 weeks ago

epretha commented 2 weeks ago

Hi @piotrwitek , am using ts-mocha (10.0.0) in my application as a dev dependency. Running "yarn audit" from my app, shows 3 critical vulnerabilities. It would be much appreciated if those issues are fixed and patch is released. Thanks.

piotrwitek commented 2 weeks ago

Hey, thanks for heads up, would you be open to speed things up and create a tiny PR including only those changes and I would be happy to merge and deploy ASAP. Cheers! Just ping me when ready and I'll jump in.

epretha commented 2 weeks ago

Hi Piotr, as I am working full-time, I wlll be busy during the week. It is the minimist package that causes the isues. Here is an example

Other dependencies that have the same issue due to minimist are ts-mocha > tsconfig-paths > json5 > minimist ts-mocha > ts-node > minimist