Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Security Vulnerability Issue
See original GitHub issue🐛 Bug Report
Im using Jest package that dependent on jest-reporters. jest-reporters dependent on node-notifier version 8.0.0.
when I scan my app (with Veracode sca) I getting Command Injection Vulnerability from node-notifier version 8.0.0,
They suggest updating node-notifier version to 9.0.0, so that it is not vulnerable version, but I can not do it in my code because the dependencies are inside your code so I’ll be happy if you can update your node-notifier version to 9.0.0 version (inside jest-reporters package.json dependency).
To Reproduce
Steps to reproduce the behavior:
yarn add node-notifier@9.0.0
Expected behavior
fix Security Vulnerability issue
Link to repl or repo (highly encouraged)
screen shout from Veracode sca security scan:
you can see that they recommend to update node-notifier version to fix this issue
envinfo
Issue Analytics
- State:
- Created 3 years ago
- Reactions:4
- Comments:12 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Sorry about that! I just hadn’t gotten around to it/prioritized it. I’ve published
node-notifier@8.0.1now. Hope this helps. If not, let me know.This should be fixed by patch 8.0.1 also.