Open mpaktiti opened 4 years ago
braces
has to be updated to version 2.3.1 or higher
The indexr repo looks out of maintenance (last update: 3 years ago).
We can try sending a PR to update chokidar
or fork indexr
and update the chokidar
version in our fork.
Vulnerable module: braces Introduced through: indexr@1.1.10 Detailed Path:
Remediation: No remediation path available.
Overview: braces is a Bash-like brace expansion, implemented in JavaScript. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. It used a regular expression (^{(,+(?:({,+})),|,(?:({,+})),+)}) in order to detects empty braces. This can cause an impact of about 10 seconds matching time for data 50K characters long.
More about this issue Snyk Report