Closed LVSant closed 2 years ago
glob-parent
The latest stable version of serverless-layers that is 2.5.3 is using glob-parent@2.0.0 which is vulnerable to regular expression denial of service.
serverless-layers
2.5.3
glob-parent@2.0.0
Please release a new version that is stable (not 2.5.4-beta.1) that contains this fix.
It's a High vulnerability that's impacting users of your library.
done
agutoli
commented
2 years ago agutoli
commented
2 years ago
Update
glob-parentto 5.1.2The latest stable version of
serverless-layersthat is2.5.3is usingglob-parent@2.0.0which is vulnerable to regular expression denial of service.Please release a new version that is stable (not 2.5.4-beta.1) that contains this fix.
It's a High vulnerability that's impacting users of your library.