Vulnerability issues in dependant package meow@3.7.0

Question

Vulnerability issues in dependant package meow@3.7.0

Opened this issue 3 years ago · 1 comments

Hi,
The current version is using meow@3.7.0 which at the same time is dependant on trim-newlines@1.0.0 is having a High vulnerability issue. It would be nice to bump a new release using meow@10.1.1 to fix that vulnerability.

meow@10.1.1 using trim-newlines@^4.0.2
https://github.com/sindresorhus/meow/blob/main/package.json#L54

High Regular Expression Denial of Service in trim-newlines
Package trim-newlines
Patched in >=3.0.1
Dependency of @wdio/devtools-service [dev]
Path @wdio/devtools-service > speedline > meow > trim-newlines

More info GHSA-7p7h-4mm5-852v

Thanks,
Guido.

Answer 1 · 2023-04-04T11:58:10.000Z

Are there any updates regarding this issue? I've also faced with it while installing "@wdio/devtools-service" that is dependant on "speedline" package