search

digitalbazaar / bedrock-webpack

Bedrock webpack module.
Apache License 2.0
0 stars 2 forks source link

Tracking for `trim-newlines` vulnerability #35

Closed mattcollier closed 2 years ago

mattcollier commented 3 years ago

I've documented the situation here: https://github.com/sass/node-sass/issues/3188

https://www.npmjs.com/advisories/1753

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim-newlines                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.0.1 <4.0.0 || >=4.0.1                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ bedrock-webpack                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ bedrock-webpack > node-sass > meow > trim-newlines           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1753                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
dlongley commented 2 years ago

We no longer use node-sass, closing.