From 099828b738527c3a1e9fcba8ed9b0b1a5103526f Mon Sep 17 00:00:00 2001 From: rpm-build Date: Fri, 2 Jul 2021 16:30:14 +0200 Subject: [PATCH] Fix ReDoS for data URLs Backported from https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103 Signed-off-by: rpm-build --- node_modules/got/node_modules/normalize-url/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node_modules/got/node_modules/normalize-url/index.js b/node_modules/got/node_modules/normalize-url/index.js index 4eea255..2ab7f57 100644 --- a/node_modules/got/node_modules/normalize-url/index.js +++ b/node_modules/got/node_modules/normalize-url/index.js @@ -11,7 +11,7 @@ const testParameter = (name, filters) => { }; const normalizeDataURL = (urlString, {stripHash}) => { - const parts = urlString.match(/^data:(.*?),(.*?)(?:#(.*))?$/); + const parts = urlString.match(/^data:([^,]*?),([^#]*?)(?:#(.*))?$/); if (!parts) { throw new Error(`Invalid URL: ${urlString}`); -- 2.31.1