Skip to content

Commit

Permalink
bump ms to v2 due a ReDoS vuln (#352)
Browse files Browse the repository at this point in the history 
ms@0.7.3 is vulnerable to a ReDoS attack: https://snyk.io/vuln/npm:ms:20170412

Looking at the code, the breaking change in ms@2.x that the accepted string is now limited to 100 chars.
  • Loading branch information
@dominykas @ziluvatar
dominykas authored and ziluvatar committed May 17, 2017
1 parent 6755049 commit adcfd6a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
"joi": "^6.10.1",
"jws": "^3.1.4",
"lodash.once": "^4.0.0",
"ms": "^0.7.1",
"ms": "^2.0.0",
"xtend": "^4.0.1"
},
"devDependencies": {
Expand Down

0 comments on commit adcfd6a

Please sign in to comment.