Vulnerability in dependency (mjml > mjml-cli > chokidar > anymatch > micromatch > braces) #1516
Comments
|
Well we'll need some testing on windows to see if chokidar major version upgrade doesn't break anything first. |
|
broken on Mac as well. not just Windows |
|
Can you elaborate a bit ? You did test the associated PR?
… On 28 Feb 2019, at 20:45, Eric Manthei ***@***.***> wrote:
broken on Mac as well. not just Windows
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
I have not done the associated PR yet. Just posting that it is broken on Mac as well. |
|
Then it’s not « broken » so. The exploit is really limited and would most likely impact a server that use the mjml cli with the watch option to render MJML.
So the impact is really... really low. It’s almost safe to assume that today, it doesn’t impact anyone. Regardless, we’ll still check if the watch option is still working on Windows after the dep upgrade.
… On 28 Feb 2019, at 20:59, Eric Manthei ***@***.***> wrote:
I have not done the associated PR yet. Just posting that it is broken on Mac as well.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
that's fair. I just wanted to pass along the info -- not trying to throw mud around :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See npm advisory, this causes
npm audit/yarn auditto failFix should be to upgrade
mjml-clidependency tochokidar@2.0.0The text was updated successfully, but these errors were encountered: