Backport GHSA-3xgq-45jj-v275 #165
Comments
|
|
|
amazing thanks @satazor - I've made github/advisory-database#5021 updating the advisory to reflect that huge thanks again and ❤️ for doing this! |
This was referenced Dec 9, 2024
This was referenced Jan 7, 2025
This was referenced Jan 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I hate to be "that guy" but what are the chances of getting the security fix backported to at least v6? that version is still mentioned by the readme as the way to go if you need to support less than node v7, and has had ~20,060,800 downloads in the last 7 days so clearly very popular.
Ideally it would be great to have backported for v5, v4, and v3 as well but I know it's annoying to do and ideally people should be upgrading.
It looks to me like the updated regex should apply safely to at least the v6 version - please let me know if there is anything I can do to reduce the effort from you to do the backporting.
(also thanks for your work on this library - I know these can be annoying to deal with, especially these kind of vulnerabilities which tend to only be exploitable in very rare situations; sadly for security compliance reasons we've got to get these patched regardless which is why having a backport or two would help greatly)
The text was updated successfully, but these errors were encountered: