search

zouhir / lqip-loader

Low Quality Image Placeholders (LQIP) for Webpack
1.21k stars 44 forks source link

url-regex@3.2.0 vulnerability #26

Open wilbsy opened 4 years ago

wilbsy commented 4 years ago

Is it possible to swap url-regex@3.2.0 for url-regex-safe? Is this package still maintained?

Thanks!

https://npmjs.com/advisories/1550 Regular Expression Denial of Service Path --> lqip-loader > lqip > jimp > url-regex

afsanefda commented 2 years ago

@zouhir Is there a way to upgrade the package for url-regex to solve a lot of vulnerabilities in git repos ?

└─┬ lqip-loader@2.2.1
  └─┬ lqip@2.1.0
    └─┬ jimp@0.2.28
      └── url-regex@3.2.0