-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump cheerio to @1.0.0-rc.11 #2561
base: master
Are you sure you want to change the base?
Conversation
Due to recent security vulnerability in nth-checkv1.2.0 which is fetched transitively from enzyme --> cheerio --> css-select --> .... --> nth-checkv1.2.0. [email protected] removes dependency of css-select which ultimately removes dependency of nth-check
Hi @ljharb / @lelandrichardson @koba04 @nfcampos , |
Codecov Report
@@ Coverage Diff @@
## master #2561 +/- ##
==========================================
- Coverage 96.31% 94.62% -1.69%
==========================================
Files 49 32 -17
Lines 4207 2717 -1490
Branches 1130 777 -353
==========================================
- Hits 4052 2571 -1481
+ Misses 155 146 -9
Continue to review full report at Codecov.
|
It's worth noting that this is not actually a vulnerability, it's a false positive, at least for enzyme's use case. |
@@ -39,7 +39,7 @@ | |||
"license": "MIT", | |||
"dependencies": { | |||
"array.prototype.flat": "^1.2.4", | |||
"cheerio": "=1.0.0-rc.3", | |||
"cheerio": "=1.0.0-rc.11", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"cheerio": "=1.0.0-rc.11", | |
"cheerio": "^1.0.0-rc.11", |
i suspect this will break tests, which is why it's pinned to rc3.
FYI: People (me included!) have been having problems with cheerio I mention it here because I, like others in that thread, encountered it through the dependency from enzyme. |
43eb75e
to
39e6b1f
Compare
cheerio 1.0.0 is now released, so perhaps (if anyone ever comes around) it should be updated to that package |
Due to engine requirements, we may never be able to update to it. We’re far more likely to drop the render API. |
Due to recent security vulnerability in nth-checkv1.2.0 which is fetched transitively from enzyme --> cheerio --> css-select --> .... --> nth-checkv1.2.0.
[email protected] removes dependency of css-select which ultimately removes dependency of nth-check