Regular Expression Denial of Service in vinyl-fs > glob-stream > micromatch > braces

SassDoc / sassdoc

Release the docs!

http://sassdoc.com

MIT License

1.41k stars 56 forks source link

Regular Expression Denial of Service in vinyl-fs > glob-stream > micromatch > braces #537

Closed Ambient-Impact closed 4 years ago

Ambient-Impact commented 5 years ago

Hi there. Just ran npm audit and got this:

  Low             Regular Expression Denial of Service

  Package         braces

  Patched in      >=2.3.1

  Dependency of   grunt-sassdoc [dev]

  Path            grunt-sassdoc > sassdoc > vinyl-fs > glob-stream >
                  micromatch > braces

  More info       https://npmjs.com/advisories/786

It looks like newer versions of glob-stream and thus vinyl-fs are no longer using micromatch, so upgrading would fix this warning.

joekrump commented 4 years ago

I've opened a pull request to update the version of vinyl-fs here: https://github.com/SassDoc/sassdoc/pull/547

joekrump commented 4 years ago

This is issue can now be closed I think as version 2.7.2 has now been released and contains the fix.