Open nezriffic opened 5 years ago
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ underscore.string │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.3.5 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ cover [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ cover > underscore.string │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/745 │ └───────────────┴──────────────────────────────────────────────────────────────┘
Update underscore.string dependency, please; or even get rid of it completely (as I can see only "startsWith" is used).
Update underscore.string dependency, please; or even get rid of it completely (as I can see only "startsWith" is used).