npm audit: Regular Expression Denial of Service

Question

npm audit: Regular Expression Denial of Service

kevinlandsberg opened this issue 3 years ago · 1 comments

kevinlandsberg commented 3 years ago

High Regular Expression Denial of Service

Package trim-newlines

Patched in >=3.0.1 <4.0.0 || >=4.0.1

Dependency of gulp-sass [dev]

Path gulp-sass > node-sass > meow > trim-newlines

More info https://npmjs.com/advisories/1753

Answer 1 · 2021-06-09T09:21:24.000Z

yes, there is such a problem

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ trim-newlines │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.1 <4.0.0 || >=4.0.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-sass [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-sass > node-sass > meow > trim-newlines │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1753 │
└───────────────┴──────────────────────────────────────────────────────────────┘