Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
This PR contains the following updates:
7.0.3
->7.0.5
GitHub Vulnerability Alerts
CVE-2024-21538
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Release Notes
moxystudio/node-cross-spawn (cross-spawn)
### [`v7.0.5`](https://redirect.github.com/moxystudio/node-cross-spawn/blob/HEAD/CHANGELOG.md#705-2024-11-07) [Compare Source](https://redirect.github.com/moxystudio/node-cross-spawn/compare/v7.0.4...v7.0.5) ### [`v7.0.4`](https://redirect.github.com/moxystudio/node-cross-spawn/blob/HEAD/CHANGELOG.md#704-2024-11-07) [Compare Source](https://redirect.github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.4)Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.