-
Notifications
You must be signed in to change notification settings - Fork 29.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vscode NPM package is causing a diff security issue #75732
vscode NPM package is causing a diff security issue #75732
Comments
Seems I'm now forking mocha to update Wondering what I should do
@bpasero What do you think? |
@octref can't we just update to mocha 5 or 6 in the vscode module? |
@octref will talk to you in chat |
Ah, I thought Mocha 5/6 would have breaking changes so we can't really upgrade easily. Will upgrade to Mocha 5. |
Thanks |
Issue Type: Bug
GitHub reported a security vulnerability related to the
diff
NPM package in my VS Code extension'spackage-lock.json
.In my VS Code extension's
package.json
, I've added a dependency forvscode
:When I run
npm ls diff
to see what packages are usingdiff
, I see this:And I see this reflected in my
package-lock.json
:VS Code version: Code 1.35.1 (c7d83e5, 2019-06-12T14:29:22.216Z)
OS version: Darwin x64 18.6.0
System Info
checker_imaging: disabled_off
flash_3d: enabled
flash_stage3d: enabled
flash_stage3d_baseline: enabled
gpu_compositing: enabled
multiple_raster_threads: enabled_on
native_gpu_memory_buffers: enabled
rasterization: enabled
surface_synchronization: enabled_on
video_decode: enabled
webgl: enabled
webgl2: enabled
Extensions (15)
The text was updated successfully, but these errors were encountered: