Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade diff to v3.5 #21

Open
rob-balfre opened this issue Jun 30, 2019 · 2 comments
Open

upgrade diff to v3.5 #21

rob-balfre opened this issue Jun 30, 2019 · 2 comments

Comments

@rob-balfre
Copy link

@axross Github is complaining that tap-diff has a security vulnerability. Can you upgrade the diff dependency to version 3.5.0 or later please.
@mindplay-dk
Copy link

@axross are you still maintaining this project? if not, I don't want to submit a PR.

@githubjosh
Copy link

this security patch is pretty urgent. should be a quick update, no?

diff  <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/tap-diff/node_modules/diff
  tap-diff  >=0.0.1
  Depends on vulnerable versions of diff
  node_modules/tap-diff

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mindplay-dk @githubjosh @rob-balfre