thurka commented on PR #6319: URL: https://github.com/apache/netbeans/pull/6319#issuecomment-1673275240
> @thurka Is the VSCode plugin actually affected by the vulnerability in that npm module or not? As stated above in description, "semver vulnerable to Regular Expression Denial of Service". This is not a security problem for VSCode plugin, since this javascript is not running as server app. In the worst case (very unlikely since regular expressions are not user supplied) the VSCode plugin can be slow. This is regular not security bug. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
