Security vulnerability in rest-hapi > loggin > glob > minimatch, modules needs updating
mkg20001 opened this issue · comments
Maciej Krüger commented
Describe the bug
There is a module that needs updating in order to patch a vulnerability
Additional context
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ rest-hapi │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ rest-hapi > loggin > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Additionally I would recommend setting up https://snyk.io/ or similar to automatically get PRs with fixes for such vulns.
Justin Headley commented
Thanks! Hopefully I can look into this soon.