search

mariocasciaro / gulp-concat-css

Concatenates css files, bubbling up import statements (as per the standard), and optionally rebasing urls and inlining local import statements.
MIT License
78 stars 19 forks source link

fix url-regex vulnerability #50

Open SimonDeRidder opened 3 years ago

SimonDeRidder commented 3 years ago

When installing via npm, a warning is issued: ┌──────────┬─────────────────────────────┐ │ High │ Regular Expression Denial of Service │ ├──────────┼─────────────────────────────┤ │ Package │ url-regex │ ├──────────┼─────────────────────────────┤ │ Patched in │ No patch available │ ├──────────┼─────────────────────────────┤ │ Dependency of │ gulp-concat-css [dev] │ ├──────────┼─────────────────────────────┤ │ Path │ gulp-concat-css > rework-import > url-regex │ ├──────────┼─────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1550 │ └──────────┴─────────────────────────────┘ More info in https://github.com/kevva/url-regex/issues/70 It seems the issue can be fixed by switching to https://github.com/niftylettuce/url-regex-safe

retroburst commented 3 years ago

Also would really like to see this fixed as well!

mattiaskagstrom commented 2 years ago

Related: https://github.com/reworkcss/rework-import/pull/20