Skip to main content

Search and Top Navigation

#15393 new bug ()

Opened December 16, 2020 08:49PM UTC

Last modified December 28, 2020 09:02PM UTC

Dependency (js-yaml) Security Vulnerability

Reported by: PseudoNinja Owned by:
Priority: minor Milestone: none
Component: ui.core Version: 1.12.1
Keywords: Cc:
Blocked by: Blocking:
Description

Dependency Path: grunt-jscs > jscs > js-yaml

Vulnerabilities Reported by NPMJS

Recommendation

Replace grunt-jscs dependency with grunt-eslint

jscs is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable

Attachments (0)
Change History (2)

Changed December 28, 2020 01:57PM UTC by PseudoNinja comment:1

Pull request with fix created

https://github.com/jquery/jquery-ui/pull/1942

Changed December 28, 2020 09:02PM UTC by rjollos comment:2

description: Dependency Path: grunt-jscs > jscs > js-yaml \ \ ### Vulnerabilities Reported by NPMJS \ \ * (Moderate) - Denial of Service [More Info](https://npmjs.com/advisories/788) (Patched in >=3.13.0) \ * (High) - Code Injection [More Info](https://npmjs.com/advisories/813) (Patched in >=3.13.1) \ \ ### Recommendation \ \ Replace grunt-jscs dependency with grunt-eslint \ \ "jscs" is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable \ Dependency Path: grunt-jscs > jscs > js-yaml \ \ == Vulnerabilities Reported by NPMJS \ \ * (Moderate) - Denial of Service [More Info](https://npmjs.com/advisories/788) (Patched in >=3.13.0) \ * (High) - Code Injection [More Info](https://npmjs.com/advisories/813) (Patched in >=3.13.1) \ \ == Recommendation \ \ Replace grunt-jscs dependency with grunt-eslint \ \ `jscs` is no longer supported and development team has moved over to help with the ESLint project. Consumption of a security patch is no longer viable \