Fix potential ReDoS issue by upgrading bin-check packages #86
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Renamed 'bin-check' to 'binary-check' and 'bin-version-check' to 'binary-version-check'. Also updated their respective version numbers in package.json. (This commit message was AI-generated.) Signed-off-by: Jens Oliver Meiert <[email protected]>
Updated the package version from 4.1.0 to 4.1.1 to include recent fixes and improvements. This ensures users have the latest stable release. (This commit message was AI-generated.) Signed-off-by: Jens Oliver Meiert <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumped up bin-version-* packages to their latest versions, as the currently used versions are vulnerable to ReDos attacks due to the their dated import of find-versions. This is to also enable fixes for upstream packages like gifsicle.
This is a basic update likely warranting attention from someone who knows the project. When running the tests, these threw the same errors after as they did before the update.