search

quasarframework / quasar-testing

Testing Harness App Extensions for the Quasar Framework 2.0+
https://testing.quasar.dev
MIT License
179 stars 66 forks source link

vulnerabilities after update quasar-app-extension-testing-unit-jest 3.0.0 #378

Open tinohager opened 3 weeks ago

tinohager commented 3 weeks ago

After the latest update I have problems with the test project. I have already tested it with a completely new project and here too the errors occur immediately. I also don't understand why it suggests the old version in the npm audit.

quasar upgrade -i

quasar: 2.16.2 → 2.16.4
@quasar/quasar-app-extension-testing-unit-jest: 3.0.0-beta.7 → 3.0.0

Found vulnerabilities

5 high severity vulnerabilities

npm audit fix

# npm audit report

braces  <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install @quasar/quasar-app-extension-testing-unit-jest@2.2.5, which is a breaking change
node_modules/jscodeshift/node_modules/braces
  micromatch  0.2.0 - 3.1.10
  Depends on vulnerable versions of braces
  node_modules/jscodeshift/node_modules/micromatch
    jscodeshift  0.3.20 - 0.13.1
    Depends on vulnerable versions of micromatch
    node_modules/jscodeshift
      alias-hq  >=4.1.0
      Depends on vulnerable versions of jscodeshift
      node_modules/alias-hq
        @quasar/quasar-app-extension-testing-unit-jest  >=3.0.0-alpha.1
        Depends on vulnerable versions of alias-hq
        node_modules/@quasar/quasar-app-extension-testing-unit-jest

5 high severity vulnerabilities
tinohager commented 1 week ago

@rstoenescu Could I get some feedback here please?

rstoenescu commented 1 week ago

@tinohager Pinging @IlCallo , which is the daddy of the q-testing suite :)

IlCallo commented 1 week ago

@tinohager sorry, I'm really busy these months

I'm trying to fix it, but I'm having an hard time understanding npm quirks

Edit: seems like I fixed it, check out latest release