Trying to get in touch regarding a security issue

[JamieSlome]

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[isaacs]

Hi. You can email me at i@izs.me and I'll be happy to take a look.

[JamieSlome]

@isaacs - thanks for your response! 👍

Looks like we sent you a couple of e-mails a few months back - if it is easier for you, you can view the report directly here:

https://huntr.dev/bounties/e4e1393c-d590-4492-9f43-8be3f3321629/

[stevepae]

@JamieSlome I'm having the same issue with a security scan. I see that the issue may have been resolved. Are your security scans still sending you this issue? If not, could you tell me how you were able to resolve it on your end?

[isaacs]

This was corrected and the bounty awarded. Upgrade to the latest version, the redos was corrected.

[stevepae]

@isaacs how do i upgrade to the latest version?

[isaacs]

npm update minimatch