upgrade diff to v3.5 - Githubissues

axross / tap-diff

:dancers: The most human-friendly TAP reporter.

MIT License

94 stars 26 forks source link

upgrade diff to v3.5 #21

Open rob-balfre opened 5 years ago

rob-balfre commented 5 years ago

@axross Github is complaining that tap-diff has a security vulnerability. Can you upgrade the diff dependency to version 3.5.0 or later please.

mindplay-dk commented 3 years ago

@axross are you still maintaining this project? if not, I don't want to submit a PR.

githubjosh commented 1 year ago

this security patch is pretty urgent. should be a quick update, no?

diff  <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
fix available via `npm audit fix --force`
Will install tap-diff@0.0.0, which is a breaking change
node_modules/tap-diff/node_modules/diff
  tap-diff  >=0.0.1
  Depends on vulnerable versions of diff
  node_modules/tap-diff