Mocha: JS-Yaml Denial of Service in v3.12

Created on 21 Mar 2019  路  4Comments  路  Source: mochajs/mocha

Just got a vulnerability message from npm on one of my repos using Mocha. Looks like the dep js-yaml needs to be updated from 3.12 to >=3.13

Screen Shot 2019-03-21 at 2 47 01 PM

Link: https://npmjs.com/advisories/788

confirmed-bug node.js security semver-patch
Source
picture dannypaz
👍21

Most helpful comment

When will 6.1.0 be released?

picture mayrbenjamin92 on 22 Mar 2019
👍16

All 4 comments

+1

elf-mouse picture elf-mouse on 22 Mar 2019

Fixed in #3843

Xilis picture Xilis on 22 Mar 2019

When will 6.1.0 be released?

mayrbenjamin92 picture mayrbenjamin92 on 22 Mar 2019
👍16

I'm very excited to see this issue is fixed!
I see it's already been asked, but when will 6.1.0 be released?

I use mocha and have npm audit as a presubmit check, and would love to see that check passing again.

nolanmar511 picture nolanmar511 on 28 Mar 2019
3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

delta62 picture delta62  路  3Comments
Swivelgames picture Swivelgames  路  3Comments
niftylettuce picture niftylettuce  路  3Comments
danielserrao picture danielserrao  路  3Comments
Aarbel picture Aarbel  路  3Comments