-
-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix JSDOM transative vulnerability #7510
Conversation
Yeah i can get this in, if it does not cut any meaningfull node version. |
Please remove the minor version bumb and i ll merge ( need to look into why tests are failing ) |
this |
Alright, on it now :), sorry for the delay. |
8c56d8f
to
0efde6b
Compare
Updated PR |
@ShaMan123 and @melchiar i was thinking to merge this ( vulnerabilities need to be fixed even if they are not triggerable in an immediate way ). |
I agree, better to bump the version up higher. There may be more vulnerabilities found with 10 or 12 that would then require we do yet another major version release. |
+1 |
Argh need to investigate tests. |
Hey @asturur, happy to investigate 🙂 |
I can't see anything immediately obvious in the JSDom changelogs. It appears the image loading behaviour of parseFromString has changed in jsdom at some point, and now just hangs attempting to retrieve the image. I'll keep looking into a solution but not sure there is one. |
there are 2 issues right now. |
This setTimeout issue, I assume you mean the test having a timeout in general? Or is there another broken test I didn't see. I think we can change the behaviour in jsdom to fix the missing image hanging, but I don't have time right now to look into it. I likely won't get time until christmas. . |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
…entifier to determine behaviour and use a new property 'objectRole'
Hi @avra-m3 sorry for the long time. |
We noticed a transitive vulnerability in our automated npm audit checks.
It would be good if we could get this fixed. Ran tests and it looked fine, not sure what uses jsdom to be able to test any behavior has changed directly.
If you can point me at the features that depend on jsdom happy to test them directly and add any required test cases.
Cheers.
For reference