The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity
Release Notes
npm/hosted-git-info
### [`v3.0.8`](https://togithub.com/npm/hosted-git-info/blob/HEAD/CHANGELOG.md#308-httpsgithubcomnpmhosted-git-infocomparev307v308-2021-01-28)
[Compare Source](https://togithub.com/npm/hosted-git-info/compare/v3.0.7...v3.0.8)
##### Bug Fixes
- simplify the regular expression for shortcut matching ([bede0dc](https://togithub.com/npm/hosted-git-info/commit/bede0dc)), closes [#76](https://togithub.com/npm/hosted-git-info/issues/76)
### [`v3.0.7`](https://togithub.com/npm/hosted-git-info/blob/HEAD/CHANGELOG.md#307-httpsgithubcomnpmhosted-git-infocomparev306v307-2020-10-15)
[Compare Source](https://togithub.com/npm/hosted-git-info/compare/v3.0.6...v3.0.7)
##### Bug Fixes
- correctly filter out urls for tarballs in gitlab ([eb5bd5a](https://togithub.com/npm/hosted-git-info/commit/eb5bd5a)), closes [#69](https://togithub.com/npm/hosted-git-info/issues/69)
### [`v3.0.6`](https://togithub.com/npm/hosted-git-info/blob/HEAD/CHANGELOG.md#306-httpsgithubcomnpmhosted-git-infocomparev305v306-2020-10-12)
[Compare Source](https://togithub.com/npm/hosted-git-info/compare/v3.0.5...v3.0.6)
##### Bug Fixes
- support to github gist legacy hash length ([c067102](https://togithub.com/npm/hosted-git-info/commit/c067102)), closes [#68](https://togithub.com/npm/hosted-git-info/issues/68)
### [`v3.0.5`](https://togithub.com/npm/hosted-git-info/blob/HEAD/CHANGELOG.md#305-httpsgithubcomnpmhosted-git-infocomparev304v305-2020-07-11)
[Compare Source](https://togithub.com/npm/hosted-git-info/compare/v3.0.4...v3.0.5)
#### [3.0.5](https://togithub.com/npm/hosted-git-info/compare/v3.0.4...v3.0.5) (2020-07-11)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
3.0.4
->3.0.8
GitHub Vulnerability Alerts
CVE-2021-23362
The npm package
hosted-git-info
before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexityRelease Notes
npm/hosted-git-info
### [`v3.0.8`](https://togithub.com/npm/hosted-git-info/blob/HEAD/CHANGELOG.md#308-httpsgithubcomnpmhosted-git-infocomparev307v308-2021-01-28) [Compare Source](https://togithub.com/npm/hosted-git-info/compare/v3.0.7...v3.0.8) ##### Bug Fixes - simplify the regular expression for shortcut matching ([bede0dc](https://togithub.com/npm/hosted-git-info/commit/bede0dc)), closes [#76](https://togithub.com/npm/hosted-git-info/issues/76) ### [`v3.0.7`](https://togithub.com/npm/hosted-git-info/blob/HEAD/CHANGELOG.md#307-httpsgithubcomnpmhosted-git-infocomparev306v307-2020-10-15) [Compare Source](https://togithub.com/npm/hosted-git-info/compare/v3.0.6...v3.0.7) ##### Bug Fixes - correctly filter out urls for tarballs in gitlab ([eb5bd5a](https://togithub.com/npm/hosted-git-info/commit/eb5bd5a)), closes [#69](https://togithub.com/npm/hosted-git-info/issues/69) ### [`v3.0.6`](https://togithub.com/npm/hosted-git-info/blob/HEAD/CHANGELOG.md#306-httpsgithubcomnpmhosted-git-infocomparev305v306-2020-10-12) [Compare Source](https://togithub.com/npm/hosted-git-info/compare/v3.0.5...v3.0.6) ##### Bug Fixes - support to github gist legacy hash length ([c067102](https://togithub.com/npm/hosted-git-info/commit/c067102)), closes [#68](https://togithub.com/npm/hosted-git-info/issues/68) ### [`v3.0.5`](https://togithub.com/npm/hosted-git-info/blob/HEAD/CHANGELOG.md#305-httpsgithubcomnpmhosted-git-infocomparev304v305-2020-07-11) [Compare Source](https://togithub.com/npm/hosted-git-info/compare/v3.0.4...v3.0.5) #### [3.0.5](https://togithub.com/npm/hosted-git-info/compare/v3.0.4...v3.0.5) (2020-07-11)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.