Closed maries24 closed 3 years ago
Hello,
An Npm audit flags the following vulnerabilities when I install imagemin-cli, which depends on meow, which in turns depends on trim-newlines.
Here are the details given; they all boil down to the version of trim-newlines package in use.
High: Regular Expression Denial of Service Package : trim-newlines Patched in: >=3.0.1 <4.0.0 || >=4.0.1 Dependency of: imagemin-cli Path: imagemin-cli > imagemin-gifsicle > gifsicle > logalot > squeak > lpad-align > meow > trim-newlines More info: https://npmjs.com/advisories/1753
High: Regular Expression Denial of Service Package : trim-newlines Patched in: >=3.0.1 <4.0.0 || >=4.0.1 Dependency of: imagemin-cli Path: imagemin-cli > imagemin-jpegtran > jpegtran-bin > logalot > squeak > lpad-align > meow > trim-newlines More info: https://npmjs.com/advisories/1753
High: Regular Expression Denial of Service Package : trim-newlines Patched in: >=3.0.1 <4.0.0 || >=4.0.1 Dependency of: imagemin-cli Path: imagemin-cli > imagemin-optipng > optipng-bin > logalot > squeak > lpad-align > meow > trim-newlines More info: https://npmjs.com/advisories/1753
Would it be possible to upgrade trim-newlines to the recommended version?
Many thanks!
The latest meow version is already using the latest trim-newlines version.
meow
trim-newlines
Hello,
An Npm audit flags the following vulnerabilities when I install imagemin-cli, which depends on meow, which in turns depends on trim-newlines.
Here are the details given; they all boil down to the version of trim-newlines package in use.
High: Regular Expression Denial of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1 Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-gifsicle > gifsicle > logalot > squeak > lpad-align > meow > trim-newlines More info: https://npmjs.com/advisories/1753
High: Regular Expression Denial of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1 Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-jpegtran > jpegtran-bin > logalot > squeak > lpad-align > meow > trim-newlines
More info: https://npmjs.com/advisories/1753
High: Regular Expression Denial of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1 Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-optipng > optipng-bin > logalot > squeak > lpad-align > meow > trim-newlines
More info: https://npmjs.com/advisories/1753
Would it be possible to upgrade trim-newlines to the recommended version?
Many thanks!