Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: eliminate ReDoS #36

Merged
merged 1 commit into from Mar 6, 2021
Merged

fix: eliminate ReDoS #36

merged 1 commit into from Mar 6, 2021

Conversation

Trott
Copy link
Contributor

@Trott Trott commented Feb 10, 2021
edited

This change fixes a regular expression denial of service
vulnerability.

Refs: #32
Refs: https://app.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905

@Trott Trott mentioned this pull request Feb 10, 2021
Merged
@Trott
fix: eliminate ReDoS
c6db864 
This change fixes a regular expression denial of service
vulnerability.

Refs: gulpjs#32
Refs: https://app.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
@bHelland bHelland mentioned this pull request Feb 11, 2021
Merged
@gulpjs gulpjs deleted a comment from gerrard00 Feb 15, 2021
@j-sp4

This comment has been minimized.

Sign in to view
@phated
Copy link
Member

phated commented Feb 18, 2021

Hey @Spoor2709, there is none.

@j-sp4
Copy link

j-sp4 commented Feb 18, 2021

Hey @Spoor2709, there is none.

@phated thanks for the reply! Waiting on this to be merged to introduce a big feature in the snyk CLI. Let is there anything I or my team can do to help get this in?

@Trott
Copy link
Contributor Author

Trott commented Feb 19, 2021
edited

@phated Based on #34 (comment), I've been hoping the plan is to land this as a patch fix, and then include #34 (which I'll rebase after this lands) as part of a major version bump. Is that at least still under consideration, even if there's no eta?

@phated
Copy link
Member

phated commented Feb 19, 2021

@Trott It's still on the plate and I appreciate your work. I'm just swamped right now and don't appreciate people that didn't write the PRs hounding me about doing work for free. Again, thanks for this and I'll try to get to is ASAP.

@TerrySmithDC TerrySmithDC mentioned this pull request Feb 25, 2021
Closed
@Trott
Copy link
Contributor Author

Trott commented Mar 3, 2021

Ping to see if there's a chance of moving this forward at this time. No particular urgency on my end. Just checking in. @phated

@tay1orjones tay1orjones mentioned this pull request Mar 3, 2021
Closed
@phated phated merged commit f923116 into gulpjs:main Mar 6, 2021
@phated
Copy link
Member

phated commented Mar 6, 2021
edited

Thanks @Trott - sorry for the delay! I'm finally getting caught up on things. Let me know once #34 is rebased and I'll get that in a major.

@Trott Trott deleted the snyk-fix-patch branch March 7, 2021 03:04
@dependabot dependabot bot mentioned this pull request Mar 8, 2021
Merged
@efussi efussi mentioned this pull request Mar 8, 2021
Closed
This was referenced Mar 11, 2021
Closed
Merged
@andronocean andronocean mentioned this pull request May 15, 2021
Open
@gulpjs gulpjs deleted a comment from dorianmariecom Jun 9, 2021
@gulpjs gulpjs deleted a comment from dorianmariecom Jun 9, 2021
@gulpjs gulpjs locked and limited conversation to collaborators Jun 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Trott @j-sp4 @phated