0.10.3 on NPM has a security vulnerability string@3.3.0

Question

0.10.3 on NPM has a security vulnerability string@3.3.0

Opened this issue 7 years ago · 0 comments

I notice that the master branch no longer uses string@3.3.0 which has a regex DDoS vulnerability. Can we have a 0.10.4 without string@3.3.0? If there are blockers, what are they?