New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regular expression denial-of-service (ReDoS)- Vulnerability trim-newlines #3123
Comments
Any updates? |
Glad a PR for this got created! hopefully it will be merged soon! |
Any updates on this, there's a CVE resolution depending on it Thanks |
I am also curious on this. It appears a lot of people are waiting on this and curious to why the PR is not merged yet |
Can we also get a new release for ^4.14.X? |
Looks like we can back port this to 4.x by updating to meow@7 without too much happy. I'll try to cut a release in the next 48hrs. |
Hi @xzyfer! |
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
https://nvd.nist.gov/vuln/detail/CVE-2021-33623
Please update the meow package version as 10.0.0(latest)
The text was updated successfully, but these errors were encountered: