-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please address vulnerabilities to Regular Expression Denial of Service #3125
Comments
Looks like Dependabot tried to submit a PR to upgrade semver. |
Yeah, that takes care of the semver package. The following PR takes care of the word-wrap package jonschlinkert/word-wrap#33. But going through the conversation it seems like the author of |
Has wordwrapjs been considered? I've created a pull request in the package that updates it to support the same functionality and nomenclature as word-wrap. wordwrapjs seems to consider trailing whitespace as part of the line width and will push it to the next line in some situations but that's just about the only difference in use that I've found via testing. Would this still be acceptable as an alternative? https://github.com/75lb/wordwrapjs The whitespace diff in question: https://abload.de/img/diffspene.png |
The word-wrap PR has been merged. |
This is fixed in Newman v6. |
The latest version of this package (newman@5.3.2) has the following vulnerable dependencies:
References :
The text was updated successfully, but these errors were encountered: