Uploaded image for project: 'UX Product'
  1. UX Product
  2. UXPROD-2240

Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

    XMLWordPrintable

Details

    • Stripes Force

    Description

      https://github.com/mysticatea/eslint-utils/security/advisories/GHSA-3gx7-xhv7-5mx3 says:

      'getStaticValue' function can execute arbitrary code

      This can be fixed by updating eslint to >= 6.2.1 or updating eslint-util to >= 1.4.1.

      Some examples which eslint version currently is in use:
      5.6.1 https://github.com/folio-org/platform-core/blob/master/package.json#L45
      4.19.1 https://github.com/folio-org/platform-complete/blob/master/package.json#L62
      5.12.0: https://github.com/folio-org/eslint-config-stripes/blob/master/package.json#L16
      5.0.0: https://github.com/folio-org/stripes/blob/master/package.json#L34

      This should be fixed even if FOLIO is not affected by this issue. Otherwise people get used to ignore the GitHub security warnings and miss relevant security issues.

      TestRail: Results

        Attachments

          Issue Links

            is cloned by

            New Feature - New feature requests UXPROD-2340 Remaining - Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. UIU-1446 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. ERM-729 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. STCOM-642 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. STCON-93 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. STCOR-412 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. STRIPESFF-1 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. STSMACOM-297 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIAC-13 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UICAT-64 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UICHKIN-150 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UICHKOUT-586 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UICIRC-414 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UICR-17 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UID-20 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIDATIMP-370 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1: main rules

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIDATIMP-376 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1: secondary rules

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIEH-818 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIEUS-127 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIF-174 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIIN-940 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIMPROF-41 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UINOTES-70 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UINV-112 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIOR-499 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIORGS-144 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIPCITEM-6 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIPFCONT-3 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIPFI-7 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIPFIMP-8 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIPFINT-4 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIPFO-7 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIPFPOL-5 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIPFU-24 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIREC-40 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UIREQ-407 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UISP-13 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UITEN-72 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. UITEST-73 Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                rberger Ryan Berger
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases