npm: word-wrap package vulnerable to Regular Expression Denial of Service

9elements / firmware-action

Build system for firmware images for several open source firmware solutions

MIT License

10 stars 0 forks source link

npm: word-wrap package vulnerable to Regular Expression Denial of Service #30

Closed AtomicFS closed 2 months ago

AtomicFS commented 1 year ago

The original word-wrap project seems to be abandoned, see pull request 33.

Consider using a maintained forked mentioned in comment in pull request 33.

AtomicFS commented 1 year ago

Blocked by issues in milestone 1

AtomicFS commented 2 months ago

This should be fixed with #108 - when we switch from compilation-on-the-fly to just pulling pre-compiled binary in CI, we will get rid of most (if not all) of our JavaScript code. See #182