Update to at least version 1.1.0 of tiny-lr to avoid Regular Expression Denial of Service

schickling / gulp-webserver

Streaming gulp plugin to run a local webserver with LiveReload

https://www.npmjs.org/package/gulp-webserver

MIT License

355 stars 84 forks source link

Update to at least version 1.1.0 of tiny-lr to avoid Regular Expression Denial of Service #135

Open shawn-peery opened 5 years ago

shawn-peery commented 5 years ago

https://www.npmjs.com/advisories/534

When using gulp-server 0.9.1, there is a vulnerability for the version of tiny-lr being used.

Low | Regular Expression Denial of Service Package | debug Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 Dependency of │ gulp-webserver [dev] Path │ gulp-webserver > tiny-lr > debug More info │ https://nodesecurity.io/advisories/534

I didn't see a previous issue for this on the tracker. If I'm mistaken, please let me know.