Description
Hello,
I'm using imagemin-cli (7.0.0) and 3 high severity vulnerabilities are flagged by npm on audit.
Here are the details given; they all boil down to the version of trim-newlines package in use.
High: Regular Expression Denial of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1
Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-gifsicle > gifsicle > logalot > squeak > lpad-align > meow > trim-newlines
More info: https://npmjs.com/advisories/1753
High: Regular Expression Denial of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1
Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-jpegtran > jpegtran-bin > logalot > squeak > lpad-align > meow > trim-newlines
More info: https://npmjs.com/advisories/1753
High: Regular Expression Deni
50F7
al of Service
Package : trim-newlines
Patched in: >=3.0.1 <4.0.0 || >=4.0.1
Dependency of: imagemin-cli
Path: imagemin-cli > imagemin-optipng > optipng-bin > logalot > squeak > lpad-align > meow > trim-newlines
More info: https://npmjs.com/advisories/1753
The fix most probably needs to be done at the level of the meow package (I'll flag it there too) but I thought I'd flag it here as it needs to be implemented 'back up' to this package as far as I'm concerned (if that makes sense).
Many thanks!