serverless-plugin-log-retention
serverless-plugin-log-retention copied to clipboard
Semver package security issue
The package semver
version 5.4.1 has a security issue and allows attackers to do a ReDoS.
Can you please update that package to the latest version ?
https://github.com/serverless/serverless-plugin-log-retention/blob/master/package.json#L27
Any update here? `npm audit
npm audit report
semver <5.7.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw No fix available node_modules/serverless-plugin-log-retention/node_modules/semver serverless-plugin-log-retention * Depends on vulnerable versions of semver node_modules/serverless-plugin-log-retention`