Vulnerable downstream dependency #381
Description
Welcome to the issues section if it's your first time!
Before creating an issue, please be sure to:
- Checkout to the latest version, including submodules
- Try to find an isolated way to reproduce the behavior
- Fill in all the blanks in the most specific way you can
Steps to reproduce
Expected behaviour
Tell us what should happen
Actual behaviour
Tell us what happens instead
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ semver vulnerable to Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ semver │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=7.5.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ argon2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ argon2 > @mapbox/node-pre-gyp > make-dir > semver │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1092310 │
└───────────────┴──────────────────────────────────────────────────────────────┘Environment
Operating system:
Node version:
Compiler version: