Security Issue with Minimatch (Update Minimatch) #4840

asilluron · 2022-03-08T00:58:57Z

Checked that your issue hasn't already been filed by cross-referencing issues with the faq label
Checked next-gen ES issues and syntax problems by using the same environment and/or transpiler configuration without Mocha to ensure it isn't just a feature that actually isn't supported in the environment in question or a bug in your code.
'Smoke tested' the code to be tested by running it outside the real test suite to get a better sense of whether the problem is in the code under test, your usage of Mocha, or Mocha itself
Ensured that there is no discrepancy between the locally and globally installed versions of Mocha. You can find them with: node_modules/.bin/mocha --version(Local) and mocha --version(Global). We recommend that you not install Mocha globally.

Mocha depends on minimatch which includes a security vulnerability described here

N/A

Expected behavior:
Passes security scans (Prisma Cloud)

Actual behavior:
Fails security scans

Reproduces how often: [What percentage of the time does it reproduce?]
100%

All

The text was updated successfully, but these errors were encountered:

asilluron added the unconfirmed-bug label Mar 8, 2022

juergba mentioned this issue Mar 11, 2022

Update dependencies #4843

Merged

juergba added dependencies Pull requests that update a dependency file and removed unconfirmed-bug labels Mar 11, 2022

juergba closed this as completed in #4843 Mar 11, 2022

Provide feedback