Vulnerability in nth-check dependency

pa11y / pa11y-ci

Pa11y CI is a CI-centric accessibility test runner, built using Pa11y

https://pa11y.org

GNU Lesser General Public License v3.0

515 stars 63 forks source link

Vulnerability in nth-check dependency #162

Closed steven-melcher closed 2 years ago

steven-melcher commented 2 years ago

CVE-2021-3803: Inefficient Regular Expression Complexity in nth-check was discovered by our OWASP dependency checker in pa11y-ci v2.4.1. Please refer to https://github.com/advisories/GHSA-rp65-9cf3-cjxr for details on the vulnerability.

Would it be possible for pa11y-ci to be updated to use a later version of nth-check that fixes this vulnerability?

aarongoldenthal commented 2 years ago

This is resolved in pa11y-ci v3.0.0