Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moment - Regular Expression Denial of Service #3042

Closed
jhawlwut opened this issue Feb 2, 2016 · 3 comments
Closed

Moment - Regular Expression Denial of Service #3042

jhawlwut opened this issue Feb 2, 2016 · 3 comments
Assignees
Milestone

Comments

@jhawlwut
Copy link

@jhawlwut jhawlwut commented Feb 2, 2016

In reference to this discussion:
moment/moment#2936

We've included NSP in our build process and with this vulnerability was curious if there was a short-term plan to address this? I've looked around this and the joi repository but couldn't find any open / closed issues addressing this.

@hueniverse
Copy link
Contributor

@hueniverse hueniverse commented Feb 2, 2016

I don't think joi uses the feature with the issue. hapi doesn't use moment at all even through joi. Once moment publishes a new version with the fix, we can publish a new shirnkwrap file so the warning goes away but this is not an actually issue.

@dresende
Copy link

@dresende dresende commented Feb 2, 2016

@hueniverse hueniverse self-assigned this Mar 10, 2016
@hueniverse hueniverse added this to the 13.1.0 milestone Mar 10, 2016
@hueniverse hueniverse closed this Mar 10, 2016
@Marsup
Copy link
Contributor

@Marsup Marsup commented Mar 10, 2016

False warning on NSP's side, even if we used the feature.
Joi is using 2.x.x, which makes it your responsibility to provide a bug-free version (which has been available for quite a while) as I'm not enforcing any specific version.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants