Opened 2 years ago
Last modified 2 years ago
#15393 new bug
Dependency (js-yaml) Security Vulnerability
| Reported by: | Eric Miller | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | none |
| Component: | ui.core | Version: | 1.12.1 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description (last modified by )
Dependency Path: grunt-jscs > jscs > js-yaml
Vulnerabilities Reported by NPMJS
- (Moderate) - Denial of Service [More Info](https://npmjs.com/advisories/788) (Patched in >=3.13.0)
- (High) - Code Injection [More Info](https://npmjs.com/advisories/813) (Patched in >=3.13.1)
Recommendation
Replace grunt-jscs dependency with grunt-eslint
jscs is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable
Change History (2)
comment:1 Changed 2 years ago by
comment:2 Changed 2 years ago by
| Description: | modified (diff) |
|---|
Note: See
TracTickets for help on using
tickets.
Pull request with fix created
https://github.com/jquery/jquery-ui/pull/1942