From 0efdee22bd21025e8e7033f6bcf2d482ce81e214 Mon Sep 17 00:00:00 2001 From: OpenSec Posture Bot Date: Fri, 15 May 2026 16:57:31 +0300 Subject: [PATCH] fix: Upgrade ms from 0.7.1 to 2.0.0 to remediate CVE-2017-20162 ReDoS vulnerability --- package-lock.json | 1 + package.json | 1 + 2 files changed, 2 insertions(+) diff --git a/package-lock.json b/package-lock.json index 8ca8a6d1d5..d7439d1daf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,6 +22,7 @@ "marked": "0.3.5", "mixin-deep": "^1.3.2", "mongodb": "^2.1.18", + "ms": "2.0.0", "needle": "2.2.4", "node-esapi": "0.0.1", "on-headers": "^1.1.0", diff --git a/package.json b/package.json index 9703e6459b..4c61ebced7 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,7 @@ "marked": "0.3.5", "mixin-deep": "^1.3.2", "mongodb": "^2.1.18", + "ms": "2.0.0", "needle": "2.2.4", "node-esapi": "0.0.1", "on-headers": "^1.1.0",