Update clean-css dependency in pug-filters #2988

callmeaponte · 2018-03-19T20:08:27Z

I'm running a snyk test on my app, and noticed the following vulnerability:

? Low severity vuln found in clean-css@3.4.28, introduced via email-templates@3.5.0
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:clean-css:20180306
- from: email-templates@3.5.0 > preview-email@0.0.7 > pug@2.0.0 > pug-filters@3.0.0 > clean-css@3.4.28

Per the snyk page for this issue, clean-css has released a patch to fix this vulnerability in its latest release.

The text was updated successfully, but these errors were encountered:

ForbesLindesay · 2018-03-19T23:16:44Z

A pull request to update it would be great.

callmeaponte · 2018-03-20T17:51:31Z

Sure np, I've submitted a PR: #2989.

* Update to pug 2.0.3 https://npmjs.com/advisories/785 pugjs/pug#2988 * 3.4.1

callmeaponte mentioned this issue Mar 20, 2018

Closes #2988 "Update clean-css dependency in pug-filters" #2989

Merged

ForbesLindesay closed this as completed in #2989 Mar 21, 2018

ForbesLindesay pushed a commit that referenced this issue Mar 21, 2018

fixes #2988 "Update clean-css dependency in pug-filters" (#2989)

81df277

shawnmclean pushed a commit to auth0/webtask-tools that referenced this issue Aug 20, 2019

Bump pug (#34)

e79adb1

* Update to pug 2.0.3 https://npmjs.com/advisories/785 pugjs/pug#2988 * 3.4.1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update clean-css dependency in pug-filters #2988

Update clean-css dependency in pug-filters #2988

callmeaponte commented Mar 19, 2018

ForbesLindesay commented Mar 19, 2018 •

edited

callmeaponte commented Mar 20, 2018

Update clean-css dependency in pug-filters #2988

Update clean-css dependency in pug-filters #2988

Comments

callmeaponte commented Mar 19, 2018

ForbesLindesay commented Mar 19, 2018 • edited

callmeaponte commented Mar 20, 2018

ForbesLindesay commented Mar 19, 2018 •

edited