From 17cbf8fa8989c1cb45bdd2997aa524729475f1fa Mon Sep 17 00:00:00 2001 From: Alexander Akait <4567934+alexander-akait@users.noreply.github.com> Date: Fri, 11 Nov 2022 03:33:30 +0300 Subject: [PATCH 1/2] fix: ReDoS problem (#226) --- lib/interpolateName.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/interpolateName.js b/lib/interpolateName.js index 6a13a36..0cd3932 100644 --- a/lib/interpolateName.js +++ b/lib/interpolateName.js @@ -108,7 +108,7 @@ function interpolateName(loaderContext, name, options) { // `hash` and `contenthash` are same in `loader-utils` context // let's keep `hash` for backward compatibility .replace( - /\[(?:([^:\]]+):)?(?:hash|contenthash)(?::([a-z]+\d*))?(?::(\d+))?\]/gi, + /\[(?:([^[:\]]+):)?(?:hash|contenthash)(?::([a-z]+\d*))?(?::(\d+))?\]/gi, (all, hashType, digestType, maxLength) => getHashDigest(content, hashType, digestType, parseInt(maxLength, 10)) ) From 331ad5067d9a1a7b8d646692e6959639969210d1 Mon Sep 17 00:00:00 2001 From: "alexander.akait" Date: Fri, 11 Nov 2022 03:34:14 +0300 Subject: [PATCH 2/2] chore(release): 1.4.2 --- CHANGELOG.md | 7 +++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 970732b..ed70ae0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +### [1.4.2](https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2) (2022-11-11) + + +### Bug Fixes + +* ReDoS problem ([#226](https://github.com/webpack/loader-utils/issues/226)) ([17cbf8f](https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa)) + ### [1.4.1](https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1) (2022-11-07) diff --git a/package-lock.json b/package-lock.json index 0595f92..74032b7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "loader-utils", - "version": "1.4.1", + "version": "1.4.2", "lockfileVersion": 2, "requires": true, "packages": { diff --git a/package.json b/package.json index 3c797cf..84c905d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "loader-utils", - "version": "1.4.1", + "version": "1.4.2", "author": "Tobias Koppers @sokra", "description": "utils for webpack loaders", "dependencies": { pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy