Skip to content

Commit

Permalink
fix: Use url-regex-safe to fix url-regex vulnerability
Browse files Browse the repository at this point in the history 
The package [url-regex](https://www.npmjs.com/package/url-regex) has a [Regular Expression Denial of Service vulnerability](https://www.npmjs.com/advisories/1550) and it looks like it is [not maintained anymore](kevva/url-regex#70).
This PR replaces url-regex with [url-regex-safe](https://www.npmjs.com/package/url-regex-safe) which solves the problem above while providing a drop-in replacement for url-regex.
  • Loading branch information
@ikhemissi
ikhemissi committed Aug 19, 2020
1 parent ce35612 commit c8e8f48
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion packages/metascraper-helpers/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ const {

const memoizeOne = require('memoize-one').default || require('memoize-one')
const condenseWhitespace = require('condense-whitespace')
const urlRegex = require('url-regex')({ exact: true })
const urlRegex = require('url-regex-safe')({ exact: true })
const langs = Object.values(require('iso-639-3/to-1'))
const isRelativeUrl = require('is-relative-url')
const fileExtension = require('file-extension')
Expand Down
2 changes: 1 addition & 1 deletion packages/metascraper-helpers/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"smartquotes": "~2.3.1",
"title": "~3.4.2",
"truncate": "~2.1.0",
"url-regex": "~5.0.0",
"url-regex-safe": "0.0.5",
"video-extensions": "~1.1.0"
},
"devDependencies": {
Expand Down

0 comments on commit c8e8f48

Please sign in to comment.