Skip to content

fix: remove ReDoS regexp #504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 21, 2017
Merged

fix: remove ReDoS regexp #504

merged 1 commit into from
Sep 21, 2017

Conversation

@zhuangya
Copy link
Contributor

  • split the line by '\n',
  • and trim each line(do we really need to trim each line?).
  • then join each line by ' '

i think this is the same as the original RegExp, correct me if wrong.

fix #501

@coveralls
Copy link

Coverage Status

Coverage increased (+2.1%) to 74.839% when pulling 42a6ae0 on zhuangya:redos into 47747f3 on visionmedia:master.

2 similar comments
@coveralls
Copy link

Coverage Status

Coverage increased (+2.1%) to 74.839% when pulling 42a6ae0 on zhuangya:redos into 47747f3 on visionmedia:master.

@coveralls
Copy link

Coverage Status

Coverage increased (+2.1%) to 74.839% when pulling 42a6ae0 on zhuangya:redos into 47747f3 on visionmedia:master.

@TooTallNate TooTallNate merged commit c38a016 into debug-js:master Sep 21, 2017
@TooTallNate
Copy link
Contributor

Thank you!

@dougwilson
Copy link
Contributor

Can this be backported to the 2.x series?

TooTallNate pushed a commit that referenced this pull request Sep 22, 2017
@zhuangya @TooTallNate
remove ReDoS regexp in %o formatter (#504)
f53962e
@TooTallNate
Copy link
Contributor

@dougwilson Sure thing: https://github.com/visionmedia/debug/releases/tag/2.6.9

Curious what's holding you back from upgrading though 😅

@dkotin-cs dkotin-cs mentioned this pull request Oct 20, 2017
Closed
@joseluisq joseluisq mentioned this pull request Dec 15, 2017
Closed
platinumazure added a commit to eslint/eslint that referenced this pull request Dec 18, 2017
@platinumazure
Upgrade: debug@^3.1.0
ae5e710 
This version of debug addresses a minor ReDoS issue. See debug-js/debug#501, debug-js/debug#504 for more information. Looking at the rest of the changelog, this should be a pretty low-risk upgrade.
@platinumazure platinumazure mentioned this pull request Dec 18, 2017
Merged
aladdin-add pushed a commit to eslint/eslint that referenced this pull request Dec 19, 2017
@platinumazure @aladdin-add
Upgrade: debug@^3.1.0 (#9731)
4ddc131 
This version of debug addresses a minor ReDoS issue. See debug-js/debug#501, debug-js/debug#504 for more information. Looking at the rest of the changelog, this should be a pretty low-risk upgrade.
@zhuangya zhuangya deleted the redos branch December 25, 2017 07:06
sodawy added a commit to sodawy/session that referenced this pull request Jan 6, 2018
@sodawy
https://github.com/visionmedia/debug/pull/504
7627347
@sodawy sodawy mentioned this pull request Jan 9, 2018
Closed
@zazoomauro zazoomauro mentioned this pull request Feb 19, 2018
Closed
@eliorivero eliorivero mentioned this pull request Jul 24, 2018
Merged
stenalpjolly added a commit to stenalpjolly/express that referenced this pull request Aug 30, 2018
@stenalpjolly
Upgrading package.json
ea2f613 
With reference to fix: remove ReDoS regexp(debug-js/debug#504)
@stenalpjolly stenalpjolly mentioned this pull request Aug 30, 2018
Closed
This was referenced Dec 17, 2018
Closed
Closed
Closed
Closed
@marshyski marshyski mentioned this pull request Jan 5, 2019
Closed
This was referenced Jan 15, 2019
Closed
Closed
This was referenced Jan 31, 2019
Closed
Closed
This was referenced Feb 1, 2019
Closed
Closed
Closed
Closed
Closed
This was referenced Apr 30, 2019
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@marshyski marshyski mentioned this pull request May 13, 2019
Closed
@debug-js debug-js locked as off-topic and limited conversation to collaborators Jun 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Vulnerable Regular Expression

4 participants

@zhuangya @coveralls @TooTallNate @dougwilson