Skip to content

Update is-descriptor to fix vulnerability #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update is-descriptor to fix vulnerability #6

wants to merge 1 commit into from

Conversation

HenryLie
Copy link

Version ^1.0.2 of is-descriptor currently being used depends on a library with a vulnerability as described here.

This PR updates the dependency to its latest version which no longer depends on the aforementioned library, and updates the test code to adhere to the latest specification which requires both configurable and enumerable to be defined to be recognized as a valid descriptor.

While at it, I also updated mocha to the latest version to resolve npm audit vulnerabilities.

@HenryLie
Update dependencies to fix vulnerabilities
a8c28b3 
- Update is-descriptor to 3.0.0
- Update mocha to 7.1.0
- Add "enumerable" and "configurable" to test cases
  to ensure it complies with new is-descriptor check.
@HenryLie
Copy link
Author

Looks like all Travis builds on node versions <8 and iojs fails due to ES6 syntax in one of the dependencies. Do we need to support those versions though?

Seems like the current oldest supported version is 8 (in maintenance LTS)?
https://nodejs.org/en/about/releases/

@eduardoconceicao
Copy link

Looks like all Travis builds on node versions <8 and iojs fails due to ES6 syntax in one of the dependencies. Do we need to support those versions though?

Seems like the current oldest supported version is 8 (in maintenance LTS)?
https://nodejs.org/en/about/releases/

I would drop the older versions of node if that's possible. What do you think @jonschlinkert ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HenryLie @eduardoconceicao