Changelog: v0.0.77...v0.0.78
Pull request: #78
Resolves potential vulnerability: Regular expression denial of service (ReDoS) in cross-spawn
Resolution to potential vulnerability
The cross-spawn library was vulnerable to a high-severity regular expression denial-of-service (ReDoS) attack due to improper input sanitization. This could result in an increase in CPU usage and the program crashing from a very large and well-crafted string.
View the full security disclosure at the project's security policy document.
Solution
cross-spawn@^7.0.5 was set as an npm override, ensuring npm will no longer the install vulnerable versions of cross-spawn required by serve in this project.
Update required
If any project requires a version of @stassi/leaflet prior to v0.0.78, run npm update immediately to ensure the latest security updates are received.