All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. Reference: https://snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850
Created nodejs-trim-off-newlines tracking bugs for this issue: Affects: fedora-33 [bug 1995794]
The affected code is: https://github.com/stevemao/trim-off-newlines/blob/master/index.js#L6 there is no fix yet on the upstream side
Marking hosted services 'notaffected.' Packages present in nodejs package-lock.json but no references in code; appears this vulnerability is not exposed.
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.4 Via RHSA-2022:4711 https://access.redhat.com/errata/RHSA-2022:4711