Skip to content

Commit

Permalink
[CVE-2021-3765][1.x] bump validator from 8.2.0 to 13.9.0
Browse files Browse the repository at this point in the history
validator.js prior to 13.7.0 is vulnerable to Inefficient
Regular Expression Complexity. 1.x is using "validator@8.2.0".
Main has been bumped to 13.7.0 via PR opensearch-project#1106.
The solution is to backport it on 1.x.

Backport PR:
opensearch-project#1106

Issue Resolved:
opensearch-project#1063

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
  • Loading branch information
ananzh committed Mar 29, 2023
1 parent bf1c65f commit 0697270
Show file tree
Hide file tree
Showing 3 changed files with 148 additions and 96 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)

### 🛡 Security

- [CVE-2021-3765] Update @microsoft/api-documenter and @microsoft/api-extractor versions to bump validator from 8.2.0 to 13.9.0 ([#3725](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3725))

### 📈 Features/Enhancements

- [Optimizer] Increase timeout waiting for the exiting of an optimizer worker ([#3193](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3193))
Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -272,8 +272,8 @@
"@osd/test": "1.0.0",
"@osd/test-subj-selector": "0.2.1",
"@osd/utility-types": "1.0.0",
"@microsoft/api-documenter": "7.7.2",
"@microsoft/api-extractor": "7.7.0",
"@microsoft/api-documenter": "^7.13.78",
"@microsoft/api-extractor": "^7.19.3",
"@percy/agent": "^0.28.6",
"@testing-library/dom": "^7.24.2",
"@testing-library/jest-dom": "^5.11.4",
Expand Down
Loading

0 comments on commit 0697270

Please sign in to comment.