enzyme icon indicating copy to clipboard operation
enzyme copied to clipboard

Published 20 hours ago verified publisher icon enzymejs

Bump cheerio to @1.0.0-rc.11

Open vinodkumarsharma276 opened this issue 2 years ago • 4 comments

Due to recent security vulnerability in nth-checkv1.2.0 which is fetched transitively from enzyme --> cheerio --> css-select --> .... --> nth-checkv1.2.0.

[email protected] removes dependency of css-select which ultimately removes dependency of nth-check

vinodkumarsharma276 avatar Jun 13 '22 17:06 vinodkumarsharma276

Hi @ljharb / @lelandrichardson @koba04 @nfcampos , Can someone take a look at this PR and approve. This will fix security vulnerability with [email protected] which is downloaded transitively using enzyme.

vinodkumarsharma276 avatar Jun 13 '22 17:06 vinodkumarsharma276

Codecov Report

Merging #2561 (6c63667) into master (3d286a4) will decrease coverage by 1.68%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2561      +/-   ##
==========================================
- Coverage   96.31%   94.62%   -1.69%     
==========================================
  Files          49       32      -17     
  Lines        4207     2717    -1490     
  Branches     1130      777     -353     
==========================================
- Hits         4052     2571    -1481     
+ Misses        155      146       -9
Impacted Files Coverage Δ
...enzyme-adapter-utils/src/wrapWithSimpleWrapper.jsx 61.11% <0.00%> (-38.89%) :arrow_down:
packages/enzyme/src/EnzymeAdapter.js 75.00% <0.00%> (-25.00%) :arrow_down:
...ges/enzyme-adapter-react-16/src/detectFiberTags.js 85.24% <0.00%> (-8.20%) :arrow_down:
packages/enzyme/src/ShallowWrapper.js 94.86% <0.00%> (-4.26%) :arrow_down:
...enzyme-adapter-react-16/src/ReactSixteenAdapter.js 93.73% <0.00%> (-1.73%) :arrow_down:
packages/enzyme/src/RSTTraversal.js 96.36% <0.00%> (-0.91%) :arrow_down:
packages/enzyme/src/ReactWrapper.js 99.27% <0.00%> (-0.25%) :arrow_down:
packages/enzyme-adapter-react-14/src/index.js
packages/enzyme-adapter-react-13/src/index.js
packages/enzyme-adapter-react-15.4/src/index.js
... and 14 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 3d286a4...6c63667. Read the comment docs.

codecov[bot] avatar Jun 13 '22 17:06 codecov[bot]

It's worth noting that this is not actually a vulnerability, it's a false positive, at least for enzyme's use case.

ljharb avatar Jun 13 '22 17:06 ljharb

FYI: People (me included!) have been having problems with cheerio 1.0.0-rc.11 see ... https://github.com/cheeriojs/cheerio/issues/2545. It's not clear to me whether this is actually a cheerio issue, or something a bit wonky with mine and others webpack/babel configs.

I mention it here because I, like others in that thread, encountered it through the dependency from enzyme.

ChristopherChudzicki avatar Jun 17 '22 00:06 ChristopherChudzicki