Skip to content

Fix for security issues in Synk #93

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
nandeshwarshubh opened this issue Aug 1, 2022 · 3 comments
Closed

Fix for security issues in Synk #93

nandeshwarshubh opened this issue Aug 1, 2022 · 3 comments

Comments

@nandeshwarshubh
Copy link

nandeshwarshubh commented Aug 1, 2022
edited
Loading

Hi,

The following issue was reported in Snyk for i18next-http-backend. Is there a roadmap to update the following dependency to fix the issue?

Snyk i18next-http-backend issues

Regular Expression Denial of Service (ReDoS) - i18next-http-backend@1.4.1 › cross-fetch@3.1.5 › node-fetch@2.6.7
@adrai
Copy link
Member

adrai commented Aug 1, 2022

This needs first to be addressed in cross-fetch (@lquixada) and probably also wait for the fixed v2 release in node-fetch (@westy92)

@westy92
Copy link

westy92 commented Aug 1, 2022

I emailed Snyk last night about this issue. As far as I can tell, it was introduced in node-fetch 3.1.0 and doesn't affect 2.x.

@adrai
Copy link
Member

adrai commented Aug 1, 2022

I emailed Snyk last night about this issue. As far as I can tell, it was introduced in node-fetch 3.1.0 and doesn't affect 2.x.

if it's the case, this is not an issue for i18next-http-backend

@adrai adrai closed this as completed Aug 2, 2022
@adrai adrai mentioned this issue Aug 10, 2022
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@westy92 @adrai @nandeshwarshubh