Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regular Expression Denial of Service (ReDoS) on dependency 'word-wrap' #17117

Closed
1 task
SharpFu opened this issue Apr 25, 2023 · 4 comments
Closed
1 task

Regular Expression Denial of Service (ReDoS) on dependency 'word-wrap' #17117

SharpFu opened this issue Apr 25, 2023 · 4 comments
Labels
archived due to age This issue has been archived; please open a new issue for any further discussion bug ESLint is working incorrectly repro:needed

Comments

@SharpFu
Copy link

SharpFu commented Apr 25, 2023

Environment

Local ESLint version: 7.14.0
Global ESLint version: 7.14.0
Operating System: macos

What parser are you using?

Default (Espree)

What did you do?

Regular Expression Denial of Service (ReDoS) on dependency 'word-wrap'

What did you expect to happen?

when I use snyk check my project. and should not throw the error

What actually happened?

I am used "eslint": "^7.14.0" and when I use snyk check my project. and then throw a error as the image
image

Link to Minimal Reproducible Example

no example

Participation

  • I am willing to submit a pull request for this issue.

Additional comments

No response
@SharpFu SharpFu added bug ESLint is working incorrectly repro:needed labels Apr 25, 2023
@mdjermanovic
Copy link
Member

Hi @SharpFu, thanks for the issue!

This is a problem in a transitive dependency so it doesn't seem like there's anything we can do at this point. Also, according
to gkz/optionator#44 (comment) this isn't a possible problem for eslint users because the dependency in question is only used with predefined option descriptions, not with user input.

Given the above, I'm closing this issue. If and when the problem is fixed in the dependencies, we could update eslint's package.json if that would help remove the warning.

@mdjermanovic mdjermanovic closed this as not planned Won't fix, can't repro, duplicate, stale Apr 25, 2023
@emrysal emrysal mentioned this issue May 14, 2023
Closed
mdjermanovic added a commit that referenced this issue Jun 28, 2023
@mdjermanovic
chore: upgrade optionator@0.9.3
8f3c31a 
Fixes #17117
@mdjermanovic mdjermanovic mentioned this issue Jun 28, 2023
Merged
1 task
nzakas pushed a commit that referenced this issue Jun 28, 2023
@mdjermanovic
chore: upgrade optionator@0.9.3 (#17319)
cf88439 
Fixes #17117
@c-harding
Copy link

Hi @nzakas When will this be released on npm?

@Rec0iL99
Copy link
Member

Hi @nzakas When will this be released on npm?

You can track #17296

@lmplmplmp
Copy link

integrate to package.json. Works great!
"overrides": {
"optionator": "0.9.3"

@larouxn larouxn mentioned this issue Jul 4, 2023
Closed
@pgwillia pgwillia mentioned this issue Jul 5, 2023
Closed
This was referenced Sep 28, 2023
Closed
Merged
@eslint-github-bot eslint-github-bot bot locked and limited conversation to collaborators Oct 23, 2023
@eslint-github-bot eslint-github-bot bot added the archived due to age This issue has been archived; please open a new issue for any further discussion label Oct 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
archived due to age This issue has been archived; please open a new issue for any further discussion bug ESLint is working incorrectly repro:needed
Projects
Triage
Archived in project
Milestone
No milestone
Development

No branches or pull requests
5 participants
@c-harding @SharpFu @lmplmplmp @mdjermanovic @Rec0iL99