Closed as not planned
Description
Before You File a Bug Report Please Confirm You Have Done The Following...
- I have tried restarting my IDE and the issue persists.
- I have updated to the latest version of the packages.
- I have searched for related issues and found none that matched my issue.
- I have read the FAQ and my problem is not listed.
Relevant Package
typescript-eslint
Playground Link
Repro Code
This is vulnerability issue which need to be fixed
https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LESLint Config
module.exports = {
parser: "@typescript-eslint/parser",
rules: {
"@typescript-eslint/<rule-name>": ["error", ...<options>],
},
};tsconfig
Expected Result
Dependency "minimatch": "^9.0.5" in 8.32.0 version of typescript-eslint is holding a high a vulnerability for brace-expansion(2.0.1) package
GHSA-v6h2-p8h4-qcjw
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Node version: 22.12.0
npm version: 10.9.0
Local ESLint version: 9.26.0
Global ESLint version: 9.26.0
Operating System: Windows 11 Enterprise
Actual Result
Vulnerability is thrown
Additional Info
An attacker could submit a crafted input to an affected application in order to trigger excessive resource consumption that could result in degraded performance.
Versions
| package | version |
|---|---|
@typescript-eslint/eslint-plugin |
X.Y.Z |
@typescript-eslint/parser |
X.Y.Z |
@typescript-eslint/rule-tester |
X.Y.Z |
@typescript-eslint/scope-manager |
X.Y.Z |
@typescript-eslint/typescript-estree |
X.Y.Z |
@typescript-eslint/type-utils |
X.Y.Z |
@typescript-eslint/utils |
X.Y.Z |
TypeScript |
5.8.2 |
ESLint |
9.26.0 |
node |
22.12.0 |
{ "compilerOptions": { // ... } }