Skip to content

Regular Expression Denial of Service in trim #7567

New issue
New issue
Open
Open
Regular Expression Denial of Service in trim#7567
Labels
type: bugcode to address defects in shipped code
@danwulff

Description

@danwulff
danwulff
opened on Aug 2, 2025

Describe the bug
decap-cms-app has a transitive depenency on trim, which currently has a security vulnerability for the pinned version.

GHSA-w5p7-h5w8-2hfq

Image

To Reproduce

  1. In a new directory npm init -y && npm i decap-cms-app && npm audit

npm audit logs
Image

Alternatively:

  1. Create a repo with decap-cms-app as a package.json dependency
  2. Enable dependabot security updates
  3. Witness dependabot security alert and inability to update

Logs from dependabot's attempt to update
Image

Expected behavior
decap-cms-app not to have security vulnerabilities via transitive dependencies

Applicable Versions:

  • Decap CMS version: 3.8.3

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: bugcode to address defects in shipped code

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions