[Security] Bump ssri from 6.0.1 to 6.0.2 in /assets
Bumps ssri from 6.0.1 to 6.0.2. This update includes a security fix.
Vulnerabilities fixed
Regular Expression Denial of Service (ReDoS) npm
ssri
5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.Patched versions: 6.0.2 Affected versions: >= 5.2.2, < 6.0.2
Commits
-
b7c8c7c
chore(release): 6.0.2 -
b30dfdb
fix: backport regex change from 8.0.1 - See full diff in compare view
Maintainer changes
This version was pushed to npm by nlf, a new releaser for ssri since your current version.