normalize-css-color icon indicating copy to clipboard operation
normalize-css-color copied to clipboard

Published 20 hours ago verified publisher icon rnc-archive

Fix ReDoS when parsing colors

Open EvertEt opened this issue 3 years ago • 1 comments

Summary

See https://github.com/software-mansion/react-native-reanimated/pull/3382

Checklist

  • [ ] I have tested this on a device and a simulator
  • [ ] I added the documentation in README.md
  • [ ] I mentioned this change in CHANGELOG.md
  • [ ] I updated the typed files (TS and Flow)
  • [ ] I added a sample use of the API in the example project (example/App.js)

EvertEt avatar Oct 27 '22 13:10 EvertEt

@lelandrichardson will this package be updated or should I close this PR? This package seems to have a lot of dependents https://www.npmjs.com/package/normalize-css-color Or can we create a security advisory for this?

EvertEt avatar Nov 07 '22 16:11 EvertEt