gulp-concat-css icon indicating copy to clipboard operation
gulp-concat-css copied to clipboard

Published 20 hours ago verified publisher icon mariocasciaro

fix url-regex vulnerability

Open SimonDeRidder opened this issue 3 years ago • 2 comments

When installing via npm, a warning is issued: ┌──────────┬─────────────────────────────┐ │ High │ Regular Expression Denial of Service │ ├──────────┼─────────────────────────────┤ │ Package │ url-regex │ ├──────────┼─────────────────────────────┤ │ Patched in │ No patch available │ ├──────────┼─────────────────────────────┤ │ Dependency of │ gulp-concat-css [dev] │ ├──────────┼─────────────────────────────┤ │ Path │ gulp-concat-css > rework-import > url-regex │ ├──────────┼─────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1550 │ └──────────┴─────────────────────────────┘ More info in https://github.com/kevva/url-regex/issues/70 It seems the issue can be fixed by switching to https://github.com/niftylettuce/url-regex-safe

SimonDeRidder avatar Apr 13 '21 11:04 SimonDeRidder

Also would really like to see this fixed as well!

retroburst avatar Jul 03 '21 05:07 retroburst

Related: https://github.com/reworkcss/rework-import/pull/20

mattiaskagstrom avatar Jun 01 '22 12:06 mattiaskagstrom