Fix for the ReDoS vulnerability

Open snyk-community opened this issue 9 years ago • 0 comments

generator-angular-php is currently affected by the high-severity ReDoS vulnerability.

Vulnerable module: tough-cookie Introduced through: yeoman-generator

This PR fixes the ReDoS vulnerability by upgrading yeoman-generator to version 0.24.1. This upgrade will also fix the following other vulnerabilities:

Symlink Arbitrary File Overwrite vulnerability in the tar dependency.
Denial of Service (Event Loop Blocking) vulnerability in the qs dependency.
Denial of Service (Memory Exhaustion) vulnerability in the qs dependency.
Remote Memory Exposure vulnerability in the request dependency.
ReDoS vulnerability in the hawk dependency,
ReDoS vulnerability in the minimatch dependency.

Check out the Snyk test report to review other vulnerabilities that affect this repo.

Watch the repo to

get alerts if newly disclosed vulnerabilities affect this repo in the future.
generate pull requests with the fixes you want, or let us do the work: when a newly disclosed vulnerability affects you, we'll submit a fix to you right away.

Stay secure, The Snyk team

Oct 19 '16 12:10 snyk-community