#15393 new bug ()

Opened December 16, 2020 08:49PM UTC

Last modified December 28, 2020 09:02PM UTC

Dependency (js-yaml) Security Vulnerability

Reported by:	PseudoNinja	Owned by:
Priority:	minor	Milestone:	none
Component:	ui.core	Version:	1.12.1
Keywords:		Cc:
Blocked by:		Blocking:

Description

Dependency Path: grunt-jscs > jscs > js-yaml

Vulnerabilities Reported by NPMJS

(Moderate) - Denial of Service [More Info](https://npmjs.com/advisories/788) (Patched in >=3.13.0)
(High) - Code Injection [More Info](https://npmjs.com/advisories/813) (Patched in >=3.13.1)

Recommendation

Replace grunt-jscs dependency with grunt-eslint

jscs is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable

Attachments (0)

Change History (2)

Changed December 28, 2020 01:57PM UTC by PseudoNinja comment:1

Pull request with fix created

https://github.com/jquery/jquery-ui/pull/1942

Changed December 28, 2020 09:02PM UTC by rjollos comment:2

description:	Dependency Path: grunt-jscs > jscs > js-yaml \ \ ### Vulnerabilities Reported by NPMJS \ \ * (Moderate) - Denial of Service [More Info](https://npmjs.com/advisories/788) (Patched in >=3.13.0) \ * (High) - Code Injection [More Info](https://npmjs.com/advisories/813) (Patched in >=3.13.1) \ \ ### Recommendation \ \ Replace grunt-jscs dependency with grunt-eslint \ \ "jscs" is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable \ → Dependency Path: grunt-jscs > jscs > js-yaml \ \ == Vulnerabilities Reported by NPMJS \ \ * (Moderate) - Denial of Service [More Info](https://npmjs.com/advisories/788) (Patched in >=3.13.0) \ * (High) - Code Injection [More Info](https://npmjs.com/advisories/813) (Patched in >=3.13.1) \ \ == Recommendation \ \ Replace grunt-jscs dependency with grunt-eslint \ \ `jscs` is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable \

description:

Dependency Path: grunt-jscs > jscs > js-yaml \ \ ### Vulnerabilities Reported by NPMJS \ \ * (Moderate) - Denial of Service [More Info](https://npmjs.com/advisories/788) (Patched in >=3.13.0) \ * (High) - Code Injection [More Info](https://npmjs.com/advisories/813) (Patched in >=3.13.1) \ \ ### Recommendation \ \ Replace grunt-jscs dependency with grunt-eslint \ \ "jscs" is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable \ → Dependency Path: grunt-jscs > jscs > js-yaml \ \ == Vulnerabilities Reported by NPMJS \ \ * (Moderate) - Denial of Service [More Info](https://npmjs.com/advisories/788) (Patched in >=3.13.0) \ * (High) - Code Injection [More Info](https://npmjs.com/advisories/813) (Patched in >=3.13.1) \ \ == Recommendation \ \ Replace grunt-jscs dependency with grunt-eslint \ \ `jscs` is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable \

Search and Top Navigation