-
-
Notifications
You must be signed in to change notification settings - Fork 3k
Closed
Labels
area: securityinvolving vulnerabilitiesinvolving vulnerabilitiessemver-minorimplementation requires increase of "minor" version number; "features"implementation requires increase of "minor" version number; "features"status: accepting prsMocha can use your help with this one!Mocha can use your help with this one!
Description
Currently the mocha@10.0.0 version has not upgraded its yarg-parser and yargs which is causing a security vulnerability (NO-CVE: Regular Expression Denial Of Service (ReDoS)) . Please help upgrade both to the most stable version as of current date. Thank you . Attached are the vulnerability and the most stable release in the npm package library
mattcollier, JSAssassin, tsippert, apupier, blephy and 2 more
Metadata
Metadata
Assignees
Labels
area: securityinvolving vulnerabilitiesinvolving vulnerabilitiessemver-minorimplementation requires increase of "minor" version number; "features"implementation requires increase of "minor" version number; "features"status: accepting prsMocha can use your help with this one!Mocha can use your help with this one!