Security vulnerability: Regular Expression Denial of Service in trim #491
Labels
bug
Something isn't working
Comments
|
Any ETA on this? Thanks for a great product! |
|
Any update on these vulnerabilities being patched at all? |
|
Thanks for the issue. Will try and get to this, unless you can try to update the packages and let us know how you get on. Happy to accept a PR too |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Have you read the Contributing Guidelines on issues?
Description
We have an audit right now and we need to resolve the issue of Event Catalog using an old version of "trim" through one of its dependencys
"Regular Expression Denial of Service in trim"
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - GHSA-w5p7-h5w8-2hfq
fix available via npm audit fix
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/@mdx-js/mdx/node_modules/remark-parse
node_modules/remark-mdx/node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
next-mdx-remote <=3.0.8
Depends on vulnerable versions of @mdx-js/mdx
node_modules/next-mdx-remote
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
"npm autit fix" didnt fix it
It would seem that @mdx-js/react and next-mdx-remote needs to be updated to use a newer version of trim
Steps to reproduce
run "npm audit" to see the issue
Expected behavior
No vulnerabilities :)
Actual behavior
The repo uses an old version of the "trim" package which exposes it to vulnerabilities.
Your environment
The text was updated successfully, but these errors were encountered: