Security vulnerability in rest-hapi > loggin > glob > minimatch, modules needs updating

Question

Security vulnerability in rest-hapi > loggin > glob > minimatch, modules needs updating

mkg20001 opened this issue 6 years ago · comments

Describe the bug
There is a module that needs updating in order to patch a vulnerability

Additional context

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimatch                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.0.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ rest-hapi                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ rest-hapi > loggin > glob > minimatch                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/118                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

Additionally I would recommend setting up https://snyk.io/ or similar to automatically get PRs with fixes for such vulns.

Justin Headley · Answer 1 · Sat Sep 29 2018 03:09:54 GMT+0800 (China Standard Time)

Thanks! Hopefully I can look into this soon.