search

dlmanning / gulp-sass

SASS plugin for gulp
MIT License
1.56k stars 381 forks source link

npm audit: Regular Expression Denial of Service #799

Closed kevinlandsberg closed 3 years ago

kevinlandsberg commented 3 years ago

High Regular Expression Denial of Service

Package trim-newlines

Patched in >=3.0.1 <4.0.0 || >=4.0.1

Dependency of gulp-sass [dev]

Path gulp-sass > node-sass > meow > trim-newlines

More info https://npmjs.com/advisories/1753

sh4rov commented 3 years ago

yes, there is such a problem

┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ trim-newlines │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.0.1 <4.0.0 || >=4.0.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ gulp-sass [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ gulp-sass > node-sass > meow > trim-newlines │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1753 │ └───────────────┴──────────────────────────────────────────────────────────────┘