Vulnerability - Regular Expression Denial of Service

[finnhvman]

I am using a package which indirectly depends on this (css-color-function) package. The Node Security Platform detected a vulnerability in the debug package dependency.

Can you please update the version of the debug dependency to a secure one?

More info: https://nodesecurity.io/advisories/534

[ndaidong]

@finnhvman I got the same issue with postcss-cssnext@3.0.2

[tylergaw]

@finnhvman @ndaidong Okie dokie, this is fixed and released in 1.3.2 https://github.com/ianstormtaylor/css-color-function/releases/tag/1.3.2

One thing noted in the release there that I'll mention again. That version is not yet available on npm you'll need to install from the git tag. I don't have npm publish access yet, only @ianstormtaylor

^ update: It's published on npm now 👍

[MoOx]

@tylergaw you have the proper right on npm https://www.npmjs.com/package/css-color-function !

[tylergaw]

Oh snap! I didn't realize. Cool, will get that published today. Thanks!

…

On Thu, Oct 5, 2017 at 1:19 PM Maxime Thirouin ***@***.***> wrote: @tylergaw <https://github.com/tylergaw> you have the proper right on npm https://www.npmjs.com/package/css-color-function ! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#30 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAORg-n8z6pXKHCaAIkYk_AkOKlbWc7Eks5spQ-fgaJpZM4PrvJ4> .

[finnhvman]

Awesome! Thx for the help! 🎉