Closed G-Rath closed 5 years ago
Low Regular Expression Denial of Service Package braces Patched in >=2.3.1 Dependency of browserify-css [dev] Path browserify-css > find-node-modules > findup-sync > micromatch > braces More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of browserify-css [dev]
Path browserify-css > find-node-modules > findup-sync > micromatch > braces
More info https://npmjs.com/advisories/786
I have made an comment requesting a new version of micromatch@2.x.x be released with an update to the braces dependency, which might happen and thus resolve this.
micromatch@2.x.x
braces
However, ideally browserify-css should update find-node-modules to v2.0.0, to resolve this security vulnerability.
browserify-css
find-node-modules
v2.0.0
Also hoping for a dependency version bump up to get rid of the vulnerability. Doing it by hand introduces a whole new process to deployment.
I have made an comment requesting a new version of
micromatch@2.x.x
be released with an update to thebraces
dependency, which might happen and thus resolve this.However, ideally
browserify-css
should updatefind-node-modules
tov2.0.0
, to resolve this security vulnerability.