update semver to address Regular Expression Denial of Service (ReDoS) by surajsnair92 · Pull Request #14 · serverless/serverless-plugin-log-retention

surajsnair92 · 2024-01-10T01:23:41Z

semver module for serverless-plugin-log-retention is old. npm audit report shows that it is high on vulnerability.

surajsnair92 · 2024-01-10T01:25:22Z

Address issue #12 : #12

gustavosimon · 2024-07-04T16:06:07Z

Hello @surajsnair92! Thanks for opening this PR, I'm facing the same problem in a repository.

@MichaelRBond Can you approve this PR and release a new version with the fix?

MichaelRBond · 2024-07-05T13:34:26Z

I can approve the PR, but, i am not a maintainer on this repo so I cannot merge or release a new version.

MichaelRBond · 2024-07-05T13:36:09Z

cc @ArtificerEntertainment

gustavosimon · 2024-07-05T13:50:23Z

@MichaelRBond Great, thanks for your quickly response. Let's await to @ArtificerEntertainment to merge and release the fix. We're looking forward to it.

gustavosimon · 2024-07-11T20:39:10Z

@medikoo Can you merge it?

medikoo · 2024-07-12T08:47:23Z

@gustavosimon I'm no longer with Serverless Inc. and I don't have rights to manage contributions here. I believe you need to reach out to @austencollins or @Mmarzex

gustavosimon · 2024-07-18T20:13:06Z

@Mmarzex can you merge it?

fedeam · 2024-08-02T15:21:50Z

@Mmarzex can you merge it?

Jackson3195 · 2024-08-14T13:46:07Z

Any luck with this?

gustavosimon · 2024-08-14T14:07:11Z

I think that as @medikoo saw, @Mmarzex may merge it.

ncps060 · 2025-01-27T12:33:21Z

Will this fix be merged any time soon ? @austencollins @Mmarzex

gustavosimon · 2025-01-27T12:53:00Z

Waiting for the merge here too

austencollins · 2025-01-28T03:42:02Z

We've scheduled this to be reviewed an merged over the next few days. thanks for the notifications.

austencollins · 2025-01-29T18:59:22Z

Published to npm.

update semver to address Regular Expression Denial of Service (ReDoS)

b3502d0

MichaelRBond approved these changes Jul 5, 2024

View reviewed changes

eahefnawy approved these changes Jan 28, 2025

View reviewed changes

eahefnawy merged commit e538b3c into serverless:master Jan 28, 2025

Conversation

surajsnair92 commented Jan 10, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

surajsnair92 commented Jan 10, 2024

Uh oh!

gustavosimon commented Jul 4, 2024

Uh oh!

MichaelRBond commented Jul 5, 2024

Uh oh!

MichaelRBond commented Jul 5, 2024

Uh oh!

gustavosimon commented Jul 5, 2024

Uh oh!

gustavosimon commented Jul 11, 2024

Uh oh!

medikoo commented Jul 12, 2024

Uh oh!

gustavosimon commented Jul 18, 2024

Uh oh!

fedeam commented Aug 2, 2024

Uh oh!

Jackson3195 commented Aug 14, 2024

Uh oh!

gustavosimon commented Aug 14, 2024

Uh oh!

ncps060 commented Jan 27, 2025

Uh oh!

gustavosimon commented Jan 27, 2025

Uh oh!

austencollins commented Jan 28, 2025

Uh oh!

austencollins commented Jan 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants

surajsnair92 commented Jan 10, 2024 •

edited

Loading