Karma: Please upgrade to latest braces version
Expected behaviour
Updated to braces 2.3.1.
Actual behaviour
=== npm audit security report ===
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Manual Review โ
โ Some vulnerabilities require your attention to resolve โ
โ โ
โ Visit https://go.npm.me/audit-guide for additional guidance โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Low โ Regular Expression Denial of Service โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Package โ braces โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Patched in โ >=2.3.1 โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Dependency of โ karma [dev] โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Path โ karma > expand-braces > braces โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ More info โ https://npmjs.com/advisories/786 โ
โโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Environment Details
Karma version: 4.0.0
maeisdev
All 12 comments
@maedewiza I don't want to disrupt this too much, how did you copy the npm audi text in so cleanly, I have reported this issue in angular also, just wondering :)
Adam-Kernig
on 18 Feb 2019
Update:
Braces has not been updated in 4 years, is this wise to have this package in at all.
Adam-Kernig
on 18 Feb 2019
this fixed it for me (add to package.json), but hopefully only temporarily needed:
"resolutions": {
"braces": "^2.3.2",
}
luc-tielen
on 18 Feb 2019
Seems to work only for yarn, anyone got a working solution for npm?
dominik-bln
on 18 Feb 2019
@SteinRobert any chance of releasing this fix on a 3.x build?
KurtPreston
on 19 Feb 2019
@KurtPreston that's not for me to decide - I just provided the PR. I'm not a maintainer/owner of this project. However from what I see in this repo it seems unlikely.
SteinRobert
on 19 Feb 2019
@SteinRobert Sorry, my mistake, misread the PR. Thanks for the patch!
@johnjbarton Any chance of releasing this fix on a 3.x build?
KurtPreston
on 19 Feb 2019
We should get #3265 fixed first. (And this will be on 4.x)
johnjbarton
on 20 Feb 2019
When is this master version going to be launched so we can updated, will this be 4.0.1
Adam-Kernig
on 21 Feb 2019
Can we get a release of these security updates, please?
Westbrook
on 27 Feb 2019
Once we know that the npm audit at head is clean.
johnjbarton
on 27 Feb 2019
Once we know that the npm audit at head is clean.
just checked, issue persists(
e-mihaylin
on 27 Feb 2019
Related issues
IgorMinar
ยท
5Comments
wellyshen
ยท
4Comments
mgol
ยท
3Comments
jhildenbiddle
ยท
4Comments
macjohnny
ยท
5Comments
Most helpful comment
When is this master version going to be launched so we can updated, will this be 4.0.1