Regular Expression Denial of Service in marked dependency

Question

madnight opened this issue 5 years ago · comments

Giorgio · Answer 1 · Mon Jun 03 2019 21:16:05 GMT+0800 (China Standard Time)

There is already a Pull Request to fix this:
#188
Can some maintainer merge and release this please?

David Bashford · Answer 2 · Mon Jun 03 2019 21:25:37 GMT+0800 (China Standard Time)

2.5.0 released, thanks for the nudge!

Giorgio · Answer 3 · Tue Jun 04 2019 15:55:53 GMT+0800 (China Standard Time)

Thank you @dbashford ! Just upgraded to 2.5.0 and everything works fine and npm audit vulnerabilities found went to 0.

Ramzi Youssef · Answer 4 · Fri Aug 02 2019 17:27:57 GMT+0800 (China Standard Time)

Please update marked