Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jest-puppeteer relies on unsafe terminate 2.1.0 #157

Closed
forestbelton opened this issue Nov 26, 2018 · 6 comments
Closed

jest-puppeteer relies on unsafe terminate 2.1.0 #157

forestbelton opened this issue Nov 26, 2018 · 6 comments

Comments

@forestbelton
Copy link

jest-puppeteer uses terminate 2.1.0, which is vulnerable to a dependency attack through ps-tree 1.1.0. See dwyl/terminate#35 for more information.

Is there any way we could use a different version or alternative library?
@shermango
Copy link

bump ^^^ --- original issue: dominictarr/event-stream#116

@goodmind
Copy link

same

@yakovkhalinsky
Copy link

Our jenkins builds now fail as this package flatmap-stream seems to have been hard unpublished from npm.

Have had to remove jest-puppeteer for now till this gets resolved so our builds can pass.

@xiaoyuhen xiaoyuhen mentioned this issue Nov 27, 2018
Merged
@gregberge
Copy link
Member

Fixed in v3.5.2

@yakovkhalinsky
Copy link

Thanks @neoziro for your quick response ❤️

@yakovkhalinsky
Copy link

And @xiaoyuhen I forgot to mention for their PR 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@forestbelton @gregberge @yakovkhalinsky @goodmind @shermango