react-slingshot icon indicating copy to clipboard operation
react-slingshot copied to clipboard

Published 20 hours ago verified publisher icon coryhouse

eslint-utils - critical security vulnerability

Open samuelneff opened this issue 6 years ago • 0 comments

Describe the bug Cloned react-slingshot and ran npm i with Node 12 and NPM 6. It reported a critical security vulnerability.

To Reproduce Steps to reproduce the behavior:

  1. Clone
  2. npm i
  3. npm audit

Expected behavior Should not be any security vulnerabilities

Screenshots

/c/projects/react-slingshot (issue-625-period-404-fix)$ npm audit

                       === npm audit security report ===

# Run  npm update eslint-utils --depth 2  to resolve 1 vulnerability

  Critical        Arbitrary Code Execution
  Package         eslint-utils
  Dependency of   eslint [dev]
  Path            eslint > eslint-utils
  More info       https://npmjs.com/advisories/1118

found 1 critical severity vulnerability in 1771232 scanned packages
  run `npm audit fix` to fix 1 of them.

Desktop (please complete the following information):

  • OS: win10
  • Browser n.a.
  • Version n.a.

Additional context master head is at 207d66ed689642a50d9891cea86d63d8429f79ad Last commit in git log shows Aug 1.

samuelneff avatar Sep 09 '19 21:09 samuelneff