cz-conventional-changelog word-wrap version change not available in NPM but available in Github | word-wrap vulnerable to Regular Expression Denial of Service

word-wrap version change not available in NPM but available in Github | word-wrap vulnerable to Regular Expression Denial of Service

Open Anushil98 opened this issue 9 months ago • 0 comments

The following link shows older version for word-wrap i.e version "word-wrap": "^1.0.3"

The same package has been bumped in the latest master branch of the cz-conventional-changelog

The older version has been flagged to have the following issue:

word-wrap vulnerable to Regular Expression Denial of Service

Reference:

https://github.com/advisories/GHSA-j8xg-fqg3-53r7

Mar 06 '25 06:03 Anushil98