Skip to content

[Security] Bump path-parse from 1.0.6 to 1.0.7

Dependabot requested to merge dependabot-npm_and_yarn-path-parse-1.0.7 into master

Bumps path-parse from 1.0.6 to 1.0.7. This update includes a security fix.

Vulnerabilities fixed

Regular Expression Denial of Service in path-parse Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Patched versions: 1.0.7 Affected versions: < 1.0.7

Commits


Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading