Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update rimraf (CWE-772) #506

Closed
w3nl opened this issue Dec 6, 2023 · 3 comments · Fixed by #509
Closed

Update rimraf (CWE-772) #506

w3nl opened this issue Dec 6, 2023 · 3 comments · Fixed by #509

Comments

@w3nl
Copy link
Contributor

w3nl commented Dec 6, 2023
edited
Loading

  • Version: 20.10.0
  • Platform: Linux tux 6.5.0-14-generic #14-Ubuntu SMP PREEMPT_DYNAMIC Tue Nov 14 14:59:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 23.10)

Rimraf is outdated, and because C8 use an old version, we receive vulnerability issues.
Inflight has a CWE issue, that is an indirect dependency of this package.

rimraf@3.0.2 › glob@7.2.3 › inflight@1.0.6

https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
https://cwe.mitre.org/data/definitions/772.html

In rimraf 4 this is already solved, by removing glob as a dependency:
https://github.com/isaacs/rimraf/blob/main/CHANGELOG.md
@w3nl w3nl changed the title Update rimraf Update rimraf (CWE-772) Dec 6, 2023
@w3nl w3nl mentioned this issue Dec 18, 2023
Closed
1 task
@bcoe
Copy link
Owner

bcoe commented Jan 2, 2024

@w3nl let's just drop Node 12 support and pick a minimum engine that supports fs.rm.

@bcoe
Copy link
Owner

bcoe commented Jan 2, 2024

@w3nl want to update your CL accordingly, I can merge after.

@w3nl
Copy link
Contributor Author

w3nl commented Jan 3, 2024

@bcoe
fs.rm is added in Node 14.14.0
https://nodejs.org/api/fs.html#fsrmpath-options-callback

@w3nl w3nl mentioned this issue Jan 3, 2024
Merged
@bcoe bcoe closed this as completed in #509 Jan 3, 2024
@morganney morganney mentioned this issue May 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(deps): Remove rimraf w3nl/c8
2 participants
@bcoe @w3nl