Snyk report: High severity vulnerability found in plist -> Regular Expression DOS

[gabriele-sacchi]

Bug Report

Problem

Snyk (https://www.npmjs.com/package/snyk) querying a database of known vulnerabilities revealed this critical security vulnerability:

✗ High severity vulnerability found in plist
  Description: Regular Expression Denial of Service (ReDoS)
  Info: https://snyk.io/vuln/npm:plist:20180219
  Introduced through: cordova-custom-config@5.0.3
  From: cordova-custom-config@5.0.3 > xcode@1.1.0 > simple-plist@0.2.1 > plist@2.0.1

What is expected to happen?

No security vulnerabilities should be found by Snyk

What does actually happen?

High severity security vulnerability found by Snyk

Information

Steps to reproduce:

• Add latest version of cordova-ios to a package.json file
• Install npm snyk
• Run snyk test

Command or Code

See above

Environment, Platform, Device

Any

Version information

latest

Checklist

• [ x] I searched for existing GitHub issues
• [ x] I updated all Cordova tooling to most recent version
• [ x] I included all the necessary information above

[dpa99c]

See https://github.com/dpa99c/cordova-custom-config/issues/154#issuecomment-475516096