Uncontrolled Resource Consumption in parse-link-header

[marcelomachado]

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function. See:
https://github.com/IBM/tpf-conceptnet-datasource/security/dependabot/1

The dependency chain is as follows: parse-link-header 1.0.1 > @comunica/actor-http-native 1.22.1 > rdf-parse 1.9.1 > componentsjs 4.5.0 > @ldf/core 3.2.1 (the one used here). The > represents the required by relation.

[rubensworks]

Updating to the newest Components.js version should resolve this.
PR is welcome :-)

[marcelomachado]

Updating to the newest Components.js version should resolve this. PR is welcome :-)

I don't know if the 5.x.x version may break something. I sent a PR updating to 4.5.0.

[rubensworks]

I don't know if the 5.x.x version may break something.

I think the latest range is probably what we want if possible, I think remaining in the 4.x range will still give us other bugs that have been fixed in 5.x.