Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Karma 6.4.4 Depends on "Vulnerable" inflight Library #3888

Open
poiuylkkk opened this issue Sep 6, 2024 · 3 comments
Open

Karma 6.4.4 Depends on "Vulnerable" inflight Library #3888

poiuylkkk opened this issue Sep 6, 2024 · 3 comments

Comments

@poiuylkkk
Copy link

karma@6.4.4 depends on a deprecated version of the 'glob' package.
Need to update the version of glob to 9 or higher to fix the following vulnerabilities

https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

ng-demo@0.0.0 C:\Myfolders\Myfiles\2_proj\demo\06-ng\ng-demo
└─┬ karma@6.4.4
└─┬ glob@7.2.3
└── inflight@1.0.6
@poiuylkkk poiuylkkk changed the title Karma 6.4.4 Depends on "Vulnerable" Library Karma 6.4.4 Depends on "Vulnerable" inflight Library Sep 6, 2024
@anthony-redFox
Copy link
Contributor

anthony-redFox commented Sep 10, 2024
edited
Loading

I can propose to use https://www.npmjs.com/package/karma-up my fork which updated all deps

package.json
"overrides": {
"karma": "npm:karma-up@7.0.1"
},

@Devvox93
Copy link

body-parser 1.20.3 should be included in the package.json updates as well. Fixes a High vulnerability reported by Mend.

@anthony-redFox
Copy link
Contributor

"body-parser": "^1.20.2", it is not have the fixed version usages so that mean you can use body-parser 1.20.3 as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Devvox93 @anthony-redFox @poiuylkkk