Closed matteematt closed 2 weeks ago
This does not apply to the latest version, which has removed the offending regex.
Snyk/GitHub/NPM have a problem of indiscriminately spamming people with scary "high" severity reports, but the real-world impact of ReDoS is questionable. It's not RCE or disclosure of any private info, just some CPU time wasted if someone manages to send long enough specially crafted headers.
It has been fixed anyway, just update your dependencies.
https://github.com/advisories/GHSA-rc47-6667-2j5j