Skip to content

Security fixes & pkg exports update #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 8, 2025
Merged

Security fixes & pkg exports update #1

merged 4 commits into from
Nov 8, 2025

Conversation

@jorenbroekema
Copy link
Owner

@jorenbroekema jorenbroekema commented Nov 7, 2025
edited
Loading

@sei-vsarvepalli please review this :) happy to publish asap if this seems alright on your end.

I isolated the linting-related fixes in a separate commit so you can skip that one to make the diff a lot smaller and review easier.

@jorenbroekema jorenbroekema mentioned this pull request Nov 7, 2025
Open
@sei-vsarvepalli
Copy link

sei-vsarvepalli commented Nov 7, 2025

All looks good to me for the security fix itself. Probably should reference the CVE in the README.md or CHANGELOG, so it is clear which vulnerability was fixed and npm audit can pick it up to recommend the fixed version.

In my fork I have moved most of the devDependencies that is entirely optional.

@jorenbroekema
Copy link
Owner Author

jorenbroekema commented Nov 7, 2025

Oh cool. Didn't know npm audit worked that way, good to know! I'll push an update and get this on npm tonight!

@baldimir
Copy link

baldimir commented Nov 7, 2025

Hi, @sei-vsarvepalli @jorenbroekema I just want to say thank you for working on this patch. We use the library and the security scans flagged this problem with a very high risk score, so it is very helpful that it gets handled so quickly.

@jorenbroekema jorenbroekema force-pushed the input-validation-security branch from 460b820 to 0e4e3f6 Compare November 8, 2025 06:01
@jorenbroekema jorenbroekema merged commit 5c89f57 into master Nov 8, 2025
@jorenbroekema
Copy link
Owner Author

jorenbroekema commented Nov 8, 2025

Released v3.0.0 of expr-eval-fork, please note the changelog for breaking changes that were included in this

@jorenbroekema jorenbroekema deleted the input-validation-security branch November 8, 2025 06:17
@canegru canegru mentioned this pull request Nov 13, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jorenbroekema @sei-vsarvepalli @baldimir