Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for security issues in Synk #93

Closed
nandeshwarshubh opened this issue Aug 1, 2022 · 3 comments
Closed

Fix for security issues in Synk #93

nandeshwarshubh opened this issue Aug 1, 2022 · 3 comments

Comments

@nandeshwarshubh
Copy link

nandeshwarshubh commented Aug 1, 2022
edited

Hi,

The following issue was reported in Snyk for i18next-http-backend. Is there a roadmap to update the following dependency to fix the issue?

Snyk i18next-http-backend issues

Regular Expression Denial of Service (ReDoS) - i18next-http-backend@1.4.1 › cross-fetch@3.1.5 › node-fetch@2.6.7
@adrai
Copy link
Member

adrai commented Aug 1, 2022

This needs first to be addressed in cross-fetch (@lquixada) and probably also wait for the fixed v2 release in node-fetch (@westy92)

@westy92
Copy link

westy92 commented Aug 1, 2022

I emailed Snyk last night about this issue. As far as I can tell, it was introduced in node-fetch 3.1.0 and doesn't affect 2.x.

@adrai
Copy link
Member

adrai commented Aug 1, 2022

I emailed Snyk last night about this issue. As far as I can tell, it was introduced in node-fetch 3.1.0 and doesn't affect 2.x.

if it's the case, this is not an issue for i18next-http-backend

@adrai adrai closed this as completed Aug 2, 2022
@adrai adrai mentioned this issue Aug 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@westy92 @adrai @nandeshwarshubh