NPM audit failure

[ghost]

Just alerting you to the fact that I'm getting an npm audit failure regarding two third party dependencies of Jest (acorn and kind-of). These are flagged as containing potential vulnerabilities, specifically "Validation Bypass" and "Regular Expression Denial of Service".

[pratiksawant10]

I am facing similar issues. Any updates on fixing this error?

[mattdarveniza]

Yep, this will require an update of jest-environment-doms version of jsdom from 15 -> 16, which is why npm audit can't auto-fix. JSDom 16 requires a minimum node version of 10, while Jest's current min version is v8. Unless jsdom introduces a bug fix patch in version 15, this may be a bigger change than expected.

Given all of that, I suspect this may take a while longer than most other packages. The good news is that unless you're running jest on a public facing server (why), this shouldn't be a concerning vulnerability.

[pratiksawant10]

@mattdarveniza Looks like the issue is currently being address, have a look at this - #9643

[SimenB]

Duplicate of #9643

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Please note this issue tracker is not a help forum. We recommend using StackOverflow or our discord channel for questions.