cookiejar Regular Expression Denial of Service via Cookie.parse function

[Jaykingamez]

Describe the bug

Due to the use of superagent 8.0.5, which uses cookiejar version 2.1.3, a vulnerability is present in the latest package, GHSA-h452-7996-h45h.

A simple fix would be to update superagent's version to the latest.

[Supernova989]

any updates on this ?

[h4l-yup]

any updateds on this?

[rickbergfalk]

For any Yarn users waiting on a fix... you can workaround this by adding the following resolutions field to your package.json:

  "resolutions": {
    "supertest/**/cookiejar": "^2.1.4"
  }