Uploaded image for project: 'UX Product'
  1. UX Product
  2. UXPROD-2240

Security update eslint to >= 6.2.1 or eslint-util >= 1.4.1

    XMLWordPrintable

    Details

    • Template:
    • Development Team:
      Stripes Force
    • Calculated Total Rank:
      0

      Description

      https://github.com/mysticatea/eslint-utils/security/advisories/GHSA-3gx7-xhv7-5mx3 says:

      'getStaticValue' function can execute arbitrary code

      This can be fixed by updating eslint to >= 6.2.1 or updating eslint-util to >= 1.4.1.

      Some examples which eslint version currently is in use:
      5.6.1 https://github.com/folio-org/platform-core/blob/master/package.json#L45
      4.19.1 https://github.com/folio-org/platform-complete/blob/master/package.json#L62
      5.12.0: https://github.com/folio-org/eslint-config-stripes/blob/master/package.json#L16
      5.0.0: https://github.com/folio-org/stripes/blob/master/package.json#L34

      This should be fixed even if FOLIO is not affected by this issue. Otherwise people get used to ignore the GitHub security warnings and miss relevant security issues.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                rberger Ryan Berger
                Reporter:
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases