Need to update validator to >=3.22.1 to avoid regular expression denial of service #8
Comments
0x333333
added a commit
to 0x333333/node-resanitize
that referenced
this issue
Jul 23, 2019
As mentioned in danmactough#8, we need to bump the version of validator to avoid regular expression denial of service.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
I ran into this issue when I did
npm audit, resanitize is using validator of version~1.5.1, which is vulnerable to regular expression denial of service.$ npm audit === npm audit security report === ┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ validator │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.22.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ hexo-migrator-rss │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ hexo-migrator-rss > feedparser > resanitize > validator │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/42 │ └───────────────┴──────────────────────────────────────────────────────────────┘The text was updated successfully, but these errors were encountered: