Brave-browser: npm vulnerability: `minimist`
Description
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Moderate โ Prototype Pollution โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Package โ minimist โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Dependency of โ jest [dev] โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Path โ jest > @jest/core > jest-runner > jest-jasmine2 > โ
โ โ jest-runtime > @jest/transform > jest-haste-map > sane > โ
โ โ @cnakazawa/watch > minimist โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ More info โ https://npmjs.com/advisories/1179 โ
โโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Steps to Reproduce
- Have full setup of Brave
- run
npm run audit_depsfrom root - have a bad time
bsclifton
All 6 comments
*Angry fist shaking at NPM vulnerability*
bsclifton
on 19 Mar 2020
🎉2
Notes about attempted fix here:
https://github.com/brave/security/issues/101#issuecomment-600994528
Current status: not solved. Will need to revisit once deps are updated and it's fixable by npm audit fix (unless there is a better solution)
bsclifton
on 19 Mar 2020
Almost there! Fixes in progress
bsclifton
on 20 Mar 2020
🚀1
👍1
Awesome sir! Sent you a BAT ;)
kjozwiak
on 20 Mar 2020
❤1
Re-opening as this is still a problem actually
bsclifton
on 23 Mar 2020
Should be completely resolved with https://github.com/brave/brave-core/pull/5013 and https://github.com/brave/brave-browser/pull/8788
bsclifton
on 24 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
simonhong
ยท
3Comments
bbondy
ยท
3Comments
bsclifton
ยท
3Comments
kerry-perret
ยท
3Comments
Sondro
ยท
3Comments
Most helpful comment
Almost there! Fixes in progress