Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade diff to v3.5 #21

Open
rob-balfre opened this issue Jun 30, 2019 · 2 comments
Open

upgrade diff to v3.5 #21

rob-balfre opened this issue Jun 30, 2019 · 2 comments

Comments

@rob-balfre
Copy link

@axross Github is complaining that tap-diff has a security vulnerability. Can you upgrade the diff dependency to version 3.5.0 or later please.

@mindplay-dk
Copy link

@axross are you still maintaining this project? if not, I don't want to submit a PR.

@githubjosh
Copy link

this security patch is pretty urgent. should be a quick update, no?

diff  <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
fix available via `npm audit fix --force`
Will install tap-diff@0.0.0, which is a breaking change
node_modules/tap-diff/node_modules/diff
  tap-diff  >=0.0.1
  Depends on vulnerable versions of diff
  node_modules/tap-diff

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants