The issue has been closed

update color-string dependancy #202

dludwig posted onGitHub

CVE-2021-29060 high severity In the npm package color-string, there is a ReDos (Regular Expression Denial of Service) vulnerability regarding a...

package-lock.json update suggested: color-string ~> 1.5.5

I'm aware, and I would seriously argue it's "high severity".

Anyway, it uses a version range ^1.5.4. You're going to pick up the patched version. There's nothing to do here.

posted by Qix- almost 4 years ago

Fund this Issue

$0.00

Funded

Pull requests