Skip to content

[Security] Bump word-wrap from 1.2.3 to 1.2.4

Dependabot requested to merge dependabot-npm_and_yarn-word-wrap-1.2.4 into master

Bumps word-wrap from 1.2.3 to 1.2.4. This update includes a security fix.

Vulnerabilities fixed

word-wrap vulnerable to Regular Expression Denial of Service All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

Patched versions: 1.2.4 Affected versions: <= 1.2.3; < 1.2.4

Release notes

Sourced from word-wrap's releases.

1.2.4

What's Changed

New Contributors

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4

Commits
  • f64b188 run verb to generate README
  • 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
  • 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
  • bfa694e Update .github/workflows/publish.yml
  • ace0b3c chore: bump version to 1.2.4
  • 6fd7275 chore: add publish workflow
  • 30d6daf chore: fix test
  • 655929c chore: remove package-lock
  • 49e08bb chore: added an additional testcase
  • 9f62693 fix: cve 2023-26115
  • Additional commits viewable in compare view


Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading