This package is currently introducing a security audit alert
child-process-promise > cross-spawn: Regular Expression Denial of Service (ReDoS) in cross-spawn patched in >=7.0.5
https://github.com/advisories/GHSA-3xgq-45jj-v275
I has been fixed by adding a resolution for cross-spawn in https://github.com/huridocs/uwazi/pull/7448, but since child-process-promise no longer seems to be receiving updated it could be worthwhile to migrate to a new one, and remove the resolution.
The package is used mostly by the api, and one e2e helper.
child-process-promiseseems to no longer receive updates.This package is currently introducing a security audit alert
child-process-promise > cross-spawn: Regular Expression Denial of Service (ReDoS) in cross-spawn patched in >=7.0.5 https://github.com/advisories/GHSA-3xgq-45jj-v275I has been fixed by adding a resolution for
cross-spawnin https://github.com/huridocs/uwazi/pull/7448, but sincechild-process-promiseno longer seems to be receiving updated it could be worthwhile to migrate to a new one, and remove the resolution.The package is used mostly by the api, and one e2e helper.