Hacker News new | ask | show | jobs
by adverbly 126 days ago
Seriously!

We also suffer from this. Although in some cases it's due to a Dev dependency. It's crazy how much noise it adds specifically from ReDoS...
2 comments
monkpit 125 days ago
ReDoS cves in your dev dependencies like playwright that could literally never be exploited, so annoying.
link
robszumski 126 days ago
Totally hear you on the noise…but we should want to auto-merge vs ignore, no? Given the right tooling of course.
link
UqWBcuFx6NV4r 125 days ago
We could just skip some steps and I could send you a zip file of malware for you to install on your infra directly if you’d like.
link
dotancohen 125 days ago
No
link