Skip to content
This repository has been archived by the owner on Feb 6, 2023. It is now read-only.

Update fbjs to 1.0.0 to fix ReDos Vulnerability #1978

Closed
wants to merge 3 commits into from
Closed

Update fbjs to 1.0.0 to fix ReDos Vulnerability #1978

wants to merge 3 commits into from

Conversation

anthonymuau
Copy link

Summary
draft-js was using older version of fbjs that uses older version ua-parser-js what has a vulnerability.

https://app.snyk.io/vuln/npm:ua-parser-js:20180227

Test Plan

  1. Run npm test and it passes
  2. Run npm build and it passes

@facebook-github-bot
Copy link

Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need the corporate CLA signed.

If you have received this in error or have any questions, please contact us at cla@fb.com. Thanks!

@facebook-github-bot
Copy link

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks!

niveditc
niveditc suggested changes Jan 19, 2019
View reviewed changes
Copy link
Contributor

@niveditc niveditc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for upgrading this!

  • Can you please make sure the Travis CI is passing. Not sure why this is breaking - maybe it's unrelated to this PR?
  • I think these changes need to be propagated to the yarn.lock file too & running yarn will update this for you.

@anthonymuau
Copy link
Author

Thank you for upgrading this!

  • Can you please make sure the Travis CI is passing. Not sure why this is breaking - maybe it's unrelated to this PR?
  • I think these changes need to be propagated to the yarn.lock file too & running yarn will update this for you.

I updated the yarn lock file but it looks like flow type for joinClasses in fbjs is incorrect as it's typed as joinClasses(className: mixed): string but the correct type would be joinClasses(...className: Array) as joinClasses function take an array of args and pass them inside of variable called className. because of this i had to add a flow fix me.

niveditc
niveditc approved these changes Jan 20, 2019
View reviewed changes
Copy link
Contributor

@niveditc niveditc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! 👍

We can fix the flow fixme in a separate PR :)

facebook-github-bot
facebook-github-bot reviewed Jan 20, 2019
View reviewed changes
Copy link

@facebook-github-bot facebook-github-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@niveditc has imported this pull request. If you are a Facebook employee, you can view this diff on Phabricator.

jdecked pushed a commit to twitter-forks/draft-js that referenced this pull request Oct 9, 2019
@jdecked
Update fbjs to 1.0.0 to fix ReDos Vulnerability (facebookarchive#1978)
84e75a1 
Summary:
**Summary**
draft-js was using older version of fbjs that uses older version ua-parser-js what has a vulnerability.

https://app.snyk.io/vuln/npm:ua-parser-js:20180227

**Test Plan**

1. Run npm test and it passes
2. Run npm build and it passes
Pull Request resolved: facebookarchive#1978

Differential Revision: D13746429

fbshipit-source-id: 636e9ad795f97781f6dc8a88125dcea0be005987
@snyk-bot snyk-bot mentioned this pull request Feb 23, 2020
Open
alicayan008 pushed a commit to alicayan008/draft-js that referenced this pull request Jul 4, 2023
@facebook-github-bot
Update fbjs to 1.0.0 to fix ReDos Vulnerability (#1978)
f7943c9 
Summary:
**Summary**
draft-js was using older version of fbjs that uses older version ua-parser-js what has a vulnerability.

https://app.snyk.io/vuln/npm:ua-parser-js:20180227

**Test Plan**

1. Run npm test and it passes
2. Run npm build and it passes
Pull Request resolved: facebookarchive/draft-js#1978

Differential Revision: D13746429

fbshipit-source-id: 636e9ad795f97781f6dc8a88125dcea0be005987
aforismesen added a commit to aforismesen/draft-js that referenced this pull request Jul 12, 2024
@aforismesen @facebook-github-bot
Update fbjs to 1.0.0 to fix ReDos Vulnerability (#1978)
6ad7c29 
Summary:
**Summary**
draft-js was using older version of fbjs that uses older version ua-parser-js what has a vulnerability.

https://app.snyk.io/vuln/npm:ua-parser-js:20180227

**Test Plan**

1. Run npm test and it passes
2. Run npm build and it passes
Pull Request resolved: facebookarchive/draft-js#1978

Differential Revision: D13746429

fbshipit-source-id: 636e9ad795f97781f6dc8a88125dcea0be005987
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@facebook-github-bot facebook-github-bot facebook-github-bot left review comments

@niveditc niveditc niveditc approved these changes

Assignees
No one assigned
Labels
CLA Signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anthonymuau @facebook-github-bot @niveditc