connect-flash icon indicating copy to clipboard operation
connect-flash copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

bump vow dependency for security fix

Open fw42 opened this issue 10 months ago • 0 comments

Before:

$ npm audit
# npm audit report

diff  <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
fix available via `npm audit fix`
node_modules/diff
  vows  0.6.4 - 0.8.2 || 0.9.0-rc1 - 0.9.0-rc3
  Depends on vulnerable versions of diff
  node_modules/vows

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

After:

$ npm audit
found 0 vulnerabilities

fw42 avatar Jan 14 '25 09:01 fw42