Skip to content

Commit

Permalink
[CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 (#3725)
Browse files Browse the repository at this point in the history
validator.js prior to 13.7.0 is vulnerable to Inefficient
Regular Expression Complexity. 1.x is using "validator@8.2.0".
Main has been bumped to 13.7.0 via PR #1106.
The solution is to backport it on 1.x.

Backport PR:
#1106

Issue Resolved:
#1063

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
  • Loading branch information
ananzh and joshuarrrr authored Mar 31, 2023
1 parent 65deacb commit 53ae3cf
Show file tree
Hide file tree
Showing 3 changed files with 147 additions and 96 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)

### 🛡 Security

- [CVE-2021-3765] Update `@microsoft/api-documenter` and `@microsoft/api-extractor` versions to bump validator from `8.2.0` to `13.9.0` ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725))
- [CVE-2022-1537] Bump grunt from `1.4.1` to `1.5.3` ([#3723](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3723))
- [CVE-2022-0436] Bump grunt from `1.4.1` to `1.5.3` ([#3723](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3723))
- [CVE-2021-23382] Bump postcss from `8.2.10` to `8.2.13` ([#3739](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3739))
Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -273,8 +273,8 @@
"@osd/test": "1.0.0",
"@osd/test-subj-selector": "0.2.1",
"@osd/utility-types": "1.0.0",
"@microsoft/api-documenter": "7.7.2",
"@microsoft/api-extractor": "7.7.0",
"@microsoft/api-documenter": "^7.13.78",
"@microsoft/api-extractor": "^7.19.3",
"@percy/agent": "^0.28.6",
"@testing-library/dom": "^7.24.2",
"@testing-library/jest-dom": "^5.11.4",
Expand Down
Loading

0 comments on commit 53ae3cf

Please sign in to comment.