Denial of Service (DoS) Reported in SYNK

[pak-ferry]

Hey there, I found this issue while running security scan with SYNK. And, turned out there's a vulnerability. Hopefully there's a way to resolve this issue. Thank you.

Here's the error logs:
Issues with no direct upgrade or patch: ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970] in decode-uri-component@0.2.0 introduced by @testing-library/jest-dom@5.16.4 > css@3.0.0 > source-map-resolve@0.6.0 > decode-uri-component@0.2.0 and 2 other path(s) No upgrade or patch available

[acode-x]

Have the same issue.

[NiklasPor]

FYI related GitHub advisory: GHSA-w573-4hg7-7wgq

[tiggem1993]

Hey I am also facing same issue.

[niji-DamienA]

Same issue !

[fionnachan]

saw it on GHSA-w573-4hg7-7wgq
please fix :( 🙏🙏🙏

[briandrutledge]

We saw this today also.....fix is needed ASAP. https://nvd.nist.gov/vuln/detail/CVE-2022-38900

[hello-alf]

Same issue Here!,

[brampurnot]

Same here!

[jhon-gomez-endava]

Any updates?

[josuevalrob]

%  yarn npm audit --all --recursive                
└─ decode-uri-component: 0.2.0
   ├─ Issue: decode-uri-component vulnerable to Denial of Service (DoS)
   ├─ URL: https://github.com/advisories/GHSA-w573-4hg7-7wgq
   ├─ Severity: low
   ├─ Vulnerable Versions: <=0.2.0
   ├─ Patched Versions: <0.0.0
   ├─ Via: lint-staged, jest-environment-jsdom, msw, @typescript-eslint/parser, eslint-config-airbnb-typescript, eslint-plugin-import, @storybook/addon-docs, @storybook/addon-essentials, @storybook/react, ts-jest

[NicholasJarr]

Same issue here!

[matz3]

If someone also faces this issue because of the css package: There is a maintained fork available which doesn't rely on "source-map-resolve" / "decode-uri-component": reworkcss/css#163 (comment)