-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk: Low] Regular Expression Denial of Service in braces #3226
Comments
This is a dev dependency for us. We're using several versions of braces but the version is question is being used by descendants of
There's still no remediation but it's a very low vulnerability for us. I can't imagine how someone might use a DDOS against our local machines while we're watching files to change while we're working on them. |
micromatch/anymatch#26 resolves the upstream |
Hoping to resolve via PR egoist/nswatch#10 |
Closing because this isn't a vulnerability. |
Summary
Low severity vulnerability found in braces
Description: Regular Expression Denial of Service (ReDoS)
Info: https://snyk.io/vuln/npm:braces:20180219
Introduced through: nswatch@0.2.0
From: nswatch@0.2.0 > chokidar@1.7.0 > anymatch@1.3.2 > micromatch@2.3.11 > braces@1.8.5
Fixed in: 2.3.1
Completion criteria:
The text was updated successfully, but these errors were encountered: