Description
Issue Description
Running nsp check using parse-server 2.6.3 launches "Regular Expression Denial of Service" security warnings.
Steps to reproduce
Create a new express application with the parse-server dependency
Add nsp dependency
Run nsp check
Expected Results
Not to show any security warning.
Actual Outcome
The following warnings are displayed:
Regular Expression Denial of Service
@0.0.1 > parse-server@2.6.3 > mime@1.4.0
https://nodesecurity.io/advisories/535
Regular Expression Denial of Service
@0.0.1 > parse-server@2.6.3 > express@4.15.3 > send@0.15.3 > mime@1.3.4
https://nodesecurity.io/advisories/535
Regular Expression Denial of Service
@0.0.1 > parse-server@2.6.3 > express@4.15.3 > fresh@0.5.0
https://nodesecurity.io/advisories/526
Regular Expression Denial of Service
@0.0.1 > parse-server@2.6.3 > express@4.15.3 > debug@2.6.7
https://nodesecurity.io/advisories/534
Regular Expression Denial of Service
@0.0.1 > parse-server@2.6.3 > parse-server-simple-mailgun-adapter@1.0.0 > mailgun-js@0.7.15 > debug@2.2.0
https://nodesecurity.io/advisories/534
Environment Setup
-
Server
- parse-server version (Be specific! Don't say 'latest'.) : 2.6.3
- Operating System: MacOSX 10.12.6
- Hardware: MacBookPro 2013
- Localhost or remote server? Local
-
Database
- MongoDB version: 3.4
- Storage engine: WiredTiger
- Hardware: MacBookPro 2013
- Localhost or remote server? Localhost
Logs/Trace
See above in the actual outcome.