release-notes-generator icon indicating copy to clipboard operation
release-notes-generator copied to clipboard

Published 20 hours ago verified publisher icon semantic-release

CVE-2021-23425

Open erikzenkerLogmein opened this issue 3 years ago • 0 comments

Hey,

I want to report that you have a vulnerability in one of your depencencies:

Title: Uncontrolled Resource Consumption in trim-off-newlines
Severity: moderate
Module: trim-off-newlines
Url: https://github.com/advisories/GHSA-38fc-wpqx-33j7
Vulnerable Version: <=1.0.1
Patched Version: <0.0.0
Path: semantic-release>@semantic-release/release-notes-generator>conventional-commits-parser>trim-off-newlines

As far as I can see the issue is already addressed in the conventional-changelog monorepo: https://github.com/conventional-changelog/conventional-changelog/issues/840 so updating the dependency would solve the problem.

erikzenkerLogmein avatar Dec 22 '21 08:12 erikzenkerLogmein