jest-process-manager Dependency "wait-on" need to be updated to 8.0.0 with a security fix

Dependency "wait-on" need to be updated to 8.0.0 with a security fix

Open Leah-Xia-Microsoft opened this issue 1 year ago • 1 comments

One of the dependency "wait-on: 7.0.0" is using axios version 1.7.2. axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. To fix this security issue, we need to update wait-on to 8.0.0.

wait-on commit that fixed this issue: https://github.com/jeffbski/wait-on/commit/672fd83c0205d034e6ae68d3f33f70d1b61c2e6a

Aug 29 '24 06:08 Leah-Xia-Microsoft

jest-process-manager jest-process-manager copied to clipboard

Dependency "wait-on" need to be updated to 8.0.0 with a security fix

jest-process-manager
jest-process-manager copied to clipboard