Fixed ReDoS in "loadAnnotation" function of "previous-map.js"

sasstools / scss-tokenizer

A tokenzier for Sass' SCSS syntax

MIT License

24 stars 22 forks source link

Closed sushantmittal closed 2 years ago

sushantmittal commented 2 years ago

Replaced (.*) with ((?:(?!sourceMappingURL=).)*) in regex used in loadAnnotation function of src/previous-map.js to fix ReDoS.

Closes #45 Closes #48

dzadza commented 2 years ago

Please merge :pray:

danny-endeavour commented 2 years ago

Perhaps @xzyfer can merge it? :)

Grizzlijs commented 2 years ago

Hello! When plan to merge ? Need for security update.

Marcel-MSC commented 2 years ago

Hello! When you guys are going to merge it??????????????? @sushantmittal @dzadza @danny-endeavour @Grizzlijs @migonium

sushantmittal commented 2 years ago

@Marcel-MSC : I don't have permission to merge it. @xzyfer can merge it.

Flyingliuhub commented 2 years ago

@xzyfer , is it merged ? Thanks

azeemh commented 2 years ago

please merge so every other programmer in the world can securely use node js in their projects again.

xzyfer commented 2 years ago

Thanks @sushantmittal

curtvict commented 2 years ago

Many thanks to both @xzyfer and @sushantmittal for their hard work!

Marcel-MSC commented 2 years ago

Thanks @xzyfer and @sushantmittal

G-Rath commented 2 years ago

I've opened https://github.com/github/advisory-database/pull/589 updating the advisory to reflect the new release :)