Trying to get in touch regarding a security issue #3
Comments
cronvel
added a commit
that referenced
this issue
Aug 17, 2021
…as slow and vulnerable to RegExp DoS, the new code is made by myself, has no RegExp, only matching forward, is more flexible and easiest to maintain (#3)
|
Hi @JamieSlome The naturalSort() code was borrowed one, and was quite hugly, and unmaintainable. Thanks to this, my NIH syndrome is back! ;) I have rewritten it from scratch, and there is no RegExp anymore. It's probably 100,000 or even 1 million of times faster now for bigger input (no joke). The fix is published as string-kit v0.12.8 (already on Npm). Thanks for reporting! ;) |
|
@cronvel - awesome, and no worries! 🎉 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
I couldn't find a
SECURITY.mdin your repository and am not sure how to best contact you privately to disclose a security issue.Can you add a
SECURITY.mdfile with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.Once you've done that, you should receive an e-mail within the next hour with more info.
Thanks! (cc @huntr-helper)
The text was updated successfully, but these errors were encountered: