[High Severity] Regular Expression Denial of Service (ReDoS) in semver@7.3.8 introduced by tedious
nathanbunn20 opened this issue · comments
This issue was caught by snyk in one of my projects, I'm on the latest tedious@16.2.0 so there is no upgrade path at this time.
Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@7.3.8
introduced by tedious@16.2.0 > @azure/identity@2.1.0 > @azure/msal-node@1.16.0 > jsonwebtoken@9.0.0 > semver@7.3.8 and 1 other path(s)
This issue was fixed in versions: 7.5.2
Hi @nathanbunn20 , Can you give #1549 a try? I checked that this should using semver@7.5.4 under the chain.
Looks good @MichaelSun90 thanks for the quick response, will look forward to this coming soon
Hi @nathanbunn20, the changes has been merge into master, and will be in the next release for tedious. I will close this one, and if you need anything, feel free to reopen this or open a new issue.