Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: eliminate ReDoS #36

Merged
merged 1 commit into from Mar 6, 2021
Merged

fix: eliminate ReDoS #36

merged 1 commit into from Mar 6, 2021

Conversation

@Trott
Copy link
Contributor

@Trott Trott commented Feb 10, 2021

This change fixes a regular expression denial of service
vulnerability.

Refs: #32
Refs: https://app.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905

This change fixes a regular expression denial of service
vulnerability.

Refs: gulpjs#32
Refs: https://app.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
@Trott Trott force-pushed the snyk-fix-patch branch from 8995f8c to c6db864 Feb 10, 2021
@gulpjs gulpjs deleted a comment from gerrard00 Feb 15, 2021
@Spoor2709

This comment was marked as spam.

@phated
Copy link
Member

@phated phated commented Feb 18, 2021

Hey @Spoor2709, there is none.

@Spoor2709
Copy link

@Spoor2709 Spoor2709 commented Feb 18, 2021

Hey @Spoor2709, there is none.

@phated thanks for the reply! Waiting on this to be merged to introduce a big feature in the snyk CLI. Let is there anything I or my team can do to help get this in?

@Trott
Copy link
Contributor Author

@Trott Trott commented Feb 19, 2021

@phated Based on #34 (comment), I've been hoping the plan is to land this as a patch fix, and then include #34 (which I'll rebase after this lands) as part of a major version bump. Is that at least still under consideration, even if there's no eta?

@phated
Copy link
Member

@phated phated commented Feb 19, 2021

@Trott It's still on the plate and I appreciate your work. I'm just swamped right now and don't appreciate people that didn't write the PRs hounding me about doing work for free. Again, thanks for this and I'll try to get to is ASAP.

@Trott
Copy link
Contributor Author

@Trott Trott commented Mar 3, 2021

Ping to see if there's a chance of moving this forward at this time. No particular urgency on my end. Just checking in. @phated

@phated phated merged commit f923116 into gulpjs:main Mar 6, 2021
1 check passed
@phated
Copy link
Member

@phated phated commented Mar 6, 2021

Thanks @Trott - sorry for the delay! I'm finally getting caught up on things. Let me know once #34 is rebased and I'll get that in a major.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants