search

simonsmith / stylelint-selector-bem-pattern

Stylelint plugin that incorporates postcss-bem-linter
MIT License
244 stars 13 forks source link

Dependency `trim` has security issue #55

Closed stugoo closed 3 years ago

stugoo commented 3 years ago

Running yarn why trim 

yarn why trim
yarn why v1.22.10
[1/4] 🤔  Why do we have the module "trim"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "trim@0.0.1"
info Reasons this module exists
   - "stylelint-selector-bem-pattern#stylelint#postcss-markdown#remark#remark-parse" depends on it
   - Hoisted from "stylelint-selector-bem-pattern#stylelint#postcss-markdown#remark#remark-parse#trim"
info Disk size without dependencies: "28KB"
info Disk size with unique dependencies: "28KB"
info Disk size with transitive dependencies: "28KB"
info Number of shared dependencies: 0
✨  Done in 0.88s.

All versions of package trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

https://github.com/advisories/GHSA-w5p7-h5w8-2hfq

AlecRust commented 3 years ago

Fixed in 2.1.1.