You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The fix most probably needs to be done at the level of the meow package (I'll flag it there too) but I thought I'd flag it here as it needs to be implemented 'back up' to this package as far as I'm concerned (if that makes sense).
Many thanks!
The text was updated successfully, but these errors were encountered:
We're part of a startup called Seal Security that mitigates software vulnerabilities in older open source versions by backporting/creating standalone security patches - enabling more straightforward remediation in cases like this. Our patches are all open-source and completely free. See our repository.
If you want us to make a vulnerability-free version of trim-newlines, feel free to reach us at info@seal.security.
Hello,
I'm using imagemin-cli (7.0.0) and 3 high severity vulnerabilities are flagged by npm on audit.
Here are the details given; they all boil down to the version of trim-newlines package in use.
High: Regular Expression Denial of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1
Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-gifsicle > gifsicle > logalot > squeak > lpad-align > meow > trim-newlines
More info: https://npmjs.com/advisories/1753
High: Regular Expression Denial of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1
Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-jpegtran > jpegtran-bin > logalot > squeak > lpad-align > meow > trim-newlines
More info: https://npmjs.com/advisories/1753
High: Regular Expression Denial of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1
Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-optipng > optipng-bin > logalot > squeak > lpad-align > meow > trim-newlines
More info: https://npmjs.com/advisories/1753
The fix most probably needs to be done at the level of the meow package (I'll flag it there too) but I thought I'd flag it here as it needs to be implemented 'back up' to this package as far as I'm concerned (if that makes sense).
Many thanks!
The text was updated successfully, but these errors were encountered: