Skip to content

Commit

Permalink
[CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0 (#3725)
Browse files Browse the repository at this point in the history
validator.js prior to 13.7.0 is vulnerable to Inefficient
Regular Expression Complexity. 1.x is using "validator@8.2.0".
Main has been bumped to 13.7.0 via PR #1106.
The solution is to backport it on 1.x.

Backport PR:
#1106

Issue Resolved:
#1063

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
Co-authored-by: Josh Romero <rmerqg@amazon.com>
(cherry picked from commit 53ae3cf)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

# Conflicts:
#	CHANGELOG.md
  • Loading branch information
github-actions[bot] committed Mar 31, 2023
1 parent 98ce9aa commit 82f1ac9
Show file tree
Hide file tree
Showing 2 changed files with 146 additions and 96 deletions.
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -272,8 +272,8 @@
"@osd/test": "1.0.0",
"@osd/test-subj-selector": "0.2.1",
"@osd/utility-types": "1.0.0",
"@microsoft/api-documenter": "7.7.2",
"@microsoft/api-extractor": "7.7.0",
"@microsoft/api-documenter": "^7.13.78",
"@microsoft/api-extractor": "^7.19.3",
"@percy/agent": "^0.28.6",
"@testing-library/dom": "^7.24.2",
"@testing-library/jest-dom": "^5.11.4",
Expand Down
Loading

0 comments on commit 82f1ac9

Please sign in to comment.