Skip to content

update semver to address Regular Expression Denial of Service (ReDoS) #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 28, 2025
Merged

update semver to address Regular Expression Denial of Service (ReDoS) #14

merged 1 commit into from
Jan 28, 2025

Conversation

surajsnair92
Copy link

@surajsnair92 surajsnair92 commented Jan 10, 2024
edited
Loading

semver module for serverless-plugin-log-retention is old. npm audit report shows that it is high on vulnerability.

@surajsnair92
Copy link
Author

Address issue #12 : #12

@gustavosimon
Copy link

Hello @surajsnair92! Thanks for opening this PR, I'm facing the same problem in a repository.

@MichaelRBond Can you approve this PR and release a new version with the fix?

@MichaelRBond
Copy link
Contributor

I can approve the PR, but, i am not a maintainer on this repo so I cannot merge or release a new version.

@MichaelRBond
Copy link
Contributor

cc @ArtificerEntertainment

@gustavosimon
Copy link

@MichaelRBond Great, thanks for your quickly response. Let's await to @ArtificerEntertainment to merge and release the fix. We're looking forward to it.

@gustavosimon
Copy link

@medikoo Can you merge it?

@medikoo
Copy link

medikoo commented Jul 12, 2024

@gustavosimon I'm no longer with Serverless Inc. and I don't have rights to manage contributions here. I believe you need to reach out to @austencollins or @Mmarzex

@gustavosimon
Copy link

@Mmarzex can you merge it?

1 similar comment
@fedeam
Copy link

fedeam commented Aug 2, 2024

@Mmarzex can you merge it?

@Jackson3195
Copy link

Any luck with this?

@gustavosimon
Copy link

I think that as @medikoo saw, @Mmarzex may merge it.

@ncps060
Copy link

ncps060 commented Jan 27, 2025

Will this fix be merged any time soon ? @austencollins @Mmarzex

@gustavosimon
Copy link

Waiting for the merge here too

@austencollins
Copy link
Member

We've scheduled this to be reviewed an merged over the next few days. thanks for the notifications.

@eahefnawy eahefnawy merged commit e538b3c into serverless:master Jan 28, 2025
@austencollins
Copy link
Member

Published to npm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaelRBond MichaelRBond MichaelRBond approved these changes

@eahefnawy eahefnawy eahefnawy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@surajsnair92 @gustavosimon @MichaelRBond @medikoo @fedeam @Jackson3195 @ncps060 @austencollins @eahefnawy