Uglify js included in the deps has reported to have the following vulnerabilities.
- ansi-regex Regular Expression Denial of Service (ReDoS)
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › chalk@1.1.3 › has-ansi@2.0.0 › ansi-regex@2.1.1
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › chalk@1.1.3 › strip-ansi@3.0.1 › ansi-regex@2.1.1
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › maxmin@2.1.0 › chalk@1.1.3 › has-ansi@2.0.0 › ansi-regex@2.1.1
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › maxmin@2.1.0 › chalk@1.1.3 › strip-ansi@3.0.1 › ansi-regex@2.1.1
- uglify-js Regular Expression Denial of Service (ReDoS)
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › uglify-js@3.4.10
Is it possible to have a new release addressing these?
Also, should uglify-js be dev dependency instead?
Uglify js included in the deps has reported to have the following vulnerabilities.
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › chalk@1.1.3 › has-ansi@2.0.0 › ansi-regex@2.1.1
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › chalk@1.1.3 › strip-ansi@3.0.1 › ansi-regex@2.1.1
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › maxmin@2.1.0 › chalk@1.1.3 › has-ansi@2.0.0 › ansi-regex@2.1.1
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › maxmin@2.1.0 › chalk@1.1.3 › strip-ansi@3.0.1 › ansi-regex@2.1.1
jquery-dateformat@1.0.4 › grunt-contrib-uglify@3.4.0 › uglify-js@3.4.10
Is it possible to have a new release addressing these?
Also, should uglify-js be dev dependency instead?