Skip to content

Commit

Permalink
fix: replace ansi-html with ansi-html-community
Browse files Browse the repository at this point in the history 
This fixes the ReDoS vulnerability CVE-2021-23424
  • Loading branch information
@fabienmoyon
fabienmoyon committed Sep 8, 2021
1 parent 5cb545f commit 6a5dce1
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion client-src/default/overlay.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// The error overlay is inspired (and mostly copied) from Create React App (https://github.com/facebookincubator/create-react-app)
// They, in turn, got inspired by webpack-hot-middleware (https://github.com/glenjamin/webpack-hot-middleware).

const ansiHTML = require('ansi-html');
const ansiHTML = require('ansi-html-community');
const { AllHtmlEntities } = require('html-entities');

const entities = new AllHtmlEntities();
Expand Down
8 changes: 4 additions & 4 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
"release": "standard-version"
},
"dependencies": {
"ansi-html": "0.0.7",
"ansi-html-community": "^0.0.8",
"bonjour": "^3.5.0",
"chokidar": "^2.1.8",
"compression": "^1.7.4",
Expand Down

0 comments on commit 6a5dce1

Please sign in to comment.