Trying to get in touch regarding a security issue #92
Comments
|
@JamieSlome Hi! I'll look into adding a SECURITY.md policy. In the meantime, please email me using the gmail address from the commit history. |
|
@nexdrew Any update on this? |
|
@ready-research I have not received any emails outlining the security issue. |
|
@JamieSlome Thank you. Sounds similar to chalk/ansi-regex#37. Will look into verifying and patching this within the next couple days. I don't know how bounties on huntr work, but if you'd like to help, PRs are welcomed. I assume the fix should be as simple as updating this to match the same regex pattern from chalk/ansi-regex here: https://github.com/chalk/ansi-regex/blob/a28b8e7ee67aa9996ba44bf123f0436eea62d285/index.js |
|
@nexdrew - we cover all bounties, you just need to confirm if the vulnerability is valid and let us know what the fix is. We take care of the rest. |
Hey there!
I'd like to report a security issue but cannot find contact instructions on your repository.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: