Karma: Karma v5.2.3 has dependency on library with known vulnerability

Created on 19 Dec 2020  路  2Comments  路  Source: karma-runner/karma

I have been going through security review for up-taking the Karma v5.2.3 and noticed the dependency on library that has been patched in v5.2.2 (ua-parser-js 0.7.21 ) is still vulnerable with the same issue ua-parser-js 0.7.22.

Not sure if you are aware of recently released version 0.7.23, but just want to bring it to your attention.

Please see the detail
https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599

picture ondrejmartinak

Most helpful comment

@devoto13
hi,
when will the next release be available?

picture talsi on 31 Dec 2020
👍2 👀1

All 2 comments

Thanks for the report. This has already been fixed in master and will be included in the next release.

devoto13 picture devoto13 on 19 Dec 2020

@devoto13
hi,
when will the next release be available?

talsi picture talsi on 31 Dec 2020
👍2 👀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

HerrDerb picture HerrDerb  路  5Comments
mgol picture mgol  路  3Comments
anius picture anius  路  3Comments
simonh1000 picture simonh1000  路  3Comments
charpour picture charpour  路  3Comments