Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Semver package security issue #12

Open
doctenahasib opened this issue Jul 11, 2023 · 3 comments
Open

Semver package security issue #12

doctenahasib opened this issue Jul 11, 2023 · 3 comments

Comments

@doctenahasib
Copy link

The package semver version 5.4.1 has a security issue and allows attackers to do a ReDoS.
Can you please update that package to the latest version ?

https://github.com/serverless/serverless-plugin-log-retention/blob/master/package.json#L27
@hashanotrium
Copy link

Any update here?
`npm audit

npm audit report

semver <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/serverless-plugin-log-retention/node_modules/semver
serverless-plugin-log-retention *
Depends on vulnerable versions of semver
node_modules/serverless-plugin-log-retention`

@openam openam mentioned this issue Nov 21, 2023
Closed
@surajsnair92 surajsnair92 mentioned this issue Jan 10, 2024
Merged
@fedeam
Copy link

fedeam commented Aug 2, 2024

Any update here?
`npm audit

@openam
Copy link

openam commented Aug 9, 2024

I ended up just using the built-in serverless log retentions settings, and stopped using this plugin, https://www.serverless.com/framework/docs/providers/aws/guide/functions#log-group-resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@openam @fedeam @doctenahasib @hashanotrium