Regular Expression Denial of Service - url-regex vulnerability #37
Comments
|
The url-regex vulnerability in question (see details here : https://www.npmjs.com/advisories/1550 ) stems from the package "url-regex" which is a dependency of jimp v0.2.28 and lower. Later versions of jimp no longer have that dependency, thus fixing it should only need upgrading jimp to the latest version unless there is some deprecated functionality required by nightwatch-vrt. As @justinlazaro-iselect has requested could someone look into this? It has become a major issue for us since the release of npm v6.* which now runs an npm audit on npm install, as npm audit will return a non zero exit code for any vulnerability. Non zero exit codes can and does break our CI pipeline. We could configure npm audit to ignore vulnerabilities but this is a HIGH vulnerability and thus really needs to be fixed. |
Hi got issue in Regular Expression Denial of Service - url-regex vulnerability, any action on this? thanks
Hopefully someone can update in this
jimp-dev/jimp#926
The text was updated successfully, but these errors were encountered: