Closed Ilshidur closed 6 years ago
@Ilshidur I would strongly prefer that we merge this instead
https://github.com/Medium/phantomjs/pull/746
As it would result in far fewer instances of having to manually bump dependencies and communicate with Medium, who have already expressed a disinterest in maintaining this project.
Abandoning this PR. As this repo is going to be archived, I'm not willing to keep a fork of it in my repositories. Sorry to see this project is going down.
The extract-zip@1.6.5 package is vulnerable to a ReDoS attack.
Updated to version 1.6.6, where the maintainers fixed it a few hours ago this PR.
This PR can solve failing tests because of some tools (like Snyk). I made it just in case https://github.com/Medium/phantomjs/pull/746#issuecomment-340663022 won't be merged immediately.