-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ReDoS vuln in [email protected] › [email protected] #3266
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Just the one issue.
package.json
Outdated
@@ -1,6 +1,6 @@ | |||
{ | |||
"name": "mocha", | |||
"version": "5.0.2", | |||
"version": "5.0.3", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please revert the version bump
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
Reverted version bump. |
Description of the Change
Alternate Designs
N/A
Why should this be in core?
[email protected] has ReDoS vuln: https://snyk.io/test/npm/mocha/5.0.2?severity=high&severity=medium&severity=low
Benefits
https://snyk.io/vuln/npm:diff:20180305
Possible Drawbacks
Applicable issues