[Security] Bump @sideway/formula from 3.0.0 to 3.0.1 in /webapp (!158) · Merge requests · school / jaar2 / lalaland

Dependabot requested to merge dependabot-npm_and_yarn-webapp-sideway-formula-3.0.1 into master Feb 09, 2023

Bumps @sideway/formula from 3.0.0 to 3.0.1. This update includes a security fix.

Vulnerabilities fixed

@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability

Impact

User-provided strings to formula's parser might lead to polynomial execution time.

Patches

Users should upgrade to 3.0.1+.

Workarounds

None.

Patched versions: 3.0.1 Affected versions: < 3.0.1

Commits

5b44c1b 3.0.1
9fbc20a chore: better number regex
41ae98e Cleanup
c59f35e Move to Sideway
See full diff in compare view

Maintainer changes

This version was pushed to npm by marsup, a new releaser for @sideway/formula since your current version.

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump @sideway/formula from 3.0.0 to 3.0.1 in /webapp

Impact

Patches

Workarounds

Merge request reports