tali
one SEVERE security vulnerability found in your dependencies. a REGEX LIBRARY that you AREN'T USING is vulnerable to denial of service ATTACK if you feed it malicious user input which you AREN'T DOING
Feb 23 at 3:59pmWeb
Show threadHenryk PlötzFeb 23
@milo *malicious PATTERNS
Show threadSwift (will be at EMF)Feb 23
@milo if I had a dollar for every time I have been told my unit test framework can be DOS'd with malicious regex, I wouldn't be working in tech anymore.
Show threadtaliFeb 23
@swift god LMAO
Show threaddzamieFeb 23
I love stuff like this with personal code (scripts I make for my own use and nobody else's). Woah, this function breaks if I pass it a string not formatted like a date? Wow, I hope I never accidentally tell it that it's currently 06.BG.2026
Show threadEvelyn 🐉Feb 23

@milo hello maintainer, we here at company ltd love your library but we're very concerned about the severe security vulnerability in it, we'll have to stop using it

what no ofc we're not going to pay you to fix a nonissue