It was found that affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. This can cause an impact of about 10 seconds matching time for data 48K characters long. References: https://snyk.io/vuln/npm:diff:20180305 Upstream patch: https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0
Created nodejs-diff tracking bugs for this issue: Affects: fedora-all [bug 1552150] Affects: epel-all [bug 1552149]